Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Vistumbler_v10-8-2.exe

Overview

General Information

Sample Name:Vistumbler_v10-8-2.exe
Analysis ID:1320003
MD5:1087d87a70ace72a20bbe0f08d81534b
SHA1:d9c86e3322d165f0ac994bbbae87e6a5a5aa1024
SHA256:e0d017c3917de2dfa6ac51579946c911f34cee1d276eb68144508b08a298bf0b
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Machine Learning detection for dropped file
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Drops PE files
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found dropped PE file which has not been started or loaded
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Classification

  • System is w10x64_ra
  • Vistumbler_v10-8-2.exe (PID: 2244 cmdline: C:\Users\user\Desktop\Vistumbler_v10-8-2.exe MD5: 1087D87A70ACE72A20BBE0F08D81534B)
  • Vistumbler.exe (PID: 364 cmdline: "C:\Program Files (x86)\Vistumbler\Vistumbler.exe" MD5: 40835C799D86933445E1CBBE3A7F90D6)
  • cleanup
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Vistumbler_v10-8-2.exeReversingLabs: Detection: 21%
Source: Vistumbler_v10-8-2.exeVirustotal: Detection: 16%Perma Link
Source: C:\Program Files (x86)\Vistumbler\UpdateManufactures.exeVirustotal: Detection: 15%Perma Link
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeVirustotal: Detection: 7%Perma Link
Source: C:\Program Files (x86)\Vistumbler\update.exeVirustotal: Detection: 10%Perma Link
Source: C:\Program Files (x86)\Vistumbler\Export.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Vistumbler\update.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Vistumbler\UpdateManufactures.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Vistumbler\Export.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Vistumbler\update.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Vistumbler\UpdateManufactures.exeJoe Sandbox ML: detected
Source: Vistumbler_v10-8-2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\License.txt
Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.2:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.2:49725 version: TLS 1.2
Source: Vistumbler_v10-8-2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: raw.github.com
Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.2:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.2:49725 version: TLS 1.2
Source: Vistumbler_v10-8-2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70170000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70170000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70870000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70870000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 72B70000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 72B70000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 76470000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 76470000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70670000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70670000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70770000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 70770000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 71970000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 71970000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 71C70000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 71C70000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 72770000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 72770000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 77670000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 77670000 page read and write
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 77B70000 page no access
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeMemory allocated: 77B70000 page read and write
Source: Vistumbler_v10-8-2.exeReversingLabs: Detection: 21%
Source: Vistumbler_v10-8-2.exeVirustotal: Detection: 16%
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile read: C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
Source: Vistumbler_v10-8-2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Users\user\Desktop\Vistumbler_v10-8-2.exe C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
Source: unknownProcess created: C:\Program Files (x86)\Vistumbler\Vistumbler.exe "C:\Program Files (x86)\Vistumbler\Vistumbler.exe"
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistumbler
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Users\user\AppData\Local\Temp\nsvE3D7.tmp
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile written: C:\Program Files (x86)\Vistumbler\versions.ini
Source: classification engineClassification label: mal60.winEXE@2/139@2/26
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile read: C:\Users\desktop.ini
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Vistumbler_v10-8-2.exeStatic file information: File size 7435768 > 1048576
Source: Vistumbler_v10-8-2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\vistumbler_updater.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\Vistumbler.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\update.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\Export.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\say.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\UpdateManufactures.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\commg.dllJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\macmanuf.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Program Files (x86)\Vistumbler\License.txt
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistumbler
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistumbler\Uninstall.lnk
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistumbler\Vistumbler.lnk
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeWindow / User API: threadDelayed 1142
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeWindow / User API: foregroundWindowGot 955
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeWindow / User API: threadDelayed 2862
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeThread sleep count: Count: 1142 delay: -10
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeThread sleep count: Count: 2862 delay: -10
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\vistumbler_updater.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\update.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\Export.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\say.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\UpdateManufactures.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\commg.dllJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeDropped PE file which has not been started: C:\Program Files (x86)\Vistumbler\macmanuf.exeJump to dropped file
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\Vistumbler_v10-8-2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Vistumbler\2023-10-05 11-31-15.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Vistumbler\2023-10-05 11-31-15.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Vistumbler\2023-10-05 11-31-15.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Vistumbler\2023-10-05 11-31-15.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Vistumbler\2023-10-05 11-31-15.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Vistumbler\2023-10-05 11-31-15.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Manufacturers.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Manufacturers.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Manufacturers.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Labels.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Labels.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Labels.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Cameras.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Cameras.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Cameras.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Cameras.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Cameras.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Cameras.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Instruments.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Instruments.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Instruments.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Filters.mdb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Filters.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Users\user\AppData\Roaming\Vistumbler\Filters.ldb VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Vistumbler\Vistumbler.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
2
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Virtualization/Sandbox Evasion
LSASS Memory1
Query Registry
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
Application Window Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
File and Directory Discovery
SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials12
System Information Discovery
VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
Remote System Discovery
Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Vistumbler_v10-8-2.exe22%ReversingLabs
Vistumbler_v10-8-2.exe17%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Program Files (x86)\Vistumbler\Export.exe100%Joe Sandbox ML
C:\Program Files (x86)\Vistumbler\update.exe100%Joe Sandbox ML
C:\Program Files (x86)\Vistumbler\UpdateManufactures.exe100%Joe Sandbox ML
C:\Program Files (x86)\Vistumbler\Export.exe3%ReversingLabs
C:\Program Files (x86)\Vistumbler\Export.exe4%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\Uninstall.exe0%ReversingLabs
C:\Program Files (x86)\Vistumbler\Uninstall.exe0%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\UpdateManufactures.exe12%ReversingLabs
C:\Program Files (x86)\Vistumbler\UpdateManufactures.exe15%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\Vistumbler.exe0%ReversingLabs
C:\Program Files (x86)\Vistumbler\Vistumbler.exe7%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\commg.dll0%ReversingLabs
C:\Program Files (x86)\Vistumbler\commg.dll3%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\macmanuf.exe0%ReversingLabs
C:\Program Files (x86)\Vistumbler\macmanuf.exe1%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\say.exe0%ReversingLabs
C:\Program Files (x86)\Vistumbler\say.exe3%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\sqlite3.dll0%ReversingLabs
C:\Program Files (x86)\Vistumbler\sqlite3.dll1%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\update.exe5%ReversingLabs
C:\Program Files (x86)\Vistumbler\update.exe11%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\vistumbler_updater.exe8%ReversingLabs
C:\Program Files (x86)\Vistumbler\vistumbler_updater.exe4%VirustotalBrowse
C:\Program Files (x86)\Vistumbler\Export.exe100%Joe Sandbox ML
C:\Program Files (x86)\Vistumbler\update.exe100%Joe Sandbox ML
C:\Program Files (x86)\Vistumbler\UpdateManufactures.exe100%Joe Sandbox ML
No Antivirus matches
SourceDetectionScannerLabelLink
raw.githubusercontent.com1%VirustotalBrowse
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
raw.githubusercontent.com
185.199.109.133
truefalseunknown
raw.github.com
185.199.111.133
truefalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    1.1.1.1
    unknownAustralia
    13335CLOUDFLARENETUSfalse
    185.199.109.133
    raw.githubusercontent.comNetherlands
    54113FASTLYUSfalse
    185.199.111.133
    raw.github.comNetherlands
    54113FASTLYUSfalse
    Joe Sandbox Version:38.0.0 Ammolite
    Analysis ID:1320003
    Start date and time:2023-10-05 10:29:26 +02:00
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
    Number of analysed new started processes analysed:19
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample file name:Vistumbler_v10-8-2.exe
    Detection:MAL
    Classification:mal60.winEXE@2/139@2/26
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with very long lines (954), with CRLF line terminators
    Category:dropped
    Size (bytes):38098
    Entropy (8bit):5.618721157408525
    Encrypted:false
    SSDEEP:
    MD5:61131D5DFDADEDF86D5964CEEDCC276A
    SHA1:6D25077A9912417A03E106B67474674DCCFC8860
    SHA-256:4C4A1D69358C071A680EB837CE06043AC72DA576CCB4936777666A14F8B21ECB
    SHA-512:DD74E009398E7E8825CAE65E3F59407CFC8F48D0FF99D2E3ECB094891371D59680938EFBBB36434EDD1BCE03ED89F8EEFAA56EC37A6D2F8DF614864DEC72FFB0
    Malicious:false
    Reputation:low
    Preview:#NoTrayIcon..#Region ;**** Directives created by AutoIt3Wrapper_GUI ****..#AutoIt3Wrapper_Icon=Icons\icon.ico..#AutoIt3Wrapper_Run_Tidy=y..#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****..;License Information------------------------------------..;Copyright (C) 2019 Andrew Calcutt..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA..;--------------------------------------------------------..;AutoIt Versi
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1028056
    Entropy (8bit):6.912465972479491
    Encrypted:false
    SSDEEP:
    MD5:6841B47268C1073087F2CD7A93F5BC80
    SHA1:CA5265F06CDC80BCEDF46DFF2A9C428C1E5656BA
    SHA-256:CF4216731EA492038E073F5FD2E8A0B6714BEACCF7DBB09075100677FA6DF0F0
    SHA-512:A7054FC0E095A4D182D892D212B9D702448E8EDDDDF7FB3D0354B56D9444BBAED3667D6E0EDA6E9781A2F024D49A08C80886C6E74A3A11906B3EA883124D6993
    Malicious:true
    Antivirus:
    • Antivirus: Joe Sandbox ML, Detection: 100%
    • Antivirus: ReversingLabs, Detection: 3%
    • Antivirus: Virustotal, Detection: 4%, Browse
    • Antivirus: Joe Sandbox ML, Detection: 100%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L...|..].........."...............................@.......................................@...@.......@.........................|...............................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc................4..............@..@.reloc..4q.......r..................@..B........................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Adobe Photoshop Image, 72 x 72, RGB, 3x 8-bit channels
    Category:dropped
    Size (bytes):68516
    Entropy (8bit):5.532069495941428
    Encrypted:false
    SSDEEP:
    MD5:C779D31E40276CF8F5434A72E60047C3
    SHA1:011EABB3260714C4662156092CFD1E50C8187ADC
    SHA-256:B8B27B46265DA7EC03969C3570AAB0FBC5E36C2B4AF51CD7F8A056610AC71E8D
    SHA-512:CA82AC3B3E3DB4465AB72698BFC886F123B3A3C3391755295BF6A5CF0174460F4468244AD0920855501AFE31F5FE0FE056C4BAAF3675EB4BAE069AA3DE139130
    Malicious:false
    Reputation:low
    Preview:8BPS.............H...H..........TD8BIM.%......................8BIM.$....9.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.276720, Mon Feb 19 2007 22:40:08 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/vnd.adobe.photoshop</dc:format>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:xap="http://ns.adobe.com/xap/1.0/">. <xap:CreatorTool>Adobe Photoshop CS3 Windows</xap:CreatorTool>. <xap:CreateDate>2010-05-01T14:09:59-04:00</xap:CreateDate>. <xap:ModifyDate>2010-05-01T19:10:04-04:00</xap:ModifyDate>. <xap:MetadataDate>2010-05-01T19:10:04-04:00</xap:MetadataDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">. <xapMM:
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.326589372352785
    Encrypted:false
    SSDEEP:
    MD5:B8489ED6750551561B8FA573F5E82CE0
    SHA1:8C8705ECCF9A315F4B7E2940B5515AE8E2CD4AC1
    SHA-256:01F1D2974E18BC6DAC84C1FAEEDCAF30A53FA5269A75CED2FB26912B101EF13F
    SHA-512:249AD39E54DC2D2041E45CE1660A634BE63F84918525211074F61536169FF755C780B395394BC0CDD4FF9828355B75E8582926556DB2A995AE2A41A5F86A710B
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... ................................................x...].g.[.e.t..........................................I.P..u...q...q...q...q...s..>.E...........................!.#..y...y...y...y...y...y...y...y.........................+...........................................".$............c.l.".".".".".".".".".".".".".".".".".".".".".".".".Q.X.........5.6.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-./.0.......8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.......E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.......Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.Q.......].].].].].].].].].].].].].].].].].].].].].].].].].].].]........o.q.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.k.l............s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s.s....................~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~............................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):4.834352009553106
    Encrypted:false
    SSDEEP:
    MD5:FB6E40CA249735FCA85D7770BC4BB87B
    SHA1:F43043ED63E49FA8970F5F49979CB9087AEB95A8
    SHA-256:FE421D2479A20F2A69E44C9CC979341619DAC39FBCF23FE3EF81EA04E0C6245A
    SHA-512:420C89282FEDD9A848EB6FB7BB1F798AA0802C3DB787FDDAC0643F9C48500267C6E1D4FE3D696CE24B5EB3704CA21F2EF3DDDEA0638242415B3B1A3F34FCAB96
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .........................................................................................................}...Z[[.WWW.WWW.WWW.WWW.YZZ.w.~.............................jml.___.___.___.___.___.___.___.___.ehg....................swu.hhh.hhh.hhh.hhh.hhh.hhh.hhh.hhh.hhh.hhh.npp.................sss.sss.sss.sss.sss.sss.sss.sss.sss.sss.sss.sss..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.475701998385033
    Encrypted:false
    SSDEEP:
    MD5:F60B6BA3ADBFC856849D70E99902A88B
    SHA1:1CB8213EB5B6ACA92C93C1D0E9C9A738F54D5464
    SHA-256:81E85DD6CFB5939B2E40531AB5C405CD2F379B52F0198C5EA8E5103FF5C7552D
    SHA-512:A828CB7B246B6FAE028C2D7D6750B6077AF95248AE4F868BF0E5EAF6C766325B9713592D000966EF68A8279E6F7ECF161DBF35734027882A217AC298BD13A82E
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]...[...t...........................................I.z..uK..qG..qG..qG..qG..sI.>.r............................!.]..yO..yO..yO..yO..yO..yO..yO..yO...W....................+.f...X...X...X...X...X...X...X...X...X...X.".`.............c...".b.".b.".b.".b.".b.".b.".b.".b.".b.".b.".b.".b.Q...........5.s.-.m.-.m.-.m.-.m.-.m.-.m.-.m.-.m.-.m.-.m.-.m.-.m./.o........8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.8.y.......E...E...E...E...E...E...E...E...E...E...E...E...E...E.........Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q..........]..]..]..]..]..]..]..]..]..]..]..]..]..]..........o..i..i..i..i..i..i..i..i..i..i..i..i..k..............s..s..s..s..s..s..s..s..s..s..s..s......................~..~..~..~..~..~..~..~..~..~........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.521592932781257
    Encrypted:false
    SSDEEP:
    MD5:0FCE6C8C9032A017EE67802117839EEB
    SHA1:CEAA8DC304B0E9C34EFD866CA4039C3F14578577
    SHA-256:851B326EFD84A20DAE40A7E94751F567433916E7A6A5847A386031E993F3F895
    SHA-512:314973F3D267ED57CBC77EBEB2EA8F79AF45C17FD2337BE0C8F07FABAC5193D58839F195AC98ADE5AE18F0650B7F4E27AC5847F9577848B19D1E10F7510B2874
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]...[...t...........................................I....Kt..Gq..Gq..Gq..Gq..Is.>v..............................!_...Oy..Oy..Oy..Oy..Oy..Oy..Oy..Oy..X......................+h...X...X...X...X...X...X...X...X...X...X.."a..............c..."b.."b.."b.."b.."b.."b.."b.."b.."b.."b.."b.."b..Q...........5s..-m..-m..-m..-m..-m..-m..-m..-m..-m..-m..-m..-m../o..........8y..8y..8y..8y..8y..8y..8y..8y..8y..8y..8y..8y..8y..8y..........E...E...E...E...E...E...E...E...E...E...E...E...E...E...........Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...........]...]...]...]...]...]...]...]...]...]...]...]...]...]...........o...i...i...i...i...i...i...i...i...i...i...i...i...k...............s...s...s...s...s...s...s...s...s...s...s...s.......................~...~...~...~...~...~...~...~...~...~.........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.305075468734779
    Encrypted:false
    SSDEEP:
    MD5:001444AD05AFB8D97C3194DFF3221CF3
    SHA1:8D5CF10687F40B172A3C1D9DA04D0E55E0E49083
    SHA-256:05AFE6704ADDF834CA94D222222CA1FFB8DBB576CD3BF7F59717B0FED9FB1706
    SHA-512:76D40786B2F8CA3224DB7D37B927285502710AA576ADB552570542255B047DE31C43C0B77F63D4D7AE501170FA9AEFA8A5C0DDE0EDC2700D0CB3E869140489AF
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]m..[k..t...........................................IU....t...q...q...q...q...s.>H..............................!%....y...y...y...y...y...y...y...y.........................+/.........................................."%..............cq..""..""..""..""..""..""..""..""..""..""..""..""..Q\..........56..--..--..--..--..--..--..--..--..--..--..--..--../0..........88..88..88..88..88..88..88..88..88..88..88..88..88..88..........EE..EE..EE..EE..EE..EE..EE..EE..EE..EE..EE..EE..EE..EE..........QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..QQ..........]]..]]..]]..]]..]]..]]..]]..]]..]]..]]..]]..]]..]]..]]..........oq..ii..ii..ii..ii..ii..ii..ii..ii..ii..ii..ii..ii..kl..............ss..ss..ss..ss..ss..ss..ss..ss..ss..ss..ss..ss......................~~..~~..~~..~~..~~..~~..~~..~~..~~..~~........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.290168638824781
    Encrypted:false
    SSDEEP:
    MD5:9FA4520922D07E660F23B90AF5169D26
    SHA1:BB9656C0AFF3C451015AA111051D313020C13D65
    SHA-256:57CA98353E83B748B7AD0F2D4B198F9F43FEC2A9C926268A9186A6C079B55871
    SHA-512:738879FE298764B46C76EF2CB42336A4A6D93E81099FC6E6FF283BE05F1F39C8F06D20ED0DBA4AD7E0151C7410E41EA71895684352B6315F0E71C965E0000FE7
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]...[...t...........................................I....ut..qq..qq..qq..qq..ss.>...............................!....yy..yy..yy..yy..yy..yy..yy..yy........................+..........................................."...............c..."..."..."..."..."..."..."..."..."..."..."..."...Q...........5...-...-...-...-...-...-...-...-...-...-...-...-.../...........8...8...8...8...8...8...8...8...8...8...8...8...8...8...........E...E...E...E...E...E...E...E...E...E...E...E...E...E...........Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...Q...........]...]...]...]...]...]...]...]...]...]...]...]...]...]...........o...i...i...i...i...i...i...i...i...i...i...i...i...k...............s...s...s...s...s...s...s...s...s...s...s...s.......................~...~...~...~...~...~...~...~...~...~.........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.8241192548979
    Encrypted:false
    SSDEEP:
    MD5:E8756AC73C7F40D3E8A42CB8BEBC5532
    SHA1:D7667308FDC31812A5F904C9167D4133A8EDB75C
    SHA-256:1B7553258CF5D2275B42EC92CDD59E96AB4C4291978F4428732DD16E09695F65
    SHA-512:80B1B02530F2C75579610DEC4C8C14CB10A3E9CAE7E52C795A30A87793A0A3E8D0A58AED1F082495D40F1CA63BE85A29F33EC3CB8A5D7D134579276C94C9164D
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... ................................................x...].g.[.e.t..........................................I.P..u...q...q...q...q...s..>.E...........................!.#..y...y...y...y...y...y...y...y.........................+...........................................".$............c.l.".".".".#v#..1...,...(...#...#..."...i..".".".".Q.X.........5.6.-.-.-.-.7.7.>R@.(<+. 3!..(...'...$..!o".-.-.-.-./.0.......8.8.8.8.8.8.@.A.CWF.,@..#7%..,...+...'..*x+.8.8.8.8.8.8.......E.E.E.E.E.E.K.L.L`O.<P>.?SA.8K9.5H7../..3.4.E.E.E.E.E.E.......Q.Q.Q.Q.Q.Q.Z.Z.i.k.R.T.n.o.n.o.p.q.E]G.E.F.Q.Q.Q.Q.Q.Q.......].].].].].].].].S.U.I.J.].].].].].].9X;.Z.Z.].].].].].]........o.q.i.i.i.i.i.i.g.h.D.F.i.i.i.i.\.\.6\8.h.h.i.i.i.i.k.l............s.s.s.s.s.s.v.v.f.g.M.M.N.O.MtO.g.h.s.s.s.s.s.s....................~.~.~.~.~.~.~.~....~.~.~.~.~.~.~.~.~.~............................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.509613927308355
    Encrypted:false
    SSDEEP:
    MD5:0A10C3603AA05818210430D3FBE58C3E
    SHA1:DDB8A82B2E13FE0EE63BDE5DF106D8C60D773E27
