Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
palera1n.exe

Overview

General Information

Sample name:palera1n.exe
Analysis ID:1365046
MD5:e0da7ebe8736791ac92c501a78bcd643
SHA1:a56321571978d0b24a983e6b50eeb703e4db8e48
SHA256:4fa681dfa8fd5998e6e737c5b4be4ba30123902eece3a06381ea69f36efb85db
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Yara detected Costura Assembly Loader
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates driver files
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64_ra
  • palera1n.exe (PID: 6308 cmdline: C:\Users\user\Desktop\palera1n.exe MD5: E0DA7EBE8736791AC92C501A78BCD643)
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2300857801.0000000004E91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.2294119046.0000000003E91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2330196271.000000000D336000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: palera1n.exeReversingLabs: Detection: 73%
        Source: palera1n.exeVirustotal: Detection: 70%Perma Link
        Source: palera1n.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        Source: palera1n.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRmgZjUGM7Ri6wGIjA1eQ5fJqYmH8irl2QMiFqAH93x0t2BZIVDarVtCat_GDeT2G5-ODW2mddULOE9qikyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRmgZjUGM7Ri6wGIjA1eQ5fJqYmH8irl2QMiFqAH93x0t2BZIVDarVtCat_GDeT2G5-ODW2mddULOE9qikyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
        Source: unknownDNS traffic detected: queries for: www.google.com
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x86\USBAAPL.CATJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\AppleUSB.catJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\USBAAPL64.CATJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusb0.sys
        Source: C:\Users\user\Desktop\palera1n.exeSection loaded: mobiledevice.dll
        Source: palera1n.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        Source: classification engineClassification label: mal56.evad.winEXE@1/97@1/5
        Source: palera1n.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: palera1n.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
        Source: C:\Users\user\Desktop\palera1n.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\palera1n.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: palera1n.exeReversingLabs: Detection: 73%
        Source: palera1n.exeVirustotal: Detection: 70%
        Source: C:\Users\user\Desktop\palera1n.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\palera1n.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
        Source: palera1n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: palera1n.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: palera1n.exeStatic file information: File size 27929600 > 1048576
        Source: palera1n.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1a9ac00
        Source: palera1n.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

        Data Obfuscation

        barindex
        Yara detected Costura Assembly Loader
        Source: Yara matchFile source: 00000000.00000002.2300857801.0000000004E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2294119046.0000000003E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2330196271.000000000D336000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

        Persistence and Installation Behavior

        barindex
        Sample is not signed and drops a device driver
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusb0.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusbK.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\libusb0.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\libusbK.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\AppleKmdfFilter.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\AppleLowerFilter.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\usbaapl64.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x86\usbaapl.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\UsbDk\UsbDk.sys
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libimobiledevice-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\dpinst64.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x86\usbaaplrc.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\getopt.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicedebugserverproxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libplist-2.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\usbmuxd.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusbK.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicedebug.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\usbaapl64.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\AppleUsbFilter.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libirecovery-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libusbmuxd-2.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceprovision.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\plist_test.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libxml2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\plist_cmp.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\UsbDk\UsbDk.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusbK.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceactivation.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libtermcap-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libcurl.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\winusbcoinstaller2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicename.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\irecovery.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\zlib1.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\plist.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\pcreposix.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceinfo.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\zip.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusbK_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\pthreadVC3.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libirecovery.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceactivation.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceenterrecovery.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceinstaller.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\usbmuxd.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\iproxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ios_webkit_debug_proxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\winusbcoinstaller2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\readline.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevice_id.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicecrashreport.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\lzma.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicediagnostics.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libssl-1_1-x64.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\openssl.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libimobiledevice-glue-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicerestore.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\UsbDk\UsbDkHelper_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\libusb0.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusb0.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusb0_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\iconv-2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicepair.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\imobiledevice.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libusb0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\AppleKmdfFilter.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicebackup2.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libcrypto-1_1-x64.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\UsbDk\UsbDkController.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\UsbDk\UsbDkInstHelper.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\imobiledevice-net-lighthouse.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\WdfCoInstaller01011.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\amd64\libusb0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libreadline8.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\ideviceimagemounter.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libusb-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicebackup.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicedate.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\pcre.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicescreenshot.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\libusb0_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\dpscat.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x64\AppleLowerFilter.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\libplist++-2.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\libusbK.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\UsbDk\UsbDkHelper.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicesyslog.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\irecovery.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\libusbK\x86\WdfCoInstaller01011.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\idevicenotificationproxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\plistutil.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\drivers\usb\x86\usbaapl.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\vcruntime140.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeFile created: C:\palera1n\bz2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 600000
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599889
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599776
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599648
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599539
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599429
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599317
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599189
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599062
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598950
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598838
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598726
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598614
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598486
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598358
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598220
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598102
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597991
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597879
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597751
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597639
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597527
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597415
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597303
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597176
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597048
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596934
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596822
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596712
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596601
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596489
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596361
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596249
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596137
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596026
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595914
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595802
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595674
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595561
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595450
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595339
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595228
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595116
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595004
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594876
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594764
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594652
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594533
        Source: C:\Users\user\Desktop\palera1n.exeWindow / User API: threadDelayed 1937
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libimobiledevice-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\dpinst64.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\usb\x86\usbaaplrc.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicedebugserverproxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libplist-2.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\getopt.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\usbmuxd.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\libusbK.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicedebug.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\usb\x64\usbaapl64.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\usb\x64\AppleUsbFilter.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libusbmuxd-2.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libirecovery-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceprovision.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\plist_test.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libxml2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\plist_cmp.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\UsbDk\UsbDk.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceactivation.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\libusbK.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libtermcap-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libcurl.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\irecovery.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\x86\winusbcoinstaller2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\zlib1.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicename.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\plist.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\zip.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceinfo.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\pcreposix.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\libusbK_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\pthreadVC3.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libirecovery.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceactivation.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceenterrecovery.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceinstaller.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\usbmuxd.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\iproxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ios_webkit_debug_proxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\winusbcoinstaller2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevice_id.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\readline.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicecrashreport.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libssl-1_1-x64.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\lzma.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicediagnostics.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\openssl.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libimobiledevice-glue-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicerestore.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\UsbDk\UsbDkHelper_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\x86\libusb0.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\libusb0_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\libusb0.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicepair.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\iconv-2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libusb0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicebackup2.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\usb\x64\AppleKmdfFilter.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libcrypto-1_1-x64.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\UsbDk\UsbDkInstHelper.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\UsbDk\UsbDkController.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\imobiledevice-net-lighthouse.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\WdfCoInstaller01011.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libreadline8.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\amd64\libusb0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\ideviceimagemounter.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libusb-1.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicedate.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicebackup.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\pcre.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicescreenshot.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\x86\libusb0_x86.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\dpscat.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\usb\x64\AppleLowerFilter.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\libplist++-2.0.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\x86\libusbK.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\irecovery.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicesyslog.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\UsbDk\UsbDkHelper.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\libusbK\x86\WdfCoInstaller01011.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\idevicenotificationproxy.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\plistutil.exeJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\drivers\usb\x86\usbaapl.sysJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\vcruntime140.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exeDropped PE file which has not been started: C:\palera1n\bz2.dllJump to dropped file
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -600000s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599889s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599776s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599648s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599539s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599429s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599317s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599189s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -599062s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598950s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598838s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598726s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598614s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598486s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598358s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598220s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -598102s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597991s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597879s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597751s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597639s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597527s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597415s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597303s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597176s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -597048s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596934s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596822s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596712s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596601s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596489s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596361s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596249s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596137s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -596026s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595914s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595802s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595674s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595561s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595450s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595339s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595228s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595116s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -595004s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -594876s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -594764s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -594652s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exe TID: 5432Thread sleep time: -594533s >= -30000s
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 600000
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599889
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599776
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599648
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599539
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599429
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599317
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599189
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 599062
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598950
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598838
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598726
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598614
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598486
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598358
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598220
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 598102
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597991
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597879
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597751
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597639
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597527
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597415
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597303
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597176
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 597048
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596934
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596822
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596712
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596601
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596489
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596361
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596249
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596137
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 596026
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595914
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595802
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595674
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595561
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595450
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595339
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595228
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595116
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 595004
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594876
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594764
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594652
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\palera1n.exeThread delayed: delay time: 594533
        Source: C:\Users\user\Desktop\palera1n.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\palera1n.exeProcess queried: DebugPort
        Source: C:\Users\user\Desktop\palera1n.exeProcess queried: DebugPort
        Source: C:\Users\user\Desktop\palera1n.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\palera1n.exeMemory allocated: page read and write | page guard
        Source: C:\Users\user\Desktop\palera1n.exeQueries volume information: C:\Users\user\Desktop\palera1n.exe VolumeInformation
        Source: C:\Users\user\Desktop\palera1n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\user\Desktop\palera1n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\Desktop\palera1n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Users\user\Desktop\palera1n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
        Source: C:\Users\user\Desktop\palera1n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
        Source: C:\Users\user\Desktop\palera1n.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
        Valid AccountsWindows Management Instrumentation1
        Windows Service        		1
        Windows Service        		1
        Disable or Modify Tools        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
        Non-Application Layer Protocol        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
        Default AccountsScheduled Task/Job1
        DLL Side-Loading        		1
        DLL Side-Loading        		31
        Virtualization/Sandbox Evasion        		LSASS Memory1
        Process Discovery        		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
        Application Layer Protocol        		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
        Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        DLL Side-Loading        		Security Account Manager31
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
        Ingress Tool Transfer        		Data Encrypted for ImpactDNS ServerEmail Addresses
        Local AccountsCronLogin HookLogin HookBinary PaddingNTDS1
        Application Window Discovery        		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
        Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
        System Information Discovery        		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        palera1n.exe74%ReversingLabsWin32.Trojan.Malgent
        palera1n.exe71%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\palera1n\bz2.dll0%ReversingLabs
        C:\palera1n\bz2.dll0%VirustotalBrowse
        C:\palera1n\drivers\UsbDk\UsbDk.sys0%ReversingLabs
        C:\palera1n\drivers\UsbDk\UsbDk.sys0%VirustotalBrowse
        C:\palera1n\drivers\UsbDk\UsbDkController.exe0%ReversingLabs
        C:\palera1n\drivers\UsbDk\UsbDkController.exe0%VirustotalBrowse
        C:\palera1n\drivers\UsbDk\UsbDkHelper.dll0%ReversingLabs
        C:\palera1n\drivers\UsbDk\UsbDkHelper.dll0%VirustotalBrowse
        C:\palera1n\drivers\UsbDk\UsbDkHelper_x86.dll0%ReversingLabs
        C:\palera1n\drivers\UsbDk\UsbDkHelper_x86.dll0%VirustotalBrowse
        C:\palera1n\drivers\UsbDk\UsbDkInstHelper.exe0%ReversingLabs
        C:\palera1n\drivers\UsbDk\UsbDkInstHelper.exe0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\WdfCoInstaller01011.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\WdfCoInstaller01011.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\libusb0.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\libusb0.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\libusb0.sys0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\libusb0.sys0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\libusb0_x86.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\libusb0_x86.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\libusbK.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\libusbK.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\libusbK.sys0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\libusbK.sys0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\libusbK_x86.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\libusbK_x86.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\amd64\winusbcoinstaller2.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\amd64\winusbcoinstaller2.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\dpinst64.exe0%ReversingLabs
        C:\palera1n\drivers\libusbK\dpinst64.exe0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\dpscat.exe0%ReversingLabs
        C:\palera1n\drivers\libusbK\dpscat.exe0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\x86\WdfCoInstaller01011.dll0%ReversingLabs
        C:\palera1n\drivers\libusbK\x86\WdfCoInstaller01011.dll0%VirustotalBrowse
        C:\palera1n\drivers\libusbK\x86\libusb0.sys0%ReversingLabs
        C:\palera1n\drivers\libusbK\x86\libusb0.sys0%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.google.com
        		172.217.15.196
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRmgZjUGM7Ri6wGIjA1eQ5fJqYmH8irl2QMiFqAH93x0t2BZIVDarVtCat_GDeT2G5-ODW2mddULOE9qikyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
            		high
            http://www.google.com/false
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              172.217.15.196
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              General Information

              Joe Sandbox version:38.0.0 Ammolite
              Analysis ID:1365046
              Start date and time:2023-12-20 14:14:14 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:5
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:palera1n.exe
              Detection:MAL
              Classification:mal56.evad.winEXE@1/97@1/5
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Report size getting too big, too many NtSetInformationFile calls found.

              Created / dropped Files

              C:\palera1n\bz2.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):75264
              Entropy (8bit):6.250236382830698
              Encrypted:false
              SSDEEP:
              MD5:77639730ACBF58FBEC80EA595B3679DE
              SHA1:CC730A9883274667E399ABB5812B6E122CDB2DBF
              SHA-256:D1DE667597C11CA5760D3BAAA758AAF08CCF6FB2B1E5BAE2EACE7659337AF789
              SHA-512:06DA150303A62A0AB4103A105C123CDB7C3394F1455B15008056E97F305C9C162EEEE9DE7C6270546A5C364CB04368AB6CCF3DA5114E46EE1E79805E1BC774AE
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..0h..0h..0h..9...:h.....3h...F.3h.....<h.....8h.....4h..$...2h..0h...h.....7h.....1h.....1h..Rich0h..........PE..d.....3`.........." .........<...........................................................`......................................... ................`.......P..l............p..L...0...T...............................8............................................text............................... ..`.rdata...!......."..................@..@.data........0......................@....pdata..l....P......................@..@.rsrc........`......."..............@..@.reloc..L....p.......$..............@..B........................................................................................................................................................................................................................................................

              C:\palera1n\drivers\UsbDk\UsbDk.inf

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Windows setup INFormation
              Category:dropped
              Size (bytes):301
              Entropy (8bit):5.31558108712693
              Encrypted:false
              SSDEEP:
              MD5:701E82189769259B5062F48E187B2545
              SHA1:93250A3E4100B42B1DE8D31B71C1986A340CA9FF
              SHA-256:54A523C3203D77DEF6A190C7FFCFAB6C029B299D8C3AA5BDBAE78564ED2F9EE0
              SHA-512:7A3A459F1EE21A7FDED9EBAE2FDB020753EC3416134E058BF62AE227B6D9C29E22BEE36F0919AD3C590D0B1059EC5F3507CBFA6663CCD06314AF0B86A542C1ED
              Malicious:false
              Reputation:low
              Preview:; UsbDk filter/redirector driver INF file..;..; Copyright (c) 2013 Red Hat, Inc...;..; Authors:..; Dmitry Fleytman <dfleytma@redhat.com>..;....[Version]..Signature="$WINDOWS NT$"....[UsbDk.NT.Wdf]..KmdfService = UsbDk, UsbDk_Service_kmdfInst....[UsbDk_Service_kmdfInst]..KmdfLibraryVersion = 1.11..