    SHA-256:80A650630F3A8D3D4963D57C3357A15ADE8E1B206CC867F77EE82ECA1B048A09
    SHA-512:D5220FFE03A89799B464847D886F11D1544250AF795090576D611931DC1F18A78FFAEBE6ADD83C33E3E7C8BD945EA872684F84BD1A84A4AEA29F3BC16E028018
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .........................................................................................................}...Z[[.WWW.WWW.WWW.WWW.YZZ.w.~.............................jml.___.___.___.___.___.___.___.___.ehg....................swu.hhh.hhh.hhh.hhh.hhh.hhh.hhh.hhh.hhh.hhh.npp.................sss.sss.bbc.+,,.&''.!"".............UVV.sss.sss.........................vvv.LNN.589.-//.#$%."#$.. .]]^.....................................QSS.:<<.133.'((.%&'."##.eff....................................Z\].IKL.MOO.FGG.BDD.*+,.noo.....................................~...uvv.............VXY.........................................vxx.................OQR.............................................vvw.............RTT.................................................stt.yyz.jkk...................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.906576650805738
    Encrypted:false
    SSDEEP:
    MD5:6B57A8746286C48144040E64F6F78B91
    SHA1:4D5A916F4C5422677997DADB3B7CB312CFB467CA
    SHA-256:F08A7729732AC3604DD07FA73A0E1A478878D1994C3BE3B2E54A827F5C029A39
    SHA-512:AA144F4F5713E9F6FFB2C036C99595AF6F7B3195FC7FBC81292102E9284964425A6CEF6EA0D3A1D8FAA4FD58BC95DBFBFCD95F2D1471381D0DFB4CE95111D80B
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]...[...t...........................................I.z..uK..qG..qG..qG..qG..sI.>.r............................!.]..yO..yO..yO..yO..yO..yO..yO..yO...W....................+.f...X...X...X...X...X...X...X...X...X...X.".`.............c...".b.".b.#vU..1(..,#..(...#...#..."...iI.".b.".b.Q...........5.s.-.m.-.m.7.i.>RK.(<6. 3,..("..'!..$..!oQ.-.m.-.m./.o........8.y.8.y.8.y.@.r.CWP.,@9.#70..,&..+%..' .*xZ.8.y.8.y.8.y.......E...E...E...K.}.L`Z.<PI.?SL.8KD.5HA../).3.c.E...E...E.........Q...Q...Q...Z...i.{.R.o.n...n...p...E]U.E.|.Q...Q...Q..........]..]..]..]..S.q.I.{.]..]..]..9XM.Z..]..]..]..........o..i..i..i..g...D.l.i..i..\...6\N.h..i..i..k..............s..s..s..v..f...M.k.N.p.Mte.g..s..s..s......................~..~..~..~.....~..~..~..~..~........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.940167878543867
    Encrypted:false
    SSDEEP:
    MD5:D1ADB07E2F7F8A18392AA8BD023F06B8
    SHA1:EE2CC5F4751FE43B7FEBC40471B1890278C92C95
    SHA-256:CB6CDA9AD35693608B47C8EB7552F1A1A838308291264BD651BA608BF97EBCB7
    SHA-512:740D300BF601C0E167BE3E0A13F512531D43C4CBA0C52B5B7E670C66C1C369D9F791FEECB9B58914E47AFA853CDF6585D8390F3D74FC66F0DB75259E4E31B3C8
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]...[...t...........................................I....Kt..Gq..Gq..Gq..Gq..Is.>v..............................!_...Oy..Oy..Oy..Oy..Oy..Oy..Oy..Oy..X......................+h...X...X...X...X...X...X...X...X...X...X.."a..............c..."b.."b..#Uw..(1..#,...(...$...#..."..Ii."b.."b..Q...........5s..-m..-m..7h..>KR.(5=. ,3..!).. (...%.!Qp.-m..-m../o..........8y..8y..8y..@r..CPX.,9@.#07..%-..#,.. (.*Yx.8y..8y..8y..........E...E...E...K}..LYa.<IP.?LS.8DK.5AI..(0.3b..E...E...E...........Q...Q...Q...Z...i{..Rn..n...n...p...ET^.E{..Q...Q...Q...........]...]...]...]...Sp..I{..]...]...]...9LX.Z...]...]...]...........o...i...i...i...g...Dl..i...i...\...6M].h...i...i...k...............s...s...s...v...f...Mk..Np..Met.g...s...s...s.......................~...~...~...~.......~...~...~...~...~.........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.805681496372659
    Encrypted:false
    SSDEEP:
    MD5:788CC367409564B3AA26F188AA648A38
    SHA1:829E6A611008B60B14729F5780D2A9A98ADFB343
    SHA-256:97CD1C209A4B44CD907D3C70E8411F34C017F642F8159F9AA304490BCDCB2BBC
    SHA-512:7BC394A66C0F83352519677C059648DFB83DCEB4DCB30FD3E8B5A387EF742A05B17A9EAA1C5324D299AD32DB790CF91D22312021C7F1B82D91282A2E49BB0BE3
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]m..[k..t...........................................IU....t...q...q...q...q...s.>H..............................!%....y...y...y...y...y...y...y...y.........................+/.........................................."%..............cq..""..""..##w...1...,...(...$...#..."...i.""..""..Q\..........56..--..--..77..>@R.(*=. !3...)...(...%.!"p.--..--../0..........88..88..88..@A..CEX.,.@.#%7...-...,...(.*+x.88..88..88..........EE..EE..EE..KL..LNa.<>P.?AS.89K.56I...0.34..EE..EE..EE..........QQ..QQ..QQ..ZZ..ij..RS..nn..no..pq..EF^.EF..QQ..QQ..QQ..........]]..]]..]]..]]..SU..IJ..]]..]]..]]..9:X.ZZ..]]..]]..]]..........oq..ii..ii..ii..gh..DE..ii..ii..\\..67].hh..ii..ii..kl..............ss..ss..ss..vv..fg..MM..NO..MNt.gh..ss..ss..ss......................~~..~~..~~..~~......~~..~~..~~..~~..~~........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):5.784654330162807
    Encrypted:false
    SSDEEP:
    MD5:60C81392D24F37FC0383FC5C7B9F324C
    SHA1:FE0D130DDC1C0FD6DDC422F11562F653EED05484
    SHA-256:1FC549E721FEF3EF2942C1A797EA5D5ADB7DC427E5EC80833E108CAE15BAE32D
    SHA-512:220C24B0A85D2509D58B67FB95FF1B057E0A91E1BA8277BFF7B58AA945EF1CAB05581DB098E657DF967FFEA0C4DC5926B444D376851A3FDB73F1D0F3AF169C8A
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .................................................x...]...[...t...........................................I....ut..qq..qq..qq..qq..ss.>...............................!....yy..yy..yy..yy..yy..yy..yy..yy........................+..........................................."...............c..."..."...#vw..11..,,..((..#$..##..""..ii."..."...Q...........5...-...-...7...>RR.(<=. 33..()..'(..$%.!op.-...-.../...........8...8...8...@...CWX.,@@.#77..,-..+,..'(.*xx.8...8...8...........E...E...E...K...L`a.<PP.?SS.8KK.5HI../0.3...E...E...E...........Q...Q...Q...Z...i...R...n...n...p...E]^.E...Q...Q...Q...........]...]...]...]...S...I...]...]...]...9XX.Z...]...]...]...........o...i...i...i...g...D...i...i...\...6\].h...i...i...k...............s...s...s...v...f...M...N...Mtt.g...s...s...s.......................~...~...~...~.......~...~...~...~...~.........................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Targa image data - Map 32 x 1452 x 1 +1
    Category:dropped
    Size (bytes):99042
    Entropy (8bit):7.511267952523423
    Encrypted:false
    SSDEEP:
    MD5:B0981809C624F578211668F77F5106D1
    SHA1:C0D56B0F87856030F15E59A62830AAD5673FF338
    SHA-256:297659832D5A3EF281AB3A3611514606C7A89A8E462B11CD42B4F3A47DAEB8DB
    SHA-512:9BFFAA6EE57160DD902B6D155D990D458B4C90EAC5DF50A6D4058D55B445A2458566AA2502D6CEB261BA238885A1463F4B32F7669F49B63B59A6A78A0CE7AD99
    Malicious:false
    Reputation:low
    Preview:............ .....V......... .h....... .... .....j...00.... ..%......@@.... .(B...@...PNG........IHDR.............\r.f...sIDATx....$.u.xr........4@.\D.$..(Y.%y...cE.!;.....a.B#.h..3..Y...a-.dJ.$.4M.h...l........*3..g............Y/_f.|..s..>/MS.n.......;}.....m..V.........}..U.X.V...........V.`u[.>..*..n...x.....n7..i..H.;.o/I.C...$...d8..76...B>..F.F+....F.....).r.\X._l.L.4...^...52\z-I......|.o{.....a.5. .....y-..j....i...Y..#.*...[....rq.....I2....Q/.h....V..n7........|g...q....~..!H..)z}.A..r.\/........'...|.aJ.....e.T_.M.C...@B.q..G.o..J....y.|>h.^.P._.....y1..'pH.t;.n+o..p.m,..).1.........v'.w~......S.R4.v.$..r$.9.T.....d.y.^. G...oT&%.#<....A.M.qA._...6...O.<q....?*.......',....._...q. &@........-c_/.r..B8],._/..g...J.....VY.......<.z..~.o.....]...._l?.Ec~..R!&.$a.K.M?H.......$...$...T....G..:...O.,..b.H.<....G.(...!.!.N$hp..zO.......~.S...x...Y.Z@5W..]c.....y....*.7....b17..A..C.....U.x.7.."...i.....~..V..?2y....bk<..\.!.o.e.4x.I*...`.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows icon resource - 5 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel
    Category:dropped
    Size (bytes):56636
    Entropy (8bit):7.343091884341035
    Encrypted:false
    SSDEEP:
    MD5:9327928221C44FD06BF51B674E54BFA1
    SHA1:76C8F72E3552DA729A19EDAF47F5C33AE76ED3E3
    SHA-256:4512389E7BC9B31D2CCE3541668D5D453583A7332F9C59D2C04F2E4928720838
    SHA-512:0C47E70E69833FA6F33DF7055006574BE3504D8ECD0A21F8254672E62DAF750EDE158129DDC8328356591A0D07695033FAE88B99E2193471CE93A7D6D673D531
    Malicious:false
    Reputation:low
    Preview:............ .....V...00.... ..%...... .... ............... .....L......... .h........PNG........IHDR.............\r.f...mIDATx..}..$U...:....yfwgsd3I...*..z..z..N=O..."....(A.$E.K\Y.X`#.....=....{U..Uu.lN3..lwWUWW.z..}.SP.".i.r./.HE*.."...H....P."M`*.@..4....E*..."...H....P."M`*.@..4....E*..."...H....P."M`*.@..4....E*..."...H..Nz.H&..\...f.PU..U..}iE:.R....v............z...}.'+.........t.*...#..?..E:9.......1..1:.,^.m7.....O'=....5&......bB....Tp./.H.A..i..L....{z...Dt......>.....A'=....L....I+........s).H'>.s.H. 0.g.....vR..d...;.....@..D..D....N...4..|Ux.W.}.x_R..". ...b..x.7PWW.SO=...c|.+'.(...F....Y../........X......P...R.]e.+=.y..G$.xa....?2....^C..*++.J.....|..\p....D@@.T. .+..~h\.../......|....p...x1...]....G....d......G.>22.x<..O.:....X.j...t.i....Ca...C.......x...X. V|...@@v.f2...............$.0V.X../......LRH...?IhB..m ......V.B. 0.0.....h...L .o.>~..z.000.'.x..~...1.&P...4...V.a=>..)..a...@.?..d...b~z.D.......h.....O..}/W..~?...Z.....`
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Adobe Photoshop Image, 20 x 20, RGBA, 4x 8-bit channels
    Category:dropped
    Size (bytes):23230
    Entropy (8bit):3.8334128867721526
    Encrypted:false
    SSDEEP:
    MD5:52425F2160227E1E5362D1AA2D9022FA
    SHA1:58A4E45ECD9B64C85E00CA355957649ECAD184A7
    SHA-256:3899BDF1EACE32028E549E983B0C5C2DAE1708E558F9BDF71FC025EAA2B2F745
    SHA-512:D507BC81BB2C02BBD9FCEA462591669DC142CD7C180D3D051EAAC59D5B7828F6103DE5F9812079D3DA9381CE4B71329C1915586E9F56D531F1204E4C21F4E6DC
    Malicious:false
    Reputation:low
    Preview:8BPS............................P.8BIM.%......................8BIM.$....6.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">. <xmp:CreatorTool>Adobe Photoshop 21.2 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-09-13T08:30:18-04:00</xmp:CreateDate>. <xmp:MetadataDate>2020-09-13T08:30:18-04:00</xmp:MetadataDate>. <xmp:ModifyDate>2020-09-13T08:30:18-04:00</xmp:ModifyDate>. <dc:format>application/vnd.adobe.photoshop</dc:format>.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2020:09:13 09:05:09], baseline, precision 8, 20x20, components 3
    Category:dropped
    Size (bytes):11831
    Entropy (8bit):6.067468795518371
    Encrypted:false
    SSDEEP:
    MD5:6D02D78110940CFDE6CE988511CA28EB
    SHA1:8FE2A76A147D19A51F984DCD353FBA26FB1A9341
    SHA-256:37C1737F5E37F20977DA7903B5EAA5CC5FC0194A7ECB1E10439A38F7A2B89F73
    SHA-512:1C5D49F5C880C9820611B785FCE70C567341F9894604CAE1966EB3E9B46623817375994944433C7C9072CDBC5AFBF291B88FAB4D6F1969F5E1361DFC0FB88594
    Malicious:false
    Reputation:low
    Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 21.2 (Windows).2020:09:13 09:05:09........................................................................."...........*.(.....................2...................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....u...?...f......k\.C...2.~.w.^........>.FN.s..S..;....Y..........&}i......nkIO}..>3..G...=_h.}?G.=OJ~...5.....B..rI)........z.f.~....O..F.....?....?.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2020:09:13 12:14:04], baseline, precision 8, 20x20, components 3
    Category:dropped
    Size (bytes):12341
    Entropy (8bit):6.0657860927336085
    Encrypted:false
    SSDEEP:
    MD5:62BC9FD0C63C09192787838C27C391FE
    SHA1:F91E1F6E4CA2298FE56468489D0A8D67F8D1F1BE
    SHA-256:5FFEF7F8C83128D98E1F8D3C9E7EE7F4F16479275713D0AE02EA086E99B82FFF
    SHA-512:C22EF72B33E6BD65261D0A77EAC2E70957928C528F19700929AF7CB3D7E33FF1EFAD7B03EFBD84B7070B9E7C8716AEE389F2B08E8F1298BBDCA72B8071EAC14C
    Malicious:false
    Reputation:low
    Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 21.2 (Windows).2020:09:13 12:14:04........................................................................."...........*.(.....................2...................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...G/..^-..=.YH..g..k.._P..U.."..nd7.>.F?.~..V.........~..~...n...............IO.....OXo..m6...Q..#.|?o...#ls...._8......S.?........R...$........"Photosh
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 41 x 43, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):6047
    Entropy (8bit):7.9421118961977495
    Encrypted:false
    SSDEEP:
    MD5:E8BAA11C64CED6BB4C60E71AD619DDCF
    SHA1:40CF5C7B71C96C9571A42D2E53763912589999DC
    SHA-256:4DD66B736258E56D6EB9BD8474DFA05C5304A0FF8D388308982255E0AD089F3D
    SHA-512:03DCC553DDCC7BC679F31373B077165F55EA5FACDCA849EE805021F9FAD8445CBA489CBC9FDC88473AA1D440458721167E3B305BD092A724C22B7CCB2C59B4A6
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR...)...+...........pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2020:09:13 09:04:43], baseline, precision 8, 20x20, components 3
    Category:dropped
    Size (bytes):11946
    Entropy (8bit):6.105536589772078
    Encrypted:false
    SSDEEP:
    MD5:5D3F38D260D76BB25F1CD1CF5644F9F7
    SHA1:1CE99AE825E0238D2CB81E44BDE1B41D588411B6
    SHA-256:095B412172AC923620873DB5130C92CC34996DBF3A424FE766E05B32F626107A
    SHA-512:E44969C8CE9EDDA578C47151DC4203B2C196AF0D2A465FEEA60E5ECB9790D96127C7859D429CFBB1DA5021943A8A54465C199788C6B56801403ABF0798F40ABB
    Malicious:false
    Reputation:low
    Preview:.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 21.2 (Windows).2020:09:13 09:04:43........................................................................."...........*.(.....................2...................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....M.X..Ny.g.......7;...b...q.23l...n,.{\......C............1j.8....:.........c......t}P......MLa.h..?.n{......M[.....Jv..W.~..K...lw..o...S....I.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Adobe Photoshop Image, 20 x 20, RGBA, 4x 8-bit channels
    Category:dropped
    Size (bytes):25806
    Entropy (8bit):4.084449947421316
    Encrypted:false
    SSDEEP:
    MD5:FCE7AD48140E17BFAD8900D070703F0B
    SHA1:3C6CA14C3EA129E70290AA57E6AB05E53EC1B776
    SHA-256:13A12F16F496A5D0F50E0D0545569CF7F7A9B29EB3558842F2521C2176136B82
    SHA-512:7F4EA2794B3775305D35278CCAB32312752461C223E024C15F33E3713C3B5AED5779BED156284BD7AEBE8BBD0074408319C7AEDB892FBDCC7D8301BD387AA187
    Malicious:false
    Reputation:low
    Preview:8BPS............................T.8BIM.%......................8BIM.$....:.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">. <xmp:CreatorTool>Adobe Photoshop 21.2 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-09-13T08:30:18-04:00</xmp:CreateDate>. <xmp:MetadataDate>2020-09-13T08:33:37-04:00</xmp:MetadataDate>. <xmp:ModifyDate>2020-09-13T08:33:37-04:00</xmp:ModifyDate>. <dc:format>application/vnd.adobe.photoshop</dc:format>.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2020:09:13 12:13:20], baseline, precision 8, 20x20, components 3
    Category:dropped
    Size (bytes):12389
    Entropy (8bit):6.087295904190733
    Encrypted:false
    SSDEEP:
    MD5:2F06F948B5BED70B269D3B8FC3B72635
    SHA1:2F57AFE3E771902CFAFAA23A2C6A52D6EE1471AD
    SHA-256:EFA73270D7F27CBEBE8AF9AE1111E4FA05E6736CA7643894F424869FF48D5B51
    SHA-512:AB462F514B851EDA336FD4B84F0BB08AE4B27F7251F154A236C0DC208951386CF92496C59F91D23C3A7CD12D3AB8C34A948576665DD7205325E84A63CFC1BD6B
    Malicious:false
    Reputation:low
    Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 21.2 (Windows).2020:09:13 12:13:20........................................................................."...........*.(.....................2...................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..*..g.A....o..v...7.c2.-u..Q!...?7...u.C2...2.^9.~..}5..c....l.I.F..o.$...G.m. ...>...D.)$....s..cz....n.>J......~+..IO.....~..;R_9........,
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2020:09:13 10:44:05], baseline, precision 8, 20x20, components 3
    Category:dropped
    Size (bytes):12017
    Entropy (8bit):6.127261394837562
    Encrypted:false
    SSDEEP:
    MD5:530C8EA7FD1B95A8D0BA57AB6793B209
    SHA1:A51FDD9DC2AA3A650F1DA4EBCC87A1E24AC94B47
    SHA-256:348435EE50161FA6B22A6D2E111F3BD5E058A0EE3551367A4EE4B181DA778959
    SHA-512:9BFFB69F1224010B0A0A053412DAA1F2AE433B0FD216CB446B5225D71F9F2FBFEC7FCD9CC71487B2C44BBD2DC07EE6E19F0EE5D97EFE3A05FECD3A7FA67776AF
    Malicious:false
    Reputation:low
    Preview:.....MExif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 21.2 (Windows).2020:09:13 10:44:05........................................................................."...........*.(.....................2...................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....z.p..wO...k.....6....;......,..f}x...?7......Y.W.X.q..~s=.....]...Z..E.1....O.).f..+..NB.f.u..^p.=2..e.v........?./...._..7.hH.G..y.7.^...
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):917
    Entropy (8bit):7.473649649167172
    Encrypted:false
    SSDEEP:
    MD5:6F301F32E8D23E8A955F1C3E16F7E543
    SHA1:8AF61A7675D011B342A6D52136079CA5B9400C4D
    SHA-256:8818A9D791C72037DF1C6C6A4224EACE8C4DE9DB0A25A8C6509FEDD3EC2C3D32
    SHA-512:9C6A40FA8B7E3BB714343BE4A9CB26D18AF19100A7A765CB50F987EA7676B8D0637A4629F13C4CB4EEB9D546F52AAB2F9F8A17BFF6E9E2DF2A725249E95C2291
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx.b...?.%. .X...O9*...;....q?........../..1,......."... Fd.$.......di.eI}Q[.nV~..._..N>..p....@.r..=X....@p.......s.5.7........}{....f...a......K.....2.........{.J.......T.........._ ....R..+#3...#.....\Z.....K.....H....1..R .A........o.?@.../.`.0.Jy3.zq.AG..PXG..o...^........XC.;.'...5.a.....@.............e<.2tK..|..`.....'C,H/@...............2xH.0dh..531.(.3.K....|g%......9...}./....@,P......?.F^f^.+...>6~.Z...!....Y.z.n.........`.....@..]...h....\.._~~d.v......`....c.u..........cx..9.u..(.. H........R.......^}}.0.t3..W...e....P.#.....)2l...... ....6....KN?........R..l@..>g.~..............<.N.;.p...g.........<!.L.......d. n#Yk......u...2.J.2|..'..dX.u.W&V...}O... .P..R.l..'..Kzh..C[..T..__0l...........s..?.'e..bD..M.....G..6........)....Pj.0.=...%3...#... ...u^..^.+....IEND.B`.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):3468
    Entropy (8bit):7.896005719366946
    Encrypted:false
    SSDEEP:
    MD5:FF2901DAE81FBA46B0D313E47E943E36
    SHA1:24CADFC616B50D59594C272CB097D872608DB6CC
    SHA-256:6B6708DE0C683589D9272CDCDF6816F24F12C4DF2935936E6F8008140B3BAEBC
    SHA-512:957FD0CB231E80CEAE6CC2E897D0263291C1ECBE732D50112499482BD03EFDCB029CFBD90F6E8CC5792140487A83F88F0D83ADC93DDE1BDC25E41452B2E2BAD8
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):3391
    Entropy (8bit):7.884081061045595
    Encrypted:false
    SSDEEP:
    MD5:B8C3D4156F4FE9F71A50573CB4612DB2
    SHA1:29097AD0337569E5D1F57076111F299ED48134F8
    SHA-256:BF53464E728C3B5B3B56C31521CC1FF49601F8A3987A0C6339802408B29C789E
    SHA-512:54262C94D457AB88A4D00A62D5678A4CEC7A7C310C19257595072A5A16AEDD1AF47CFCB4548B7D25B232119CAC9B55D524CDB9E0B169E8E3DA18FCE5A196F24F
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):3449
    Entropy (8bit):7.901270131566275
    Encrypted:false
    SSDEEP:
    MD5:63FAFFBEE8EBCF290853F4E473DF9F18
    SHA1:3BA51BA60A58F2EAF5B1F04155AD176DA504B20A
    SHA-256:2A68CB00B1E06AE06C604DF3BE15E58411038170AFBC5011D76D874840019C41
    SHA-512:834CD6C6331B53B3457CD19A258A324D063D9B92D73D7162677284EAEDC90AB1D6FAE133B2C355672413B8FE315B62EAC282FEBB13B0C5F2BF7413986D8F3F64
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):853
    Entropy (8bit):7.395293582739387
    Encrypted:false
    SSDEEP:
    MD5:67DC33984FC49E54ED9B594BE5748FF4
    SHA1:DDAE607ADCFC8448BAF7ACB6CD9F3B3E79D97894
    SHA-256:FEC1AA4A88A7ADD9E660C2B39055E58DD6B2902FBE1BA50B17D4876B15438A46
    SHA-512:3D01CACAA08BB31B1FCF57BB5C061B6BA2B68C01D91AE92C386345E924CAA9EE2D032C1BC836AE7D13337AD8F2CF2F5820F6A18C7E3A67C9EE1E5BFEA764996B
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.%. .X....6.1......?}............@|.......-BV..@....j.g..Z `.................r..gx{....Wo..g......@p....'..r..4.b`......#......@....../..W......?_.MV^.r.H.@...x.\.....l.......=..s.......b._.....?...^.8.rI...M.....d.......l..30<... (..........;.vM+..!i..[W...`..4.z.W&H/@.A..._=Vnn..k@...m..g`..c`..d`.....b`X5.(.....U.ve=....AZ...l..?........d......20.p20..CB..F...; r.L..~.....$..@`.....s.._.M..b.........A..................c{......]k..>.``.N..,0VV.d.)cb........@.0.........u........&00.....h...x~..N%-....\p... ..^.=...sDM...}g`....v... ..X.6...O%..g.....;... ....nLh.+/.l13#...W......?pj.....?9e._....g?0..N.9se.H.@..$.[.>.......................[.7..2.|.2I..UxR.. F..x..)...?...W.H.g@d.K@<]............`..WV.^o.u....IEND.B`.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):3448
    Entropy (8bit):7.898658777368717
    Encrypted:false
    SSDEEP:
    MD5:B248A9DED9B02A670EA154D8D75D8C08
    SHA1:2511C166CB1CE3FFF139018A505A2DFEA998A0FC
    SHA-256:5408197ED6CFFF26C715D645DE61FE9D169D561C4CF40664CE16C84EBD8056F9
    SHA-512:9A67F5D65810D80A3831E4D15770BBB91FCDBEB6031FE8CFDBE886A722796128A99B537937E7E8E96601470EE6048F41D0A58F25A658C9545BF3705A8B37A694
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):8716
    Entropy (8bit):5.1897335784965115
    Encrypted:false
    SSDEEP:
    MD5:2FE4CC2F3AC6B7536582627EECCCD24A
    SHA1:48B173E0632425D815D417487A4AD95C50F8CC18
    SHA-256:A90EF84275404EC55D3C40665807664E37A0B6E8694439FDF633326F759DB579
    SHA-512:14E4DD49B598794F7D1C3FF890258AF35A6E23A860038F6B7B2ED21E6396B5D4CCB726C75AB60727ABD18237A33CD0913ABEA73EEDE5AF0C0C0516ECE62D145F
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=celsmk..Date=2009/01/03..Description=Brazilian Poruguese Searchwords. Brazilian Portuguese Text...WindowsLanguageCode=pt_BR....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Tipo de rede..Authentication=Autentica..o..Encryption=Criptografia..Signal=Sinal..RadioType=Tipo de Radiofreq..ncia..Channel=Canal..BasicRates=Taxas B.sicas..OtherRates=Outras Taxas..Open=Abrir..None=Nenhum..WEP=WEP..Infrastructure=Infraestrutura..Adhoc=Adhoc....[Column_Names]..Column_Line=#..Column_Active=Atividade..Column_SSID=SSID..Column_BSSID=Endere.o MAC..Column_Manufacturer=Fabricante..Column_Signal=Sinal..Column_Authentication=Autentica..o..Column_Encryption=Criptografia..Column_RadioType=Tipo de R.dio..Column_Channel=Canal..Column_Latitude=Latitude..Column_Longitude=Longitude..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Taxas B.sicas de Transfer.ncia..Column_Other
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):10802
    Entropy (8bit):5.9244811047770485
    Encrypted:false
    SSDEEP:
    MD5:A812577CD89BB5C32D6D13B887DA5DE5
    SHA1:8556D2CEBEE8296E3B7EC7DFF876690BB1984875
    SHA-256:A540E5828E90E01FE0999C597C196579653C77ED54C13A00318FDA47D9C7AAEA
    SHA-512:C78CC0EDD60BD9C2E53BA2C74FBB07AB0607E2EBBBFC818EE3E20476FF0317515FD909D3A12F76D6538E51AEBB00BA9ED71007C15E318DE35CA63AAFAEFEAD63
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=..... ........Date=2010/04/24..Description=......... ........WindowsLanguageCode=bg_BG....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Network type..Authentication=Authentication..Encryption=Encryption..Signal=Signal..RadioType=Radio Type..Channel=Channel..BasicRates=Basic rates (Mbps)..OtherRates=Other rates (Mbps)..Open=..........None=......WEP=WEP..Infrastructure=................Adhoc=..-.....Cipher=Cipher....[Column_Names]..Column_Line=#..Column_Active=.........Column_SSID=SSID..Column_BSSID=... .......Column_Manufacturer=..............Column_Signal=........Column_Authentication=................Column_Encryption=..........Column_RadioType=... .. .........Column_Channel=.......Column_Latitude=........Column_Longitude=.........Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=....... ....... .. ..........Column_OtherTransferRates=..... ....... .
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):10986
    Entropy (8bit):5.681683093511014
    Encrypted:false
    SSDEEP:
    MD5:63AF4939BFF9F70D7B4809369055C639
    SHA1:235C90509AB281732D5163249C30A94030095A7D
    SHA-256:E86935705A67686D52BE53FD53CF54C72DC60B753234D03D99E6AE1EE0FB3408
    SHA-512:8E9D31E5323077D16B54019935F29505A658F1F2BF1A571F2FDC01A4237E13BE21E6B81DBF1BB654FD38AD7B4751BD1C964BD140CEC41C8F1719E31246A50703
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=nim311..Date=2011/11/25..Description=.c....y..(Beta).C..WindowsLanguageCode=zh_TW....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Network type..Authentication=..........Encryption=.[.K......Signal=Signal..RadioType=Radio Type..Channel=Channel..BasicRates=...t.v..OtherRates=..L.t.v..Open=Open..None=.S....WEP=WEP..Infrastructure=Infrastructure..Adhoc=Adhoc..Cipher=Cipher....[Column_Names]..Column_Line=#..Column_Active=Active..Column_SSID=SSID..Column_BSSID=Mac..}..Column_Manufacturer=.s.y....Column_Signal=Signal..Column_Authentication=..........Column_Encryption=.[.K......Column_RadioType=Radio Type..Column_Channel=Channel..Column_Latitude=.n....Column_Longitude=.g....Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=.....t.v..Column_OtherTransferRates=..L...t.v..Column_FirstActive=First Active..Column_LastActive=Last Updated..Column_N
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):10109
    Entropy (8bit):5.437032248573673
    Encrypted:false
    SSDEEP:
    MD5:1D29771390573FA68B30DB6A00FA6B4C
    SHA1:62258D2DC1FB615C1C8FBFAD369FABE92D3EB7D2
    SHA-256:C483572FA647298934A8D1BCE7D78626216CBCE35D051AB75CD00DAA7D4A97B4
    SHA-512:1CB276BC9D8B85A382B381C77DAD644679E9A9D6462748F43779A5BF7443B19AB982AD6A84036C94A38F5249BC20A45CC2092551AD74BDD5626AE7F5DB7C8C94
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=PS72..Date=2010/01/31..Description=.esk. SearchWords. .esk. Text. .esk. jazyk. aktualizace 2010/01/31..WindowsLanguageCode=cs_CZ......[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Typ s.t...Authentication=Ov..ov.n...Encryption=.ifrov.n...Signal=Sign.l..RadioType=Typ za..zen...Channel=Kan.l..BasicRates=Z.kladn. rychlosti..OtherRates=Jin. rychlosti..Open=Otev.en. ..None=..dn...WEP=WEP..Infrastructure=Infrastructure..Adhoc=Adhoc..Cipher=Cipher....[Column_Names]..Column_Line=#..Column_Active=Aktivita..Column_SSID=SSID..Column_BSSID=Mac Adresa..Column_Manufacturer=V.robce..Column_Signal=Sign.l..Column_Authentication=Ov..ov.n...Column_Encryption=.ifrov.n...Column_RadioType=Typ Za..zen...Column_Channel=Kan.l..Column_Latitude=Zem.pis. ...ka ..Column_Longitude=Zem.pis. d.lka ..Column_BasicTransferRates=Z.kladn. rychlosti..Column_OtherTransferRates=Jin. rychlosti..Column_FirstActive=Prvn. aktivita..Column_LastActive=Posledn. aktivita..Column_NetworkType=Typ s.t...Column_Labe
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):3231
    Entropy (8bit):5.247773872800168
    Encrypted:false
    SSDEEP:
    MD5:5456254D61404009808D03A084C10803
    SHA1:E25DB812FAF3B82E715621AE9D226A7FB998E6E2
    SHA-256:36040C76E398C1B20FB3A7A2084AC1507CA313B6FB4F9A58CE0EB1FF611D2E16
    SHA-512:23ED08EFEE212C3CE9B6DBE515801E2D093FC3F67BE373C65FF5020AC9385E659EEE39B5E8455AC9D4819F2777EB96734ECD536DCFC2CDAA2E14F27097BF613A
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Anders Christensen, Modified by 64Power..Date=2008/10/01..Description=Danske s.ge ord. Dansk Text. Standardsprog.....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Netv.rkstype..Authentication=Godkendelse..Encryption=Kryptering..Signal=Signal..RadioType=Radiotype..Channel=Kanal..BasicRates=Grundl.ggende hastigheder (Mbps)..OtherRates=Andre hastigheder (Mbps)..Open=.ben..None=Ingen....[Column_Names]..Column_Line=#..Column_Active=Aktiv..Column_SSID=SSID..Column_BSSID=Mac Address..Column_Manufacturer=Fabrikant..Column_Signal=Signal..Column_Authentication=Godkendelse..Column_Encryption=Kryptering..Column_RadioType=Radio Type..Column_Channel=Kanal..Column_Latitude=Bredegrad..Column_Longitude=L.ngdegrad..Column_BasicTransferRates=Grundl.ggende hastigheder..Column_OtherTransferRates=Andre hastigheder..Column_FirstActive=Set f.rste gang..Column_LastActive=Set sidst..Column_NetworkType=Netv.rkstype..Column_Label=M.rke....[GuiText]..Ok=&Ok..Cancel=Annuler...File=Fil..SaveAsTXT
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):14540
    Entropy (8bit):5.134168202113126
    Encrypted:false
    SSDEEP:
    MD5:9A02857478AB4E1C8F4F5582D72A9BE7
    SHA1:D245F5777ED853FA517FC1572D0136CDBC7DB680
    SHA-256:CE4F2D69F589CEAEECB0DE4A66D07F4AF11B39B87A8EE03AF2D643FF5D92C41D
    SHA-512:DF3EA8CE4EBC120819C5F760BBCD58F7FE2B5DEBA90F0B12BA492721EB1B1D78092971646B49114D93C78700E64FCF8609108CC2B7E1E29BADD496A1D864BA03
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=gAlAX-e..Date=2012/11/13..Description=Deutsche .bersetzung f.r v10.4b3 (Vorversion von FP (f.post@live.de) f.r v9.0)...WindowsLanguageCode=de_DE....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Netzwerktyp..Authentication=Authentifizierung..Encryption=Verschl..Signal=Signal..RadioType=Funktyp..Channel=Kanal..BasicRates=Basisraten..OtherRates=Andere Raten..Open=Offen..None=Keine..WEP=WEP..Infrastructure=Infrastruktur..Adhoc=Adhoc..Cipher=Cipher..RSSI=RSSI....[Column_Names]..Column_Line=#..Column_Active=Status..Column_SSID=SSID..Column_BSSID=MAC-Adresse..Column_Manufacturer=Hersteller..Column_Signal=Signal..Column_Authentication=Authentifizierung..Column_Encryption=Verschl.sselung..Column_RadioType=WLAN Typ..Column_Channel=Kanal..Column_Latitude=Breitengrad..Column_Longitude=L.ngengrad..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Basis Transfer
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):13917
    Entropy (8bit):5.135859118092488
    Encrypted:false
    SSDEEP:
    MD5:F13EFD24E015FC2F842D19C62FED11FA
    SHA1:1990B043E822503DD6E0B9D9B3CA6E7FE784D1A1
    SHA-256:C0AC2E4A11B0CDBC08E101605969F0498900811EA484DED00869148923D6D0B7
    SHA-512:40109392B00E0F4773BA1C175F9AA73C2B52DC4A00B0F04D6D20C95253BA8B3268821F6716FEC5B8EF8EA5AF5993B3105B5A0BBA8FBBC13BB8698F9B17D32816
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Smithy..Date=2013/06/03..Description=Aleen voor Nederlandstalige versies van Windows Vista/7/8..WindowsLanguageCode=nl_NL....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Netwerktype..Authentication=Verificatie..Encryption=Versleuteling..Signal=Signaal..RadioType=RadioType..Channel=Kanaal..BasicRates=Basissnelheden..OtherRates=Overige snelheden..Open=Open..None=Geen..WEP=WEP..Infrastructure=Infrastructuur..Adhoc=Adhoc..Cipher=Cipher..RSSI-RSSI....[Column_Names]..Column_Line=#..Column_Active=Actief..Column_SSID=SSID..Column_BSSID=MAC-adres..Column_Manufacturer=Fabrikant..Column_Signal=Signaal..Column_Authentication=Authenticatie..Column_Encryption=Encryptie..Column_RadioType=Radiotype..Column_Channel=Kanaal..Column_Latitude=Breedtegraad..Column_Longitude=Lengtegraad..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Basis overdrachtsnelheden..Column
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):14321
    Entropy (8bit):5.141448119062194
    Encrypted:false
    SSDEEP:
    MD5:76773D2D4D673CC7DD57BC47F11866BD
    SHA1:A4CE6C80975E399D9721AB5A9521F310D5482E11
    SHA-256:CD8A6953D7E5277D29F06394578373479093A36B798E7E30DB362991715AEF40
    SHA-512:D583616330EB2232A1C6E0DAC46CE5160682090192011798691B4208A140F51285D9AB5E542A38B0240C3CB5C73B91794834AC8BA3C7EA92C6F970C9800074BD
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Andrew Calcutt..Date=2020/09/06..Description=English SearchWords. English Text. Default Language...WindowsLanguageCode=en_US....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Network type..Authentication=Authentication..Encryption=Encryption..Signal=Signal..RSSI=RSSI..RadioType=Radio Type..Channel=Channel..BasicRates=Basic Rates..OtherRates=Other Rates..Open=Open..None=None..WEP=WEP..Infrastructure=Infrastructure..Adhoc=Adhoc..Cipher=Cipher....[Column_Names]..Column_Line=#..Column_Active=Active..Column_SSID=SSID..Column_BSSID=Mac Address..Column_Manufacturer=Manufacturer..Column_Signal=Signal..Column_HighSignal=High Signal..Column_RSSI=RSSI..Column_HighRSSI=High RSSI..Column_Authentication=Authentication..Column_Encryption=Encryption..Column_RadioType=Radio Type..Column_Channel=Channel..Column_Latitude=Latitude..Column_Longitude=Longitude..Column_LatitudeDMS=Latitude (DDMMSS)..Column_LongitudeDMS=Longitude (DDMMSS)..Column_LatitudeDMM=Latitude (DDMMMM)..Column_Longit
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):12182
    Entropy (8bit):5.135259421848642
    Encrypted:false
    SSDEEP:
    MD5:DE6E07902C93533DB38C119EE135E103
    SHA1:3DCF34CC891DFE6A15F9806F8F5E1FD3EC5C3FF0
    SHA-256:55CA22E002A0EFE3F1428811545E3555BFF8FF5AAB57DCF0E3736E12EDBAC8EC
    SHA-512:120BC2F4995A747FE935015A7E3588F180768BBC4357C62403D18887EAF8F26FEF42DED9EC2EE80DB819127B0A3021E46CEAFA1E473F992833690F113EF09DAD
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Lobotomise..Date=2010/05/02..Description=Recherche en Fran.ais. S.lectionnez les mots de la recherche netsh. ..WindowsLanguageCode=fr_FR....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Type de r.seau..Authentication=Authentification..Encryption=Chiffrement..Signal=Signal..RadioType=Type de radio..Channel=Canal..BasicRates=Taux de base (Mbits/s)..OtherRates=Autres taux (Mbits/s)..Open=Ouvert..None=Aucun..WEP=WEP..Infrastructure=Infrastructure..Adhoc=Adhoc..Cipher=Chiffr.....[Column_Names]..Column_Line=#..Column_Active=Actif..Column_SSID=SSID..Column_BSSID=Adresse Mac..Column_Manufacturer=Fabricant..Column_Signal=Signal..Column_Authentication=Authentification..Column_Encryption=Chiffrement..Column_RadioType=Type de radio..Column_Channel=Canal..Column_Latitude=Latitude..Column_Longitude=Longitude..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Long (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Long (ddmm.mmmm)..Column_BasicTransferRates=T
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):15197
    Entropy (8bit):6.034859818927585
    Encrypted:false
    SSDEEP:
    MD5:F494D1E57970423EF533D22738029B1E
    SHA1:6C756614CD535DFF91CF251057009F14765CED5A
    SHA-256:64B853F1757EABA4193D42F52C5F6E0F5DBF8128E09AF35F3A91A0845EAF8E5F
    SHA-512:6D123DF8AF1AE063C97492E3A6C47F4230E5E3ECC0CA3FAF7D5B723528EF20091745F1E405D06C79393863EF4F7F390D2DD28D020C9297FE62931E4EDE4C7DB1
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Seferidis Kostas..Date=2012/09/10..Description=........ ......... ... .. Vistumbler v10.3 Beta 19. ...... ....... Netsh .. ......... .. ......... ...... ... windows ... ... ..... .... ........ ...... (. ..... ... ............... .......... .... ...... .......) .. .... ... ......... .. ...... .. ............ .. .......... ...... ........ ...... .... ...... ....... (cmd) "netsh wlan show networks mode = bssid" ... .. ...... ... .......... ...... Netsh . ... ... ....... "...... ......." ........ .. "....... ...... ........ Netsh" ... .. ..... ......... ... ... .......... ........... .... ........ ...... ... forum ... Vistumbler (https://forum.techidiots.net/forum/viewtopic.php?f=27&t=533). ..WindowsLanguageCode=gr_GR....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=..... .........Authentication=....... ............Encryption=...............Signal=......RadioType=..... ............Channel=........BasicRates=....... ...........OtherRates=..... ...........Open=.........N
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):15050
    Entropy (8bit):5.1071377787076955
    Encrypted:false
    SSDEEP:
    MD5:0D5DB66F5A92AF857714F5B107E47BF1
    SHA1:290709EA4C6C5CF3BBC4D2953F5140F94FAAE5A2
    SHA-256:11BB4115845A5C784B58C2ACD755B2FD599C097882F020CD07FBE3594B5A6868
    SHA-512:8D462F14B7917E8B67ED802ACCD7A8843D335C16BAFBAB39178849FD402183DE7894CF035E324594366CE4B43D430E66B0DC9E93716E5C2394878E108DDAF262
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Mimmo17 ..Date=2014/06/27..Description=Italian SearchWords. Italian Text. Updated for v10.5.1 Beta4 by Mimmo17..WindowsLanguageCode=it_IT....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Tipo di rete..Authentication=Autenticazione..Encryption=Crittografia..Signal=Segnale..RadioType=Tipo Frequenza Radio..Channel=Canale..BasicRates=Velocit. di base..OtherRates=Altre Velocit...Open=Aperto..None=Nessuno..WEP=WEP..Infrastructure=Infrastructure..Adhoc=Adhoc..Cipher=Cipher..RSSI=RSSI....[Column_Names]..Column_Line=#..Column_Active=Stato..Column_SSID=SSID..Column_BSSID=Mac Address..Column_Manufacturer=Produttore..Column_Signal=Segnale..Column_Authentication=Autenticazione..Column_Encryption=Crittografia..Column_RadioType=IEEE 802.11..Column_Channel=Canale..Column_Latitude=Latitudine..Column_Longitude=Longitudine..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransfe
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Non-ISO extended-ASCII text, with CRLF, NEL line terminators
    Category:dropped
    Size (bytes):9601
    Entropy (8bit):6.251716451469638
    Encrypted:false
    SSDEEP:
    MD5:D7A0685614DE8DFD25F17389619CFAF2
    SHA1:0E763423CF5B93E60FCBE817DB14F38013AE8327
    SHA-256:D04DEE63BD96658B0D15D86537B08114B56495D23CD02635A0FAED903A44D34F
    SHA-512:3CC510B8A0FDDE371AF1244257C6B0E82FC15511354735FA383007EDFA2F2AF18FE27A31170A1A2F4F88296619BB72FA8DE434E8C2C71969494EC8A88F9BF9BC
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Takekatsu HIRAMURA (thira@plavox.info)..Date=2009/07/05..Description=...{.........[.h....{...e.L.X.g.B..WindowsLanguageCode=ja_JP....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=.l.b.g...[.N......Authentication=.F....Encryption=.......Signal=.V.O.i....RadioType=.....^.C.v..Channel=.`...l....BasicRates=..{...[.g..OtherRates=......[.g..Open=.J....None=.....WEP=WEP..Infrastructure=.C...t...X.g...N.`....Adhoc=.A.h.z.b.N....[Column_Names]..Column_Line=#..Column_Active=.....Column_SSID=SSID..Column_BSSID=MAC .A.h...X..Column_Manufacturer=........Column_Signal=.V.O.i.........Column_Authentication=.F....Column_Encryption=.......Column_RadioType=.l.b.g...[.N......Column_Channel=.`...l....Column_Latitude=..x..Column_Longitude=.o.x..Column_LatitudeDMS=..x (DMS .`..)..Column_LongitudeDMS=.o.x (DMS .`..)..Column_LatitudeDMM=..x (DMM .`..)..Column_LongitudeDMM=.o.x (DMM .`..)..Column_BasicTransferRates=..{.].....[.g..Column_OtherTransferRates=....].....[.g..
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):8252
    Entropy (8bit):5.181364101322571
    Encrypted:false
    SSDEEP:
    MD5:8781A1BCAF591834CD9BAD2C1CFFA3BA
    SHA1:F3943F22B9522F84880085B94D0CB0E52EFF2463
    SHA-256:78C8962169A6EA1C22F8A971FB2E6442C4BD7A33DF5FFBB61CE52D59D3A2AA62
    SHA-512:E7454D6082A1E72C83F6840DFCD6AA2BFC43810EB9DE021E894A492D615E42B3787714AAB4B118C6704899FD5A6BC987190256E9508F6A8A24C86A46EB9975C8
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Norwegian..Date=2008/01/10..Description=Norske s.ke ord. Norsk Tekst. Standardsprog.....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Nettverkstype..Authentication=Godkjendelse..Encryption=Kryptering..Signal=Signal..RadioType=Radiotype..Channel=Kanal..BasicRates=Grundliggende hastigheter (Mbps)..OtherRates=Andre hastigheter (Mbps)..Open=.pen..None=Ingen..WEP=WEP..Infrastructure=Infrastructure..Adhoc=Adhoc....[Column_Names]..Column_Line=#..Column_Active=Aktiv..Column_SSID=SSID..Column_BSSID=Mac Addresse..Column_Manufacturer=Fabrikant..Column_Signal=Signal..Column_Authentication=Godkjendelse..Column_Encryption=Kryptering..Column_RadioType=Radio Type..Column_Channel=Kanal..Column_Latitude=Bredegrad..Column_Longitude=Lengdegrad..Column_BasicTransferRates=Grundleggende hastigheter..Column_OtherTransferRates=Andre hastigheter..Column_FirstActive=Sett f.rste gang..Column_LastActive=Sett sidst..Column_NetworkType=Nettverkstype..Column_Label=Merke..Column_LatitudeDMS=Lat (dd
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):5511
    Entropy (8bit):5.18823711106647
    Encrypted:false
    SSDEEP:
    MD5:9EA829E2B5C8933765120B31D3B77BBA
    SHA1:FB9C49D388E89D2BD7C4662FAF1207C6F4E6D95E
    SHA-256:5B4F08F42D21EAE4ECB6DE5743B6EF10BEAAFC566983E962FA390172B1DCD6A5
    SHA-512:B7FCD7D0A1C20AFFFC370CCDDC56ABBB86ECF24935491DF37E918A9C36FB953ECCD7F2387589C5BB84D16C5BA79BEC4DC9484F3615666686121B12E327B2F52A
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Krzysztof Witkowski ps. Lordwader..Date=2008/09/23..Description=Polish SearchWords. English Text.....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Typ sieci..Authentication=Uwierzytelnianie..Encryption=Szyfrowanie..Signal=Sygna...RadioType=Typ radia..Channel=Kana. ..BasicRates=Podstawowe szybko.ci transmisji (Mb/s)..OtherRates=Inne szybko.ci transmisji (Mb/s) ..Open=Otwarte..None=Brak..WEP=WEP....[Column_Names]..Column_Line=#..Column_Active=Active..Column_SSID=SSID..Column_BSSID=Mac Address..Column_Manufacturer=Manufacturer..Column_Signal=Signal..Column_Authentication=Authentication..Column_Encryption=Encryption..Column_RadioType=Radio Type..Column_Channel=Channel..Column_Latitude=Latitude..Column_Longitude=Longitude..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Basic Transfer Rates..Column_OtherTransferRates=Other Transfer Rates..Column_Firs
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):6344
    Entropy (8bit):5.997369828265136
    Encrypted:false
    SSDEEP:
    MD5:1DE1654068262C8B112E92801BA9D50E
    SHA1:06409E658BC28C935AE218A0882AC91059B83F5C
    SHA-256:433D7B87F73C7E61E6BDA091E23C1BBB8AF2B63670E04296BB0730F42A81C3E2
    SHA-512:72D3775E2A0DDF8DE59F2FA251A360FF5E51949F3F0D5F1E113BF92C82745CE760A05F5C3F81ABECD4FC222EB5C4A7984B9AE3199862AD5F1E6025DE640FF535
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Vlad "Utter" StepanoFF..Date=2008/09/15..Description=....... ... ... .... .. ........ .... ....... ... ... - ....... ....., ...... ......, .. . ...... ..... .. ....... ...., . ......... .........[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=... ......Authentication=................Encryption=............Signal=........RadioType=... .............Channel=.......BasicRates=Basic Rates..OtherRates=Other Rates..Open=.........None=.....WEP=WEP....[Column_Names]..Column_Line=#..Column_Active=............Column_SSID=SSID..Column_BSSID=MAC-.......Column_Manufacturer=...............Column_Signal=.... .........Column_Authentication=................Column_Encryption=............Column_RadioType=... .............Column_Channel=.......Column_Latitude=........Column_Longitude=.........Column_LatitudeDMS=... (.. .. ..)..Column_LongitudeDMS=... (.. .. ..)..Column_LatitudeDMM=... (ddmm.mmmm)..Column_LongitudeDMM=... (ddmm.mmmm)..Column_BasicTransferRates=....... ........ (..../.)..Co
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):3949
    Entropy (8bit):5.120589521465449
    Encrypted:false
    SSDEEP:
    MD5:6E447F4616033E2086648C5D9FAB75F1
    SHA1:1C2D66233DB131B0B43ECB58E1C0C43EB34739EA
    SHA-256:C7CA6A71DFA254A046FA0B12BBF74057CBFF6DCE61A42FE082DB839C2E52E522
    SHA-512:5EA992CF3B156218E2F60CE78BCF4F03CB44960FA2A8705BC965ACC0EFA2C27B745382EEF1300988A536B2A4494955F3CB0728E2F7B23E33077C7D7EAAF40879
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Orgional:ACalcutt, Revised by:dupin ..Date=2008/06/21..Description=Spanish Searchwords. Spanish (es_AR) Text...WindowsLanguageCode=es_AR....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Tipo de red..Authentication=Autenticaci.n..Encryption=Cifrado..Signal=Se.al..RadioType=Tipo de radio..Channel=Canal..BasicRates=Velocidades b.sicas..OtherRates=Otras velocidades..Open=Ninguna..None=Abierta....[Column_Names]..Column_Line=#..Column_Active=Activo..Column_SSID=SSID..Column_BSSID=Direcci.n MAC..Column_Manufacturer=Fabricante..Column_Signal=Se.al..Column_Authentication=Autenticaci.n..Column_Encryption=Cifrado..Column_RadioType=Tipo de radio..Column_Channel=Canal..Column_Latitude=Latitud..Column_Longitude=Longitud..Column_BasicTransferRates=Velocidades b.sicas..Column_OtherTransferRates=Otras velocidades..Column_FirstActive=Visto primera vez..Column_LastActive=.ltima actualizaci.n..Column_NetworkType=Tipo de red..Column_Label=Etiqueta....[GuiText]..Ok=&Ok..Cancel=&Cancelar
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):12590
    Entropy (8bit):5.099993460849815
    Encrypted:false
    SSDEEP:
    MD5:7276AB679D5F71B7A7AD8C24E6F36505
    SHA1:CE0AF047CEF0D62274FAB454C69AEEFF842D5380
    SHA-256:A17CD72DF5BA374D4FB50AF052F2E86EEC93899D24BA0B07B1AB52600C0A9C8B
    SHA-512:EC2640CA8BE8A665402D5307DA7BD2A6CFD5D67DBAAF4F0F1280D265909EFA3E268DD1358AAE36C442C9A734C300428940E0111439E91607AED3E62BD8B3FE91