              C:\palera1n\drivers\UsbDk\UsbDk.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (native) x86-64, for MS Windows
              Category:dropped
              Size (bytes):103128
              Entropy (8bit):6.574128228522336
              Encrypted:false
              SSDEEP:
              MD5:796E14BA5E0B677EF929E2A55019C287
              SHA1:622BF97115371A762645E34D2432EFD3E29F4F14
              SHA-256:C92B6C15BD550023312AE4CFE49A39757952A3C2EBDC7D1D143AC5E695F69A63
              SHA-512:02162AF2E6115F3939F354B0B6B4CC5B0E5EC0A4A3ECF53A84E7AB227E704131FE40C2EBFB7EB8091753147F709AD8FFF9F794DB0031AA1A660641587719F65C
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:...T...T...T.. ....T.B...T...U...T.. ....T.. ....T.. ....T.. ....T...Q...T.....T...V...T.Rich..T.................PE..d....eX^.........."..........H......H..........@....................................D.....`.....................................................<............`.......N...D.......... (..8...........................`(............... ...............................text............................... ..h.rdata..L.... ......................@..H.data........@......."..............@....pdata.......`.......$..............@..H.gfids.......p.......4..............@..HPAGE.................6.............. ..`INIT....D............<.............. ..b.rsrc................F..............@..B.reloc...............L..............@..B................................................................................................................................

              C:\palera1n\drivers\UsbDk\UsbDk.tmf

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:ASCII text, with very long lines (376), with CRLF line terminators
              Category:dropped
              Size (bytes):539956
              Entropy (8bit):5.692255669812747
              Encrypted:false
              SSDEEP:
              MD5:61941F7B9986BFEA48287BF12B2BC628
              SHA1:9B136EB47A80DF8D892E7EB0C182074E681E4477
              SHA-256:DD84F5DD432BAF179DD400641D37F046BC206E885DAF83F59783B48910F454EC
              SHA-512:3EDCC65B8E39FBABC503856364BE1020623DA0C9E98138E895A690ACC766A15F6A6C4B7AC47FEA04F6A35769BFB3716A12BC6D7FA64E0B336DE644B46C092043
              Malicious:false
              Reputation:low
              Preview:// PDB: UsbDk.pdb..// PDB: Last Updated :2020-2-28:0:58:45:773 (UTC) [tracepdb]..e16979cb-c32a-efbc-7a3f-279e71f6b590 UsbDk // SRC=WdfRequest.cpp MJ= MN=..#typev wdfrequest_cpp94 10 "%0%!FUNC! Failed for address %10!p!, %11!I64u! bytes. Error %12!s!" // LEVEL=TRACE_LEVEL_ERROR FLAGS=TRACE_WDFREQUEST FUNC=CWdfRequest::LockUserBufferForRead..{..Ptr, ItemPtr -- 10..Length, ItemULongLong -- 11..status, ItemNTSTATUS -- 12..}..#typev wdfrequest_cpp114 11 "%0%!FUNC! Failed for address %10!p!, %11!I64u! bytes. Error %12!s!" // LEVEL=TRACE_LEVEL_ERROR FLAGS=TRACE_WDFREQUEST FUNC=CWdfRequest::LockUserBufferForWrite..{..Ptr, ItemPtr -- 10..Length, ItemULongLong -- 11..status, ItemNTSTATUS -- 12..}..// PDB: UsbDk.pdb..// PDB: Last Updated :2020-2-28:0:58:45:773 (UTC) [tracepdb]..64c95281-4f46-32d3-c872-5a725a3deb03 UsbDk // SRC=WdfDevice.cpp MJ= MN=..#typev wdfdevice_cpp174 17 "%0%!FUNC! Deleting device %10!s!" // LEVEL=TRACE_LEVEL_INFORMATION FLAGS=TRACE_WDFDEVICE FUNC=CWdfDevice::~CWdf

              C:\palera1n\drivers\UsbDk\UsbDkController.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):333000
              Entropy (8bit):6.26646745060343
              Encrypted:false
              SSDEEP:
              MD5:54DFC9F35801BE584765C3C7C6BB83D7
              SHA1:E312506480FDF3C654A878B87732AD9C5F067656
              SHA-256:BF654A02F79EA06D4B581BDC6362CEA46EF42A0D459FD72E15C48D476B539188
              SHA-512:0F3706E8917B8F5719BB0589FDA7CD0F96C9FF766D0A45D40B1D3B37CF5EBEF258DE07257E1EE3697D5FBA195A49363159C50245F0A90BD8DFE0A6C1C014DE73
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:...~..~..~...w..w...w......w..g.....v.....E.....Z...w..x.....}..~........|.........~.q..........Rich~..........................PE..d....eX^.........."............................@.............................P.......O....`.....................................................d....0...........'....... ...@..d...0E..p...................8F..(....E............... ..H............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata...'.......(..................@..@.gfids..T...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..d....@......................@..B........................................................................................................................................

              C:\palera1n\drivers\UsbDk\UsbDkHelper.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):336072
              Entropy (8bit):6.19465323309894
              Encrypted:false
              SSDEEP:
              MD5:50F68E9051061CB821BCDBBD11390870
              SHA1:41A1F652B31557727E9ACE85826D1440C437883A
              SHA-256:66BBFE6F99B417F97C7A9E97816E24AF7DDE0E01B8E535C41E91E1C6C19CFEDA
              SHA-512:453FCC2BF3B92A6C90D3B3B0EBB8AEB8EA6CC7825EDC093692CCA91387A52EE76862E746154A5F4912A549C5A2FDC0587A6B0697EBD30FA0657871848C34900A
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..kD..kD..kD.h....kD.h...UkD.h....kD.6G..kD.6A..kD.6@..kD.h....kD..kE._kD.6M..kD.6D..kD.6...kD..k...kD.6F..kD.Rich.kD.................PE..d....eX^.........." ........."...............................................`.......V....`.........................................P..........d....@..`.......@,....... ...P......p3..p...................x4..(....3...............................................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..@,..........................@..@.gfids....... ......................@..@.tls.........0......................@....rsrc...`....@......................@..@.reloc.......P......................@..B................................................................................................................................................

              C:\palera1n\drivers\UsbDk\UsbDkHelper_x86.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):274632
              Entropy (8bit):6.604255687616954
              Encrypted:false
              SSDEEP:
              MD5:126EB1C36490D6D244A11FD9AE857126
              SHA1:D873118715ED5CE9734747A8D3606AD29D7BCEEE
              SHA-256:3E7DC92CF0E5A0993A0EFA0CAB75C9D95D89BDC6D4E9B459D34BDF8D73891E41
              SHA-512:B8E0059D39C8A2E9689F1727513928F1A5F316F8954F883CB3E61F3BC657583148F506492E1BC3378DC35BE069D2B33B5CCB90F022B58D4C99BF3169D1B0ADAF
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~.............j{.....j{.W...j{.............................j{...................................................Rich............PE..L....eX^...........!.........x......9........................................`......>.....@.........................@...........d.... ..`................ ...0...+......p...........................P...@............................................text............................... ..`.rdata..F........ ..................@..@.data...............................@....gfids..4...........................@..@.tls................................@....rsrc...`.... ......................@..@.reloc...+...0...,..................@..B................................................................................................................................................................................................................

              C:\palera1n\drivers\UsbDk\UsbDkInstHelper.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):98504
              Entropy (8bit):6.029320299133345
              Encrypted:false
              SSDEEP:
              MD5:984CDFF8FFD93B129FB353F364B71523
              SHA1:FFA3047971DDDABCA4C79AA5FEC9FEA48DAC78F8
              SHA-256:B1A2C002850BFB6D886A3CF1DA17404B795A733DCA884C686F9F85920CCC0F21
              SHA-512:B6606DC26D0D3E9B474C0DD811AB95FE15A7ED2A55A646F622ED3CB6D1BAC3A3A3EAC190A5F1B8B3E20D61686249B3153E21F40632D8D96E24359D6F097DAFC3
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.4.8gZ.8gZ.8gZ.....<gZ.....@gZ.....5gZ.[:Y.?gZ.[:_.%gZ.[:^.*gZ.....0gZ.V:[.;gZ.8g[.cgZ.V:S.:gZ.V:..9gZ.8g..9gZ.V:X.9gZ.Rich8gZ.........................PE..d....eX^.........."............................@.....................................n....`..................................................F..x............p.......`... .......... 7..p............................7..................p............................text...`........................... ..`.rdata..B...........................@..@.data........P.......8..............@....pdata.......p.......B..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc...............X..............@..B................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\Apple_Mobile_Device_(DFU_Mode).inf

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):8358
              Entropy (8bit):3.815771794839182
              Encrypted:false
              SSDEEP:
              MD5:DE4335A514256C37F3F475E13DB4454E
              SHA1:782F9C8C96FCC8E193F244D1DD9C310A7AB27A4B
              SHA-256:B9198F51617CAAA8795DF72336CFE0482EC4D116D43B40E7FE41C7D52E35809B
              SHA-512:DF842BA88F2C8863221DA4BFEDFD0D04917FDAE22CF8104994FB6E883F6B7E9E5EB21C40F3E7608412BECB9ACB2FADAA4D58F7AFA15F3C19787B0CF030B37AC3
              Malicious:false
              Reputation:low
              Preview:....;. .C.o.p.y.r.i.g.h.t. .(.c.). .2.0.1.1.-.2.0.1.2. .l.i.b.u.s.b.K. .(.G.N.U. .L.G.P.L.).....;.....;. .M.o.d.u.l.e. .N.a.m.e.:. .A.p.p.l.e._.M.o.b.i.l.e._.D.e.v.i.c.e._.(.D.F.U._.M.o.d.e.)...i.n.f.....;. .D.e.s.c.r.i.p.t.i.o.n.:. .I.n.s.t.a.l.l.a.t.i.o.n. .i.n.f. .f.o.r. .A.p.p.l.e. .M.o.b.i.l.e. .D.e.v.i.c.e. .(.D.F.U. .M.o.d.e.). .d.e.v.i.c.e.......;.....;. .T.H.I.S. .C.O.D.E. .A.N.D. .I.N.F.O.R.M.A.T.I.O.N. .I.S. .P.R.O.V.I.D.E.D. .".A.S. .I.S.". .W.I.T.H.O.U.T. .W.A.R.R.A.N.T.Y. .O.F. .A.N.Y.....;. .K.I.N.D.,. .E.I.T.H.E.R. .E.X.P.R.E.S.S.E.D. .O.R. .I.M.P.L.I.E.D.,. .I.N.C.L.U.D.I.N.G. .B.U.T. .N.O.T. .L.I.M.I.T.E.D. .T.O. .T.H.E.....;. .I.M.P.L.I.E.D. .W.A.R.R.A.N.T.I.E.S. .O.F. .M.E.R.C.H.A.N.T.A.B.I.L.I.T.Y. .A.N.D./.O.R. .F.I.T.N.E.S.S. .F.O.R. .A. .P.A.R.T.I.C.U.L.A.R.....;. .P.U.R.P.O.S.E...........[.S.t.r.i.n.g.s.].....D.e.v.i.c.e.N.a.m.e. .=. .".A.p.p.l.e._.M.o.b.i.l.e._.D.e.v.i.c.e._.(.D.F.U._.M.o.d.e.).".....V.e.n.d.o.r.N.a.m.e. .=. .".A.p.p.l.e.,. .I.n.c...".....S.o.