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=Alberto Martin..Date=2011/09/11..Description= Palabras de busqueda en Espa.ol. Texto en Espa.ol. Lenguaje Espa.ol...WindowsLanguageCode=es_ES....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=Tipo de Red..Authentication=Autentificacion..Encryption=Encriptacion..Signal=Se.al..RadioType=Tipo de Radio..Channel=Canal..BasicRates=Ratios b.sicos..OtherRates=Otros ratios..Open=Abierta..None=Ninguna..WEP=WEP..Infrastructure=Infraestructura..Adhoc=Adhoc..Cipher=Cipher....[Column_Names]..Column_Line=#..Column_Active=Activa..Column_SSID=SSID..Column_BSSID=Direcci.n Mac..Column_Manufacturer=Manufactura..Column_Signal=Se.al..Column_Authentication=Autentificaci.n..Column_Encryption=Encriptaci.n..Column_RadioType=Tipo de Radio..Column_Channel=Canal..Column_Latitude=Latitud..Column_Longitude=Longitud..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Ratios de tran
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):14164
    Entropy (8bit):5.190580719330538
    Encrypted:false
    SSDEEP:
    MD5:458A2488636CF2DFC9CE1727E31711F9
    SHA1:41C611DE892768EAAD03C2FAB0E5E0C2C49797F2
    SHA-256:B324775818B22154EED8D689715EF106F2170236C4812949884454CA9E924C28
    SHA-512:F9A37DE27D2A3D5E5525AE6E1AC50EDF7BC7EA631E08987E8C0343BA7CBB04E2F7FFB9785CF11C83370877B89CAD1561B40AC4D14A2A6D988F801E471F1D6C07
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=.ke Engelbrektson..Date=2014/01/02..Description=Svenska s.kord. Svensk text. Standardspr.k...WindowsLanguageCode=sv_SE....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=N.tverkstyp..Authentication=Autentisering..Encryption=Kryptering..Signal=Signal..RadioType=Radiotyp..Channel=Kanal..BasicRates=Standardhastigheter..OtherRates=Andra hastigheter..Open=.ppen..None=Ingen..WEP=WEP..Infrastructure=Infrastruktur..Adhoc=Adhoc..Cipher=Kryptering..RSSI=RSSI....[Column_Names]..Column_Line=#..Column_Active=Aktiv..Column_SSID=SSID..Column_BSSID=Mac-adress..Column_Manufacturer=Tillverkare..Column_Signal=Signal..Column_Authentication=Autentisering..Column_Encryption=Kryptering..Column_RadioType=Radiotyp..Column_Channel=Kanal..Column_Latitude=Latitud..Column_Longitude=Longitud..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Standardhastigheter..Column_OtherTrans
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [SearchWords]
    Category:dropped
    Size (bytes):13673
    Entropy (8bit):5.263469665129201
    Encrypted:false
    SSDEEP:
    MD5:CBFD59AA6D7A3EBFDA4E4CDBEF18B053
    SHA1:4810F90840D8BFF72AE962711EC01EB50833F0F8
    SHA-256:1A67D64DB1DFE426AD36B353B9684CFF633940D17FD5BD13285D22BEFD7C1D62
    SHA-512:A8F5CBC3A2D6EF225FF3AC6DC2C5653D2F1AEF915E477E374C3881C45F2E2F381944ACBD3B8D2FA8DAF8CCFAECD630BE61BADCA1CA9A6D57550DCA1CD4A99617
    Malicious:false
    Reputation:low
    Preview:[Info]..Author=BSODX..Date=2017/06/14..Description=Turkish SearchWords. Turkish Text...WindowsLanguageCode=tr_TR....[SearchWords]..SSID=SSID..BSSID=BSSID..NetworkType=A. tipi..Authentication=Do.rulama..Encryption=.ifreleme..Signal=Sinyal..RadioType=Radyo Tipi..Channel=Kanal..BasicRates=Temel h.z..OtherRates=Di.er h.z..Open=A..k..None=Yok..WEP=WEP..Infrastructure=Yap...Adhoc=Adhoc..RSSI=RSSI..Cipher=Cipher....[Column_Names]..Column_Line=#..Column_Active=Aktif..Column_SSID=SSID..Column_BSSID=Mac Adresi..Column_Manufacturer=.retici..Column_Signal=Sinyal..Column_Authentication=Do.rulama..Column_Encryption=.ifreleme..Column_RadioType=Radyo tipi..Column_Channel=Kanal..Column_Latitude=Enlem..Column_Longitude=Boylam..Column_LatitudeDMS=Lat (dd mm ss)..Column_LongitudeDMS=Lon (dd mm ss)..Column_LatitudeDMM=Lat (ddmm.mmmm)..Column_LongitudeDMM=Lon (ddmm.mmmm)..Column_BasicTransferRates=Basit Transfer H.z...Column_OtherTransferRates=Di.er Transfer H.z...Column_FirstActive=.lk Aktif..Column_LastAc
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):12616
    Entropy (8bit):4.780648387454513
    Encrypted:false
    SSDEEP:
    MD5:BB3C7B8508B4A7014706BA8385C25108
    SHA1:83AAD1BDBEFCE45CFCE02316227B40B22255F2D8
    SHA-256:979661F7F75B5D3A27E63CEB57414ED5C8287DC82B907485C13879D052FCB49F
    SHA-512:08EAFCD4B2AE9F4B1991F6F966AF4612CCD82EE446AF7CADAD8CB9973D450DD9F589A6E34B3F70AFC505F5B420E99C4ED2A0913D5EB9F117CEE1146DC9FDDC93
    Malicious:false
    Reputation:low
    Preview: GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave,..Cambridge, MA 02139, USA..Everyone is permitted to copy and distribute verbatim copies of this license..document, but changing it is not allowed..... GNU GENERAL PUBLIC LICENSE.. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION....0. This License applies to any program or other work which contains a notice..placed by the copyright holder saying it may be distributed under the terms..of this General Public License. The "Program", below, refers to any such..program or work, and a "work based on the Program" means either the Program..or any derivative work under copyright law: that is to say, a work..containing the Program or a portion of it, either verbatim or with..modifications and/or translated into another language. (Hereinafter,..translation is included without li
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):73728
    Entropy (8bit):0.49657332417296846
    Encrypted:false
    SSDEEP:
    MD5:20E2713A51339876085D24D6B2803E70
    SHA1:6941AC4B0B4F73B7649D68961A972CCF1A0A6FF4
    SHA-256:9C1C37F7C40E9501EDB84E492418EC3B84112864DA9D5B18D4E3DC4E51C51644
    SHA-512:A97FF11199506E40125A4C8C57A9631ED10D9FB06FFC4681CDA6E3BB0908B6AFBC6A1C6A2BE56194FFBD201A43D0F4F3096F200820B8B228FC4715B21D176F39
    Malicious:false
    Reputation:low
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.Z.7V....(....`_5{6...|U.C...3?.y[..|* .|............f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):208896
    Entropy (8bit):0.9515940609258071
    Encrypted:false
    SSDEEP:
    MD5:D80DE9F0752EAC0A18126DE87C14AB4B
    SHA1:F7DA10EB50AE1D33699EAD4E33DA76E36E4374F1
    SHA-256:7675968CD1FB81E10125D424DCFF5D3A8702632E59CF2E1AE8F6E8DA4A8F9126
    SHA-512:415E852830606D557B471FC4E0278344652F4CF0727349A6DBBA0CF5DE5672220B7B6A3405AB11B05FA56A0C62D9B90ADF42E50F00C6B82BCD75F391DCC95CF3
    Malicious:false
    Reputation:low
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N/`.7...o.(.-.`..{6\...o.Cf4.3..y[;.|*..|.....A..c]K.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):237568
    Entropy (8bit):1.3529933908725982
    Encrypted:false
    SSDEEP:
    MD5:99F84276D412DB7D4D662B2637FF8C4F
    SHA1:A49BFFBB4EE49A46E0E5B2A21A0FA9AA09E303ED
    SHA-256:14064FEB455292141F3AC0B19CDA30E9393EF5FB18775ED1D979A38E0D76434A
    SHA-512:2FB56750997CA7592A2CCA5ABD9A837B62D6486261B4C9F5C262749625B0EE20D69A53B3D856A1A429922F8DBC44D648669BC111795405CA0CEA0F73C7977D95
    Malicious:false
    Reputation:low
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N/`.7...o.(.-.`..{6\...o.Cf4.3..y[;.|*..|.......rh]K.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):1622016
    Entropy (8bit):5.579862995597869
    Encrypted:false
    SSDEEP:
    MD5:70C5BCBC00B986CB3A541B266D13DCA3
    SHA1:D6038D71B6B5C9C6EA5136BF01B80E7B0CFA2E4E
    SHA-256:DF4D08DA37AFCB2783852E9A22376B213A204541228447AE4355CA8721D250B4
    SHA-512:D8986558665E595EEEEC051C187772989F3471BF752D1DBC2CB34B37F9A97175AD5643C74846FC272DD5401C00F6D3F0FE4253FC2B09CC806E9FDE2AF640474E
    Malicious:false
    Reputation:low
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.T.7...?.(....`.;{6....[.C6..3..y[k.|*L.|.....t.y_@..f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [WindowPositions]
    Category:dropped
    Size (bytes):2993
    Entropy (8bit):5.321387685829409
    Encrypted:false
    SSDEEP:
    MD5:71CC9EC08CB7B9F3C57A024B47A782EB
    SHA1:79303556F1BE10686A8BFEB29F89EDD63E9A535F
    SHA-256:E967C3E530AA39BFA1F686976B64B5FC3D57A2FE99BB0ECC8F556918CD7C41FC
    SHA-512:3BA85EC4AA478AB4BE6F56EFD73C370A1A2F736A20C31A82F22F091EAF425290C1E94F00AD191ABA19C972ABE254D2BF454F2E0F2735B302C9CEBAD787B9FC95
    Malicious:false
    Reputation:low
    Preview:[Vistumbler]..PortableMode=0..Netsh_exe=netsh.exe..UseNativeWifi=1..AutoCheckForUpdates=1..CheckForBetaUpdates=0..DefaultApapter=Wireless Network Connection..TextColor=0x000000..BackgroundColor=0x99B4A1..ControlBackgroundColor=0xD7E4C2..SplitPercent=0.2..SplitHeightPercent=0.65..Sleeptime=1000..NewApPosistion=1..Language=English..LanguageFile=English.ini..AutoRefreshNetworks=1..AutoRefreshTime=1000..Debug=0..DebugCom=0..GraphDeadTime=0..SaveGpsWithNoAps=1..TimeBeforeMarkedDead=5..AutoSelect=0..AutoSelectHS=0..DefFiltID=-1..AutoScan=0..dBmMaxSignal=-30..dBmDissociationSignal=-85....[WindowPositions]....[DateFormat]....[GpsSettings]..ComPort=4..Baud=4800..Parity=N..DataBit=8..StopBit=1..GpsType=2..GPSformat=3..GpsTimeout=30000....[AutoSort]..AutoSortTime=60..AutoSort=0..SortCombo=Sort by SSID..AscDecDefault=0....[AutoSave]..AutoSave=1..AutoSaveDel=1..AutoSaveTime=300....[Sound]..PlaySoundOnNewAP=1..SoundPerAP=0..NewSoundSigBased=0..NewAP_Sound=new_ap.wav..Error_Sound=error.wav....[MIDI].
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz
    Category:dropped
    Size (bytes):29232
    Entropy (8bit):7.495960364599988
    Encrypted:false
    SSDEEP:
    MD5:6F0F880FB2DF0355C2FBB967DA3D584C
    SHA1:9CF04F9F89EE0BD7D936E6F4FC23692660A31C7A
    SHA-256:5E5BC345B156AFC4DBF8B25AE79672C729F915CC7F612E7F70C9A134ABD9FCEE
    SHA-512:C674298497333EF8AA38B013FBC2D4F4FB892DB6C2CCB8157196A5D3BF3B0B7C30E768BC2715E30E0698759FC1CE71D62C889FF8931FD8CE15D6F2E89813FF26
    Malicious:false
    Reputation:low
    Preview:RIFF(r..WAVEfmt .............w......data.q..;.......................6.....?.........1.E...........-.L...G.;._.`.\.1.J.....-.......*.......6.%.o.a.7.O.....i...............j.....x.....F.L.S.h.#.v.....`.............M.....`.....).................s...!.L.............R.L.g.B...^.....g.l. .P.'...l...7.....|.b.o.u...5...m.f.....B.....).-.......c...r..._.u.h.P.^.k.R.x.+.?...,.....C...R.........p.>. ...7...W.j.O.!.:.K.L.T.U...).........................E.L.I...p.....n.................'.f.d.x.........q.i.y.....e.Z.-.-...........8.[...d.........G.6.).X.5...............W.l.e. .........k.....c...........................Q.J.c.]...........%.G.W....._.~.D...?.=.'.6.3.......F...F.).\.<.G...|.....r.......*...'.b.g.p............."...................}.......................,.8.......\..........w.N.k...5....N.N...H.......k...m..................%...Q.-..@.\.......5...X.m...o....y.Z......K.r........8.i.....a.*.s..e..K.2.C....'...........H....t..G........I...v......`..8.q.U..........a.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10520
    Entropy (8bit):3.663076595722529
    Encrypted:false
    SSDEEP:
    MD5:D1570AC2E73695069093CDB5B7E87B11
    SHA1:247A4188FFBB949E55E792CDB0A762DED5AF3E37
    SHA-256:9537CA0C73EF0DCC3B8BFFF882C68C74261282C78AE8E9B1B19636757E4F0829
    SHA-512:06E33227651E10F2B536BCE9B84AB914944A585FAB8B6A9E675FD513A0DD59BA0184EBBD89EA47F2B654DB7C219127F4F61F116182A1055679DF61183513891B
    Malicious:false
    Reputation:low
    Preview:RIFF.)..WAVEfmt ........"V.."V........fact.....(..data.(................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):11102
    Entropy (8bit):5.234517500163434
    Encrypted:false
    SSDEEP:
    MD5:0A4D19A25664DB98395C1815FD0E97DC
    SHA1:D099E90C2E40662065B439442A822A5BBE5FF989
    SHA-256:9AD0C4468607B565EE86C74BF81EBDF6E493D362EBA78E4EDA0B67B68F7B05AA
    SHA-512:61E49D11ACE00DA660054C1DD82CC4AF6AA0DC1C95BDB13DA3CD18BF34F99535B6CC1491E4C87B1E1A376AFE6265CB02DE923E00AD14AC194847139755D20CB1
    Malicious:false
    Reputation:low
    Preview:RIFFV+..WAVEfmt ........"V.."V........fact....$+..data$+................................................................................................................................................................................................................................................................................................................................~......................................................................{tru}..{vroot|..|tqtz....~|}..}sot....~vomt....{tpot|...}{xuvy~...~~~}}~........~............................................|}..~tg[WZbe_TJHKQW[]ZVSU^hptuttx~..........................}xuplea``bdeb[TOQYckmke_^dnx...~{z~...........................}||}.................................~tpoqroiaYOFBDKRRQNLKLORVY_fnstttw{..........................{tpmllkga\^dfbZSPS\gppg]Y^isz~.~ywz}.................~.......{xxz}..........................................~yskbXUSSSTURMGDDGKNTW[\Z\^ciqy~...............................zuqkfdehgea]YVWZ^acbaaaacgntwwvvvx|.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):8798
    Entropy (8bit):5.7459168688762885
    Encrypted:false
    SSDEEP:
    MD5:1687A3B3A1E9D16908B57227C69A790B
    SHA1:9D4CA241540089F04E87F9A7D9CC5C8868B0220E
    SHA-256:75B44B4BEA37D997AFD8DE8C60E49CB14C3E49203081ED5938C1188D389AB0C9
    SHA-512:48874D49FCA5789DDA850ADE5B48E823FA0BB99298F99BC4F86EAD99E2F3BE2203DB0419EDBEB24F30CC589067A0955B6E23D8CA02884CF9FAF8DAFFB1ED0791
    Malicious:false
    Reputation:low
    Preview:RIFFV"..WAVEfmt ........"V.."V........fact....$"..data$"..........................................................................................................................................................................}~~...~}|||{{||||{{zyyz{}}zyyy{}..}zwx{....~zxz.....~||~.....~~.....~}}~...}|{{{}~~}}||}~.................................................~......cNKYo..s\F<AN[a_[Y\aglnpru{........................{urqpoljhfdcbbaabfjortuuwz..........................}zwutrpnlkjjkjjjhfgkptvupjhmu~...uoqy.....yx{.....{yz}...|yxy|...}zyz~.....................................|~....................................{WEI`|..nM5/<P_aZQLNU^deedhq~...........................|vrnligc_[Y[^acb_]^agmruwwy|......................~~.}zwtqnjebaacgiid`^_cipuutsru{.............................~}}|}|xssvz....{x|................................sdeq}.v`F63;HRVPG>:8;ESblokfdly..........................yurojd]WUUWVUQLJKQY_ccbbemv...........................{wuuvvslbZX\aegbYSQV`ionhcchr|.......................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):12562
    Entropy (8bit):5.489651763647542
    Encrypted:false
    SSDEEP:
    MD5:E087095EBB943183C5CF877CB7F6D38A
    SHA1:F2894B213C6CEBCDF29C158BEBBF724622174D5D
    SHA-256:EB17ACEC3BD9329952BE0F3C7A29C48887C4135420C8B370951E566917B8E6E1
    SHA-512:4E40948E644FC5B34F1550D53C9AB000F6ACE8B0D4A48ED5A2B5045DFA4F28FF028B72E71A70DCF55BBC6DF98054CE2F5D90EBA8FD3E59911321955C3F9CDEB7
    Malicious:false
    Reputation:low
    Preview:RIFF.1..WAVEfmt ........"V.."V........fact.....0..data.0............................................................................................................................................................................................................................................................................................~}}|{xttvz.....{z|.......................|{|~~}{vrjdfkswyxtpnsy~...|~......................|wux|..|wqpqtxz{wvuwyzzywvw{.................................|zyywwvwxwwyzzzz|~...~}.................................................................xqonnlf_XTV\bed`ZX[aipuwwy}.....................~xtstvwtpjfdfhjlkijknquxxywxy}..............~~...}yvtqponkihhjmpsvvuuvx{~..........................................................................{vqnlllkjhd`]\[ZZZ\_djotw{~........................}zyz{zxuqlhffghiklmpty|}~}|{}...................~|{{{{{|{ywvuuuvwwwwyz|~..~}}~~...........................................................................................|xtr
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 16000 Hz
    Category:dropped
    Size (bytes):7590
    Entropy (8bit):6.737539787407415
    Encrypted:false
    SSDEEP:
    MD5:2B914B2BA7FC047C75F31FFD9909DA0C
    SHA1:EF11EA846BF6D57F84D0EA3154DCAC35DD83E916
    SHA-256:199E8FCA8A9419031CE80903BA2DBB62114AFA93F6327FD271E052A484B57995
    SHA-512:68883EE8CE554EC33AD4E0F4251275757ACE93DEBCF7C5B97B85DEF19774F200449C0CE46CFD980179B89FD88C5E0D6060BE0A12D7944E0E0522AF96C96C7E7B
    Malicious:false
    Reputation:low
    Preview:RIFF....WAVEfmt ....U....>......................q.fact........data......8....IryC...8.........]..%w0b..... .b..B......!......s.......@......... .......... .e..W...6VK.;q,..\?....(.#......h -.8#. M.nK.fI.\:K.....,..*W...h\d./.....f....>..s.....yw..8...BN...P...2.G..Gw..f..5......ly..1.PQ..Z.x...i.R`.v.(m..;...?=;.........O:Tr.N....% .R.>}.(M...Zy....(......C.h..A07?..G.....]o..%...[._........n....n.O.u. ..G..P.p.....8......D..........0..?.....1....X..W........K.s.]......(.x|........(v.....B(;..:.C...3......V..o.......(.2.B.. 3N..O?.2.vH..o..d#>...L.o8..R..F.#S..<........M....L........#Y..8.,.B.. ..T.....?..=?(w..r.KG.gW.Y. ....K..a...b'...e...[.J@.......4....E.......K..}....#XvF..&E .....(.J....D...=.....Y.|$..e".6..Xw.8.7^...0'#w.Q........).|..U}..!.fhe...8.F......D..0T:{S.........C...X..\*f..D..7B.$........Go....?.R...P.....v[..k.~....]..X}.O.pX....~..*..(.c......N.wP..S...A...o.....=.{.......v.8...G....8.8B.S.......8.[..Z.".T.......{.Am.&.:...
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):9248
    Entropy (8bit):5.551892851925483
    Encrypted:false
    SSDEEP:
    MD5:05EC000493145E96A10E934AA5403DE0
    SHA1:54D02B0640BBD526F3CD874AE296DBB1B843BFC2
    SHA-256:235109B6453331726C771CD87362A4561BE2DE6E249989FE088DA83324565A9C
    SHA-512:7B64D1B5159E8F52D1CC3AF4EC277C560402451AAC09CCC8E4C7547711FC8B7289E8CFC8224ED9983FE6EF4CA5551BEEA896CEEC8EA3BCDCB49976001151322D
    Malicious:false
    Reputation:low
    Preview:RIFF.$..WAVEfmt ........"V.."V........fact.....#..data.#.....................~......~.~.~~}}}~~~~.}.~.............................................~....}.~~.}}yy|z}||{yzxz{}|||}}}~.....~......~}}~~..~.~~}~....................................................................................................................................................................................................~}}}||||{zzyyyyyyyyxxxxyxyyyxyyyzzzzyxyzzzzzyyyyyyyyxxxyz{|{|}~.....................................{tojfb_[VRNLJJIIJJLMOSWZ_aeilpty~.....................{uplheda`_\[YXWWXZ[^`cfilortuw{}.....................}||{{{zyyxxwvvvwxyz|~.....................................yurpomljihgfdca```bdhkmonooprtw{}.........~~~..~~|ywtrppppqponnmkhikloprtvvvvxz{}........................................vgYOF=964369997679;>HVdox~...........................vlb[VTRONMMJFCDGJMPTY_dhnsx|........................{uronmhecb`^\\]^afjmnptxz|....................................}vmbXPJHGEDDFFFFINRSUX^fow~..................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10964
    Entropy (8bit):4.699464709129031
    Encrypted:false
    SSDEEP:
    MD5:0D8467EB443FBBADDC4AA1BE3E58AC48
    SHA1:CD1F51C6DC2EE0B9A5C2039B29E8B28E2BD1DC2A
    SHA-256:35C2C4B74462AA46CEB23C2CC7090753FE83976D5D28ACF99706C525337AF85F
    SHA-512:8D4328E71C308F7EC0A5B8DBFC3EEE7C0FD87578EE61D4F2D2E885530F11EB473256D3E5A1E9011685D17B3A5AA77BA8D354EEC92BE7103122A80FB2CDE7E9C9
    Malicious:false
    Reputation:low
    Preview:RIFF.*..WAVEfmt ........"V.."V........fact.....*..data.*.......................................................................................................................................................................................................................................................................................................................................................................................~~~}~~~~~}}||}}~~}}}}}}||}}}}}}}|||||||||||{{{{{{{{zz{{{z{z{{{{{{{{{{{{{{zz{{{{{{{{z{z{{{{{{{{zzz{{{{{{{{{zz{{{||||{{{{|||||||{{{{{{||||{|{||{{|||}}}}||||||}}}}}||||||}}}}||||||}}}|}}}}}}}}}}}}}}}}}}}}~~}~}}}}}}}~~~~~~~~~~~~~~~~~~~~......~~.........................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):8698
    Entropy (8bit):5.695238819894096
    Encrypted:false
    SSDEEP:
    MD5:0D3A3F167D7CB6AFA337A01A9AB85368
    SHA1:8D972861668CFD4A450EC5052788AD8226665229
    SHA-256:6C1D57390910070C5E72C2347A9733D119C2771E092FC3E79DADDEA158DC6988
    SHA-512:D7A6B9567ACAE19F20ADB3399C7BD7084561878889EB9F9286AE83C0873413FDF82BD2E4BB60085CF44E10AC301B537C01C6FB616988AB9183BB52557AE08A04
    Malicious:false
    Reputation:low
    Preview:RIFF.!..WAVEfmt ........"V.."V........fact.....!..data.!..................................................................................................................................................................................................................................|~~.....................................................................................................................................................................~.~.....~}{zwsw|.........................................~|{zufZTJNWanuz|~.......}................~{{}.............~}{y||.......................................................................................................................................|xuuvz|}~}||~.......~{zyxxyyyy{|~...........................................................}{wrnidaadfjmoooprtx|............|yurpponmlkjkmoruvvvvxz}~.....~~}|{zxvsqpopoonlkjkmoqtvwy{}............~}|{z{|~...................................nQ6&......,B\x...............zxz||wn`SHB@AEIOV_ky.....