              C:\palera1n\drivers\libusbK\amd64\WdfCoInstaller01011.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):1795952
              Entropy (8bit):7.979314855219004
              Encrypted:false
              SSDEEP:
              MD5:D10864C1730172780C2D4BE633B9220A
              SHA1:B85D02BA0E8DE4AEDED1A2F5679505CD403BD201
              SHA-256:F6FB39A8578F19616570D5A3DC7212C84A9DA232B30A03376BBF08F4264FEDF2
              SHA-512:C161BFA9118E04EB60A885BF99758843C4B1349AC58D2E501DABBD7EFC0480EC902AC9A2BE16F850B218E97B022A90FCC44925D7B6E5113766621F7ADE38B040
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.$.u.J.u.J.u.J...t.J.u.K...J...`.J...~.J...t.J...|.J...t.J...t.J.Richu.J.........PE..d...U..P.........." .........j......................................................e.....@.........................................p........P.......`...O...@.......L..p.......0...0...............................0{..p............S..H............................text...a........................... ..`.data....H..........................@....pdata.......@......................@..@.idata.......P......................@..@.rsrc....O...`...P..................@..@.reloc..l............J..............@..B................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\libusb0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):76384
              Entropy (8bit):6.394483747128757
              Encrypted:false
              SSDEEP:
              MD5:1D8215F7F8CD02A553499B534CCFB4D5
              SHA1:BAB236F840F1521C43BCBAA2A7B92F14F329BC70
              SHA-256:4F18B5D2C28AA66B648C8683C6D09B52B92CBBEE85984BBEFAD5F38A64BC2A14
              SHA-512:79EF4B25F16B2F2F37605298470BA9C4600E724E4B52D589ADD7D48816F656B93C082B5C65669E50E0546865063A068D26390E6EC7FBAB66C3726E49A3779D69
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u...&...&...&.0.&...&.k.&...&.k.&...&.k.&...&...&L..&.k.&...&.0.&...&.k.&...&.k.&...&.k.&...&.k.&...&.k.&...&Rich...&........................PE..d...M..O.........." ......... ......4.........@..............................P............@.................................................X........0....... ..........` ...@.......................................................................................text...H........................... ..`.data...............................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\libusb0.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (native) x86-64, for MS Windows
              Category:dropped
              Size (bytes):52832
              Entropy (8bit):6.452652119779142
              Encrypted:false
              SSDEEP:
              MD5:16E18CED459B1824234890386EE66CD5
              SHA1:81D2B572EC0D24ABA11ED6BFA9174FFAD54140B7
              SHA-256:8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989
              SHA-512:B0E67D040D39F043305B0C172906BBEA8341F1326108F5C5A0379CD6B287D62CBD86270385713D0F6A14C5106A5A6C23F6247A303E6124CB3E33982978505C98
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i...i...i...h...i..?....i..?....i..d....i..d....i..?....i..d....i..d....i..d....i.Rich..i.........................PE..d...O..O..........".................................................................h.......................................................d...<.......................` ......8....................................................................................text............................... ..h.rdata..T...........................@..H.data...............................@....pdata..............................@..HINIT................................ ....rsrc...............................@..B.reloc..............................@..B................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\libusb0_x86.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):46592
              Entropy (8bit):6.315225703349715
              Encrypted:false
              SSDEEP:
              MD5:1A534450750ECA1F3D951DEF8D9965BF
              SHA1:7DD82B6D52A840C4979A7515FC7A9CA3725363C4
              SHA-256:5E84D13636FBCE7869CDDC8B20C7D83FA0063E98C319E8E5AB751EDC9EE1DA76
              SHA-512:3ACDFFF24A4D9EBB4E9647AFCCF95F33B4580980FB35A91EFF65A01CE470B0BBC1A3A27C476653911F1FA431757CA64C945DA89DA54BFFA599744F29123EF715
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d...}...}...}.......}.......}.......}..&n...}...|.K.}.......}.......}.......}.......}.Rich..}.........PE..L...K..O.....................2......`................................................+....@...... .................................................................p................................)..@...............L............................text...j........................... ..`.data...(...........................@....rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\libusbK.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):100352
              Entropy (8bit):6.3366995727724
              Encrypted:false
              SSDEEP:
              MD5:1604DDCDAED9E447F6729AD1689E5630
              SHA1:A9FF1AF89DC327FA7DA5CF949610FE5FB4893320
              SHA-256:0690CD87D0069EDAC3A867E0B51F379AFA77159EDA3B45CD02740FC6AFB546D8
              SHA-512:E12D695E672D05E706E6D8A12AA75B4ABA0325EA01A47679553317C27E8DABAA643EF866ECF165C504D5855310AFC479C1C4F587BA126AB1337B74D27FD1A279
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}....T...T...T.khT...T...T...T...T...T...T...T...T;..T...T...T.k~T...T...T...T...T...T.0mT...T...T...T...T...TRich...T................PE..d......`.........." .....l... ...........................................................@..........................................m.......b..x.......p.......................L....................................................................................text....k.......l.................. ..`.data... ............p..............@....pdata...............v..............@..@.rsrc...p...........................@..@.reloc..d...........................@..B................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\libusbK.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (native) x86-64, for MS Windows
              Category:dropped
              Size (bytes):47928
              Entropy (8bit):6.327033250709146
              Encrypted:false
              SSDEEP:
              MD5:A814FF2972F55909AAFFD943EBB0E866
              SHA1:B966AD29D209C64B3F0D879703086DF1F6121E6B
              SHA-256:1DF66FF22E2EAEC27180756D90926CA5B07E8BCF6B0E4E3C56471E63A3A05FA6
              SHA-512:37F2FE6AE0160D67709B125FF3EDCC894EFFFFD377E0086072AA96E53A5191FD67988F2A5465D24C87B41E9ED20F8AE30DA18C216A568C7BCAC6328CA2EC01B8
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.....F...F...F.|3F...F.|(F...F...F...F..F...F..F...F.|8F...F.|.F...F..F...F.|2F...F.|/F...F.|*F...FRich...F........................PE..d..../]S.........."......x...*......d}...............................................I..........................................................P.......................8#...........................................................................................text....s.......t.................. ..h.rdata...............x..............@..H.data...............................@....pdata..............................@..HINIT................................ ....rsrc...............................@..B.reloc..l...........................@..B................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\libusbK_x86.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):83968
              Entropy (8bit):6.633195001648391
              Encrypted:false
              SSDEEP:
              MD5:BD03C4792F08F0C889441F49DF9DEB98
              SHA1:157C8395159678A02FE55C1F60683B7D0F8E2A38
              SHA-256:E908FB5501D74F810948CACBE476658479F19F4D2AFF14F9044F18981BE9C6FC
              SHA-512:D8683012112FF9486EEF436080F31469EF37BE97BA12785D5B23C8F3190800645357436777B8B14DA5AF5C2342EC0AEA6B47BA108D85F0FE3F2719E69D2FE90B
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.BMV..MV..MV...Y..EV..D.D.KV..D.U.@V..MV...V..D.B.NV..D.C.LV..D.R..V..j...LV..D.E.LV..D.@.LV..RichMV..........................PE..L.....`...........!.....*...................@.......................................I....@.........................p+.......!..x....P..p....................`..........................................@............................................text...A).......*.................. ..`.data........@......................@....rsrc...p....P.......2..............@..@.reloc.......`.......6..............@..B................................................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\amd64\winusbcoinstaller2.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):1002728
              Entropy (8bit):7.9188668904013815
              Encrypted:false
              SSDEEP:
              MD5:246900CE6474718730ECD4F873234CF5
              SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
              SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
              SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\dpinst64.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):1050104
              Entropy (8bit):5.617498652730841
              Encrypted:false
              SSDEEP:
              MD5:BE3C79033FA8302002D9D3A6752F2263
              SHA1:A01147731F2E500282ECA5ECE149BCC5423B59D6
              SHA-256:181BF85D3B5900FF8ABED34BC415AFC37FC322D9D7702E14D144F96A908F5CAB
              SHA-512:77097F220CC6D22112B314D3E42B6EEDB9CCD72BEB655B34656326C2C63FB9209977DDAC20E9C53C4EC7CCC8EA6910F400F050F4B0CB98C9F42F89617965AAEA
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J..........".......................................................................@.......... ......................................H...@.......pY...0..\m.......%...........................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc....`.......Z...v..............@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\dpscat.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):29184
              Entropy (8bit):5.7545230707761235
              Encrypted:false
              SSDEEP:
              MD5:8FA727859B06D57A3173E4F8E5E7EC7D
              SHA1:BE24EAE1B6D148FA462696D53994F337DB912C5C
              SHA-256:41CD5D96B0F27FFB85913AC2DD01CEE5AF973C6C906DB49A413F7D77A3D727B7
              SHA-512:9E7A6C15C45F530B6C13D2B755E2A90DAB0C36ABE16CE19D861CF34BC0073250CEEB2E4C593768923C3AFBB76FC76BE4AEFA04EB81C303163D0A504B7C56A5E0
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gM.e#,.6#,.6#,.6*T"6%,.6*T36-,.6*T$6!,.6.#.6.,.6#,.6.,.6*T46k,.6...6",.6*T#6",.6*T&6",.6Rich#,.6........................PE..L.....`.................Z...........T.......p.......................................9....@...... ..........................4_.................................. ....................................*..@............................................text...|X.......Z.................. ..`.data....{...p.......^..............@....rsrc................b..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\x86\WdfCoInstaller01011.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):1629040
              Entropy (8bit):7.981766456447739
              Encrypted:false
              SSDEEP:
              MD5:3D2A2D921135801835073451F002480F
              SHA1:DEE0DDC820CD0DA546DFF8BCF2BC490326DA90A2
              SHA-256:C7649879A10C9332FC0F9744C7E3224647AEE9E7E62C7E21CF9E987462E3DD06
              SHA-512:ADDBE5095430CEE8F2A4C25440A9E924520A8EAACC09DCF42B0B2FE7B4930D1F5333BCE585C58E7D14FF82C7F9A0DD204B74FEF508B96063C181F78382B98AAC
              Malicious:false
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.U.J.U.J.U.J...T.J...^.J.U.K. .J...@.J...T.J...\.J...T.J...T.J.RichU.J.........................PE..L......P...........!.........................................................@......k{....@..................................0.......@..p...............p....0..(... ...............................hx..@...........@2...............................text............................... ..`.data....D..........................@....idata..X....0......................@..@.rsrc...p....@......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\x86\libusb0.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (native) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):42592
              Entropy (8bit):6.819503131443051
              Encrypted:false
              SSDEEP:
              MD5:C8C9800179AF00C90629514E30873D80
              SHA1:9438573AEE178C68F49BFA5AD71132D06C4DFA9B
              SHA-256:AA7D75A4D01B405AAB7C848674BBED392B64C6E374E20FD72ADC3C96294E2F00
              SHA-512:1DB533B4ED8E4AE2FF55EF8B93B9186E30F8711E91BF07051C70423BAC76D8EF29EBE578483029F83DCB619F94FD8ABF453AAB78328A876FC88188671BE522C2
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              • Antivirus: Virustotal, Detection: 0%, Browse
              Reputation:low
              Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................1..{uq.(uq.(uq.(uq.(Mq.(,R.(pq.(R..(oq.(R..(tq.(R..(tq.(Richuq.(........................PE..L...J..O.................r...........v.......p..............................................................................Dv..<....|..................` ..........pq...............................................p...............................text....k.......l.................. ..h.rdata..\....p.......p..............@..H.data........u.......u..............@...INIT.........v.......v..........

              C:\palera1n\drivers\libusbK\x86\libusb0_x86.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):67680
              Entropy (8bit):6.677175192282836
              Encrypted:false
              SSDEEP:
              MD5:535779909A40B42F4F3E48598F5778A5
              SHA1:3A238468009A6DEA3E4F70821339185E56EA3B69
              SHA-256:00CACA07869B19D10B370552AC7CC2F6F2EE246FC15DB11650F6CD3F4EF9B666
              SHA-512:723B42C3DF960F031343B9BB74A55AB874CD1F740A187A58BFECDAD78876DD227392F18F6FAEA33E743593511A12635EF6419BB68D4361C6631584EBC8838E80
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l2&.(SH.(SH.(SH.qp[."SH...5./SH.(SI..SH...3.+SH...&.'SH...2.)SH...%.mSH...6.)SH...4.)SH...0.)SH.Rich(SH.................PE..L...H..O...........!........."......?.............@.......................................@.............................................................` ...........................................6..@...............l............................text............................... ..`.data...$...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\libusbK\x86\libusbK.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (native) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):42552
              Entropy (8bit):6.432331868701098
              Encrypted:false
              SSDEEP:
              MD5:1F17DFE26285CF9971E55DDFF915877B
              SHA1:4CA41A2DC9CB5679C917035B64616333F09E1BE4
              SHA-256:6265AE9AE5C49F515613F0B749AD8390A1B34CA326203318BFFEB6C2C281D2D0
              SHA-512:E1E6C186307917A6D2FA641BCE96E71D15A79B80CE48A74B241BB020E6B1CDCD94C9E65A32283EE86DCE3FD3BBF9161A50E6B8445859A368BE848E71686A6377
              Malicious:true
              Reputation:low
              Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................................D.......S.............\.........C.......T.......Q.....Rich....................PE..L..../]S.................^... .......[......._.......................................d...................................... s..P....u..................8#...y......`_..............................................._..X............................text....Z.......Z.................. ..h.rdata..x...._......._..............@..H.data... ....h.......h..............@...INIT....>....r.......r..

              C:\palera1n\drivers\libusbK\x86\winusbcoinstaller2.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):851176
              Entropy (8bit):7.909169105397521
              Encrypted:false
              SSDEEP:
              MD5:8E7B9F81E8823FEE2D82F7DE3A44300B
              SHA1:1633B3715014C90D1C552CD757EF5DE33C161DEE
              SHA-256:EBE3B7708DD974EE87EFED3113028D266AF87CA8DBAE77C47C6F7612824D3D6C
              SHA-512:9AE37B2747589A0EB312473D895EF87404F4A395A27E15855826A75B4711EA934CA9A2B289DF0ABE0A8825DEC2D5654A0B1603CF0B039FE25662359B730CE1A9
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g$'..Jt..Jt..Jt.~.t..Jt..Ktw.Jt.~.t..Jt.~.t..Jt.~.t..Jt.~.t..Jt.~.t..Jt.~.t..JtRich..Jt........PE..L...[.[J...........!.................n....................................... ......at....@.....................................P....@..............................................................PR..@............................................text...x........................... ..`.data..../..........................@....rsrc........@......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\usb\x64\AppleKmdfFilter.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (native) x86-64, for MS Windows
              Category:dropped
              Size (bytes):20640
              Entropy (8bit):6.150107359312468
              Encrypted:false
              SSDEEP:
              MD5:4E59668442D1A2479E17F2FB5F819A7B
              SHA1:5BD35257816A99142D186835C8615CA9A7193B66
              SHA-256:0A0F185C9A713B8B3A5E0DA62E489A4D4F6204A13074AD4B56207972A1A783C7
              SHA-512:7065A5ED6B4390D24146F073677C2BB2007C940FBE9608EE0755FCB53D6A6077AC7EBD58266BF957CC2881F30B8BCF36AC8090DB830D50125DD346A8A0EAB261
              Malicious:true
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...Hd..Hd..Hd.q...Hd.q...Hd..He..Hd..(e..Hd..(b..Hd..(g..Hd..(`..Hd.W.`..Hd.W....Hd.W.f..Hd.Rich.Hd.................PE..d....$.Z.........."............................@....................................(.....`..................................................p..<............@.......(...(......,.... ..8............................ ............... ..8............................text............................... ..h.rdata..H.... ......................@..H.data........0......................@....pdata.......@......................@..H.gfids.......P......................@..HPAGE.........`...................... ..`INIT.........p...................... ..b.rsrc................ ..............@..B.reloc..,............&..............@..B................................................................................................................................

              C:\palera1n\drivers\usb\x64\AppleLowerFilter.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (native) x86-64, for MS Windows
              Category:dropped
              Size (bytes):35560
              Entropy (8bit):6.314938695852761
              Encrypted:false
              SSDEEP:
              MD5:0122ECE34AEEC95212A211C016270937
              SHA1:C7B54046A9CD897E5012F5FC353E77992528B8C8
              SHA-256:09272421CEC30D9F732F734161D9FB3968E5A83BAC1F02F0B9D9B927C878D08A
              SHA-512:9CDE4F126F2E1D170CA0CAFF79176C0A3E1C44F34EF358D8B7FF08B943F311EE28DA97EE44FD66623DBBA2AE1CA3DF2BAEB46F52CC4AFBF41802A975A8A4DEC7
              Malicious:true
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........XS..9=}.9=}.9=}...}.9=}...}.9=}.9<}.9=}.Y<|.9=}.Y;|.9=}.Y>|.9=}.Y8|.9=}.Y9|.9=};g9|.9=};g.}.9=};g?|.9=}Rich.9=}........................PE..d....$.Z.........."......@... .......8.........@....................................$.....`.....................................................<............p.......b...(......,... X..8...........................`X...............P...............................text...H6.......8.................. ..h.rdata..0....P.......<..............@..H.data........`.......L..............@....pdata.......p.......N..............@..H.gfids...............R..............@..HPAGE.................T.............. ..`INIT....v............V.............. ..b.rsrc................\..............@..B.reloc..,............`..............@..B................................................................................................................

              C:\palera1n\drivers\usb\x64\AppleUSB.cat

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:data
              Category:dropped
              Size (bytes):22035
              Entropy (8bit):6.063639553626111
              Encrypted:false
              SSDEEP:
              MD5:38A4542E3C0CBEA325526613F02EEE0E
              SHA1:6427AF921A3619588645C127EF3AE5E8366B9235
              SHA-256:D9E9997460DCDF63153D2EAB1186B7F0934EE0FA4F04665735257C6921300CD5
              SHA-512:3756B653A0E74AD0CF658489468983F1B8A9B5A2911C86B74748C3C8977F642402076F27B3591A155C7CE033488CF5A9E02EB1DB52FBAAE045DFE2C00B295FAC
              Malicious:false
              Reputation:low
              Preview:0.V...*.H........V.0.U....1.0...`.H.e......0.4...+.....7....4.0.4.0...+.....7......U.W.\.K.. .4..Z..180510180342Z0...+.....7.....0...0.............P(o.nO.2P.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0L..+.....7...1>0<...F.i.l.e.......*a.p.p.l.e.l.o.w.e.r.f.i.l.t.e.r...s.y.s...0.... ....#...!3.>....A.]W....*..|St.L1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0L..+.....7...1>0<...F.i.l.e.......*a.p.p.l.e.l.o.w.e.r.f.i.l.t.e.r...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ....#...!3.>....A.]W....*..|St.L0.... '...YkY".h..........h.l.k.0.8_.w1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0H..+.....7...1:08...F.i.l.e.......&a.p.p.l.e.u.s.b.f.i.l.t.e.r...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... '...YkY".h..........h.l.k.0.8_.w0.... M.uP..@z.viDw...WH{."...q. N.!.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+...

              C:\palera1n\drivers\usb\x64\AppleUsbFilter.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):121088
              Entropy (8bit):6.325596295782091
              Encrypted:false
              SSDEEP:
              MD5:618E971F13B62319C4054114145093FB
              SHA1:13DAE793AB015D2F487CDF586D5D1A1CC1A46352
              SHA-256:4B1E7E3E66A0198789057426A31358327EE77B2EBCD402933720F6A3A985C362
              SHA-512:E3AB37868BAC62738593823097666F564688844BF84D9F7E60C48D7CA3668471AE2BEF6E4E53014BB10C7B24A15570C7FD7CA3CC6963BC513EC63D352F0EE131
              Malicious:false
              Reputation:low
              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........5...ThK.ThK.ThK.4kJ.ThK.4mJ.ThK..kJ.ThK..mJ.ThK..lJ.ThK.,.K.ThK.4iJ.ThK.TiK.ThK\.K.ThK\.K.ThK\.K.ThK.4lJ.ThKz.lJ.ThKz.hJ.ThKz..K.ThKz.jJ.ThKRich.ThK........................PE..d....$.Z.........." ................`0...............................................1....`.........................................0e..X....e..T........................U...........T..8............................T...............................................text............................... ..`.rdata..............................@..@.data................\..............@....pdata...............f..............@..@.gfids...............t..............@..@.rsrc................v..............@..@.reloc...............|..............@..B........................................................................................................................................................

              C:\palera1n\drivers\usb\x64\USBAAPL64.CAT

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:data
              Category:dropped
              Size (bytes):14353
              Entropy (8bit):6.377791177427111
              Encrypted:false
              SSDEEP:
              MD5:26EEE7AF8AA1EF8C1BD7C9327C602844
              SHA1:990A56215AAC7000EAC9371F489A0FC57D560078
              SHA-256:946B0A8150213D6A4DD3AEF6248EBB923F8167C84C7FF1B10137E5030EC8BF30
              SHA-512:1CCE53EDB09F449720005EE9CA013FABB0BE498991ADF38CE738330A02B336790CB835E235E097C57A7CF983B4BF18664BC113B074CD94F9118901565D83E24D
              Malicious:false
              Reputation:low
              Preview:0.8...*.H........7.0.7....1.0...+......0..4..+.....7.....%0..!0...+.....7.....)5q.\.DM...lB.~...170522035820Z0...+.....7.....0.._0....R1.D.D.8.8.8.5.4.0.4.B.5.6.7.7.E.9.0.C.C.A.E.4.9.0.7.7.1.8.E.4.0.8.0.E.6.7.9.B.8...1..q0>..+.....7...100....F.i.l.e........u.s.b.a.a.p.l.r.c...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+..........T..g~..I.q.@..y.0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0|..+.....7...1n0l...O.S.A.t.t.r.......V2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.1.0...0...0....R3.0.0.4.1.B.4.5.7.B.F.E.E.0.6.E.0.E.9.B.F.6.0.4.5.B.3.2.9.5.F.D.D.1.5.4.D.A.5.2...1..q0>..+.....7...100....F.i.l.e........u.s.b.a.a.p.l.6.4...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........0..E{..n....[2...T.R0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0|..+.....7...1n0l...O.S.A.t.t.r.......V2.:.5...1.,.2.:.5...2.,.2.:.6...0.,

              C:\palera1n\drivers\usb\x64\appleusb.inf

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Windows setup INFormation
              Category:dropped
              Size (bytes):16279
              Entropy (8bit):5.545826240835947
              Encrypted:false
              SSDEEP:
              MD5:ECED44B72D28B7BC4839336262B10413
              SHA1:8B5231FFF8BD446D902D92B34855A5D6D437170B
              SHA-256:4DC2755086AF407AF5766944770B0C1457487BEE22F0ACFFC871EA204E8921D7
              SHA-512:42ECD0ABEA527AD32E3CAE2CE21EA55B13B507FB215E6713A3676F245F2D4F6CE586FFD4D5B3323B77767002E04A841989DD4191E32D09A2E5047DABD1B65161
              Malicious:false
              Reputation:low
              Preview:; Installation inf for the Apple Mobile Device driver..;..; AppleUSB.inf..;..; (c) Copyright 2017 Apple, Inc...;..;....; Note: the build process will overwrite the DriverVer field with..; the date of the build and the "Properties > Stampinf > Driver Version Number"..; so be sure to edit the properties for every release...[Version]..Signature="$WINDOWS NT$"..Class=USBDevice..ClassGUID={88BAE032-5A81-49f0-BC3D-A4FF138216D6}..Provider=%AAPL%..DriverVer = 05/07/2018,423.36..CatalogFile=AppleUSB.cat....; ========== Manufacturer/Models sections ===========....[ControlFlags]..ExcludeFromSelect=*....[Manufacturer]..%AAPL%=Apple, NTamd64....[Apple.NTamd64]....;---- AppleUSB (USBCCGP) ---------------------------------------------------;....;..;..; iOS devices (Mobile Device)..;..%iPhone.AppleUSB.DeviceDesc%=AppleUSB_CCGPDriverInstall, USB\VID_05ac&PID_1290..%iPhone.AppleUSB.DeviceDesc%=AppleUSB_CCGPDriverInstall, USB\VID_05ac&PID_1291..%iPhone.AppleUSB.DeviceDesc%=AppleUSB_CCGPDriverInstall, USB

              C:\palera1n\drivers\usb\x64\usbaapl64.inf

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Windows setup INFormation
              Category:dropped
              Size (bytes):5729
              Entropy (8bit):5.410009261172301
              Encrypted:false
              SSDEEP:
              MD5:2DA3A91B71919D035D8FD17B6B90BBC2
              SHA1:C2C6A29F3ABC80FD992777A92DF30699124D37C5
              SHA-256:EDEA577E694EFCEEC5B26D745FFF8125E9FC8A78CACD7365E77EF35031EBC49B
              SHA-512:71B98C884C338902110C83F6C858B906BD8D63E09E5F92D3E019F586D82961FDC71A459E6456A3E9A56B9B109838B4556AEE91E0BEFB68C2AE505C93A41FE56B
              Malicious:false
              Reputation:low
              Preview:; Installation inf for the Apple USB driver ..; ..; usbmux64.inf..;..; (c) Copyright 2010 Apple, Inc...;..; ..; ....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36fc9e60-c465-11cf-8056-444553540000} ..Provider=%AAPL%..DriverVer=05/19/2017,6.0.9999.69..CatalogFile=USBAAPL64.CAT.. ..[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%MfgName%=Apple, NTamd64......[Apple.NTamd64]..;..; iPod..;..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1261..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1262..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1263..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1265..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1266..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1267..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1302..%iPod.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1303..;..;..; iOS devices..;..%iPhone.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1290..%iPhone.DeviceDesc%=USBAAPL64.Dev, USB\VID_05ac&PID_1291

              C:\palera1n\drivers\usb\x64\usbaapl64.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (native) x86-64, for MS Windows
              Category:dropped
              Size (bytes):54784
              Entropy (8bit):5.898882770244707
              Encrypted:false
              SSDEEP:
              MD5:F957092C63CD71D85903CA0D8370F473
              SHA1:9D76D3DF84CA8B3B384577CB87B7ABA0EE33F08D
              SHA-256:4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF
              SHA-512:A43CA7F24281F67C63C54037FA9C02220CD0FA34A10B1658BAE7E544236B939F26A1972513F392A5555DD97077BBA91BBE920D41B19737F9960EF427599622BC
              Malicious:true
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3o?.R.l.R.l.R.l.*.l.R.l.R.l.R.l.*.l.R.l.*.l.R.l.*.l.R.l.*.l.R.l.*.l.R.l.*.l.R.lRich.R.l........PE..d....%yU..........".................d........................................ ......Y...........................................................P................................... ................................................................................text.............................. ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HINIT................................ ....rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................

              C:\palera1n\drivers\usb\x86\USBAAPL.CAT

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:data
              Category:dropped
              Size (bytes):14345
              Entropy (8bit):6.375781459356996
              Encrypted:false
              SSDEEP:
              MD5:97F4158A43852869DE6BA9F1C754BBC8
              SHA1:0565F0874D623268529B86967B93A7AE8D57DAB5
              SHA-256:1DAA9A80EAF692E1C1490AFAFCC435E37CAFA94E9A9DFE453A82B1B472F3B1BA
              SHA-512:BA75A483AC75DEAB29C4174F1991DBCF4A76857DAC23C99065E07585A5958E49F1ADE0133FABDB3C8A28BA35E8DF06FB529F81C756AE549B35543AD39817A44E
              Malicious:false
              Reputation:low
              Preview:0.8...*.H........7.0.7....1.0...+......0..,..+.....7......0...0...+.....7.....p..L..eO...>.O ..170522035818Z0...+.....7.....0..]0....R1.D.D.8.8.8.5.4.0.4.B.5.6.7.7.E.9.0.C.C.A.E.4.9.0.7.7.1.8.E.4.0.8.0.E.6.7.9.B.8...1..s0>..+.....7...100....F.i.l.e........u.s.b.a.a.p.l.r.c...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+..........T..g~..I.q.@..y.0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0~..+.....7...1p0n...O.S.A.t.t.r.......X2.:.5...0.0.,.2.:.5...1.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.1.0...0...0....R7.7.7.1.A.0.1.7.6.A.5.4.3.7.2.5.D.7.B.B.F.7.0.A.5.4.6.C.0.9.6.A.4.E.E.2.D.D.4.0...1..g0:..+.....7...1,0*...F.i.l.e........u.s.b.a.a.p.l...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........wq..jT7%...Tl.jN..@0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0~..+.....7...1p0n...O.S.A.t.t.r.......X2.:.5...0.0.,.2.:.5...1.,.2.:.6...0.,.2.:.6..

              C:\palera1n\drivers\usb\x86\usbaapl.PNF

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Windows Precompiled iNF, version 3.1 (Windows Vista-8.1), flags 0x1000083, unicoded, has strings, at 0x2478 "Signature", at 0x60 WinDirPath
              Category:dropped
              Size (bytes):14188
              Entropy (8bit):3.8701794763395108
              Encrypted:false
              SSDEEP:
              MD5:E70B88763CBD6EA996B231F2D1F22B77
              SHA1:FA42E09D3BED60F7AD90F46EF142699FF6A376CA
              SHA-256:0CDAD698563E00F2F7FCB88D8260428630F2CAC3BD8F4A60B6862C1DB0694961
              SHA-512:6C9C46FDA2D6DC9076333981C5BAADA87A711D09394A4FAA02D3C8D7DC40E08464C37E5439F604846F758684CACF7F78BF944DFCC84506B0EE709DBF4CDAA0CC
              Malicious:false
              Reputation:low
              Preview:................(...x$....m............x....#.......%.......&......`+......h1..`...............C.:.\.W.i.n.d.o.w.s...................................................................................................................................... ..................................................@ ......................|!..................0...........................................................................................X"................... ...............#..................................d.......(...........................................p...................................................."......................T................................................................................................................ ..........................................................,...................<...............................0!......................................................................4#..................................................................

              C:\palera1n\drivers\usb\x86\usbaapl.inf

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Windows setup INFormation
              Category:dropped
              Size (bytes):5468
              Entropy (8bit):5.347784732140263
              Encrypted:false
              SSDEEP:
              MD5:CA3A369E3993295E11D5FB6B7663F3B9
              SHA1:7771A0176A543725D7BBF70A546C096A4EE2DD40
              SHA-256:4494C8AF156D9DC7DEEA76491D73716E16B42E3E8B5B4555B0FD247B6CACAB8B
              SHA-512:650B0F23B6470AD84A001821BD5BA6FC906DB0E6FD616D734A87B9777AC1F5F6D6D0DC52F5AEF223BF362109B77CD89C5B4E93562C1168FBD049756D714B64CF
              Malicious:false
              Reputation:low
              Preview:; Installation inf for the Apple Mobile Device USB driver ..; ..; usbaapl.inf..;..; (c) Copyright 2010 Apple, Inc...;..;..; ....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36fc9e60-c465-11cf-8056-444553540000} ..Provider=%AAPL%..DriverVer=05/19/2017,6.0.9999.69..CatalogFile=USBAAPL.CAT.. ..[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%MfgName%=Apple.. ....[Apple]..;..; iPod..;..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1261..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1262..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1263..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1265..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1266..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1267..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1302..%iPod.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1303..;..;..; iOS devices (Mobile Device)..;..%iPhone.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1290..%iPhone.DeviceDesc%=USBAAPL.Dev, USB\VID_05ac&PID_1291..%iPhone.

              C:\palera1n\drivers\usb\x86\usbaapl.sys

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (native) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):45056
              Entropy (8bit):6.207169563436614
              Encrypted:false
              SSDEEP:
              MD5:A176718F0DF45F60F545CF3E14F4D108
              SHA1:FB03C1B53709F65712DF5A8318130D9788BC3CEA
              SHA-256:5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E
              SHA-512:7AF3E0B90CD175B6B6C24ABF237DC4395E6B9D2F360EE2CC3721D3184811FB5B086199D4A27F36BCE8D6462C2717B3D9E2E1814A9D5A24EA4DC4FEA32E6AE427
              Malicious:true
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........ezN..)N..)N..)N..)...)G.)G..)G.)B..)G.)O..)G.)O..)RichN..)........................PE..L....%yU..................... ......>...............................................t.......................................P...d...................................0...................................................0............................text.............................. ..h.rdata..............................@..H.data...............................@...INIT....@........................... ....rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

              C:\palera1n\drivers\usb\x86\usbaaplrc.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):6112072
              Entropy (8bit):6.560898333723062
              Encrypted:false
              SSDEEP:
              MD5:1428A8B3DBF4F73B257C4A461DF9B996
              SHA1:0FE85AB508BD44DFB2FA9830F98DE4714DFCE4FA
              SHA-256:5ED0D8F2066DD19D5AEC42C5498FDD1DB9CEFAB4D024A1015C707DFD0CFD5B20
              SHA-512:916A61FEB9A36872A7C1ADECE8933599E55B46F7D113966EC4AD2AF0E2568F1A339629EC48ECA10BD1E071C88171FE88292DAB27CE509CEEA42AFBD049599CC7
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y{..Y{..Y{..G)8.Z{..G)>.X{..G)(.U{..G)/.[{..~...[{..Y{..G{..G)!.[{..G)?.X{..G):.X{..RichY{..........PE..L....%yU...........!..........].............. ...............................`].......]......................................"..<....@..@.]..........*].H....P]. .... ............................... ..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc...@.]..@....].................@..@.reloc..8....P]......"].............@..B................................................................................................................................................................................................................................................................................................................................

              C:\palera1n\getopt.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):19968
              Entropy (8bit):5.455775561206186
              Encrypted:false
              SSDEEP:
              MD5:A4005D087422FAB84A4557E5007A71E2
              SHA1:1EE60FC9DC22CC53DE50E4A5FBD530DC0E92DE8D
              SHA-256:F36763D439AA23DDF110F1A841ACD4B0196AE7228DB07089CEA0D62629B863BB
              SHA-512:A2EC9868BDF2E57643021088A59BD0168343776061535129D71E0E3E6A4085B83B5D9E4AE214B7A76B91CEDB0463F6CE6FA6EEDD4E8066CE01483FFE7899970E
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f)g."H.."H.."H..+0..*H...9..!H...9..)H...9..*H...9..!H..6#.. H.."H...H...:..#H...:..#H...:..#H...:..#H..Rich"H..........PE..d...Q.3`.........." .....*...&.......-....................................................`..........................................N.......O...............p..d...............$....G..p........................... H..8............@..X............................text....(.......*.................. ..`.rdata.......@......................@..@.data........`.......D..............@....pdata..d....p.......F..............@..@.rsrc................J..............@..@.reloc..$............L..............@..B........................................................................................................................................................................................................................................................