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):8256
    Entropy (8bit):6.313492083711477
    Encrypted:false
    SSDEEP:
    MD5:F97318DC57F5EE170317F658FED6B4B6
    SHA1:4F7A6326E525556B1733AEE1E78EB00638713488
    SHA-256:16C811DA7550A873BFC7F22F22AF8E36700C55B042379C719D68C0307EB849BC
    SHA-512:01025DB16C06115F499A8FD4ED48094EB1E0BBE8028411FD1E151B1AF9BA2E5CE28A4309D02EFFB11EFA96D5A4B927676F8BF1BBA33DD38225BD17520BD4DCB6
    Malicious:false
    Reputation:low
    Preview:RIFF8 ..WAVEfmt ........"V.."V........fact..... ..data. .............................................~~.~..~~}~~~~.~~~~~~~~}||{z{zzzzyyyyyyyyzzzz{zzzzzzyxyxyxyyzzzzzzzzzyyyyxxwxxxxxxwwwxxyyzzzzzz{|||}||}}~.....................................................zuokfa^ZWUSRRRSUXZ]adhknrux{|....................~|{zxwusqomkjjihhghhjlmoqsuvxz{}~.....~~||{yyxvutssssssssttuvwxxyz{|}~........................................................{ncXOF;4-'&&).39@IR[fpz..............................}yuqmhc_[WUTSSUX[_diou|....................|ywvtsrqqrrssqqnmkigda_][[[\^adglpv|................~{xusrpqqruwz|.........................................yhXJ;-!........#.;IYhw............................~|zxuqnie`ZVQNKIIIKNRX^fnw...................{tmgc`]ZZXYZ[\^`begjlnoqrtvxy{}......................}|zxwvvvvwxz|......................................znbUG:-#.......#+6BO]kx........................}{ywvtsrpnmjgdb_][XWUUVXZ]bflrx....................~xsmhda_\[ZZZ[\^`acefgikmoprtvxz}.....................}ywusrrrrtu
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10000
    Entropy (8bit):5.7082361275252795
    Encrypted:false
    SSDEEP:
    MD5:67AC1DBB316DB0C617BD7B2526E9426E
    SHA1:B34B181231DEE34D20D79CE4787AC7CFA1FB77E5
    SHA-256:DBA0E4A1948E5CADB6900F0881A14D07A610ACC975BA8A38E34DB56FA4D43C5A
    SHA-512:0EC9E617A612797D82A567E518A980B97F097FAC9E8E867DC7100C6B6736E925ECB3EC7B5A8CFB171A90D527E08B21F57C2633DAA7C614902718FD9E4F8C834C
    Malicious:false
    Reputation:low
    Preview:RIFF.'..WAVEfmt ........"V.."V........fact.....&..data.&..............~~~}}{xtljgfklrux|}..................................~|}}}~~~}~~}~}~.................~}}||||..............................................................................................................................................~~}}||||}}}}}}}~~~~~~~~~~~~~~}|{{|||}|||||}}}~~~~~}}}}~~~~~~~~~~.~~~}}}}~~~~~~~.............................................................~{xurpnlieca`_^^^^^`abdfilpsvx|~...............~|zwusrqponmnmnnopqqsstvwxyz{|}~.........................................................zodYPH@93.+**,/4;CLU]gpz........................~{ywvuuttsrppnljigfecbaabcegjmquy~.....................|wsolifdba``bcfgikmprtvy{}~...............................}{{zyywwvutttuvwxyz{|}~..........................~~~~}}}}}}~~............................................{sjaYRKD>964469=AFLS[dmv.......................|wtqomkjhgfedddddddddddefghjlnprux{~....................}{yxvuutuuvxy|~..................................|
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):8816
    Entropy (8bit):5.5041644595000925
    Encrypted:false
    SSDEEP:
    MD5:A228ACF05D34FDF6CD6BF2D5B012182D
    SHA1:D17FEE54A8F3A67BCB6B4597927F9215295FBD78
    SHA-256:C65913EA3EEEAB3790F81DFFEE28369DFBE98C8482733FF6D3F4DA7A965B18DD
    SHA-512:CC0CA0537EF52C533C408D325C6DD0671A49EBCC214CF13D1D720F5DB38F65942AA728958F4B3E59137494C07B4A6C8C80FBFB605BCD2FFB2AEBDE5C8C2A42EC
    Malicious:false
    Reputation:low
    Preview:RIFFh"..WAVEfmt ........"V.."V........fact....6"..data6"......................................................................................~..........................................................~..............~......................~.......................................................................................................|oust||.......................{zyuxxyz|}~~......~~~}zusppsuyz|{z{{}}~~|{zzzz|}}}~}}~.......~~~~|~|}|{{{|{}}}}}~....~}}}}.....~~}~...~~~~~~~.....~....~~......~................~..~~~}.................................................................................................................................................................................................................................................................................................................................xqjc]XSNID@><<>@BEGKPUZ`ejnrux{~.........~}|zxvtsrqpmkhgdca_\YVTRPONNNNNOPRTX[^`dfiloruvxyyzzzzzxwvtsrqpnmkjiiiihhhhhhhhiijiiiiijkkllnnpqstvwxz{|~~........
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):8452
    Entropy (8bit):5.6894987930212935
    Encrypted:false
    SSDEEP:
    MD5:EAE824193CC6616E0D7FE77BDD405CEC
    SHA1:1F81A359C550929E4C230324FFA33E3172A5AB2F
    SHA-256:7E0A153CD48D7E1BC7B729A6D2B38C12443F5C537666EE56728B5E55F4E69852
    SHA-512:EE674FB52CA21BEB885C21E913A3A2696126CBE7364A0643639ADD601753AF24328EB88EDDD77B602B82193DBE9D249EC49676CD07B2FE5924CE872B975D8B22
    Malicious:false
    Reputation:low
    Preview:RIFF. ..WAVEfmt ........"V.."V........fact..... ..data. ..........................................................................................................................................................................................................................................................................................................~~~..............................~}}}}}~...................~}|||}|}~~.....................~~~~...........................~}}}}~............~}}}}~~................~}}||||}}~.....................~}}|{{{{{{|~...................~~}}|||{{zzz{|~.................}{zxxwwxz|~..............................~.......................................................}zywvwxy{|||{zywusrqqqsuwy{|~....~}|{||}~......~|yvsqpppqsvy|.............~|||||||||}~~}|||}~~......................................................}zwtrpoopqsuxz}......}zxvtrqqrssuwxwwwwwutsrrstuvxz{}~~|zxvvvwwxz{|~...}yvtssrpppquy}..........|||}~.........~|{zz{{{{{|~........................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
    Category:dropped
    Size (bytes):12504
    Entropy (8bit):7.070608218312203
    Encrypted:false
    SSDEEP:
    MD5:2CC77F1AD1320601F0B8305839817E0C
    SHA1:2CBB346A2F05B990906559B4755ABFABDA35C1AF
    SHA-256:CFACD17F2CE3FD9A28E967AFF1E9C4564C1BB330E1C8B39932ACD5B9EBF8A8B6
    SHA-512:2545C8C53E9593B8CA81BFDEEB1D81C5AE61DBC10A4FEFA3497272B0A43E81E9106888FCCF3CD9D18F4BEA50F35B5519D233847C541FFA187AF96B64C526A7B4
    Malicious:false
    Reputation:low
    Preview:RIFF.0..WAVEfmt .........+.."V......data.0..................................................................................................................................R.<...................M.....=...#.-...6...f.....#.U.1...U.Z...E.....C.........x...S...(.I...'...7.#.....u.......~...M...8.............p...#.....c...i...1.X...:...[.....p.6.B...~.........^...D.0.......3.....o...........p.@.........>.....H.D...o.........".......l.u.......e...c.....6.S...l.r.i.......e.....u.9...............`...n.....j...G.Q.....k.X.:.G.i...'. ...@.......T.f...Z.........Y...&.......<.O.n.}.W...N.....|...........-.........d...........6.............L.O...k...........).5..........._.....v..........N...........e.i.....~.....+.........u.............1.V...Z...}...T.&...x.....c.../.....:.......................................5.].....m./.\...4.....f.1......V...@.....d...........{....._.)...........x.....{.e...M.m.l.....w...D.....Q...)...L.....k........._./.:...Z.........e...}.....(...............6...f.......,.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 24 bit, stereo 44100 Hz
    Category:dropped
    Size (bytes):6172
    Entropy (8bit):7.171358729609349
    Encrypted:false
    SSDEEP:
    MD5:7CE71A70F59F705DAA06FD9ED565AD96
    SHA1:F1843576F8C9A93D604A8908DB46CC0AF34A6A05
    SHA-256:801CC0ACC8A491707A160BB46E35244D3C4E6728003361CC90FB73E20BF5E953
    SHA-512:C88A6B0C35FBB482E4648C62378C0FFD9E18896605E84E5B7B7C12EB2026E17C4E5EE7189814316D6E377CE7E483BDC72A76FD1337299E00B18AAA572E5F4A83
    Malicious:false
    Reputation:low
    Preview:RIFF....WAVEfmt ........D...........smpl<...A...........<...............................................data...._..w..%..v.......e........)................m.,...=..\.V.....h........^..+....c.....H:.B..R.....'..U..!...n..0.................z..9..L....+=.R......E.[3....D.....Y......U..f..N.5i..9..d....TF..<.}......m....{~.o......s....q%.?.........Z..i.....Z.....s....Z....(..~A........=....c..#e....7.....B+.B`...&........$..o-.(../..P.!(.7..>.?$;H..?..M.E<#.K..-..;8..jZ).9... ....%./......Z..\..1..z.\....~..K....-.#{.m..m..P..20.S..(f..o...&....,&;!H.-.A*.M-.g5.h+..8.;'^.4._.h.,Ct....Zh.P...............j..X..Bj....K.....h.).....~.tN........+......'M.!.,... .-..2..(....q.:3*Q....&.._...L..E.j....85...?...l....... ..&......}...y.......!&..^....E... ..#.T(.C*W$*.O.h.$<o-....&?..M0.................;..)E.. .c..8...y..@......zU.`....M.....R................... #..."P...S ...X`..h........f.2.........q.n.....`..}......P....V#.^...s.k.x.....q......u.@F........I.$..
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10500
    Entropy (8bit):5.1996315630067516
    Encrypted:false
    SSDEEP:
    MD5:58F1B206733CBBA03338961CFBD541F8
    SHA1:C64EE6EE357667618D0D0482ADA6B341E6FEAE6C
    SHA-256:23E87D50C36BA3401892F57739424AD88CBDA781B3E4DA03A029903F98A38D6F
    SHA-512:6B0C34D3C786AB951820E2C32276627F6A87485D233CF23E265C0DAEB4B3AC6B404D9B7FBDB6D3D87A4C3AE2FD2FD6DC411FCFB837F009AAC9D69E174654C57F
    Malicious:false
    Reputation:low
    Preview:RIFF.(..WAVEfmt ........"V.."V........fact.....(..data.(...............................................~.....~~~~.............................................................................................................~~~}}}}||}|||{{{{{{{z{{{{{{{{{|||||}}|}|}}}}}}~~~~~~~~..........................................................................................}{zzzz{zyxwwvvvvvvvuuvvwwxyyyyzzz{||||||}~~~.......................................................................................................................................~~}}}~~~~~~~~~~~..~~~~~~...~.........................................................................................................~~}}||{zyyyyyxxwvvvuvvvvvwwwxyzz{{{{{|}}}~~~~~~~....................................~~~~}~~~}}||}||||||||||||}}||||}}}}}}}~~~................................................................................}|zyyyyyyxwvutttttuuuuvwxyyzzzz{{|}}}~~~.........................................................~~~~~}~~~~~~}}}}}}}}
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10050
    Entropy (8bit):5.3143168817956115
    Encrypted:false
    SSDEEP:
    MD5:14538469332A0B9C8F408CA4616D8654
    SHA1:5ED1FDB6F56FFEF295335BE4FED5460531630F5A
    SHA-256:B6F000EA24272D15CDEAC5B2DBB106CD85905A87C94485403C00D0918FF74FEA
    SHA-512:3E94D810B471F75755CF2CD41941E5D66970E3842B334F9830D07CDEE76E3E239E2C6F500B46C21FA0D101F1E89253479F6E84C827EF250DBF8EB9E851DCE214
    Malicious:false
    Reputation:low
    Preview:RIFF:'..WAVEfmt ........"V.."V........fact.....'..data.'................................................................................................}~...|...~................................................~~~~}~~}}}}}}|{{{{{{{{{{zzzzzzzzzzyzzzzzzzzzzyyzzz{{{{{{||||}}}~.......................................................}|{{{zzyxvvuvwwwvtrqpqruwxyxxwwwxyzzzyxxyz|}}}}|zyxxxxxyyyyyxxxwwvvvvvvwxyyyzyyxxyzz{|}}~~}~}|||{{{zzzyyxwwvvvvvvvwwwxxyzz{{|}}~............................................xeUOLQV[]^^^__`_`chpy............}{zyxwuqnjd_[XWZ_gnv|.................~xsnlklmnoppqstvwz}.............|{yxwvusrrqqrsuvwy{}.......}zxwwxyzzyxwwwy{}~.................................................Z2...2FV]aafox}|xuy..........}rg`]aeklligefgjmoty..............}zwtqnkheeglrx}.................~{yxwvuttuwxz{|{zz{}.....~{zyxutsqoqrtvxzz|}.....................................................zL+..'BZpz~......~|..........vokgfgjmoqqolhffjox.................|xtponmnoqty.......}|~..........~{zyzzz{{{}
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10604
    Entropy (8bit):5.1795116235559036
    Encrypted:false
    SSDEEP:
    MD5:68411148C7B3ED671DFC91FCAE781732
    SHA1:DCF1612545AF4B07E4F7584B7CF793E872F5435B
    SHA-256:1806F02F4B59F68F33D0FA1313C2BD6C08AA6F2581122F2D359603B4F2226B14
    SHA-512:8A5F8F4DF92ACE63B65DA5723F135A704FA4AED65AC10E3BF3D3E991D26628AD1B40CBB39FFA1FA00E4FD7DACE44C509CDF2300ACED626114C1D47AB249561F8
    Malicious:false
    Reputation:low
    Preview:RIFFd)..WAVEfmt ........"V.."V........fact....1)..data1)................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):9680
    Entropy (8bit):4.970818632177068
    Encrypted:false
    SSDEEP:
    MD5:05855683ADC2779EB7D0047E6C0BAD0E
    SHA1:B39B0AF945203CC9A8FF952EE42FB4E03BC0812C
    SHA-256:D8E0D11BE4810AD1A1582354D8A6375843FDD4DA200D5D251065046493776DC1
    SHA-512:4FDD1BF2F72EB8DC03E2BB0144CF1547BEC33917342F9EF155E9635ED0C5C9ACA79DB4B5CF90E11BD3B1796CE6FEBF330C298270A8B3520C404B4A4F28C2F9B2
    Malicious:false
    Reputation:low
    Preview:RIFF.%..WAVEfmt ........"V.."V........fact.....%..data.%.........~~~}}}}||}|}}~}~~~......................~~...................................~~~~~}}}}~~~~~~~~....................................................................................}yvromjheca```aaabdfhkmoqtvz|.................................~}|{zyxvutsrrrqppppqqrrstvwy{}~......................~}|{zyxwvuuuutsssstttuuwwy{|}..............................................................|umf_YSOKFCAABEGIMQW^elsy.........................~}{ywvtttssrqppooonlkjjjjkkklnpsvx{~......................~{xurpnkjihhhiijkmoqsuwy|~......................~}{zxwvuuuuvwxxz|}................................................yqi`VLA71---.,,08DP[dnz...................{oe]VQNJGEDFKPTX[ahov{...............................}yvtsqnjgeddefggiknsx|....................}zwromlkkkjjklnpruvx{~.............................................................|odZOE:0&...&-36<HYm..................|qhaXNE?==@DHMQV^hs{.........................~~~.~|xtqonmkhdaabfhijmq
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):18390
    Entropy (8bit):4.362420505801615
    Encrypted:false
    SSDEEP:
    MD5:757AA148817BCBAAA70B2E7F08A11933
    SHA1:2163A4343C438BB02063DC3EB41E4AA75ACC6D15
    SHA-256:78E71D9FB678EA1AF5F90A015B9CD0DBADB72FD368BD47829FFD17283C2DDA83
    SHA-512:6645F5CD22BE3E5C29F7A504099F8B4C94650F4BA419ED9F690C41C6476B67DEA687AF0AB57F27C50E4C8C85AA3E5E5AB7885061C001143299BD6EB30DE68D2C
    Malicious:false
    Reputation:low
    Preview:RIFF.G..WAVEfmt ........"V.."V........data.G..}.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~............~..............................................................................................................................................................................~...~.......~..........................~................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):12478
    Entropy (8bit):4.706188089457518
    Encrypted:false
    SSDEEP:
    MD5:BBF27E60B5907E10A43B65CBA94C6915
    SHA1:C02E318CC1A82B2CA4BFD685D4C5FDB41D5952BE
    SHA-256:E2072617C68674C9F1FD8F46252B5405F7F413F021643EF87C666DAE23F5E22F
    SHA-512:2FD6CA0E267E8CDB1EEBB1C41C4B7BE22B6F4EEC5F12A1224E548381DAB9906A78E8C88B8FDF52FA088F54BD90980D88EDCC8E2DCD911E88409BBD070AA81DA1
    Malicious:false
    Reputation:low
    Preview:RIFF.0..WAVEfmt ........"V.."V........fact.....0..data.0....................................................................................................................................................................................................~......~~.............~.....~~...............}....~....}.....~..}.....}.........~...~~...}....{....|}..~.~..~}....~....}.....~~........~...~....~....~.......~....~....~....|....~...~~.....................~..~..........}....{...~....}..............~..}}...}~..{.....~.....~..~.|...~....~........~.....~....}..}.~...~....{~...}....{....|~...}|....|~..}}...~}...}.~..}|{..||..}~}..||.~|..}.~}.~.....|...|}.}~.~}~.~~}}.~~}}.}..}...~...}~.~....|...~~...|~.}.~{..~{}...{.}..{..~...~}.~...~..}~.......~~....{......|..z....y..{..~.~......}....|.}..|.}..|.~|....|..|......z...}~..}~..~~.|....|}...~{}...}..|...}|..}}....|....|.~..{..~....~.....{.............~....~....~..}...~.}......}~....}..~..{..}.}..||..z..w...z.....~{|..z.}..}~.|~...|{.}..{...u....z{.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):12792
    Entropy (8bit):5.648110484630444
    Encrypted:false
    SSDEEP:
    MD5:F2A6B8129C217C1458B8D37F3694D3D1
    SHA1:6A594CE245B83F7BCCC965A2A18204BA6317D279
    SHA-256:A89E4D160B9032D26BB8E15175E03F0BA99B9187CAC03B0D9C264DB3AF28E73E
    SHA-512:CB60EF150345641761006438144EBBBEA28BCEAA86A90702422FC8BD1E0EF555012B02262BD0BA0E89CF4A5B6806C8C0E491A86571A202BD8DD4872A667409EF
    Malicious:false
    Reputation:low
    Preview:RIFF.1..WAVEfmt ........"V.."V........fact.....1..data.1..vvvvvvvvvvvwwwwwxxxxxyxxxxyyyyzzzzz{zzz{{|||||||||}}|||}}}~~~~}}}~~~}|}}||||||||||||}}}|||}||}||||}}}|}}}||||}|}}~~~~~~~~~~~}~~~}~~}~~~~~~.~....~~~..................................................................................................................................................~.~...}}~..}~..}~~~.................~~...~~.~~~}~~~~}}~||}~~.~}}||~~}~~|}..~.~.~}~~~.~|~~}}}}~|}~||~}|}~}{|}~}~|}.~}|}..}~~..}~...z{|~.}}}~.|{..~~}|}.~|{..~}}~~}~...~.~}...~|~..z|...~}}}~~|}.~.}~~~~~|~}}~|~.}}}..~.{|..}|..~~.|...{~....}...~}..~..~..|..{..~.....~....~}....}...~....|..}..........~..~..~.~~..~|~..~..|.......~.......~....}....|....}..|}....|...}........~.........|.....{..|..|..}.....~....|..z}....{...............~.|........|..|...||.|~~..~.~.}y...~y...~~.}..~~.~.~{..~.{..}..|..{..~}..z|.{..}}.~~....x}.~..z..~~~}..x|.}w..x..v....z~...x~...|.~..z..{..}...v}..~|...z~...{....z....~...~......~..}..~..|~.........~..~..~......}~.....}.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):9598
    Entropy (8bit):5.9833371810234794
    Encrypted:false
    SSDEEP:
    MD5:C8713685646C63AC934D7DA2E66E75EC
    SHA1:F33A3F21DAF60F902E2425E0D018E1622A558FA8
    SHA-256:95E6FF60F17E2AE4E8E6ADC2573EE396930438222823799D9CBBA3A59F91D384
    SHA-512:82D4ECDA834BEE06380762821E4C957C91345EFA9095755DEEA086D22BEEF720F9A19AAD9C418408F16DC7F7A4BCD51E8EB5242EED4BDE27194884544D3BD8EC
    Malicious:false
    Reputation:low
    Preview:RIFFv%..WAVEfmt ........"V.."V........fact....D%..dataD%..zzzzz{{{z{{{{{{{z{{{{{{{z{zz{zzzzyyyyxxyyxxyxyyyzyzyyyyyxxyyxxwxxyyxxxwwwxxxyxxzzzz{||{{{{||||}||}}}|||{{|{{|}|z{{{zzz{{z{{z{{{|{{||}||}~||}{||}}|{~~|||}||{|{{||}}|||||z|}}~}|~.}}...~...~................~~...~}..}}~.}}}}|}}.}|~~|~~}~~~}~..~....~~...~....~..............................................~...~....|.............................................~~.......~~..}~..........~~}...}.~..|~...}....~..~...~~....~}.~~...|...}~...}.............}........}...~...|~.........}...}|..~......................~.~....|...~.~..|...~....~.........}..~........{..~...}~.....}...~|...}......z~..{}..|~...}~...|..z.....{|...~{...}}...~.}.......{..z....{....y.....~.....~...{~....}.....}...~...|~..}}..}~~}..~..}}.....}...{......~.....}|~....{..}|....~..{..~....z}...{}....}{...}|...}}~...}~.......}~}~.....}z..|..}}.~|.....}{~..}...~.~..~~...|..~..{.}.~}...}..}..~}..{}..}..}.......~..~..}..}~...{}...}~...~|..}}..z..}z...}..}~.~{..{|...}}.}z~.~{..|.|.
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):13086
    Entropy (8bit):4.1008585414683525
    Encrypted:false
    SSDEEP:
    MD5:BA836A8FE8E82C1FB53F9E29C5730FD9
    SHA1:AA166D8275599C13597705A388921AA493CE6C01
    SHA-256:64A006BA998E4293BC141372EEA0927E780E47CF485AA57E1B4F02CE401F973E
    SHA-512:C22D8DF1E964652CD979202C12135CBDC4E1B21A39AC16F112EC79D0BFCD47030141B1A73EAFFF7BD07C553AC64817B6F700264E4C316070E72A4199C34A99AD
    Malicious:false
    Reputation:low
    Preview:RIFF.3..WAVEfmt ........"V.."V........fact.....2..data.2..}}|}}}}}}}}}}}}}}|||||||||||{{|{{{{{{{{{{{{{{{{{{{||{||||}}|}}}~~}}}~}~~~~~~~~~~}~~....~.~~~~~.~~........~~~~~~~~~~~~~~}~~~}}~}}~}}}}~~~~~}~~......................~~~......~~~~.......................~~..........................................~~.........................~.....~~........~}~.~~.~~~~......~....................................~..~~...~..~.......~~..~~~..}.........................~.....~........~~....}...........~}~..~~...}~......}.~}.}~~..|}~..}.~~..}~....~.......~..}.~~~~}~|}.~.~~.}.~~....~~..~..~.}}...~..~~}}...~}~.~~|..~}..~~|..~~}..}....}{...}~..~|~..|}...~}....~....~....~....~.....~....}.......|~.}..}........}.....~~~}...~~}~.}..~}...}}...}~.~}~...|..}.~~}...|~...|~...~{..~...}..}.....~..~...~...}...}....}~.}}....}..}....}~..~~~..}....~.....|....~.}..{~...}~..~......~.~~...}.~~.}}..|{...~.....~.....}..|{...}~~~..~~..~...|..~.|~..~....|....~{...}~~...|..~....}..~.....}.~..~.~...||.}....~......~..{..~.}.....x....z
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):11248
    Entropy (8bit):4.98121886019909
    Encrypted:false
    SSDEEP:
    MD5:2A38D852CCE2C1F84418F8BBE340FB84
    SHA1:8967999CAEB12774E2829C6F3DA8C1A2238582D8
    SHA-256:92FF6A4B23D1CEAA84286ABBB3C09094C9C8803B10B07100974A9829ED106A67
    SHA-512:0E3F234F81D1778A8E9595374ABF64A9D99B73F60478CDF22E1506ED06829544AB29AAEB9E7AD3B4ACD1B9C0E156C2C47195ABA2FE68CAADE7B48E23CD038619
    Malicious:false
    Reputation:low
    Preview:RIFF.+..WAVEfmt ........"V.."V........fact.....+..data.+........................................~..~~~~~~~~~~~}}~~~~~~~~~.~~...................~~~~~~~}}~}}}}~}||||||||||||{|{|}|||{{{z{|{{{z{zzzz{zzzz{zz|{{{{{{{{{{{{{|||}||}}|{{|}||}|}||}||}|||||}||}||~|||{|~}|}||}}||~}}}}~~}}}~}|||}|}||||||||}}|~}}~}|}~.~|}~~}}}..~}}....~...~|....~........~~...~~......~..~...}....~|...}}.~|~~~~|~.~}|||}~||~||}|||}}{}{{.||}|~}{|{}|~~{|{}.{{.}|}{~|{.}}~}~.|}...~|}..~~~.~~}~.~.|..|}~..}~....|..~}....{..~.|....|....|...~....|....~....z..|..~..|....}~..~~...~}...}|..~|~...|}...}~..~~....{~..}{..{}....|.~..~{..~|.~..}}.~|....{..|..{..}z..{.}}..z..|.}..||..{..{..}.{..}{}...y..}.}....z..{.|..|~|..x....z~~~.|z..z.~..y..z..{..{..~}..~|.}{.~z..{.~..{....~z...~....}.}..u..{..t..y..}.~....~....|.~|...~....|..}{.{..}...~...|..|}.~~.|}.||.~..{~..z....w..x..|.}|.}}.x}..|{...{|..z.}.}~.}~.............~....{..}.{}.||..|..{.{..}~..{..~.~.~}.|{..v..{.~.x~.y..}x..x..}.z..z..{.|.......~x..t..{~~{~..z.}..|.{|.y..w..t.~y.w}..