              C:\palera1n\iconv-2.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):1021440
              Entropy (8bit):7.322654658268345
              Encrypted:false
              SSDEEP:
              MD5:5A73878CE9D507D3F7DE699812DD1544
              SHA1:615C7218CEDF42E429099DB5FD619B9506E08D79
              SHA-256:E8A4A09FD639B87927B83D14FE2485A03FE3ECC813C24EE8BDD2B12FA3E425BF
              SHA-512:5D8C98DE4D673A80F0BB3E14DB522A058652893472E46456E0A40EAAD0F7086ED1435BDEE002A2BCCA8D51E7A4B5C13C16974E4BFA1E800256138E419CCCBDE9
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h...,...,...,...%.>.".........8./...,........ j.-.....&.....$.....(.....(.....-.....R.-.....-...Rich,...........PE..d...i.3`.........." ................T.....................................................`.....................................................................P....................u...............................u..8............................................text............................... ..`.rdata..............................@..@.data................~..............@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

              C:\palera1n\idevice_id.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):13824
              Entropy (8bit):5.042166837434147
              Encrypted:false
              SSDEEP:
              MD5:F3EBE030CC07899982505D6EF24AA67F
              SHA1:C4898C64E2FF37076485AE67A4A970B71066DB73
              SHA-256:40FFEB86FD7F8636180BDA37B9F3C5A17A42E9A3791A65AFD0AE872FF952E515
              SHA-512:F44E61DA5ED58E2402E9D28F8C91396B7080D59272627F45B6CA9AB85D4A65B62D5C696122CBA9F3FCDD6C26C4927EBA67CE18178F8247A9EE6C02A6664A7745
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..#...#...#...*.~.1......!....*."......1......)...... ......)...7...$...#........'......"......"...Rich#...........................PE..d...&.3`.........."..........$......`..........@..........................................`.................................................|<.......p.......`..................,....6..p............................7..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....P......................@....pdata.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc..,............4..............@..B................................................................................................................................................................................................................................

              C:\palera1n\ideviceactivation.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):27648
              Entropy (8bit):5.6014489231701265
              Encrypted:false
              SSDEEP:
              MD5:EA2056690EC3E497BE7028AE76CCA317
              SHA1:1652296EAF582D3967C56278133547B825060821
              SHA-256:775174BE149419CF203E243220AE44E0E671277F32D4AAABD39BB261E05AA8F8
              SHA-512:E576BE518580F4F65CE60B72779F17ADA65D377FDFCD94C643ABA70F72326F4B4453CFCC4A95AF3782F1C44DE118E4C019BF3C654CDBE43F747159EFA96E0261
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..Rd..Rd..Rm.#Rl..R..Sf..R.^wRe..R..Sn..R..Sl..R..Sg..Rp..Sf..R...Sm..Rd..R=..R...Se..R...Se..R..ORe..R...Se..RRichd..R................PE..d...g.3`.........." .....4...:.......7....................................................`.........................................pf..(....l..................................$....[..p............................[..8............P...............................text....2.......4.................. ..`.rdata..0'...P...(...8..............@..@.data...`............`..............@....pdata...............b..............@..@.rsrc................h..............@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................

              C:\palera1n\ideviceactivation.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):21504
              Entropy (8bit):5.336019355812339
              Encrypted:false
              SSDEEP:
              MD5:6726AD654500F5CEE6DD9628F76B01FB
              SHA1:4856063B5177014D87D80BDFD873BF2A95922580
              SHA-256:BA8FC9EBCF87D846F7863F102D63F96B040E542C70F718B85AD2072305AB884C
              SHA-512:8B707F12679B956664C2EED2F4401736B71726912F62CC056E5C4DFADDC22F1F786590B89891DD4BC8F87DE552CD1593D219F6C5F405557E5EE6AA12BB16D5C7
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..rB.rB.rB....rB.#.C.rB....rB.#.G.rB.#.F.rB.#.A.rB...C.rB..C.rB.rC..rB...J.rB.....rB...@.rB.Rich.rB.........PE..d...h.3`.........."......"...4......t%.........@..........................................`..................................................S..................................,...tM..p............................M..8............@...............................text...\ .......".................. ..`.rdata...$...@...&...&..............@..@.data...H....p.......L..............@....pdata...............N..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\idevicebackup.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):37888
              Entropy (8bit):5.809104877630589
              Encrypted:false
              SSDEEP:
              MD5:1B66685ED92E70F08413675B1D091234
              SHA1:0A1BA3349224E85FBA66A4F0A919126E2E71748E
              SHA-256:AD9877928AAC24AB4DF9C82A81F4283ECDE1B03FED6689D9FC0D8CD22EF10218
              SHA-512:4E2687284E4FA82B2706F1D63645541314CC5E74D1003C488391448A73CDE5542A4D463B4AB3171C7F4D5F2C7CDAFBB9F73A9432B62F6E0B3D499AFB69AD2E68
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..xUU.xUU.xUU...U.xUU..TT.xUU..U.xUU..PT.xUU..QT.xUU..VT.xUU..TT.xUU..TT.xUU.xTUVxUU..]T.xUU...U.xUU..WT.xUURich.xUU........................PE..d...*.3`.........."......L...J......`Q.........@..........................................`....................................................,...............................4.......p...............................8............`...............................text...,K.......L.................. ..`.rdata..Z9...`...:...P..............@..@.data...x...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................

              C:\palera1n\idevicebackup2.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):56832
              Entropy (8bit):5.922101168342665
              Encrypted:false
              SSDEEP:
              MD5:BB9C411E1BF3ADC5AEE0118DFFB62393
              SHA1:465A9A6CF98F4D6CA9AA5C10D69D2915F9B23DAA
              SHA-256:BBBACC24F16017DB0B64B0E2B0589DD69FBC30CC09C755B70EAB6DE3826BB137
              SHA-512:E5948522257DA41540EAD0A0AAD293FC49C2DBE47206D4C44ECD466C74819D8CEE553E1FCCB4EAE0DB29107EE3058C743B43CA38F0A1C46D73EFE442B77F7E36
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7t;.s.U.s.U.s.U.zm..e.U..dT.q.U...q.U..dP.`.U..dQ.y.U..dV.w.U..gT.{.U.g~T.t.U.s.T..U..g].w.U..g..r.U..gW.r.U.Richs.U.........................PE..d...#.3`.........."......v...j.......z.........@.............................0............`.................................................0...@...............4............ ..4.......p...........................`...8............................................text...|t.......v.................. ..`.rdata...V.......X...z..............@..@.data...p...........................@....pdata..4...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B................................................................................................................................................................................................................................

              C:\palera1n\idevicecrashreport.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):19968
              Entropy (8bit):5.355220838323015
              Encrypted:false
              SSDEEP:
              MD5:D9C471CA0C9D1720F6B5654E6E02F1AC
              SHA1:E3BC0728D6A186ADC80BB36B09C84DD98333E3C3
              SHA-256:AFA90DF8AB17D7987B2FB07F7A8B287507C730928FE291AE337C27AD6895EF64
              SHA-512:7F8CB1214684FFC125AB55AFB8622968019B27BBB8A47BE81752C570D5E8C3ED4C5FD30A6CD1CCD2218CFE78C124FB658ED295D0401CAAA5028E4E30521084C7
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.s.zt..zt..zt..s...nt......xt.....{t......ht......pt......~t......rt..n...}t..zt...t......~t.....{t......{t..Richzt..........PE..d...-.3`.........."......"...........'.........@..........................................`.................................................xQ...............p..X...............,....J..p...........................0K..8............@.. ............................text.... .......".................. ..`.rdata..\....@.......&..............@..@.data...X....`.......D..............@....pdata..X....p.......F..............@..@.rsrc................J..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\idevicedate.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):15360
              Entropy (8bit):5.129100290916374
              Encrypted:false
              SSDEEP:
              MD5:27D79F315E52EC8C4F00AD9F22DD9B53
              SHA1:EAD8407F173C60EB0AB9605EDFF799E54DBE9EE2
              SHA-256:0F029F038AE149036B2737248B85B997418EF5A803FDE61A655D7E174166025D
              SHA-512:249658254D55EFE0C803C110170AFA0762425DF12A13DC285C48A099393F004C1FC8CA6F1341B23E9A2CD31B295BB28F36D7629C4CF1592F83AF625B63809FD5
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................(KJ...................../.............-./...../.r.../.....Rich..........PE..d...0.3`.........."..........(.................@..........................................`.................................................|>.......p.......`..................,....8..p............................9..8............0..h............................text............................... ..`.rdata..8....0......................@..@.data...H....P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc..,............:..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\idevicedebug.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):5.504035051028016
              Encrypted:false
              SSDEEP:
              MD5:6B6E6B4B700B857E2745F96695535FCF
              SHA1:B1075926EFBB61FAD18A0AF32C57359C532FAB33
              SHA-256:39747EAF92947AA7D24ADFC1333F0FECBDDFE0AB2CD92E3442FCEF43C1A0D969
              SHA-512:1C6B4D9DEAB50AEA7198CCA96F77E1DCFFE9C92B36754D540311833578700DE7DDE562C77FD181964A4DC49A7BA50A0B695249FF34FBC303DBA97210BD9B34DC
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wU....................+........}......+.......+.......+...........................?...........................Rich....................PE..d...3.3`.........."......&...,......p+.........@..........................................`.................................................tR...............p..................,...pL..p............................L..8............@...............................text...L$.......&.................. ..`.rdata.......@.......*..............@..@.data...P....`.......H..............@....pdata.......p.......J..............@..@.rsrc................L..............@..@.reloc..,............N..............@..B........................................................................................................................................................................................................................................

              C:\palera1n\idevicedebugserverproxy.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):18432
              Entropy (8bit):5.1441925998909035
              Encrypted:false
              SSDEEP:
              MD5:E3FB15F4BB91D5F970F6042A77F5A662
              SHA1:27C630A8B4312D2164194796BB80ED2DCB200A17
              SHA-256:BAEFABCA47957CB6D343349D8AA41B2A68C116909B18A3C611AE94326767155D
              SHA-512:73E51EA817E642AD2523AC546C4C828CBF7085C2AE70467055FE63BFE9D0949E4A7B58DE11DAE3455B96F6506F44BF8E2D7B864A72BE11D3CE7C2D899515BA13
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K.....K.l.J...K.LZ....K.l.N...K.l.O...K.l.H...K.K.J...K..J...K...J.e.K.K.C...K.K.....K.K.I...K.Rich..K.........................PE..d...e.3`.........."..........0.......".........@..........................................`..................................................@.......p.......`..................,....9..p...........................p:..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data...p....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B................................................................................................................................................................................................................................

              C:\palera1n\idevicediagnostics.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):16896
              Entropy (8bit):5.2574834356236035
              Encrypted:false
              SSDEEP:
              MD5:204B37C429BFF7823A112EB17E53F9D6
              SHA1:E6A71B72C80AB38DDAFE1A0CD52ACB2AE87D13F8
              SHA-256:5ED6CC92C90F3FC55BFC0AE6A9C902DF6888B5DC1AE9700366E5BB799FD3FB0D
              SHA-512:B7EA1ECF04290B66C5310248179DC116898D7E83D1A8408CE1929985DDEAB85548270F013A859F1DDECFBE3A0848A4026D5BA938F1DDBD162394E58C4E2C3612
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........GQ..)...)...).......).+.(...)..}....).+.,...).+.-...).+.*...)...(...)...(...)...(.1.)...!...).......)...+...).Rich..).................PE..d...6.3`.........."..........,.................@..........................................`.................................................dA.......p.......`..................,....;..p...........................@<..8............0...............................text...|........................... ..`.rdata.......0......................@..@.data...H....P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......>..............@..@.reloc..,............@..............@..B........................................................................................................................................................................................................................................

              C:\palera1n\ideviceenterrecovery.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):12800
              Entropy (8bit):4.920186654282819
              Encrypted:false
              SSDEEP:
              MD5:5A93B8DE95AF7EF1B3A8EEDD540691F5
              SHA1:EE8D9C6E65FD5DF86A001A8BBF80E10DD9D9EF49
              SHA-256:A36F5EE1E85CD37420E2F6E512DD727028BC61B3DD8B9AC4C1925DBD9C223094
              SHA-512:3CF4A81A95F641AB905F2733778514A61E25B4B883DF57C656A46DBD50F6FA1CA6057E84055A4F8CC7CE60759528134522A518A52EFC7FCAD0A25CF8EBDFD7D6
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wQ............................;}..............................<...................1...<.......<.......<.......Rich............PE..d...s.3`..........".........."......@..........@..........................................`.................................................\;.......p.......`..................,....5..p...........................@6..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....P.......*..............@....pdata.......`.......,..............@..@.rsrc........p......................@..@.reloc..,............0..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\ideviceimagemounter.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):22528
              Entropy (8bit):5.42525439792642
              Encrypted:false
              SSDEEP:
              MD5:0EBC03A9E5C44DB8E5A9F14FC3B0C182
              SHA1:7CFD9F3BDF7C1F30CC4A30F17DFEF4F8A1471EF0
              SHA-256:9F172273F672F0001FFD3C1E03AD4BC7CA22A71E3DB50EE2255EC8A99C62359A
              SHA-512:459357D2E10BEB528F92A88B1C82671813EE832C2A03F19796C372C30DB761B92231F4C5E32450E62EF39A7C5DD3B8D06D79E330D44B4E56C51A5ACFC5098C91
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........".:.Cmi.Cmi.Cmi.;.i.Cmi-2lh.Cmi..i.Cmi-2hh.Cmi-2ih.Cmi-2nh.Cmi.1lh.Cmi.(lh.Cmi.Cli?Cmi.1eh.Cmi.1.i.Cmi.1oh.CmiRich.Cmi........................PE..d...:.3`.........."......&...4.......+.........@..........................................`.................................................(T..................p...............D....M..p...........................pM..8............@...............................text...L%.......&.................. ..`.rdata..."...@...$...*..............@..@.data........p.......N..............@....pdata..p............P..............@..@.rsrc................T..............@..@.reloc..D............V..............@..B................................................................................................................................................................................................................................

              C:\palera1n\ideviceinfo.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):19456
              Entropy (8bit):5.372291598158709
              Encrypted:false
              SSDEEP:
              MD5:54E7961B09ED5188DFAB422BB5E8F44F
              SHA1:B57143A6D524D62D3C026A6B2591B267648D2D37
              SHA-256:E96550B23DB37E036AF5196D639634467CD1FC5EFAFE467CB137F16DF6755676
              SHA-512:FF10E7F35F759E8BDAE8885FEC0C268ED919C54BC8BB216328E582CAA101D0E12EFF7CA919467C89C601149828BDE3054720A42137D2A897C734D8C168957BD1
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................v.........'."................... ..........#.. .... ...... ....Rich...................PE..d...=.3`.........."..........0......`$.........@..........................................`.................................................|D.......p.......`..@...............d....=..p............................>..8............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data...H....P.......B..............@....pdata..@....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..d............J..............@..B........................................................................................................................................................................................................................................

              C:\palera1n\ideviceinstaller.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):35840
              Entropy (8bit):5.69676984111426
              Encrypted:false
              SSDEEP:
              MD5:3EDEB1D25CBAB0005205B5B508D8D293
              SHA1:D218110AEC3991B4F5FB5836C6DAAFA16BC4CA4E
              SHA-256:FD4F026CD9B0B8EECDDD85D9F2FEC8D132EA01F176A32F927E929A0260F84DB6
              SHA-512:A6752F0B733AB5ACFDE61382C3BD774146E75EB64AAF3E052822F7791AF6EE22D84E8003B362AED9801C7DCCDBA8920887B25B0FE0916F33F2B0FD79607747A3
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...............t......T{A....t......t......t......S...............]..S......S.y....S......Rich...................PE..d...O.3`.........."......D...J......@I.........@..........................................`.....................................................,...............................\....|..p............................|..8............`...............................text....C.......D.................. ..`.rdata...7...`...8...H..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................

              C:\palera1n\idevicename.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):13824
              Entropy (8bit):5.008856608320697
              Encrypted:false
              SSDEEP:
              MD5:DE2EB96F478C4DEFAFC0995CB57B84B8
              SHA1:F6E53B63715E8D2BB170E94A598FE34B08234ED9
              SHA-256:C09FDBEB8AD6C81728E72214D0926A76190F287CA445609DC34ECEA7A3B553EE
              SHA-512:713BB7EBE7A382ED492238B56AAB52D22A81C001BCE5FB73BADD5D1FBBB0212D5CA67EF4EF7498063FBF2A847A58E66B501D483CA67CD1E21A0533E5CBA49D89
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..#...#...#...*.~.1......!....*."......1......)...... ......)...7...$...#........'......"......"...Rich#...........................PE..d.....3`.........."..........$.................@..........................................`.................................................|<.......p.......`..................,....6..p........................... 7..8............0...............................text...l........................... ..`.rdata.......0......................@..@.data...H....P......................@....pdata.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc..,............4..............@..B................................................................................................................................................................................................................................

              C:\palera1n\idevicenotificationproxy.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):14848
              Entropy (8bit):5.202083231491408
              Encrypted:false
              SSDEEP:
              MD5:356F550FE37945FAE7C67B09785756A6
              SHA1:33AD3C3C0D7BEE676732DF74483B0DF4C329C868
              SHA-256:DE6E9D8B74FE8A5670244B9B37F9DC0E4625B40FA5CFE129AE31F77F52110DB8
              SHA-512:185FDE5903442E490CC5A32C53B9E7B5DB0153BDA03E4BB30A2ADDABF12A22B6554113FAF91054F5FCF7ED06110630C28B995B831267D65DA1897D3058B783DA
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wQ....................+........]......+.......+.......+.......................................................Rich............PE..d...G.3`.........."..........&......p..........@..........................................`..................................................=.......p.......`..................,... 8..p............................8..8............0..P............................text...L........................... ..`.rdata.. ....0......................@..@.data...H....P.......2..............@....pdata.......`.......4..............@..@.rsrc........p.......6..............@..@.reloc..,............8..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\idevicepair.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):5.292891559570888
              Encrypted:false
              SSDEEP:
              MD5:59A3FC509702558012CB78437830798B
              SHA1:A032BD3EB3557F1150391319AF89E48F149B304E
              SHA-256:4FDD02A5515DF859D53F36B5085C4064180833B8616E655C9D60BDA9F5576B8A
              SHA-512:F2FAA7CB2C7AF71F41DA47820474A8BD28662DBCFA45482853BE7FB3B010D9A0DE121779A92D226B0F3E9FA1C3A66C8C13DC5BB6C76B911DCC0910817287D16C
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................~.........=.*.....................:............?...:.....:.....:.....Rich............PE..d...@.3`.........."...... ...2......`%.........@..........................................`.................................................\D..@............p..................<....=..p............................=..8............0...............................text............ .................. ..`.rdata..J ...0..."...$..............@..@.data........`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..<............N..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\ideviceprovision.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):25600
              Entropy (8bit):5.66361959751465
              Encrypted:false
              SSDEEP:
              MD5:32E17646C6EBCCE76946291D5E2D4CAB
              SHA1:BA4B10EB4B316F988CF4B71B9E65EE4203F92283
              SHA-256:34CE7573B4467ADD6FECDEC83278E1D127EDDC4DC3B71D260A5632F207564CFB
              SHA-512:B1CB190BFD23767EAB25313C3A8809B8B98686061709497940823F784BB8D653A637DE7F297932F68412A3A9190E6F02A502A7F4A78DE8A26D85902FB29DD17E
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D...*..*..*....*...+..*.<(...*.../..*......*...)..*.;.+..*..+..*..+...*.;."..*.;....*.;.(..*.Rich..*.................PE..d...D.3`.........."..........8.......4.........@..........................................`..................................................Z..................H...............4....R..p...........................pS..8............@..`............................text...\-.......................... ..`.rdata...'...@...(...2..............@..@.data...H....p.......Z..............@....pdata..H............\..............@..@.rsrc................`..............@..@.reloc..4............b..............@..B........................................................................................................................................................................................................................................

              C:\palera1n\idevicerestore.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):198656
              Entropy (8bit):6.313729707378174
              Encrypted:false
              SSDEEP:
              MD5:F7DC136BBBD2C92EB7186EC5F305AA0E
              SHA1:610546FD67025214A829D20C06A949300ED0547C
              SHA-256:19BF46182CEF6C665468372812B79C04292C82E0BE8CF6D4AA07CF4EE373F7CF
              SHA-512:8E31B3F9CD074515911B28A5906A237A7F828FE69B0B34DBEC98D94A3E5F260E79FADA853A1A52731DFC9A8F185716BF2F6536595B0BF2C6410D3BA5D60093E9
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r...6o..6o..6o..?.o..o.....4o...;.1o.....%o.....<o.....2o.....8o.."...3o..6o..2n......o.....7o.....7o..Rich6o..........................PE..d...[.3`.........."..........6.................@.............................P............`..........................................................0.......................@.........p...........................P...8............................................text............................... ..`.rdata..x...........................@..@.data...............................@....pdata..............................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

              C:\palera1n\idevicescreenshot.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):15872
              Entropy (8bit):5.153128772587863
              Encrypted:false
              SSDEEP:
              MD5:656C8B67D8105702A9F094844ACD3F3F
              SHA1:0540DAE1A92ACD0C24633CEA224C59D696895D0A
              SHA-256:AB0D623EA0E3E496D330F72FA440645563B80ABEBECC28F2DB735C314CF96198
              SHA-512:3F33E251C24DC2AF74C7E48393F99523FFF4FFC3C9784801177E863DA8E3CDDEDEE5246D35DF05EC9024CCDE844312A4A407163ABC9D21B0C7A79223E2E62C85
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........${..E...E...E...=...E...4...E..%...E...4...E...4...E...4...E.."7...E.......E...E..&E.."7...E.."7.E.."7...E..Rich.E..........PE..d...J.3`.........."..........*.................@..........................................`..................................................@.......p.......`..................,...`:..p............................:..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc..,............<..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\idevicesyslog.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):24064
              Entropy (8bit):5.474202392885467
              Encrypted:false
              SSDEEP:
              MD5:F34CEE9A4D1E31415A7853ECCC188763
              SHA1:2FB2134E19C633DEF60C3F609A05AA2B33CF09EC
              SHA-256:549A9F848DDB61C5B395B5E823967261DC67A60CD47C432A6A5AB07CA3424B8A
              SHA-512:3A6443FE6A74B9E2F8A677B520F300C816820AC70BB359AA5A626E73CF7802D39D0CC1490D0474EEA360299801B54AAE742271D097EE795C6D5AD7AD76306B4A
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............|...|...|......|.a.}...|.AK....|.a.y...|.a.x...|.a.....|.F.}...|..}...|...}.v.|.F.t...|.F.....|.F.~...|.Rich..|.................PE..d...M.3`.........."......,...4.......0.........@..........................................`.................................................|X..................d...............4....Q..p............................R..8............@...............................text....*.......,.................. ..`.rdata..l#...@...$...0..............@..@.data........p.......T..............@....pdata..d............V..............@..@.rsrc................Z..............@..@.reloc..4............\..............@..B........................................................................................................................................................................................................................................

              C:\palera1n\imobiledevice-net-lighthouse.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):10752
              Entropy (8bit):4.853967420968297
              Encrypted:false
              SSDEEP:
              MD5:EF35CCDA8E9C6F5CA5B8A132C8727FA5
              SHA1:EBF475BBF4D08E05EEDB43E85284127AD77954FD
              SHA-256:4A9BCE0575C2FC46CF12DC01E3E1EB0CB27DD09E7785B5FDB7572F368C964E83
              SHA-512:7F496D82C5A087EFBFF85559F2F86354E872006E51D0DDF4EB84C937F69EC074B89753EAE6DE74DAF901A659AB52767AFA422DF20729BA0A1EA2AA338949C502
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.......................,......,......,......,.......y@.........5...................t............Rich............................PE..d.....W.........." ......................................................................`..........................................&..\...<'..d....`.......@...............p.......!..p............................!............... ...............................text...3........................... ..`.rdata....... ......................@..@.data...L....0....... ..............@....pdata.......@......."..............@..@.gfids.......P.......$..............@..@.rsrc........`.......&..............@..@.reloc.......p.......(..............@..B................................................................................................................................................................................................

              C:\palera1n\imobiledevice.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):184320
              Entropy (8bit):6.267164184238374
              Encrypted:false
              SSDEEP:
              MD5:81FB2DDBB540AFCDD8A1C4060D6F57EB
              SHA1:B5AAE29462DDFCDE6212CC982630E9F4C85D0835
              SHA-256:7E4A42C84BC1F8FB5CF23A72090BAA5E467D89981226FF6877218AFF71200B19
              SHA-512:2639F772B6A18568C421BE8E52D9AF11AAA69F18F0A2A7E2506CECC25ED499A448AB2DA2482BC0AF9C370F449C53B7A2EE3E907BAF42AD6F5FEB0AF1CDB33EAF
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}.b...b...b....@..b..i../.b..I....b..i../.b..i../.b..i../.b..N../.b...../.b...b...b..N../.b..N../.b..N.,..b..N../.b..Rich.b..........................PE..d.....3`.........." ................ ........................................ ............`..........................................|...(..|....................'...................E..p............................F..8...............p............................text............................... ..`.rdata..4...........................@..@.data...............................@....pdata...'.......(..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

              C:\palera1n\ios_webkit_debug_proxy.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):95744
              Entropy (8bit):6.241020328628223
              Encrypted:false
              SSDEEP:
              MD5:0B694BDC267E69920BE50F1C7AABE33A
              SHA1:E9066F8562D1BA7B89D458EC0170118C9F5AAC02
              SHA-256:BE19E0E21AF718AB8F32AE9D27EE53B7874F93DD18F33FC1416DA95295F1BE56
              SHA-512:4D3E39DB446391DF188B7CE04B72B042D383733489931D87F34DFCC179B337A946919A0D99B0D878EBEEB4A6FCC3C2449955034CB9D50B936C613C77F8AE48B5
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D.............W.....Y.......yz......Y.......Y.......Y.......~..................h...~.......~.;.....~.......Rich............................PE..d...w.3`.........."............................@..........................................`..................................................^..|...............................p...(D..p............................D..8............................................text............................... ..`.rdata...n.......p..................@..@.data........p.......`..............@....pdata...............b..............@..@.rsrc................r..............@..@.reloc..p............t..............@..B................................................................................................................................................................................................................................

              C:\palera1n\iproxy.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):348865
              Entropy (8bit):5.176890986939466
              Encrypted:false
              SSDEEP:
              MD5:EAAFC4A453542ACC13EA783C61578B24
              SHA1:680A5FB691DEF55FD459FC28E7B2EE460E2507EB
              SHA-256:675E19BFE804A6E02D4E669027146942EBC158DCD223E1419FA1F3F0E1906F72
              SHA-512:388BDC67E365B74A0FDAFCD8A74F1AC6573B3005DB93D1BD1BBA817F9B7F99340F4FBE72FB48B4DD186966D30611317ED57FA9D280082178EE3107FCC38E5B1E
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....F.a..........&....$.......................@.............................P............`... ......................................................0.......................@.............................. ...(.......................h............................text...............................`.P`.data...0...........................@.P..rdata..............................@.`@.pdata..............................@.0@.xdata..............................@.0@.bss..................................`..idata..............................@.0..CRT....`...........................@.@..tls......... ......................@.@..rsrc........0......................@.0..reloc.......@......................@.0B/4......@....P......................@.PB/19......^...`...`..................@..B/31......7.......8...8..............@..B/45..................p..............@..B/57.....

              C:\palera1n\irecovery.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):47104
              Entropy (8bit):5.931814101885948
              Encrypted:false
              SSDEEP:
              MD5:8803E041606BD5430A9762D20FCCEE32
              SHA1:549B147E9ED7863900F0ED7FBA539DFE1B62208F
              SHA-256:279AD12A64F0ADD484DF98723BFAC3E5261FC748F23079BA2FC3753B2AF97306
              SHA-512:C533D9E74AFCA58121DFEAA3E610334C670CC928D41CC482245C6217F7D3C976984C285C9A67050F92F612CC4641D999DF5B0444BC3126D03382C72CA1D41731
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.k%=.8%=.8%=.8,E.8)=.8.L.9'=.8...8$=.8.L.9.=.8.L.9-=.8.L.9!=.81V.9 =.8%=.8o=.8.O.9&=.8.O.9$=.8.O.8$=.8.O.9$=.8Rich%=.8........................PE..d...Q.3`.........." .....X...b.......\....................................................`.........................................`...........................P.......................p........................... ...8............p..X............................text...xV.......X.................. ..`.rdata...=...p...>...\..............@..@.data...............................@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

              C:\palera1n\irecovery.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):364789
              Entropy (8bit):5.180463996376855
              Encrypted:false
              SSDEEP:
              MD5:50220DEE05DA5ECA314B88B1E2654655
              SHA1:F8490491ED62E5600901DCCF2E955A51597304ED
              SHA-256:5089C347C668E8ACB822F67E12EAD483EF17A3CE3E8429A0B79989A1E9866979
              SHA-512:1EBDF1C65973DA91E36FF9AF6A705F4C629E2AC7155B12BECCF560903E5B35B0088B602CE71D4880D4DB72C9FD431CD2A9882516C1BC965368B226A4F6158492
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....H.a....U.....&....$.......................@.....................................`....`... .................................................P....0..........L............@.............................. ...(...................T................................text...............................`.P`.data... ...........................@.`..rdata..............................@.`@.pdata..L...........................@.0@.xdata..0...........................@.0@.bss..................................`..idata..P...........................@.0..CRT....`...........................@.@..tls......... ......................@.@..rsrc........0......................@.0..reloc.......@......................@.0B/4......p....P......................@.PB/19......q...`...r..................@..B/31......:.......<...T..............@..B/45.....?.... ......................@..B/57.....

              C:\palera1n\libcrypto-1_1-x64.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
              Category:dropped
              Size (bytes):2803060
              Entropy (8bit):6.7213780281571225
              Encrypted:false
              SSDEEP:
              MD5:7C891A58AB2EF4B2EBC03623B3294B03
              SHA1:4643924475276C0557619757C9106D794A75B155
              SHA-256:CBFCACBF9DF03E2F3BFC53CC19F0FC99603FDCBB9057439874B68C5B25989E42
              SHA-512:85EAB0C4E10C8A150CB919B307EEE664C8484F07569DDD6E686A976E8F406569EDC19EB40EC90213735AB834C746A17E2DA303A758BCCF6DED3DD2236CEC1919
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........*.......&"...&.X....*..L.. ..........V.............................p+.......+...`... .......................................(.......*.......+...... &...............+..Q............................%.(.....................*.x............................text....V.......X..................`..`.data........p.......\..............@....rdata...............z..............@..@.pdata....... &..0....&.............@..@.xdata..P....P'......4'.............@..@.bss.....J...`(..........................edata........(......8(.............@..@.idata........*......:*.............@....CRT....X.....*......R*.............@....tls..........*......T*.............@....rsrc.........+......V*.............@....reloc...Q....+..R...Z*.............@..B................................................................................................................................