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):9528
    Entropy (8bit):4.718109115736878
    Encrypted:false
    SSDEEP:
    MD5:E5B75115E769002F82AB173D49E2C3C5
    SHA1:169B474DD6229A916411F0891F0050A2406F4479
    SHA-256:5DF7490A83F972DABB53F0341155FFF1A01750A1ABA0D6B7422BB714E90D8FE3
    SHA-512:6B3B5B0BCE75748B29E41D292E37B5A6CA547AC06051B169357B6CAC6FF0059B069CA9C6210E6311498B1674C91D590496F8BA6FFA2615373236BCCB48662223
    Malicious:false
    Reputation:low
    Preview:RIFF0%..WAVEfmt ........"V.."V........fact.....$..data.$.....................................................................................................................................................................................................................................................~....~.................................................~~.......~..~.........................~....................................................................................................................~..~..................~.....~........~.~.~.......~~.........}....~..~~..~..}~....~..~}~...~}..~}...~~~......}}..~|....}~~~~}}...~...~...|~..~}...{|..~~...}|...z|...}..|....~~~......~........~....~~..}~..~}....}........~..~....~~..~....}..........................~........}..~...~..........~...~.....}....|........|~........................~......}..~}...}....~....}...~~...~....|...~.~.~~.~...~}..}....}..}....~~..|~..}}....{..}.~..}}....}...~...~.......|...}....}.|..|~...{}...~|...|~..{{
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):9922
    Entropy (8bit):5.186211783508159
    Encrypted:false
    SSDEEP:
    MD5:0724B3AF645F3DB93557566AF9E54C8E
    SHA1:2C152A2B9C685CC1D67685DA99BD1A2A47C4916A
    SHA-256:B5A22EC016D4E7439E1455873CD688869051F3F26779AAFC6D0A179DDFE2E229
    SHA-512:3A6FE77BF0F6758B0149F555CEC5CFA4F8A90D3CA28EF8F1AFE7C725B7C887BE0341EA69F9AFAFB1E87F5FA20425C1D74358A67B693DCA50753A04238E1C04AA
    Malicious:false
    Reputation:low
    Preview:RIFF.&..WAVEfmt ........"V.."V........fact.....&..data.&................................~.............~........~~~~~~~~~~~~~~~~~~~~~~......~.....................~.~....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):14364
    Entropy (8bit):5.260630645122706
    Encrypted:false
    SSDEEP:
    MD5:F38E008D81B4E70C16B4F9616FE2DA92
    SHA1:E562FE120A5C5FC9ECFD722C1E74413B71374A5E
    SHA-256:3DC5C3BFCC3A0D5CA867CEFF56F081FCCD4823BCA0C3C199937ED77611126C69
    SHA-512:0DE38CDE9A91FDC1F8D8AFB523F633C2D201CFD010804907887994FF98B0BDE23135C1731E1F4FEEC056B20AB108205082BED4C65D00622BD2651563BF4343FB
    Malicious:false
    Reputation:low
    Preview:RIFF.8..WAVEfmt ........"V.."V........fact.....7..data.7..poooooooononnnnoononnononnonnnnnnooooopppqqrrrrssstttutuuuvvwwxxxxyyyzzzz{{|||}}~~~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~.~.~..~.~......~.~.~.~~~~~~~~~~~~~~~~~.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}~~~~~~~~~~~~~~~~~~~~~..~~......~...........~~~.~~~~}~~~~~.~~~~~~~~~.~..~...~............~..~......~~.~~...........~~....................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10352
    Entropy (8bit):5.076835084664976
    Encrypted:false
    SSDEEP:
    MD5:76C8DADA90DA14F7B5E02E5C3F5909FF
    SHA1:E9C4F13AFDF8E7B5DE56B0D202EAD14648202B20
    SHA-256:C4629D5FB0D5033343E643970636A9B86DEAFF83C9295AF405460747DF140FF9
    SHA-512:324F6D36EE1F3661D9B21A24AA7A5128015CBB951B983EF47C2418DB294A26973E070FDF3A4CC2601C65572096EEE06DE15B2661273ABA93C335171C6360A085
    Malicious:false
    Reputation:low
    Preview:RIFFh(..WAVEfmt ........"V.."V........fact....5(..data5(...............................................................................................................................................................................................................................................................................................................................................................................................................~.....................................................................................................................................................................................................................~.~.~.~.}.~~|suxv{}.}}|{{|~.}~}.~.....~..................~.~....}~||{|zyupmnpsy}...~||zsrqpopruy||{{||~.....~~~}|}|zyyzz{}}}|zyxxxyzzzzyz{{{{zyyxxy{}}~~}}||}}}}~}~..............................................................................................................................................~~|{yxwvutsrqonmmmlllkjjij
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10960
    Entropy (8bit):5.361874861729984
    Encrypted:false
    SSDEEP:
    MD5:431A5AF900279AA5850805CC374A4E12
    SHA1:F694430BC7674BA97294375B5C1E86B67603A21A
    SHA-256:1E380A76450F02B69CE02A6D4FA559825CF9862C0C8B76C446CC4BA96E8850AB
    SHA-512:BEEE21FA0373110980D83A8B9EF0CECF892BC581BDC93354B4CA16C06DFB0965F6719AB6188C9FE502E2527153631A9000EEADEC6B2A3E4D00E31D042A001763
    Malicious:false
    Reputation:low
    Preview:RIFF.*..WAVEfmt ........"V.."V........fact.....*..data.*..................................................~~}||{{{{|}~..~~~...........................................................................................................~.....~~.}~~~~~~}}}}.....~}.~......................~...~~.~{{{zxtpqpmlpprtuvvxyzz~.......................{xtstw}}....|.................~......~z{~~.....|~........}}.......}|{~....{yww|}....}.................................................................~}|....................................................................................................................{wtoljhggffedcbbdfiklnoprtwz~.......................{xvuvwwwtsqppqrrqpnmlmoruwyzzyyzz}...............~}||}~....}|{z{|~~}|{zyz{}}}}}}|}|}||}~~.~~}}}}..........................................................{tnifb^[XUTRPNKIGGHILQV]cjouz........................~ytoligedcaaaacdeefgijlorvz~.................}zwtpmjhgfeeccbcceghjlmoqsvy|~.....................}|{yxwvtsrrrtvwxyyz|~....................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10112
    Entropy (8bit):5.683086749430605
    Encrypted:false
    SSDEEP:
    MD5:D4B9EC017B972AC97C4F1EB8A9FA7C87
    SHA1:3DA7184B4AA09B20651EE178CC6FD49BDECC6EF4
    SHA-256:A97B2F1D9A23BFFA2FA4535863E2B28B8EBF2AA45602825A7AA66EA04C193C39
    SHA-512:F1A09EC243C5A5E6FA73D4A945019F754277F1CAC9A630F4D3AF522876235498350E06ED17ECB03837E14E331933BE3F7B4BC1B2D7AF4D931AEF31E60B3AF6D9
    Malicious:false
    Reputation:low
    Preview:RIFFx'..WAVEfmt ........"V.."V........fact....F'..dataF'............................~...~.............~.............................................................................................................................................|}....~~~...~~~...................................|y|~....}|{}~~~.......~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):11236
    Entropy (8bit):4.545005524084449
    Encrypted:false
    SSDEEP:
    MD5:208E09F21F46FB003C34F45C4489C1F5
    SHA1:75773A8A36008364921B2505B3D0F36206FF5E20
    SHA-256:B9A1117F3A0E6A87676281BB14612BEAA07C4A5F0633F6839ED0A46699F53EB1
    SHA-512:2BE07EAFAB94394FE3F1C5C220217CD09F21B5ABD1ECD6B4C777051B4FB84342AEEF07457BE583C049D9DCD3D482C1F8515076AB3ECB64EB69DC311A81985AB4
    Malicious:false
    Reputation:low
    Preview:RIFF.+..WAVEfmt ........"V.."V........fact.....+..data.+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):11830
    Entropy (8bit):4.986282684649463
    Encrypted:false
    SSDEEP:
    MD5:A5C1937923672B4130462126404E5790
    SHA1:CFBF9936CF30AD3C61FD8BA32EAB041EA785FA5B
    SHA-256:376C3650EE05102E66E7A7F922262007DBB70C3D950465B4C0562DACA13FB7C4
    SHA-512:6A8B09DBF84E26CE127C8ACC4F9C8428C34FBD33536A0315FC671AEA29B91E4E8F5EFFBC5DDCE4E39D265A7DA80CB99FE330F0B73C87F8A93FD0564305A4174D
    Malicious:false
    Reputation:low
    Preview:RIFF....WAVEfmt ........"V.."V........fact.....-..data.-..............................................................................................~~}}~~}}}||||{wqlmomgbcelswwvxz|yuutuuyzyx|xpu|....z}....}{xuvwwv|xrlnqu...zx~.{uxur|.zwx..|y}z.........yx...........~{.................................................................................................y}..}..........~..............................{...............................................................wy.....|vr{....~.|w..}...|..k......oqy....{uxut~..z|..{v|.......|.........................~....wt|....{..rjv..u}yz.s{.~...yq{.....vvy.......tpjz....wpnu....womz.....|ry......qont...}qjedt..zkd`_csxsqnbafgcq.pifZYhzxkjaZ[_fjqkifa^a^VYgf``b\[bed_^[cgdcfejtqrsttu.........................................................~x......}..}...............~{....|uuvyyyutrnmlmqnljjkiglmkfihfmos{.{uuz|}.....~.....xxz.......{x|~....{{.......................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
    Category:dropped
    Size (bytes):10864
    Entropy (8bit):4.270456351991543
    Encrypted:false
    SSDEEP:
    MD5:F0DF248CC62FB73700B5E3B01A8DB805
    SHA1:5C9DF398AB73FCF30831A09735D081E0E762641E
    SHA-256:AD190AF44417ECBEC88BAB65EE9148F28A819CF31CAB51AA3414506CE8B8D9CA
    SHA-512:B33B29C54C75783C1028EAE4141C713993F47CC894F82493E188EC3DAC4806F80D136422EA7A1039513FF9325602361E518FC2F7BB0D4894B84BC7A37A113846
    Malicious:false
    Reputation:low
    Preview:RIFFh*..WAVEfmt ........"V.."V........fact....5*..data5*.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~.......................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):14816
    Entropy (8bit):5.355936228552009
    Encrypted:false
    SSDEEP:
    MD5:4AE25DC0A71FD3E4AE0C8C53F1CD74AA
    SHA1:233198DFA38CB977E5EDC23B5A09E1B4F4CD9576
    SHA-256:A9D9BB88E469C02C95AC722A8FE6FAB065382882F87DB8AA81E78F8B9B1AD88A
    SHA-512:10ACE0166752DCEAA109D885830D20D5CD0211923F99A1BB3C0EA50222A6F43AA071240D9CA8E227E43BC319DD102A90C4231A26553D414B4B7CE1D86D5AD786
    Malicious:false
    Reputation:low
    Preview:;License Information------------------------------------..;Copyright (C) 2008 Andrew Calcutt..;This file is based on work by randallc and stumpii of the AutoIt forum. (http://www.autoitscript.com/forum/index.php?showtopic=32144)..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA..;--------------------------------------------------------..#include-once....Func _CreateDB($s_dbname, $USRName = "", $PWD = "")...$newMdb =
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with very long lines (1225), with CRLF line terminators
    Category:dropped
    Size (bytes):147182
    Entropy (8bit):5.852757797649713
    Encrypted:false
    SSDEEP:
    MD5:34CC114EA9844F8E96C8B9195A1CD07B
    SHA1:8F8C974591FB2F8A28910A050C444474C62D40E2
    SHA-256:3FFC61998318A05753431EE4408652F38769A074BB6976054205D7B09A48222C
    SHA-512:D58B080A5B91B3A6C9FED63409E14B8DB9136E6AF2F12A5BE7FCF9F762ACDA1FE73D3CADD63785CBE62462D13519FA87D317CD831100604A129BBAB9CD763AF2
    Malicious:false
    Reputation:low
    Preview:; #INDEX# =======================================================================================================================..; Title .........: AutoItObject v1.2.8.2..; AutoIt Version : 3.3..; Language ......: English (language independent)..; Description ...: Brings Objects to AutoIt...; Author(s) .....: monoceres, trancexx, Kip, Prog@ndy..; Copyright .....: Copyright (C) The AutoItObject-Team. All rights reserved...; License .......: Artistic License 2.0, see Artistic.txt..;..; This file is part of AutoItObject...;..; AutoItObject is free software; you can redistribute it and/or modify..; it under the terms of the Artistic License as published by Larry Wall,..; either version 2.0, or (at your option) any later version...;..; This program is distributed in the hope that it will be useful,..; but WITHOUT ANY WARRANTY; without even the implied warranty of..; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE...; See the Artistic License for more details...;..; You should have rec
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):34163
    Entropy (8bit):4.611003498841394
    Encrypted:false
    SSDEEP:
    MD5:7E5CE321C7BA81E2414C4B4E47F699C0
    SHA1:879010F613437F821557B2A3BCBAB16450ECA30D
    SHA-256:89EE4CDDD776F10A6A43B8C867E52F12CC7DF9A97F91F3F05F26CBB934A81702
    SHA-512:F941CDFC591EE45F163446704F2CD9CFFF4F908B1F1C6501C48DA8E16687FF67C877BAAFF3C73A1510A72B66C7712C37D000003B1D729AD25517F2248630C207
    Malicious:false
    Reputation:low
    Preview:;Opt("mustdeclarevars",1) testing only..#cs.. UDF for commg.dll.. V1.0 Replaces mgcomm.au3..#ce..Const $sUDFVersion = 'CommMG.au3 V2.7'..Global $mgdebug = false..#cs.. Version 2.1.1 Added missing declarations which caused problems in scripts using Opt("MustDeclareVars",1) - thanks to Hannes.. Version 2.1 Thanks to jps1x2 for the read/send bte array incentive and testing... Version 2.0.2 beta changed readbytearray so returns no of bytes read.. Version 2.0.1 beta.. added _CommSendByteArray and _CommReadByteArray.. Version 2.0 - added _CommSwitch. Can now use up to 4 ports... Version 2.2 - add rts, dtr to setport.. added option for flow control = NONE to _CommSetPort.. version 2.3 use commg.dll v2.3 which allows any baud rate up to 256000... Version 2.4 added setTimeouts, SetXonXoffProperties.. Version 2.5 add _CommsetTimeouts, _CommSetXonXoffProperties...Version 2.6 added _CommSetRTS, _CommSetDTR.. change switch so up to 50 com ports can
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):1268
    Entropy (8bit):3.8917755585715
    Encrypted:false
    SSDEEP:
    MD5:E7A6C8D72F5680CDA5D7688774CC829F
    SHA1:92C62D0712C80B178E39E8FD6E5E79EA08901534
    SHA-256:6D205DB76E3C6B06831F685A7135C262DE3E9B3537A2846A470234A1A7D97AF1
    SHA-512:A79F0A5729119EFFA6C99D4373FD0D9EC3E7A1CB3948E84843B299AB35A82E35FAEFF78E1754015A3AE5096645BC25FF6C2C8AE6C0645E3F49AC1EF285BC45BA
    Malicious:false
    Reputation:low
    Preview:Func _CompareFileTimeEx($hSource, $hDestination, $iMethod).. ;Parameters ....: $hSource - Full path to the first file.. ; $hDestination - Full path to the second file.. ; $iMethod - 0 The date and time the file was modified.. ; 1 The date and time the file was created.. ; 2 The date and time the file was accessed.. ;Return values .: -1 The Source file time is earlier than the Destination file time.. ; 0 The Source file time is equal to the Destination file time.. ; 1 The Source file time is later than the Destination file time.. ;Author ........: Ian Maxwell (llewxam @ AutoIt forum).. $aSource = FileGetTime($hSource, $iMethod, 0).. $aDestination = FileGetTime($hDestination, $iMethod, 0).. For $a = 0 To 5
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):1533
    Entropy (8bit):4.533802118132864
    Encrypted:false
    SSDEEP:
    MD5:24C0766DF0508FA03BAA69174F9E7FC2
    SHA1:A4F674E29031D008F675B93C25A395503FA2B00F
    SHA-256:094D8915C8FED016493B427896862B9C8BD3965FD4E395AFB11A8083300518A8
    SHA-512:D5BF6E7DE93099C56E077FF4252F1D3A29725CC0F32A06F1887B6E730FEB4DE9539E0789C2B8857B426F9864FDCF854D92593FFF521786523DF153571F17038A
    Malicious:false
    Reputation:low
    Preview:;===============================================================================..; Function Name: _FileInUse()..; Description: Checks if file is in use..; Parameter(s): $sFilename = File name..; Return Value(s): 1 - file in use (@error contains system error code)..; 0 - file not in use..; Author:.. .Siao (http://www.autoitscript.com/forum/index.php?showtopic=53994&view=findpost&p=410020)..;===============================================================================..Func _FileInUse($sFilename).. Local $aRet, $hFile.. $aRet = DllCall("Kernel32.dll", "hwnd", "CreateFile", _.. "str", $sFilename, _ ;lpFileName.. "dword", 0x80000000, _ ;dwDesiredAccess = GENERIC_READ.. "dword", 0, _ ;dwShareMode = DO NOT SHARE.. "dword", 0, _ ;lpSecurityAttributes = NULL.. "dword", 3, _ ;dwCreat
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):1968
    Entropy (8bit):5.180075885947351
    Encrypted:false
    SSDEEP:
    MD5:E60FDFA4C462BDED91F3AAD505CC155A
    SHA1:96C4D5B96C6CB559081970817857C9CDD8614762
    SHA-256:5065E750DDF0D5CF189AD1B0F8E4A7D314E7D686C49AE04CB3316A75D184CAD6
    SHA-512:CF499C8800C83DAD39DEA418882C2DE2E781C64B3271380F977E289DE7F67FCB146AB0230D6E877C6C8AD264B9CAD42922768AFD0E76BA77718285995146A506
    Malicious:false
    Reputation:low
    Preview:Func _GoogleEarth_Initialize()...Local $oGoogleEarth = ObjCreate("GoogleEarth.ApplicationGE")...If @error <> 1 Then....While 1.....If $oGoogleEarth.IsOnline() = 1 Or $oGoogleEarth.IsInitialized() = 1 Then ExitLoop....WEnd....Return ($oGoogleEarth)...Else....SetError(1)...EndIf..EndFunc ;==>GoogleEarth_Initialize....Func _GoogleEarth_GetPointonTerrain($oGoogleEarth, $x, $y)...Local $opointOnTerrain = $oGoogleEarth.GetPointOnTerrainFromScreenCoords($x, $y)...Local $PointArr[3]...$PointArr[0] = $opointOnTerrain.latitude...$PointArr[1] = $opointOnTerrain.longitude...$PointArr[2] = $opointOnTerrain.Altitude...Return($PointArr)..EndFunc ;==>GoogleEarth_GetPointonTerrain....Func _GoogleEarth_ZoomTo($oGoogleEarth, $N, $W, $alt, $range, $tilt, $az, $mode = 1, $speed = 5.0)...$oGoogleEarth.SetCameraParams($N, $W, $alt, $mode, $range, $tilt, $az, $speed) ; zoom to a custom locus..EndFunc ;==>GoogleEarth_ZoomTo....Func _GoogleEarth_ScreenShot($oGoogleEarth, $directory, $quality = 100)...$oGo
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):15965
    Entropy (8bit):5.1601487110252275
    Encrypted:false
    SSDEEP:
    MD5:650D6E156B26E22AD96D436314E23959
    SHA1:EE25D0C003C6F0DB6951BB2389B927BA2FE3BF25
    SHA-256:ABF4FF45AAA05191350F60028DE741BFA49279EBF8A7A46BCC43443460F325EA
    SHA-512:F0B5CAA235B6FBD112F04EEB75A8DD79FEBC3EAA1599525E512372F14E4864E9068C8ADB3040FBB3E2C2DD29B5870B7B04EB18D7982BA4080F2F86A144DD80C1
    Malicious:false
    Reputation:low
    Preview:; ===================================================================..; HTTP UDF's..; v0.5..;..; By: Greg "Overload" Laabs..; Last Updated: 07-22-06..; Tested with AutoIt Version 3.1.1.131..; Extra requirements: Nothing!..;..; A set of functions that allow you to download webpages and submit..; POST requests...;..; Main functions:..; _HTTPConnect - Connects to a webserver..; _HTTPGet - Submits a GET request to a webserver..; _HTTPPost - Submits a POST request to a webserver..; _HTTPRead - Reads the response from a webserver..; ===================================================================......TCPStartup()....Global $_HTTPUserAgent = "AutoItScript/"&@AutoItVersion..Global $_HTTPLastSocket = -1..Global $_HTTPRecvTimeout = 5000....; ===================================================================..; _HTTPSetUserAgent($Program, $Version)..;..; Sets the User-Agent that will be sent with all future _HTTP..; functions. If this is never called, the user agent is set to..; AutoItScrip
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, Non-ISO extended-ASCII text, with very long lines (326), with CRLF line terminators
    Category:dropped
    Size (bytes):33318
    Entropy (8bit):5.3426673372513775
    Encrypted:false
    SSDEEP:
    MD5:A5F28CA4CFC8E835A664CEF5775B2D80
    SHA1:219A46EE2A76BF74BEAE7257A60D058BB94D1E82
    SHA-256:91541BB92A880E1519DB6E49D70D68C6B677C200DF9AB1B30627B503ADA04D72
    SHA-512:7842028B25B1F43114C2469E66B2BD7E0E575660A6325590460F125E9CB0587BD2369F56ACEF73D7A9B3D8756D2E41A9ACE408974D5748F2955A04440C93BFAE
    Malicious:false
    Reputation:low
    Preview:#include-once....#comments-start...JSON.au3 . an RFC4627-compliant JSON UDF Library...Written by Gabriel Boehme, version 0.9.1 (2009-10-19)...Modified by guinness (02/03/2012)...for AutoIt v3.3.0.0 or greater......thanks to:...Douglas Crockford, for writing the original JSON conversion code in Javascript (circa 2005-07-15),...which provided the starting point for this library......general notes:.... visit http://www.JSON.org/ for more information about JSON.... this library conforms to the official JSON specifications given in RFC4627...? http://www.ietf.org/rfc/rfc4627.txt?number=4627......system dependencies:.... the Scripting.Dictionary ActiveX/COM object...? used internally for testing key uniqueness in JSON objects, and generating empty AutoIt arrays...? should be available on Windows 98 or later, or any Windows system with IE 5 or greater installed...? Scripting.Dictionary documentation can be found online at:.... http://www.devguru.com/Technologies/vbscript/quickref/dictionary.h
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with very long lines (2067), with CRLF line terminators
    Category:dropped
    Size (bytes):17702
    Entropy (8bit):5.974549777127402
    Encrypted:false
    SSDEEP:
    MD5:812A88CBCEE2321FA6F4F6EED05D804B
    SHA1:DA48D6401DCC3E8F17F19B913C63356EBBC971C2
    SHA-256:9DB08A8E602DE525560E34DEF6BD2867786E9B1A23490A0518277B0538218F8C
    SHA-512:4E7C269D950E0AC905F9013B33CD23077B20DCB11B618B3A12E455EDECD1530756ABF8801EDD9DCE2A80DC6293DE89FB916F1926673440684822863E2B9C481A
    Malicious:false
    Reputation:low
    Preview:; -----------------------------------------------------------------------------..; MD5 Hash Machine Code UDF..; Purpose: Provide The Machine Code Version of MD5 Hash Algorithm In AutoIt..; Author: Ward..; url: http://www.autoitscript.com/forum/topic/121985-autoit-machine-code-algorithm-collection/..; -----------------------------------------------------------------------------....#Include-once..#Include <Memory.au3>....Global $_MD5_CodeBuffer, $_MD5_CodeBufferMemory..Global $_MD5_InitOffset, $_MD5_InputOffset, $_MD5_ResultOffset....Global $_HASH_MD5[4] = [16, 88, '_MD5_', '_MD5_']....Func _MD5_Exit()...$_MD5_CodeBuffer = 0..._MemVirtualFree($_MD5_CodeBufferMemory, 0, $MEM_RELEASE)..EndFunc....Func _MD5_Startup()...If Not IsDllStruct($_MD5_CodeBuffer) Then....If @AutoItX64 Then.....Local $Code = 'BQsAAIkO2+kECRwYhw5XCIPUBK4KD0GcnVYdVZxU/HcAU0iD7ChEiyHHBnoMZwKDWggZEnIECEkTWQMieRBBjbT4eKRqf9c/ifgGaRgx2C5jUV4h8PB8JBT3+PhHAY28OVa3x+j9bP0Q7AQG7t7BKPbBwAfYAfA9IcZ9d0EO94txCMPBxwx0FABEjawe23AgJ
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):21224
    Entropy (8bit):5.193494276794737
    Encrypted:false
    SSDEEP:
    MD5:C42F695A1400DF5AB16E2DF8B772BC1A
    SHA1:9A45E67BFCAECCCB5E930AFC256C4171A2EF866D
    SHA-256:60C0EDFDD4C1DEC709387013B04F39CC9E3704B862021EFB79569406DAEE974A
    SHA-512:C54667A6F2979CAB203D8BA2AD46B8B96B5EF7CACDB1BCB34DB3A845FED4C233374FBFFF03533E27C0A6FDB746F5598C71C8632B2CECEF0925ADD2EA63626CC3
    Malicious:false
    Reputation:low