              C:\palera1n\libcurl.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):488448
              Entropy (8bit):6.3769219165099695
              Encrypted:false
              SSDEEP:
              MD5:B4EF81727D2A7D603F3F8BFAE76523AB
              SHA1:D850A136E9E2FF088563BEFE0200EE64FBF186CB
              SHA-256:F20CC3046966F0BAE39A1AF164F1D8FED1801A31A583450B1ADEFE3014DEEEFA
              SHA-512:25F45DC7E647417FDB1E8679C8E3E12CDA44D4F977E633DD6E9E662E908BEDE839F169732872919327E5BA43FE814D45B0A4EB89D44F3BC5626264C9FB53F34B
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................^....o......O6.....o......o......o......H....................H...D...H......H.2....H......Rich...................PE..d...B.3`.........." .....................................................................`.....................................................h............P..h=..............$.......T..............................8............................................text...(........................... ..`.rdata..Tv.......x..................@..@.data...p'... ......................@....pdata..h=...P...>...(..............@..@.rsrc................f..............@..@.reloc..$............l..............@..B................................................................................................................................................................................................................................

              C:\palera1n\libimobiledevice-1.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):1341455
              Entropy (8bit):5.203639327213565
              Encrypted:false
              SSDEEP:
              MD5:4241F19E8F48D2439B0436ECF2ACC4D2
              SHA1:E16373E546E9E9290D78C5EAAFE6E67D66CC2EE0
              SHA-256:4741EDABC37166B98E80AC92F18C8A43ABABD4100C55FE0B0CFD5B5CC5B0929C
              SHA-512:D361391BBCA94263458A6C890F739C6481F9E7C58E2A349A749CCE4C752ECC6C5580B5696454F39D03BF03ED64D537B5B421C2724D9B932E9A8F090517318E4B
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....G.a..........& ...$.6..........P.........._.....................................)....`... ..........................................*...0...............................p..................................(....................6...............................text...84.......6..................`.P`.data........P.......<..............@.P..rdata...D...`...F...>..............@.`@.pdata..............................@.0@.xdata..<...........................@.0@.bss....0.............................`..edata...*.......,..................@.0@.idata.......0......................@.0..CRT....X....P......................@.@..tls.........`......................@.@..reloc.......p......................@.0B/4......p...........................@.PB/19................................@..B/31.........0......................@..B/45..................X..............@..B/57.....

              C:\palera1n\libimobiledevice-glue-1.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):419789
              Entropy (8bit):5.135883187200569
              Encrypted:false
              SSDEEP:
              MD5:C22A87D19FED9FF3DF7A887F449A79CF
              SHA1:8C8D0BA455E38ADE77A3057C2344006423A9898E
              SHA-256:CF2C255D890975650141C602BF310625F9862ACD0B118BD8EB0D6B8385F0E9EA
              SHA-512:DA273462B011B22C074EF5877E3D9F9127F139B7EFC9C8CD8C1F7130C94A5B0EF3E988F08C51E6B2D94FDE4635BB5FED42C748CCAB679FF1CC032FDEB1DF8D78
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...5F.a..........& ...$............P.........i&.............................@......<.....`... ...................................... .......0...............................`..h...............................(....................3...............................text...............................`.P`.data...............................@.P..rdata..............................@.`@.pdata..............................@.0@.xdata..............................@.0@.bss..................................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....X....@......................@.@..tls.........P......................@.@..reloc..h....`......................@.0B/4...........p......................@.PB/19.................................@..B/31......?...0...@..................@..B/45..........p......................@..B/57.....

              C:\palera1n\libirecovery-1.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):610827
              Entropy (8bit):5.1706547893603405
              Encrypted:false
              SSDEEP:
              MD5:3E7D2D699A56E93100464F43C1159B51
              SHA1:850A8137D3251A558E0FB4EA70447832494B6996
              SHA-256:A2E000137D2AB0E81D93B970D00A3D4CAE5A9E3728E9E8D3A9DAE1D53E409005
              SHA-512:70090ABB9D9042BFFC7EDE45D4A031B9166E953F8574D7AC5F65EB82ED23FD0AA6DBDDDA88EC70F3F60B421DBB5081C83E2B1F16A7488FAAF16F1F94F8874ED4
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....H.a..........& ...$............P........................................ .......h....`... ..............................................................................................................z..(...................D................................text...x...........................`.P`.data...`....0....... ..............@.`..rdata...<...P...>...:..............@.`@.pdata...............x..............@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B/4..................................@.PB/19.......... ......................@..B/31.....CD...0...F..................@..B/45.................................@..B/57.....

              C:\palera1n\libirecovery.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):133632
              Entropy (8bit):6.5454913233949155
              Encrypted:false
              SSDEEP:
              MD5:B462E95A3B00F3217858B73575AEF814
              SHA1:5A4EAA547E13C60F355E00626380937343D60787
              SHA-256:655090FA89DB9A0934A104EA4A36FE92A6F81CED06A9D13D9AFCFB66F2DE52EA
              SHA-512:FEBAC6027C0118D1006785FAD4D4ACBAD8FFE8B87E7625B37B1C8BAE29D3705EF974BEECEDFD86E7D3A71BF74349C3626C372DB6DE13D6A8D7F2D9D7A3BCBF26
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~.{.-.{.-.{.-_..-.{.-.*4-.{.-.*.-.{.-.*5-J{.-...-.{.-.{.-.{.-.)0-.{.-.).-.{.-.).-.{.-.).-.{.-Rich.{.-........PE..L...Fa.`...........!.....L...........f.......`...............................P............@.....................................<.... .......................0..|....a..8...............................@............`..T............................text...dJ.......L.................. ..`.rdata...|...`...~...P..............@..@.data....?......."..................@....rsrc........ ......................@..@.reloc..|....0......................@..B........................................................................................................................................................................................................................................................................................................................

              C:\palera1n\libplist++-2.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):949514
              Entropy (8bit):5.655637104157449
              Encrypted:false
              SSDEEP:
              MD5:0D23B0391B9A77C7ABC08586EB0E7F91
              SHA1:C4FDED21E1E7AB8F07D4F6799EC4754280B1BF6D
              SHA-256:9682B9F55A5207AB4BE22EEEB7572352B1EDA5014B4221A8DF3893FD8539D5EC
              SHA-512:6D2619361930F1CA50B8A82E6B50DBAB1BFC559A48EAE10BD44A120A8709ECD4D52468968C75B6C986C0BF145F2B06302FA24FED1522E9E04FC895385D75D8A1
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....D.a..........& ...$.^..........P.........G$.............................@............`... ..........................................&......l............................0..................................(...................p................................text...x\.......^..................`.P`.data...p....p.......d..............@.P..rdata...............f..............@.`@.pdata...............v..............@.0@.xdata..............................@.0@.bss..................................`..edata...&.......(..................@.0@.idata..l...........................@.0..CRT....X...........................@.@..tls......... ......................@.@..reloc.......0......................@.0B/4...........@......................@.PB/19......|...P...~..................@..B/31.....#x.......z...P..............@..B/45.........P......................@..B/57.....

              C:\palera1n\libplist-2.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):925137
              Entropy (8bit):5.060442388531934
              Encrypted:false
              SSDEEP:
              MD5:F8A7E6DC8E5F1A85D75C9742227A87C3
              SHA1:347236FC953A7E8DF3143E313B8F84A8D007D531
              SHA-256:9C0B9EF9BA0A89E9A24DA7E5A1BC1ADD43C19D95FD4229C459F905942362F3D9
              SHA-512:7AE8BF8AF9839177AEB7B73C58D73CE8DADB4D403640D6E444524B7F1C5ADBF0B5CFBD482AB8A4F8B6A05600EAA0048DE52AF56F77B5509D1F5E94FB581DD7BC
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....D.a.,..W.....& ...$............P..........B.....................................x....`... ......................................0..S....@...............................p..|...............................(....................B...............................text...............................`.P`.data...............................@.P..rdata..`$.......&..................@.`@.pdata..............................@.0@.xdata..\...........................@.0@.bss.... .... ........................`..edata..S....0......................@.0@.idata.......@......................@.0..CRT....X....P......................@.@..tls.........`......................@.@..reloc..|....p......................@.0B/4......@...........................@.PB/19.....%;.......<..................@..B/31.....!m.......n...P..............@..B/45..........@......................@..B/57.....

              C:\palera1n\libreadline8.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
              Category:dropped
              Size (bytes):248987
              Entropy (8bit):6.10271307720324
              Encrypted:false
              SSDEEP:
              MD5:C069FB094C713BDA07D780882BF19C03
              SHA1:10E2703168D5A54D8933235877399E0371B531EE
              SHA-256:98D4F4DA32030C37DCAD866CE061178421E6E05CBEE4EBA5DED4F09C4AAA5CF8
              SHA-512:2338E8FB0EFF458087E841A928263E4C99855A50EDCBBDFCF2A1B2A9731BDDC96295BBDDA992DB9DC1F03C15CD909E0900820B741454B008AE041B7F2A81E391
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........l.....&"...#.r..........P.........(..............................0......1.....`... .........................................\O......X............@..P............ ..p...............................(.......................0............................text....q.......r..................`.P`.data...`U.......V...v..............@.`..rdata..`G.......H..................@.`@.pdata..P....@... ..................@.0@.xdata..d....`.......4..............@.0@.bss..................................`..edata..\O.......P...P..............@.0@.idata..X...........................@.0..CRT....X...........................@.@..tls................................@.@..reloc..p.... ......................@.0B........................................................................................................................................................................

              C:\palera1n\libssl-1_1-x64.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
              Category:dropped
              Size (bytes):572101
              Entropy (8bit):6.093128380709086
              Encrypted:false
              SSDEEP:
              MD5:14FF677FC74A66DB7A9C393608617C0C
              SHA1:E1F8464D23F43DC623FB94B918C323B710502057
              SHA-256:E13E1EB6FF74F682959D2D0BE2BA7C766E9906F1D5488E22C8E6AE402BCC172A
              SHA-512:D88D7740A1135099999028BA09CEF332514B1F961A8DC924D1C2B7F934542E89A25700C5601433DB237D4B74E5BB591DF6A57DA82FAB950399C161FD0B31D9FB
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........l........&"...&.....h...... ..........|....................................;.....`... .........................................7@...P...M...........p...:..........................................`R..(...................._..8............................text...............................`..`.data...08.......:..................@....rdata...H... ...J..................@..@.pdata...:...p...<...R..............@..@.xdata..,1.......2..................@..@.bss.....................................edata..7@.......B..................@..@.idata...M...P...N..................@....CRT....X............P..............@....tls.................R..............@....rsrc................T..............@....reloc...............X..............@..B................................................................................................................................

              C:\palera1n\libtermcap-0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
              Category:dropped
              Size (bytes):45347
              Entropy (8bit):5.964686022801086
              Encrypted:false
              SSDEEP:
              MD5:FB3FE2DA403F35C48A93C27F3B39B30B
              SHA1:C763C1AAA8FBCFE737C9834FA594EC49013CA1AA
              SHA-256:C7450A34433E212B5081FF5E7A08630337BE6E71D27F7C37989AB3654028B9E1
              SHA-512:1A5E8002F1C7262D34A99B1AC8C720A5B197400C7B009E7FC0E88854DAF589B2536C412A96B09366E690633E9974D4A3FE8D2490BE54B61282B52DC2A1C4B568
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........4.....&"...".z..........P..........j.............................0.......W........ .................................................l............................ ..h...............................(....................................................text...8y.......z..................`.P`.data...p............~..............@.`..rdata..............................@.`@.pdata..............................@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..l...........................@.0..CRT....X...........................@.@..tls................................@.@..reloc..h.... ......................@.0B........................................................................................................................................................................

              C:\palera1n\libusb-1.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
              Category:dropped
              Size (bytes):214745
              Entropy (8bit):6.311489614007665
              Encrypted:false
              SSDEEP:
              MD5:31A5D095AAC8B96BB00B7436459F98B3
              SHA1:332B76859E9418A54AA90577835F2A6E41E678A4
              SHA-256:76055314E4E69641FB889E88B858BCC14B50AFF06F197E5F8D5A112BA2E13ED7
              SHA-512:83F1B1AD34F59DED60B8D873E846E46DA1D9607C15A3C6C77274C73F8A07A6FB565366F22E500A00B4992AF5FCC54DF8CF4FBF0A332767F3FB48B4CA681E5FAB
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........8..f.....&"...&.2...4......P.........2...........................................`... ......................................`..I.......................................D........................... ...(...................L................................text...h1.......2..................`..`.data...0....P.......6..............@....rdata.......`.......<..............@..@.pdata..............................@..@.xdata..,.... ......................@..@.bss....p....@...........................edata..I....`......................@..@.idata..............................@....CRT....X............*..............@....tls.................,..............@....rsrc...............................@....reloc..D............4..............@..B................................................................................................................................

              C:\palera1n\libusb0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):85504
              Entropy (8bit):6.065258796439653
              Encrypted:false
              SSDEEP:
              MD5:4E48B624021C2D96E12BC4BD1663B462
              SHA1:E3B9228DE9668F8D8A7573FF2250C48F922EF742
              SHA-256:35DC5F39C7DB74E8F769FC75AECE2A842BA20962BE853A35B40D05A283202FB6
              SHA-512:A4E4C4987D7B5AEE2841544D323EDC7CBF3E543F2D9506D9DF948E2BA7C441E2B0A0978F4356119D00E5D7078D1BCC1CB1414E6DF81C2B7C098D4CCA825AE218
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................|....\.......\......\......\................C...{......{......{......Rich...........PE..d.....3`.........." .........p......................................................&7....`..........................................0......X6.......p.......`..<...................0...T...............................8...............(............................text............................... ..`.rdata..fX.......Z..................@..@.data........P.......8..............@....pdata..<....`.......<..............@..@.rsrc........p.......J..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................................

              C:\palera1n\libusbmuxd-2.0.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):381175
              Entropy (8bit):5.121618270280687
              Encrypted:false
              SSDEEP:
              MD5:6642BCCA8EE0AF1F4E7A0F6EADC1F5EB
              SHA1:D196F9B0FFB47CBB1FB9FBDCF4DA3E9AE9843568
              SHA-256:8F31AE8114F9481CC4930F86498A609E3F52FFDE69DC16214FFC2A8B084C7E43
              SHA-512:116A1865BBF23B93AD587E0B7D62AD959A78920CEBD7D46649BD1FCC8977E131AEB67A40F153C40C47D1D4BF12DEF448492963C7AF51AAE1A6900BF2098069E8
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....F.a.&........& ...$............P................................................;....`... ...................................... .......0...............................`..p...............................(...................03...............................text...8...........................`.P`.data...............................@.P..rdata..............................@.`@.pdata..............................@.0@.xdata..............................@.0@.bss..................................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....X....@......................@.@..tls.........P......................@.@..reloc..p....`......................@.0B/4...........p......................@.PB/19.....!w.......x..................@..B/31.....>1.......2...j..............@..B/45.....q....@......................@..B/57.....