    Preview:; ========================================================================================================..; <MIDIConstants.au3>..;..; Constants for Use with the MIDIFunctions UDF..;..; Author: Ascend4nt, based on work by Eynstyne..; ========================================================================================================....; ---------------------------- MIDI Callback Constants ----------------------------..Global Const $MIDI_Callback_NULL..=.0..Global Const $MIDI_Callback_Window..=.0x10000..Global Const $MIDI_Callback_Thread..=.0x20000..Global Const $MIDI_Callback_Function.=.0x30000..Global Const $MIDI_Callback_Event..=.0x50000....; ---------------------------- MULTIMEDIA SYSTEM ERRORS ----------------------------..Global Const $MMSYSERR_BASE... =.0..Global Const $MMSYSERR_ALLOCATED..=.($MMSYSERR_BASE + 4)..Global Const $MMSYSERR_BADDEVICEID..=.($MMSYSERR_BASE + 2)..Global Const $MMSYSERR_BADERRNUM..=.($MMSYSERR_BASE + 9)..Global Const $MMSYSERR_ERROR...=.($MMSYSER
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):42977
    Entropy (8bit):5.191520561288226
    Encrypted:false
    SSDEEP:
    MD5:D87AF17197828177D2AE117AAB16E4F9
    SHA1:B68EA601673382E6D6631CDE51BF401BBA5D2907
    SHA-256:3B2BF5CB086FD6E51D20B49458E93738E3DFAE850EC4A2D0C401A2357BD508D4
    SHA-512:59222D76811B4AE71EDD2F9A9487833725E2C02C7455A1C5326320F4E245088E0375A8D288723BFB151AB9F0A7E671BD11CD367EC134419439C8E215755C80EE
    Malicious:false
    Reputation:low
    Preview:; ====================================================================================================..; <MIDIFunction.au3>..;..; A MIDI UDF originated by Eynstyne, furthered by Ascend4nt and others (see Changes)..;..; Changes From Original midiUDF:..; *GMK -> cleanup of code, Constants 'cleanup', addition of Drum Map..; *Ascend4nt:..; - Changed '_NOTEON/OFF' to _ON or _OFF per suggestion by Paulie* repalced with $NOTE_xx constants..; - Recently Ditched _NOTEON/OFF as the messages weren't correct and weren't using the full..; expressive capabilities of the MIDI interface..; - @error checks/returns fixed (still some consistency needed in the module overall though)..; - x64 compatibility & Structure fixes..; - Addition of functions: _MidiOutPrepareHeader, _MidiOutUnprepareHeader, _MidiStreamOut..;. (Still unclear as to MIDI buffer setup, and how _MidiStreamProperty should be called)..; - fixed 'PrepareHeader' and 'UnprepareHeader' functions, and other functions that..;. requir
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):352869
    Entropy (8bit):5.373376575654433
    Encrypted:false
    SSDEEP:
    MD5:CA566B556858A9D2FB7445BFE47FF978
    SHA1:D06316E4A09FBE5049C67CB41887D12563D9F636
    SHA-256:E9446843505D3158633BA93AB67650C70AD9F1FBB6E6FD1447C2CE38CC7E9A88
    SHA-512:56BAEBA0D04188BF5A4EC8ED43DD8CAC013EBCA3C119D40241A180E93A2E26F8D9A24F3512D556AA7DD09918A9052AF59587B0B5F98D45DB26BC3F569CE59D5B
    Malicious:false
    Reputation:low
    Preview:#CS..Native Wifi Functions - Version 4.1.5 - 2023-05-03..by MattyD(mattduncan87)..http://sourceforge.net/projects/nativewifi/..Artistic License 2.0....Edited 2012-08-26 by acalcutt1 - Added International 2.4Ghz channels and 5Ghz channels to _Wlan_GetNetworkInfo()..Edited 2012-11-11 by acalcutt1 - Modified _Wlan_EnumToString DOT11_AUTH_ALGORITHM and DOT11_CIPHER_ALGORITHM to match netsh output names...Edited 2014-07-15 by acalcutt - Merge branch 'patch-1' of https://github.com/EionRobb/Vistumbler into beta. Fix to allow 802.11ac support...Edited 2023-05-03 by acalcutt - add support for 802.11ad/ax/be..Edited 2023-05-03 by acalcutt - add support for wpa3/owe DOT11_AUTH_ALGORITHM....#CE..;--------------Enumerations-------------....;DOT11_AUTH_ALGORITHM..Global Enum $DOT11_AUTH_ALGO_80211_OPEN = 1, $DOT11_AUTH_ALGO_80211_SHARED_KEY, $DOT11_AUTH_ALGO_WPA, $DOT11_AUTH_ALGO_WPA_PSK, _....$DOT11_AUTH_ALGO_WPA_NONE, $DOT11_AUTH_ALGO_RSNA, $DOT11_AUTH_ALGO_RSNA_PSK, $DOT11_AUTH_ALGO_WPA3, $DOT11
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):4491
    Entropy (8bit):4.905207534074888
    Encrypted:false
    SSDEEP:
    MD5:21D42B411AC3CD9D46B5DF77DD95D81E
    SHA1:22E489974D7E2BDCAFAD923EF8D472A42F212AF1
    SHA-256:173452473A26CFD99573DC5069BFD6824AEC3E5ADF3A6D42995F1351ECC292BE
    SHA-512:1C5EDA178F7636D69F674DAB13F4AF94EAD63A210F8D1ABABD0D8C0D104961E66739BFBB868A53F550B9D14FB6B1386E96800DF91CE63F279114CB09C813E0A7
    Malicious:false
    Reputation:low
    Preview:; #FUNCTION# ====================================================================================================================..; Name...........: _ParseCSV..; Description ...: Reads a CSV-file..; Syntax.........: _ParseCSV($sFile, $sDelimiters=',', $sQuote='"', $iFormat=0)..; Parameters ....: $sFile - File to read or string to parse..; $sDelimiters - [optional] Fieldseparators of CSV, mulitple are allowed (default: ,;)..; $sQuote - [optional] Character to quote strings (default: ")..; $iFormat - [optional] Encoding of the file (default: 0):..; |-1 - No file, plain data given..; |0 or 1 - automatic (ASCII)..; |2 - Unicode UTF16 Little Endian reading..; |3 - Unicode UTF16 Big Endian reading..; |4 or 5 - Unicode UTF8 reading..; $iAddIndex - [optional] Adds an index in first column..; $
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):8262
    Entropy (8bit):5.129422207531156
    Encrypted:false
    SSDEEP:
    MD5:63262F3BCBA76DFBCAE926AE8000BB92
    SHA1:594434463F3CD0132F799279BD5DB6359A71D3FF
    SHA-256:D7E5A9592A3F3FFC63D3A5FC204DAAEDE725A044CBCDFBD1A12612C26FE7E5DB
    SHA-512:A393914199F1DA25485CC076AA363C8B36E2B2346C27F2CDF63CD82A4494239910BF64B6882E78F1E130B295BCD29CA013FAD0DE88C0178C83D3039B38CD97C2
    Malicious:false
    Reputation:low
    Preview:#include-once....;===============================================================================..;..; AutoIt Version: 3.2.3.0..; Language: English..; Description: Dll wrapper functions for dealing with Unix timestamps...; Requirement(s): CrtDll.dll..; Notes: If CrtDll.dll is not available then functions will return false..; and set @error = 99...;..;===============================================================================......;===============================================================================..;..; Description: _TimeGetStamp - Get current time as Unix timestamp value...; Parameter(s): None..; Return Value(s): On Success - Returns Unix timestamp..; On Failure - Returns False, sets @error = 99..; Author(s): Rob Saunders (admin@therks.com)..; User Calltip:.._TimeGetStamp() - Get current time as Unix timestamp value. (required: <_UnixTime.au3>)..;..;===================================================
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):38995
    Entropy (8bit):5.112964771635607
    Encrypted:false
    SSDEEP:
    MD5:754378E8C3389E17A6D4770D7A450B82
    SHA1:5D2670D629CCA094924D3056468622C8C8A8F7E6
    SHA-256:506D470C664F6FCB5E0D8EA8D678B73D5ECAA3CDF3D6279CDB1BBD03E869517D
    SHA-512:152B5FBF9256F77D2A4AB80A57276767612EFC727963858B570B8C2BF535CBC00A1815A069112947E45E174EDD03CC50C7BA5AE3931899FBB00C44382C508226
    Malicious:false
    Reputation:low
    Preview:#include-once....; ===============================================================================================================..;..; Description:..ZIP Functions..; Author:...wraithdu..; Date:....2011-12-08..; Credits:...PsaltyDS for the original idea on which this UDF is based...;.....torels for the basic framework on which this UDF is based...;..; NOTES:..;.This UDF attempts to register a COM error handler if one does not exist. This is done to prevent..;.any fatal COM errors. If you have implemented your own COM error handler, this WILL NOT replace it...;..;.The Shell object does not have a delete method, so some workarounds have been implemented. The..;.options are either an interactive method (as in right-click -> Delete) or a slower method (slow for..;.large files). The interactive method is the main function, while the slow method is in the internal..;.function section near the bottom...;..;.When adding a file item to a ZIP archive, if the file exists and the overwrite fl
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):9310
    Entropy (8bit):5.315527216941638
    Encrypted:false
    SSDEEP:
    MD5:9D40AC00959DBE12C399960070AC234B
    SHA1:00A7FA7326CCA33BECDC5D6EEAFC1FAFB7052B99
    SHA-256:101CF7737610B3B32CC36426A4A792E763EEAEF34D9F3ACD3DADDCC0A4924DA3
    SHA-512:650CB5D37808B9EB0570755C33F0101D35B18EAD54856C65BDBED2588188322033553E1E067CC59D90ABBB75AB41D49B9711A5E862915412D16480531B844E4B
    Malicious:false
    Reputation:low
    Preview:#include-once..#cs...UDF cfx.au3...serial functions using kernel32.dll...V1.0...Uwe Lahni 2008...V2.0...Andrew Calcutt 05/16/2009 - Started converting to UDF...V2.1...Mikko Keski-Heroja 02/23/2011 - UDF is now compatible with Opt("MustDeclareVars",1) and Date.au3. Global variable $dll is renamed to $commDll....V2.2...Andrew Calcutt - Fixed COM10 + Support...V2.3...Andrew Calcutt - Merged Changes by Dmitri Ranfft 07/10/2013 - Added _rxwaitarray() function that returns the result as an array rather than string, allowing easier handling of 0x00 bytes...#ce....Global $commDll..Global $hSerialPort..Global $dcb_Struct..Global $commtimeout..Global $commtimeout_Struct..Global $commState..Global $commState_Struct....Global Const $STX=chr(2)..Global Const $ETX=chr(3)..Global Const $EOT=chr(4)..Global Const $ENQ=chr(5)..Global Const $ACK=chr(6)..Const $NAK=chr(15)..Const $DLE=chr(16)....;====================================================================================..; Function Name: _Open
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):2863
    Entropy (8bit):5.235184761352899
    Encrypted:false
    SSDEEP:
    MD5:76FFFAA41522A487B7395B35D108F1E3
    SHA1:4AE7542152B52A7FE8F5D0E01D5B5273F39E20B0
    SHA-256:0F949B994151241E4B0CF8CC615DBE36FC517E3373B13A1A3DA3E82C33520602
    SHA-512:C224E886589583A420DF627F9B0D6854D50162DDF0E5049982F18CAC2D8027069082C0104E4025E00F10A43569F6789FED5ADF416AA91696907F1B48E442A03E
    Malicious:false
    Reputation:low
    Preview:#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6....#include-once..#include "AutoItObject.au3"....; special thanks to wraithdu for his contribution....Func __Element__($data, $nextEl = 0)...Local $oClassObj = _AutoItObject_Class()...$oClassObj.AddProperty("next", $ELSCOPE_PUBLIC, 0)...$oClassObj.AddProperty("data", $ELSCOPE_PUBLIC, 0)...Local $oObj = $oClassObj.Object...$oObj.next = $nextEl...$oObj.data = $data...Return $oObj..EndFunc ;==>__Element__....Func LinkedList()...Local $oClassObj = _AutoItObject_Class()...; Properties...$oClassObj.AddProperty("first", $ELSCOPE_PUBLIC, 0)...$oClassObj.AddProperty("last", $ELSCOPE_PUBLIC, 0)...$oClassObj.AddProperty("size", $ELSCOPE_PUBLIC, 0).. ; Methods...$oClassObj.AddMethod("count", "_LinkedList_count")...$oClassObj.AddMethod("add", "_LinkedList_add")...$oClassObj.AddMethod("at", "_LinkedList_at")...$oClassObj.AddMethod("remove", "_LinkedList_remove").. ; Enum...$oClassObj.AddEnum("_LinkedList_Enumnext", "_Linked
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF, CR line terminators
    Category:dropped
    Size (bytes):131769
    Entropy (8bit):5.154911604433874
    Encrypted:false
    SSDEEP:
    MD5:2CB7DAF069C557DBB9A12C49611438E5
    SHA1:F2442F393E04780AB42647EE13370F2509C5ADB6
    SHA-256:D9AE9A7279F7C477A293CFC2583DFC1D7D2BFBE8D8B0C03CA234ABD3A919D7F1
    SHA-512:489EE86309F2EDC42ED7847DBCBEA3F3B147B10C461A37DE4FF7B40754D09353012351D8FA9F986861F1C2127B37A3560EA0CB1BF99A55E4C3FA2E5831E62F9A
    Malicious:false
    Reputation:low
    Preview:;===============================================================================..;..; Name:. _rijndaelCipher..; Description: Encrypts data using the rijndael (AES) algorithm..; Parameter(s): $key - String or binary that is used as the key for the encryption..; Can be 16, 20, 24, 28, or 32 in length..; $message - The data to be encrypted, can be a string or binary..; $BlockSize - The size of data blocks to be encrypted. Values can be:..; 128 (Default, also the actual size used by AES)..; 160..; 192..; 224..; 256..; $mode - Which encryption mode to use. Values can be:..; 0 - ECB mode (Default)..; 1 - CBC mode..; 2 - CBF mode..; 3 - OBF mode..;
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
    Category:dropped
    Size (bytes):38746
    Entropy (8bit):6.28851097422738
    Encrypted:false
    SSDEEP:
    MD5:84A2255233B838368F1988E44D083168
    SHA1:40C8A5A1A430CAEB10C93397D78B8BEF8643DC7A
    SHA-256:CE3C23DC8822FEB79AFF10558085E7F64D6C04468AE581294B0C0F7B76CE2963
    SHA-512:5F4301BE64F5B921D8E64F5BF5B7FFC84E851F5E86BEA8A20AE1F8E66DCE6CB86460E74CCEC0C49600081525C1208047D4806021039E1E7065170D49E038FF39
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L...)..\.................d...|.......2............@.................................:.q...@.................................<........................Zq.X............................................................................................text....b.......d.................. ..`.rdata..\............h..............@..@.data....U...........|..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):3085
    Entropy (8bit):5.374077659787215
    Encrypted:false
    SSDEEP:
    MD5:577DC8C4447F6C46005904167D6EB008
    SHA1:567C14B408B19283F4B66DC9501F98F3811118E8
    SHA-256:84328765CE495C8FA7B49FCEDAFEB65C1844995BB387B327973AC0B17548764B
    SHA-512:612E150DD202BB160B1B014AC7121DD1DA6E0FD1FA471C7D9CF6F1CF21FE65C6F671ACFC38EAD61216C1D3A671145FAF67A4D80533E63FD1793C9DF2FB058EE1
    Malicious:false
    Reputation:low
    Preview:#RequireAdmin..#Region ;**** Directives created by AutoIt3Wrapper_GUI ****..#AutoIt3Wrapper_Icon=Icons\icon.ico..#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator..#AutoIt3Wrapper_Run_Tidy=y..#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****..;License Information------------------------------------..;Copyright (C) 2023 Andrew Calcutt..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA..;---
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1150808
    Entropy (8bit):7.00268158511066
    Encrypted:false
    SSDEEP:
    MD5:7814D57F6FC87A3CEE370FAB4E70F4BB
    SHA1:ABF21A54F26030944229FCE327BD225C8733D5CA
    SHA-256:3C047980CD5D2B43065A55802F1DD953D7CACA6D08D27183E95CD80B2201E060
    SHA-512:678FFFA9711C21C9D6E5F498C975357B0C7A74794F488061C9FDF6D317267D3F84C08D1340D7B3307366C175EB6CBC37B2A10C2AD9B1F0433C215C0DAC3C90DD
    Malicious:true
    Antivirus:
    • Antivirus: Joe Sandbox ML, Detection: 100%
    • Antivirus: ReversingLabs, Detection: 12%
    • Antivirus: Virustotal, Detection: 15%, Browse
    • Antivirus: Joe Sandbox ML, Detection: 100%
    Reputation:low
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...wbRd..........".................w.............@.................................;.....@...@.......@.....................d...|....@...............t..X....P...u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u...P...v..................@..B........................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with very long lines (535), with CRLF line terminators
    Category:dropped
    Size (bytes):749235
    Entropy (8bit):5.61039729336286
    Encrypted:false
    SSDEEP:
    MD5:BB9CDD920296628E8C91E16796742F6E
    SHA1:67B861047411887678FEE46070391FCC66E82F2B
    SHA-256:83DC5CF681BEDB21228FE55F64417DF561434DBA330E32084A472D0324965AB0
    SHA-512:66D38755F45023514D27566DC15019C3B2E102518C482BE3889FC12D5CD14DFC0CFE031F71E070A5FA96A46776C220EB8066C83FBBEA2B7C7C8A4F51A1512416
    Malicious:false
    Reputation:low
    Preview:#Region ;**** Directives created by AutoIt3Wrapper_GUI ****..#AutoIt3Wrapper_Icon=Icons\icon.ico..#AutoIt3Wrapper_Outfile=Vistumbler.exe..#AutoIt3Wrapper_Res_Fileversion=10.8.2.0..#AutoIt3Wrapper_Res_ProductName=Vistumbler..#AutoIt3Wrapper_Res_CompanyName=Vistumbler.net..#AutoIt3Wrapper_Res_Language=1033..#AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker..#AutoIt3Wrapper_Run_Tidy=y..#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****..;License Information------------------------------------..;Copyright (C) 2023 Andrew Calcutt..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have rece
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1907544
    Entropy (8bit):7.544973341022225
    Encrypted:false
    SSDEEP:
    MD5:40835C799D86933445E1CBBE3A7F90D6
    SHA1:1D53888606826C7B76194FCCCAAA21CA6436069B
    SHA-256:3F91C6C2DD4D6E2A2C58300C043826D57EA6D38BB5A648EAF35A18F0840DD18D
    SHA-512:3EBA4E27EFF998E01A4E78B721961B98C4785B386FE627C1B34E4FD0730039F5D9431EB7768CFA0402941FE59EDB5F2BE41A4A98FCE11E6533C0611D34636945
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 7%, Browse
    Reputation:low
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...^.Rd.........."..........P......w.............@..........................`............@...@.......@.....................d...|....@..................X........u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
    Category:dropped
    Size (bytes):174592
    Entropy (8bit):7.874763913992685
    Encrypted:false
    SSDEEP:
    MD5:8F24F14BAD0ECACEAF9585DA81AA3762
    SHA1:71466D1AE98DE19D3EC49ED9D093C49125C253AB
    SHA-256:DC1AACFE0E947D73D612CB1F907CD5F9647ADC6D3607D06F17E8CFDFD57E7354
    SHA-512:BB6AD4D49AD93DCF7D43DBED6688080AB649F49F5A81D931D5682419E81AA86A4CBAFC81BFDB6A5D4D852EE6A1CE26BC19A638314D9C274440688E81CA3BE8DB
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 3%, Browse
    Reputation:low
    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................... ...`..`....p........@..........................0..............................................................................d!......................................................................................UPX0.....`..............................UPX1.........p......................@....rsrc.... ..........................@..............................................................................................................................................................................................................................................................................................................................................................................3.03.UPX!....
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
    Category:dropped
    Size (bytes):121176
    Entropy (8bit):7.400993671710681
    Encrypted:false
    SSDEEP:
    MD5:8D44B706F88990FABA3E45BA208A0047
    SHA1:FCB1262E43CF56FD5536CDE7F33A07AFBFF95A61
    SHA-256:51B87B1A5E0CC797E59966A82BC28C1E427812DAD6B408D93E421FB2200B1236
    SHA-512:7D41EE3101D3118BB969969B84DC03B6EB3193909AC4DCEB0A259F0DF9D65D6FE55C0A63126B188E2DAC1FDC6B3A0F7B1ECF8963E2CD6AED61F6C840353688F5
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 1%, Browse
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._Rd..............0..0...........N... ...`....@.. ....................... .......V....`.................................tN..O....`.................X...........<M............................................... ............... ..H............text........ ...0.................. ..`.rsrc.......`.......2..............@..@.reloc..............................@..B.................N......H........$..t(...........................................................0............(....r...p(....rE..p(....r...p(......(....(....r...p(......(....r...p.r...p(....(.....(..........r...p.rQ..p.r...p(....(.....(....(....r...p(......(....*"~....,.*.0..q.......r...prk..p...*...(.....r...ps....(....( ...t.......o!...&r...ps....(....( ...t......r/..po0...rK..ps....(....( ...t......r...po#.....o-.... ....o).....o&...rK..ps....(....( ...t........r...po#......o-..... ....o)..... ..
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):12557
    Entropy (8bit):5.46818451242915
    Encrypted:false
    SSDEEP:
    MD5:2A5ADC0EB795A01A783D4E1588C12444
    SHA1:BD1429CD991854C8FCBF2750694B034FB6639102
    SHA-256:28D854237725A937690A55F63B808CEE3695519DD0DA2DDB34312BDA3FCF3688
    SHA-512:AC9847EC97DBCF172EDEC980BED8E39578A46F8A0540B4C1F5FF2B33B82D1EE96A8550EE199A21A7218223D142F829ACEC1CFE9EC73EDBCDA034531704C3C668
    Malicious:false
    Reputation:low
    Preview:#NoTrayIcon..#Region ;**** Directives created by AutoIt3Wrapper_GUI ****..#AutoIt3Wrapper_Icon=Icons\icon.ico..#AutoIt3Wrapper_Run_Tidy=y..#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****..;License Information------------------------------------..;Copyright (C) 2019 Andrew Calcutt..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA..;--------------------------------------------------------..;AutoIt Versi
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):960984
    Entropy (8bit):6.788319140225092
    Encrypted:false
    SSDEEP:
    MD5:FC70F1E8A15259656ED0BF5A7696E93B
    SHA1:A8C091E522F76684CCE40A7E95E663B03AB9A294
    SHA-256:1D20DAFF9718435519DB9BCE17426BB6FB164C014F882AC274D30ACCC4A977C9
    SHA-512:A3E1F5B6EAB5334184EB16D93EAE6E8ECCBA12866E616ADC7312B4B8C2034825D46CCD0BD906C3C6F2BD6956D413FA3BF0849A7C8F3D97603C7997DB174C20D6
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 3%, Browse
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L......].........."...............................@.................................'d....@...@.......@.........................|.......T.......................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...T............4..............@..@.reloc..4q.......r...(..............@..B........................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):580701
    Entropy (8bit):6.4946515355305205
    Encrypted:false
    SSDEEP:
    MD5:47A89AAED60E9F7DAA7206E6D09FE8CE
    SHA1:9C19A3F83C368D87DECB4622AB8F92A6A4149948
    SHA-256:DE6E8FA954DAE725C52001C55F213E5ABB9937F16FDCAD35B5D6F5D81E476660
    SHA-512:AFE0FE6F6584DFD4FF852EB9DBFE2EB29016638A68AF8570ED16D5C6A90119A4C29D000E41F650E4CC98172A583784D15CA63CE50767B4FF2D97986F801921CC
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 1%, Browse
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.hO....r......!................X..............`.........................@......9N........ .............................................................. ..($......................................................X............................text...............................`.0`.data...............................@.0..rdata..T.... ......................@.@@.bss..................................@..edata..............................@.0@.idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..reloc..($... ...&..................@.0B/4......@....P......................@..B/19..........`......................@..B/35.....M....p......................@..B/51.....?C.......D..................@..B/63.....p............T..............@..B/77....._............b..............@..B/89..................n..
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:C source, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):13817
    Entropy (8bit):5.4007781007776074
    Encrypted:false
    SSDEEP:
    MD5:8C202A721682DACFF725F832F1E5A242
    SHA1:74D8DBE527457CA8D8CBC5AF4DDF41D6F089B16F
    SHA-256:2C489E86D267145F3913ED7710B8D5A231421D7D82103DE4C35F26D6B78E7616
    SHA-512:77723E55CD477463532FDB2A0E30F517CC6CD6CB8BAEDFE1E28FAA1B221048E3A65BE6943AB7AFFFE111F6C294A35C848DFAC6388982B019DE21BAEE3E25BCEB
    Malicious:false
    Reputation:low
    Preview:#RequireAdmin..#Region ;**** Directives created by AutoIt3Wrapper_GUI ****..#AutoIt3Wrapper_Icon=Icons\icon.ico..#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator..#AutoIt3Wrapper_Run_Tidy=y..#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****..;License Information------------------------------------..;Copyright (C) 2019 Andrew Calcutt..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have received a copy of the GNU General Public License along with this program; If not, see <http://www.gnu.org/licenses/gpl-2.0.html>...;------------------------------------------------------
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):994264
    Entropy (8bit):6.848205403519505
    Encrypted:false
    SSDEEP:
    MD5:6109054F8703D3623652231346333BF2
    SHA1:FD4AB939F53C45836EC9A0DDB6235DCDCBA8339C
    SHA-256:7422058CD17AD34E77C114E1C06E61E5FB5F4E2631CE486637C540400ED13465
    SHA-512:CB8DFDF1B59656CD95F15F6EEE772C4A9CF8C62933609B16FCA3786DCF75300C5F696750DEFF3A42FC92179CAD74A5302D5BBEEB89711F202877FF27864E3D17
    Malicious:true
    Antivirus:
    • Antivirus: Joe Sandbox ML, Detection: 100%
    • Antivirus: ReversingLabs, Detection: 5%
    • Antivirus: Virustotal, Detection: 11%, Browse
    • Antivirus: Joe Sandbox ML, Detection: 100%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L......].........."..........8....................@.................................=b....@...@.......@.........................|........u......................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc....u.......v...4..............@..@.reloc..4q.......r..................@..B........................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:Generic INItialization configuration [RemovedFiles]
    Category:dropped
    Size (bytes):7579
    Entropy (8bit):4.944353715609664
    Encrypted:false
    SSDEEP:
    MD5:9C84498E3BFFE958D4CC36FBC153CD45
    SHA1:9D696ACC8431A64DCA6310F100B41547BB3097C6
    SHA-256:E236C0B2DFD58615AA1DB4A5F67911EE4CF0C6669E4D6B5F77F9B5767BEC86E1
    SHA-512:A097E8E43DB5E4D456753137E303F5D4B08FF04421ED0A71FE3C62010A7A1D78C7FE29B60D8C27F2096EE21F7F8EEF4CF5E018F36908535A9F6CE6E2CFEABD56
    Malicious:false
    Reputation:low
    Preview:[FileVersions]..commg.dll=9b4e523de98f4fb162ffe8d787cd87944744e9d6.Export.au3=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..Export.exe=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..License.txt=9b4e523de98f4fb162ffe8d787cd87944744e9d6..macmanuf.exe=2e09a5cc9a5a266c2c27317d3c0a95650ad48d38..say.au3=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..say.exe=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..sqlite3.dll=9b4e523de98f4fb162ffe8d787cd87944744e9d6..update.au3=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..update.exe=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..UpdateManufactures.au3=2e09a5cc9a5a266c2c27317d3c0a95650ad48d38..UpdateManufactures.exe=2e09a5cc9a5a266c2c27317d3c0a95650ad48d38..Vistumbler.au3=afbaae73804f9058b46cddbf246e37a60f205b0b..Vistumbler.exe=afbaae73804f9058b46cddbf246e37a60f205b0b..vistumbler_updater.au3=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..vistumbler_updater.exe=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0..Uninstall.exe=3ac4107e52c97e695f912eaa1e88d9524c5e2ca0.Icons\icon.ico=9b4e523de98f4f
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):3645
    Entropy (8bit):5.367580639494502
    Encrypted:false
    SSDEEP:
    MD5:39378B604E6BA9A2EF571A8670E55F8A
    SHA1:B8F32862F2F8ED93E4659E22145339810E6AA1BE
    SHA-256:2115B60B3B295C788016A8B64AB4033680FD7451A06E7A94DBAEA8EB1C76A57A
    SHA-512:14BAD2FE531546BD5323CC5EFDD818D2BCD19BB61DF261B6C849DFEAB5DD14DE0515A45FC3969BF9075B3B58D8F7C7BF6FE814AA04A0DDAD93D4CF13948CB925
    Malicious:false
    Reputation:low
    Preview:#RequireAdmin..#Region ;**** Directives created by AutoIt3Wrapper_GUI ****..#AutoIt3Wrapper_Icon=Icons\icon.ico..#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator..#AutoIt3Wrapper_Run_Tidy=y..#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****..;License Information------------------------------------..;Copyright (C) 2019 Andrew Calcutt..;This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 of the License...;This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details...;You should have received a copy of the GNU General Public License along with this program; If not, see <http://www.gnu.org/licenses/gpl-2.0.html>...;------------------------------------------------------
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):948184
    Entropy (8bit):6.7573041576817205
    Encrypted:false
    SSDEEP:
    MD5:E4D9639A8F33AE87BB70B786672F208B
    SHA1:3E1377099DBDE3A519385F1E210689B854B1F2A5
    SHA-256:2E97D7C0A107C85D8A24E45C885262EF46639AC0215555C4210681BFF6C68A72
    SHA-512:4462E488C57B80EAAF825224E2AE7D99E3FD6E482AEC1F9655CA6FE4DE503F5E90E140D010F04C32E01F7DD28F4AB2C7DACCC776C46CEAE6BE07245EA27F9BC5
    Malicious:true
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 8%
    • Antivirus: Virustotal, Detection: 4%, Browse
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L......].........."...............................@..................................n....@...@.......@.........................|.......`............h.......P..4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...`............4..............@..@.reloc..4q...P...r..................@..B........................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Microsoft Access Database
    Category:modified
    Size (bytes):126976
    Entropy (8bit):0.8523254431359293
    Encrypted:false
    SSDEEP:
    MD5:8FE0733F11442BFCCAD154D16F9BA39B
    SHA1:6B44DE40012CE2926684DD118A44C12642203A87
    SHA-256:4D5ACF9A4BCD930504C62909EECDE872D6B1B5A4472222A0D705F6A84D0B9FC0
    SHA-512:59DCD2153B49FB8FE1B048CF1F5ECBE12C603B441B0FDA713DF60F9AD016B3E64C4DBADEBEF465DAE538F08DB6B2AF6BC5C36433EF2D1CBBE1ECB4770BF446C2
    Malicious:false
    Reputation:low
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7....R.(...`.${6a...D.C[..3..y[..|*L.|........,.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):13482
    Entropy (8bit):5.8644725774321875
    Encrypted:false
    SSDEEP:
    MD5:3BEAE65A43DD16D582FA0D670FC5A3F2
    SHA1:5A70DEAD4906CE0CE1BA6C41A22AF060A45AD883
    SHA-256:277F968AAEA8229A27A258242B0F1AE3DBA744FD50BAA2D9BA1AC44AC9A88CAD
    SHA-512:3CCDD4D6B93FA0A3012F4037715A1E5EB63AEA9B81ECC82D348B56FFDB92562B5E293659531225A8802A27AAB09858D2901C946EBA41D59DB24CC0C5281500C2
    Malicious:false
    Reputation:low
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):13553
    Entropy (8bit):5.885141639812439
    Encrypted:false
    SSDEEP:
    MD5:E82CD9CE86A2EFC3F1FAA91847BE9539
    SHA1:A6E48278BC6D25741266F0F3E46A44FA3D3160FB
    SHA-256:29746669AE45D5F8E5E8F60241FC82FD361CF0A8006BA7FCB49996740F44DBD0
    SHA-512:21BADBA77765B2E76B652315A1CD90A7D07A385174C4348A2E8918E0D73DC89442513D298862D2DC983FAD78CD5C2C3017FA2EB26697378C1B5296D7AAB6E151
    Malicious:false
    Reputation:low
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):13925
    Entropy (8bit):5.861246626390828
    Encrypted:false
    SSDEEP:
    MD5:BCCBB24705D00EF2F594DB87F57CC7E8
    SHA1:6405648A96FF1A788E0DD8A607019726F8A920C6
    SHA-256:EDB73B26A1EDF955DEC4BEFA072F8BD6A691D61AEC85A2B62E7239A095B1DEAA
    SHA-512:929060DFE93268A08A1DC8765F555493472EAB173AE828311E6825E183691F892F00FE7DF4311CF094E15911022CE668D31B9BAB5D61302F26481201A518A04F
    Malicious:false
    Reputation:low
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):13367
    Entropy (8bit):5.82415341749802
    Encrypted:false
    SSDEEP:
    MD5:C42A76C3601ED785ED0CAA9D3AD16700
    SHA1:E8D230D57D892F3BCE3E3CF83135B2CC6EDF775C
    SHA-256:68D3EC19213F6B2DDAED41EA2651691F660D537C0BEE4B032332C45AEBB7C941
    SHA-512:8B0A46ADD716C4032E817B7A7A417FCD533790C8A04BB90C6A57FD483F14CC4F5A90BA0598E994AC14E07087C859F8A764B9558C90EDCB4C8306C131B24CBCA6
    Malicious:false
    Reputation:low
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):13877
    Entropy (8bit):5.8388710915239415
    Encrypted:false
    SSDEEP:
    MD5:3331BCEDA46203004C563B2633AC779C
    SHA1:111EB18A6E3B5392598D98BE0D7FF476E8D829BB
    SHA-256:C35948BFC7B1856FF1CA18A90C9D8DFA9CAB7898027794F39575F278AD8EBB00
    SHA-512:19B5580F64207DE8BDD53F14545F80126CB3A628F8942AD6AC45B4BC20C6E16AB3D1653E6EFB062B5088CF17ED880AA5FED0DC610C19775B89D9B76D4B2F3995
    Malicious:false
    Reputation:low
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):13553
    Entropy (8bit):5.884650911311996
    Encrypted:false
    SSDEEP:
    MD5:D3333BFD4E45843DEC3380B3FE1C9122
    SHA1:8A06B1184A5C5DCBE959BB49876072337EDE0193
    SHA-256:BF5715C1434D7BB23000C8B651E94D3432D20A56A14940F090D11919CF2DA900
    SHA-512:F9643F226AB69A1DC849CCFB2C81A6492B9036246813DCCA5EF564976AAB123FE29F6453C0E8AD67A08D9B1C1902668173A42E7C6F9FDB16535BF036457790A7
    Malicious:false
    Reputation:low
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed May 3 11:35:50 2023, mtime=Thu Oct 5 07:30:48 2023, atime=Thu Oct 5 07:30:48 2023, length=38746, window=hide
    Category:dropped
    Size (bytes):2015
    Entropy (8bit):3.395305976659708
    Encrypted:false
    SSDEEP:
    MD5:0B82B17D723CFE69AD5DA348DED17621
    SHA1:52C05E4A8E65EB58B45536FFBA9DF20883137222
    SHA-256:D3BE1B25CDD5D50030FF6679775C4213E8A9309F9222145999E5CDB1845C41A4
    SHA-512:D1AEFB8C986636300FC0E03B1A706B263764C2BD901BE6B3ABB9BB272BC8356C35108871E2169AE88439E9B066EE54B95D0500934A7B481C5A1AE547F55C5E92
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ....W..}....?>f.....?>f...Z............................P.O. .:i.....+00.../C:\.....................1.....EW.C..PROGRA~2.........sN.&EW.C....^...............V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....EW.C..VISTUM~1..F......EW.CEW.C.....`.....................[..V.i.s.t.u.m.b.l.e.r.....h.2.Z...EW.C .UNINST~1.EXE..L......VydEW.C....fc...................._...U.n.i.n.s.t.a.l.l...e.x.e.......^...............-.......]............L,......C:\Program Files (x86)\Vistumbler\Uninstall.exe..G.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.V.i.s.t.u.m.b.l.e.r.\.U.n.i.n.s.t.a.l.l...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.V.i.s.t.u.m.b.l.e.r./.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.V.i.s.t.u.m.b.l.e.r.\.u.n.i.n.s.t.a.l.l...e.x.e.........%ProgramFiles%\Vistumbler\uninstall.exe............................................................................
    Process:C:\Users\user\Desktop\Vistumbler_v10-8-2.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed May 3 22:26:38 2023, mtime=Thu Oct 5 07:30:43 2023, atime=Wed May 3 22:26:38 2023, length=1907544, window=hide
    Category:modified
    Size (bytes):2022
    Entropy (8bit):3.3775544651315137
    Encrypted:false
    SSDEEP:
    MD5:B3A3DA8A55225BAD0886075867E6B5CA
    SHA1:F2D806032125C6F96A32470EBBB092909E5379F5
    SHA-256:6A10ED292374387400EBA3823CB688263524DE8566B30CE8FCA5590182279214
    SHA-512:7110FFEFCB4EBB4D9D353C01F9480FAEB5649E40BCA2481F2585D2E2346B57ADEA4E94D0DF7FBF791C8B95112CF21EE8D4C43DA5200773D36C614615C1D04C30
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ....KI..~...h;f....KI..~..X............................P.O. .:i.....+00.../C:\.....................1.....EW.C..PROGRA~2.........sN.&EW.C....^...............V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....EW.C..VISTUM~1..F......EW.CEW.C.....`.....................[..V.i.s.t.u.m.b.l.e.r.....j.2.X....VS. .VISTUM~1.EXE..N......VS.EW.C....kc........................V.i.s.t.u.m.b.l.e.r...e.x.e......._...............-.......^............L,......C:\Program Files (x86)\Vistumbler\Vistumbler.exe..H.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.V.i.s.t.u.m.b.l.e.r.\.V.i.s.t.u.m.b.l.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.V.i.s.t.u.m.b.l.e.r.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.V.i.s.t.u.m.b.l.e.r.\.V.i.s.t.u.m.b.l.e.r...e.x.e.........%ProgramFiles%\Vistumbler\Vistumbler.exe....................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:data
    Category:dropped
    Size (bytes):64
    Entropy (8bit):1.3860360556164644
    Encrypted:false
    SSDEEP:
    MD5:3180EEBB04F3892BF568B83021987E3E
    SHA1:8B6A0DFCEA81B4A75CC81CA40FB14F49F05BEBC1
    SHA-256:A0965F5BD8EC3466B6B4DEDE77D370B37BC25442D423C6EDF481580B093B4AC9
    SHA-512:1805B3208D84CE175D268A6493E1B68C616968E8B584D6A337DEF1557EFA4618D045B8697E53E06E930BFAFCEE2D19445D016896EF4B3BF85F1DD583B7C7C910
    Malicious:false
    Reputation:low
    Preview:783875. Admin.
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Microsoft Access Database
    Category:dropped
    Size (bytes):73728
    Entropy (8bit):0.45343404019075884
    Encrypted:false
    SSDEEP:
    MD5:99CF2B3BBAE9F2508701656A678E696F
    SHA1:23F1FACA1313587F5F3DD8E44DB095D2D89035D8
    SHA-256:3B68A309D0EF7115E8BA4FCD641BF2F05DC8D14AFD8F320AEDEBBFC0D5A6BEE7
    SHA-512:50D741EBADD4B210093F377419653BACD937B18F3B1D73D7FC00F3FDFC83E6DE3B36AA1BBE9BCA001640ACBEF02A307E43D6FFA000A001DA1740C58A7396F965
    Malicious:false
    Reputation:low
    Preview:....Standard Jet DB......n.b`..U.gr@?..~.....1.y..0...c...F...N.K.7....R.(...`.${6a...D.C[..3..y[..|*L.|.....)...,.f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:data
    Category:dropped
    Size (bytes):64
    Entropy (8bit):1.3860360556164644
    Encrypted:false
    SSDEEP:
    MD5:79912454D8E573F2770DEBAD4F9211EC
    SHA1:032772C62ED18324AC18FA65B86FB5DA8762A513
    SHA-256:861B7C192173C1797959E4B1082E645AC898D03F3F535843A27C39B2F4AE81CE
    SHA-512:D85A1DFF627C5B2345FCB2ACD8DEAA9F61945579660BF77B6E32E2B7D4E58643E5C39100565A9FCB7CA7648CDBEF0837F3C493A01A880C31C1829A719A4E17F2
    Malicious:false
    Reputation:low
    Preview:783875. admin.
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Generic INItialization configuration [WindowPositions]
    Category:dropped
    Size (bytes):2993
    Entropy (8bit):5.321387685829409
    Encrypted:false
    SSDEEP:
    MD5:71CC9EC08CB7B9F3C57A024B47A782EB
    SHA1:79303556F1BE10686A8BFEB29F89EDD63E9A535F
    SHA-256:E967C3E530AA39BFA1F686976B64B5FC3D57A2FE99BB0ECC8F556918CD7C41FC
    SHA-512:3BA85EC4AA478AB4BE6F56EFD73C370A1A2F736A20C31A82F22F091EAF425290C1E94F00AD191ABA19C972ABE254D2BF454F2E0F2735B302C9CEBAD787B9FC95
    Malicious:false
    Reputation:low
    Preview:[Vistumbler]..PortableMode=0..Netsh_exe=netsh.exe..UseNativeWifi=1..AutoCheckForUpdates=1..CheckForBetaUpdates=0..DefaultApapter=Wireless Network Connection..TextColor=0x000000..BackgroundColor=0x99B4A1..ControlBackgroundColor=0xD7E4C2..SplitPercent=0.2..SplitHeightPercent=0.65..Sleeptime=1000..NewApPosistion=1..Language=English..LanguageFile=English.ini..AutoRefreshNetworks=1..AutoRefreshTime=1000..Debug=0..DebugCom=0..GraphDeadTime=0..SaveGpsWithNoAps=1..TimeBeforeMarkedDead=5..AutoSelect=0..AutoSelectHS=0..DefFiltID=-1..AutoScan=0..dBmMaxSignal=-30..dBmDissociationSignal=-85....[WindowPositions]....[DateFormat]....[GpsSettings]..ComPort=4..Baud=4800..Parity=N..DataBit=8..StopBit=1..GpsType=2..GPSformat=3..GpsTimeout=30000....[AutoSort]..AutoSortTime=60..AutoSort=0..SortCombo=Sort by SSID..AscDecDefault=0....[AutoSave]..AutoSave=1..AutoSaveDel=1..AutoSaveTime=300....[Sound]..PlaySoundOnNewAP=1..SoundPerAP=0..NewSoundSigBased=0..NewAP_Sound=new_ap.wav..Error_Sound=error.wav....[MIDI].
    Process:C:\Program Files (x86)\Vistumbler\Vistumbler.exe
    File Type:Generic INItialization configuration [WindowPositions]
    Category:dropped
    Size (bytes):3027
    Entropy (8bit):5.325303732628342
    Encrypted:false
    SSDEEP:
    MD5:C524DCE435F6D5EEEBCAF04E236A5F11
    SHA1:23B76200FFEF7D964D8CB01EE82EF3CAB59B1134
    SHA-256:D88D3347B73083057CB4D9E7277CEFF935B882F57F633EDC53226D693C89DFC9
    SHA-512:3DA7C7263AB3ADA74D5D919E0C7E2FAEEAEC784D2DA73765B0B698ECF4A6B585A43749F51CDFC789F2EE78FAF637F65FCBE994453FF1FE2FA7E4EF301AACD056
    Malicious:false
    Reputation:low
    Preview:[Vistumbler]..PortableMode=0..Netsh_exe=netsh.exe..UseNativeWifi=1..AutoCheckForUpdates=1..CheckForBetaUpdates=0..DefaultApapter=Wireless Network Connection..TextColor=0x000000..BackgroundColor=0x99B4A1..ControlBackgroundColor=0xD7E4C2..SplitPercent=0.2..SplitHeightPercent=0.65..Sleeptime=1000..NewApPosistion=1..Language=English..LanguageFile=English.ini..AutoRefreshNetworks=1..AutoRefreshTime=1000..Debug=0..DebugCom=0..GraphDeadTime=0..SaveGpsWithNoAps=1..TimeBeforeMarkedDead=5..AutoSelect=0..AutoSelectHS=0..DefFiltID=-1..AutoScan=0..dBmMaxSignal=-30..dBmDissociationSignal=-85..Name=Vistumbler..Version=v10.8.2....[WindowPositions]....[DateFormat]....[GpsSettings]..ComPort=4..Baud=4800..Parity=N..DataBit=8..StopBit=1..GpsType=2..GPSformat=3..GpsTimeout=30000....[AutoSort]..AutoSortTime=60..AutoSort=0..SortCombo=Sort by SSID..AscDecDefault=0....[AutoSave]..AutoSave=1..AutoSaveDel=1..AutoSaveTime=300....[Sound]..PlaySoundOnNewAP=1..SoundPerAP=0..NewSoundSigBased=0..NewAP_Sound=new_ap.wav
    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
    Entropy (8bit):7.999086052498621
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:Vistumbler_v10-8-2.exe
    File size:7'435'768 bytes
    MD5:1087d87a70ace72a20bbe0f08d81534b
    SHA1:d9c86e3322d165f0ac994bbbae87e6a5a5aa1024
    SHA256:e0d017c3917de2dfa6ac51579946c911f34cee1d276eb68144508b08a298bf0b
    SHA512:771dc2adb7a02165ec8358a9a330ac40be5929e5117cea97d1fea4a66a0fa21efc455317d8fe77ab21fc2981f7651b0cf42e1788f45560a293db72576f883c57
    SSDEEP:196608:l8g+x1JudjGzuQ1lYQVHRY2le47R5XTrmUztyto:lL+x1JuZGaQ16kheCR5/met0o
    TLSH:B376333D90F19CABD849E532A9AD10DCE433D6500D68169F06AA67DB07674CA33BF24F
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...)..\.................d...|.....
    Icon Hash:3d2e0f95332b3399
    Entrypoint:0x40320c
    Entrypoint Section:.text
    Digitally signed:true
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Time Stamp:0x5C157F29 [Sat Dec 15 22:24:41 2018 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:3abe302b6d9a1256e6a915429af4ffd2
    Signature Valid:false
    Signature Issuer:CN=Andrew Calcutt, O=Vistumbler.net, E=ACalcutt@vistumbler.net
    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
    Error Number:-2146762487
    Not Before, Not After
    • 10/18/2010 6:00:00 AM 1/1/2099 5:00:00 AM
    Subject Chain
    • CN=Andrew Calcutt, O=Vistumbler.net, E=ACalcutt@vistumbler.net
    Version:3
    Thumbprint MD5:9B40EF694C215FBF4D38E3F491103BDA
    Thumbprint SHA-1:6289E06A74D277FA44F6F278C3D01ACD6ACBBD2F
    Thumbprint SHA-256:0062D1620CFBA867EE5DF61F481964A61989B251C30413A7258F2D2A13AEF082
    Serial:63338AFA59A37AB44C3EC63F7BDC6ED3
    Instruction
    sub esp, 00000184h
    push ebx
    push esi
    push edi
    xor ebx, ebx
    push 00008001h
    mov dword ptr [esp+18h], ebx
    mov dword ptr [esp+10h], 0040A198h
    mov dword ptr [esp+20h], ebx
    mov byte ptr [esp+14h], 00000020h
    call dword ptr [004080A0h]
    call dword ptr [0040809Ch]
    and eax, BFFFFFFFh
    cmp ax, 00000006h
    mov dword ptr [0042F40Ch], eax
    je 00007EFFC4311303h
    push ebx
    call 00007EFFC43143DAh
    cmp eax, ebx
    je 00007EFFC43112F9h
    push 00000C00h
    call eax
    mov esi, 00408298h
    push esi
    call 00007EFFC4314356h
    push esi
    call dword ptr [00408098h]
    lea esi, dword ptr [esi+eax+01h]
    cmp byte ptr [esi], bl
    jne 00007EFFC43112DDh
    push 0000000Ah
    call 00007EFFC43143AEh
    push 00000008h
    call 00007EFFC43143A7h
    push 00000006h
    mov dword ptr [0042F404h], eax
    call 00007EFFC431439Bh
    cmp eax, ebx
    je 00007EFFC4311301h
    push 0000001Eh
    call eax
    test eax, eax
    je 00007EFFC43112F9h
    or byte ptr [0042F40Fh], 00000040h
    push ebp
    call dword ptr [00408044h]
    push ebx
    call dword ptr [00408288h]
    mov dword ptr [0042F4D8h], eax
    push ebx
    lea eax, dword ptr [esp+38h]
    push 00000160h
    push eax
    push ebx
    push 00429830h
    call dword ptr [00408178h]
    push 0040A188h
    Programming Language:
    • [EXP] VC++ 6.0 SP5 build 8804
    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x11f0.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x715aa00x1b58
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x628f0x6400False0.6700390625data6.442207080714446IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x80000x135c0x1400False0.4611328125data5.240043476337556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0xa0000x255180x600False0.455078125data4.04938010159809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .ndata0x300000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0x380000x11f00x1200False0.369140625data4.489135065376583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_BITMAP0x382680x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
    RT_ICON0x385d00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
    RT_DIALOG0x388b80x144dataEnglishUnited States0.5216049382716049
    RT_DIALOG0x38a000x13cdataEnglishUnited States0.5506329113924051
    RT_DIALOG0x38b400x100dataEnglishUnited States0.5234375
    RT_DIALOG0x38c400x11cdataEnglishUnited States0.6056338028169014
    RT_DIALOG0x38d600xc4dataEnglishUnited States0.5918367346938775
    RT_DIALOG0x38e280x60dataEnglishUnited States0.7291666666666666
    RT_GROUP_ICON0x38e880x14dataEnglishUnited States1.2
    RT_MANIFEST0x38ea00x349XML 1.0 document, ASCII text, with very long lines (841), with no line terminatorsEnglishUnited States0.5517241379310345
    DLLImport
    KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
    USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States