              C:\palera1n\libxml2.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):1445376
              Entropy (8bit):6.480199198730996
              Encrypted:false
              SSDEEP:
              MD5:91E99BD33BA150673775017E3B088A8A
              SHA1:3E60FF7D70446092F2DC3132912F0DB2E1CF5853
              SHA-256:D33968EAB7035AB6B4D44306B631958419C2F3FC1DB97AE768E5C25B95BA7602
              SHA-512:5323E3D563E4A9D702EE4CC3941ADFC3762B59A76503BC2E11953195EAF0CB1E66AF0A21FD2953BF0D91E656F23B9A78F9199FE76114B0503653B215583FCC2E
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P3b.1]1.1]1.1]1.I.1.1]15@\0.1]1...1.1]15@X0.1]15@Y0.1]15@^0.1]1.Z\0.1]1.C\0.1]1.1\1.1]1.CY0.1]1.C]0.1]1.C.1.1]1.C_0.1]1Rich.1]1........................PE..d.....3`.........." .........r...............................................`......K.....`......................................... 7......8...,....0..,....@...............@......X*..T............................*..8............................................text...X........................... ..`.rdata...Z.......\..................@..@.data....-..........................@....pdata.......@......................@..@.rsrc...,....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

              C:\palera1n\lzma.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):154624
              Entropy (8bit):6.638702344693868
              Encrypted:false
              SSDEEP:
              MD5:8DDBEA8948CC1311F976F5F548F9AD13
              SHA1:A6A44E6F9EB3531A19463E1CDBD8722A5BA235F8
              SHA-256:D809F75F16C8CEEB343CCC9398F9DA74C02BDAB270867F747F2372F048B13C25
              SHA-512:79F71CDB770245E14A435BFD6798DD354C1B5D3EA4589130E8486488E8E2DF7CED836C2595F1CCE87189208CB644CAE5D53EF030D56EE0FFD61F8E9485079181
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................d......d......d......d..................C.....C......C.c....C......Rich...................PE..d.....3`.........." .....................................................................`.........................................@8..(...hD..d............`......................`...T...............................8............................................text............................... ..`.rdata..............................@..@.data...H....P.......<..............@....pdata.......`.......>..............@..@.rsrc................T..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................

              C:\palera1n\openssl.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
              Category:dropped
              Size (bytes):774716
              Entropy (8bit):6.312996702294296
              Encrypted:false
              SSDEEP:
              MD5:90B7592D1FB3DC6CF1401C11A2DF7E48
              SHA1:83DE36DF5B7891E118038FB9C59771CA463E515C
              SHA-256:B1EB0B87886CAEF3CAD989C63750DC67931B22299F7CD0592FFE1CE2E26301C6
              SHA-512:6CB91C747C64F01069330E88A5FCF0638B9ED37AE564C478CD52DEFDB62A4093D714C9B42855DCC9807E5C78541F9B407218588B1AF1BCB22B819E511CEC18CC
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........w.....&....&.b.......$.............@.............................p......~.....`... ..............................................0.......@.......................P..................................(....................[...+...........................text....`.......b..................`..`.data...`x.......z...f..............@....rdata..0...........................@..@.pdata..............................@..@.xdata..............................@..@.bss....."...............................idata.......0......................@....CRT....`.... ......................@....tls.........0......................@....rsrc........@......................@....reloc.......P... ..................@..B........................................................................................................................................................................

              C:\palera1n\pcre.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):395264
              Entropy (8bit):6.337149551602763
              Encrypted:false
              SSDEEP:
              MD5:BF69614C5F4C0C5FFB8FF6D983C51E40
              SHA1:BFDDF02B7A132428CDC67382F8784C81D8A0214E
              SHA-256:39C87232F7512E76FEB6E42376DB00626E237628D5C88A492D088613478A8E12
              SHA-512:6700CF2FA46B5E5DB1D3F4DCF3FD0B6D37857B1FAD984556A27A5E50F8A10466C58D8E7A885D40AAAFA34C74FC476C6EDC16B6FF2CF71E2517ABB2EC0AB8957A
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.....P...P...P.b.P...Pjk.Q...Pjk.Q...Pjk.Q...Pjk.Q...P.q.Q...P...P...PMh.Q...PMh.Q...PMh.Q...PRich...P........PE..d.....3`.........." .....z...................................................P...........`......................................... ...........x....0..........H............@..l.......T...............................8............................................text....y.......z.................. ..`.rdata...o.......p...~..............@..@.data...8...........................@....pdata..H...........................@..@.rsrc........0......................@..@.reloc..l....@......................@..B................................................................................................................................................................................................................................................................

              C:\palera1n\pcreposix.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):12800
              Entropy (8bit):5.141590420574034
              Encrypted:false
              SSDEEP:
              MD5:A86808FEA0B3AD91FFD8972042473454
              SHA1:1609DB01B35066C44B576316835305E3C4C331B5
              SHA-256:299AC749BDA81AA93985141203F603AC880D3FC9F0D8A84E5597A020C24F5353
              SHA-512:463D23D8C7C824338A4D52246455DC5CC7086E23CB7EB19656E9D4E582B40F4505A805578F905B0834ED45849DEC92BCB4F01B4CB57BA1762F755A740231569F
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Qf=.0.n.0.n.0.n.H.n.0.n~A.o.0.n~A.o.0.n~A.o.0.n~A.o.0.n.[.o.0.nYB.o.0.n.0.n.0.nYB.o.0.nYB.o.0.nYB.o.0.nRich.0.n........................PE..d.....3`.........." ......................................................................`..........................................<.......<.......p.......`..................H...p5..T............................5..8............0..H............................text...X........................... ..`.rdata.......0......................@..@.data...H....P.......*..............@....pdata.......`.......,..............@..@.rsrc........p......................@..@.reloc..H............0..............@..B........................................................................................................................................................................................................................................

              C:\palera1n\plist.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):64512
              Entropy (8bit):6.077513357152445
              Encrypted:false
              SSDEEP:
              MD5:5F8CF2BEA6B3BB7DA742E5C1C613D8DD
              SHA1:E9C93E15569FE4560B4D59205C7432B9C94AC4FF
              SHA-256:F4921856D858124E6EBDDB9C71AAF03182009690D8140C0EB1B54087E4109010
              SHA-512:2F60FB6EDD25E5BDF4B759D26A58EA0ED3610C23EBD7B358A3EFAC91FF7E91713800F9B80625C9F2EF0DA6C1E760645B2F838AD4BF1EB4327C142900E2CDF161
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........N..LN..LN..LG.5L@..L..MH..L..aLO..L..M_..L..MF..L..MM..LZ.MM..LN..L...L..MX..L..MO..L..YLO..L..MO..LRichN..L........PE..d.....3`.........." .........F...............................................@............`.........................................P... ...p........ ..........<............0..$...p...p...............................8............................................text............................... ..`.rdata...*.......,..................@..@.data...X...........................@....pdata..<...........................@..@.rsrc........ ......................@..@.reloc..$....0......................@..B................................................................................................................................................................................................................................................

              C:\palera1n\plist_cmp.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):4.862303312401172
              Encrypted:false
              SSDEEP:
              MD5:31E775DBFC5D8998E9AE8318AB4C2F05
              SHA1:843AA9CD22795AC45C494E422D397F4C58310D64
              SHA-256:D97B91F16090378A39EEA057B9CCD4176D0C709B75F6392CAD4D1C9EE9F48BAE
              SHA-512:AA33A9EC11B603284B4BE4A593D80480AB3C9E51B4C270C634FE95A3DAF4E41E986EA0DF96A44400593A3021A69E693F5939E1D57B2B4DD608FAEE3D045B3693
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ..d..d..d..m...h.....f.....u.....n.....g......g..p...f..d..X......g....s.e......e..Richd..........PE..d...j.3`..........".......... ......d..........@..........................................`.................................................D9.......p.......`..................,....3..p............................3..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....P.......(..............@....pdata.......`.......*..............@..@.rsrc........p.......,..............@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................................

              C:\palera1n\plist_test.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):4.848786647975012
              Encrypted:false
              SSDEEP:
              MD5:D52496E6A23BA14985E6A5252B37BFA9
              SHA1:9926A69D64718618C257401D2909B858D9F008BF
              SHA-256:7A939D46A658F7BD571804EDBE4720664C19EBD081008F6D7AE00DB46CF76713
              SHA-512:4EBD9D5F6F87D88ECADB74AA1D2CCB7EA4CF868234EE91F922AEC544F6E6DB5DC1232F3928434C17CEF1956C93AB11D7D4D93296D146CA7A2B59D6A403CAAAB7
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B4..#Z..#Z..#Z..[...#Z.pR[..#Z.pR_..#Z.pR^..#Z.pRY..#Z.WQ[..#Z..H[..#Z..#[..#Z.WQR..#Z.WQ...#Z.WQX..#Z.Rich.#Z.........PE..d...k.3`.........."..........".................@..........................................`.................................................|*.......`.......P...............p..,...T$..p............................$..8............ ...............................text............................... ..`.rdata..l.... ......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

              C:\palera1n\plistutil.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):14848
              Entropy (8bit):5.0124949849641505
              Encrypted:false
              SSDEEP:
              MD5:72EF9411DA3F3EF9EED2E039F4A5B0F8
              SHA1:B3CAF24C8711DE1A052A72F7D8EB022A9FBA03EB
              SHA-256:801E23C06FFD41F929BF1DB1F21AE360FF33E50D37E52D57DC64E4B6276EB9D6
              SHA-512:F2E251DC8D414CE929BE05E99F1CD40C826A5D101A404309D3F211BC24940157298780A01E51A7EA36FC54A09B0D6CA8EA0672DA6A3C307B8DB66D3A0845F0A1
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.H.0.&_0.&_0.&_9.._>.&_..'^2.&_.W._1.&_..#^".&_.."^:.&_..%^3.&_..'^3.&_$.'^2.&_0.'_v.&_...^1.&_..._1.&_..$^1.&_Rich0.&_........................PE..d...l.3`.........."..........&......d..........@..........................................`..................................................=.......p.......`..................,...h7..p............................7..8............0..X............................text...<........................... ..`.rdata..z....0......................@..@.data...H....P.......2..............@....pdata.......`.......4..............@..@.rsrc........p.......6..............@..@.reloc..,............8..............@..B................................................................................................................................................................................................................................

              C:\palera1n\pthreadVC3.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):103424
              Entropy (8bit):4.948359525176983
              Encrypted:false
              SSDEEP:
              MD5:B7FC00CDE76983F22C57C736A135BC68
              SHA1:B004B097EF1133E0E0E17080674CEEDD4C2AEE96
              SHA-256:D3E4E6CA4BD83CA057E874B2C15947B21A90E11600290E61908EF0C73C236712
              SHA-512:D8D7870A82469D3DAE6A1D0765670BED0B71A0962265D70FCA02FB4B21C587CAE7956E07619CBB6A5E168AAD549EB85AF23D98DDBA653A76B9B8B45A8086DD3A
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........AV.o/..o/..o/......o/.L....o/......o/..o...o/.l....o/.L.*..o/.L.+..o/.L.,..o/.k.+..o/.k./..o/.k....o/.k.-..o/.Rich.o/.........PE..d.....3`.........." ......................................................................`..........................................^..........x...............................<...49..8...........................p9..8............................................text............................... ..`.rdata..uE...0...F..................@..@.data................b..............@....pdata..4............d..............@..@.idata..K............v..............@..@.00cfg..Q...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................

              C:\palera1n\readline.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):174080
              Entropy (8bit):5.997323761981436
              Encrypted:false
              SSDEEP:
              MD5:067529CD4F28879213EA8E3CE76CCAD0
              SHA1:43F22CF0523916325679B87ADBF88BC4AF0F1DF8
              SHA-256:8C3FFF60AB4EE2458BCC2ED9638985F6AF1A99C061CB60DACA3E9A781B7B35AD
              SHA-512:6150126610C28E9FE5D21E9102BF0C287EF84386060D6D9690CA49344DE91B4A1975E417713EEFE15452075C5B65F921E99E2BAA4AC5306059FE2E47A2A10729
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8...Y.E.Y.E.Y.E.!]E.Y.ES(.D.Y.Es..E.Y.ES(.D.Y.ES(.D.Y.ES(.D.Y.E.2.D.Y.E.Y.E.Y.Et+.D.Y.Et+.D.Y.Et+.D.Y.ERich.Y.E........PE..d.....3`.........." ......................................................................`.........................................0...8:..h%..,...............T.......................T...........................0...8............................................text...h........................... ..`.rdata..H...........................@..@.data....o...@...`... ..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

              C:\palera1n\ref.zip

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
              Category:dropped
              Size (bytes):22258676
              Entropy (8bit):7.998090511140296
              Encrypted:true
              SSDEEP:
              MD5:9F38175E3272926F45C86AECCCD0566F
              SHA1:4EB92B0DDF66AE507DF1365C956989BCABE057A2
              SHA-256:13217D562D7CBEB10D9D691734F267626EFAA9C680F7F79A240D8E03032010C0
              SHA-512:6B1AB12E8470F1B7D5F5C8F4308190DF8DF92BCBCACE714641A5ED1B5C4C050B9ACB970423B6BA787FC8C8CEED0667309A8BBC54A386FA375DFA60C7B5167D22
              Malicious:false
              Reputation:low
              Preview:PK..........VR.........&......bz2.dll.]{|TG...n`!.. @JS..Z.bM.j...]..i.6V......&5.$$.D.Nn...ZT..jm.R[)/u7.d.3.Ri...Z.R..R...wf..6........<..3.33....l..L&+.t.d.l...L..o...gl.ozz.....3.._qwV.]w~./.3...;.<.+_....wd)7,......q...4....^^.B..../.{.e..r..>T.B.....p..P.w.;4...R{h..[....o.5...w..].].woZ.]N..^.2.n..(S.9%a.iVVJ..L...........Z..xN2.F...........1.."N<.>f]f6=..v\n6m...OS.Ef.J$..Wf6y.d..MKG..f..#..9./.wu.W+..f.bd.U..q........._F>g.4M........WS0Jo.e....M5........2....w......./..Lx.&...(.WW...^VF8....M....Oe;...^+V..sUv..n.S....o..../.`.Z..W.y......|.&..D...e.6_....ei.x.....)s..-T..c7.....n....o...>w._..{Y!..7U.b....P.n....}."..u...Y.~..~.a2..Y..W..[.NK.;./.Je.}..:....yoI...[....4....Mi..PYH.&_....bm}...l.F`_....aO...Z.'}.....7 ..5....S....UvCF!kG&...y..V..<..^.".Z^.+...e....Q3E..*r.4.O.......V..2`AP../}..n....[..=.%........e....|..T..|.|.Z.Z...%.u.Mj..._o/....hQN..o.....B...PA.V.Ri.BuVn....;.k....... ....}TAE..s6......V..T.o.

              C:\palera1n\usbmuxd.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):40448
              Entropy (8bit):5.84971095593646
              Encrypted:false
              SSDEEP:
              MD5:211C3F6DF1290B508891202E994D9B44
              SHA1:12595B371103D7201D5A3961FAE50CE7985E47A2
              SHA-256:349A3D0C855AA6592A581D3161ADA03A67527738A38E6C5805F5492BEC81FF75
              SHA-512:57692B8CA04ABAD7B988ADD794C38733DC8D4800072B50C2F26E60873085F822B2223B710795E2289885EE7D4739283B9E8D8BEC605D18693BCC490828BAC728
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%o.ka..8a..8a..8hv.8m..8..~9c..8...8`..8..z9j..8..{9i..8..|9b..8.|~9c..8ue~9d..8a.~8...8.|w9e..8.|.9`..8.|.8`..8.|}9`..8Richa..8................PE..d.....3`.........." .....^...F.......`....................................................`.............................................P......................................<.......p...........................`...8............p...............................text...(\.......^.................. ..`.rdata..(/...p...0...b..............@..@.data...0...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

              C:\palera1n\usbmuxd.exe

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):70144
              Entropy (8bit):5.9959370933064955
              Encrypted:false
              SSDEEP:
              MD5:8E42FA904824B67B1ADC3190AD59DBD3
              SHA1:26DA5786F5254BBDB18F61A071560875FACC6907
              SHA-256:8B75EC8FD37BF59C1445D4B1B576B3092CE578D1BA478EB3B9D6F2CBF04AEC9C
              SHA-512:8B821465DD742069A037D1B32E3E1D4D0EECD83DA04C43DB1078292A5269719B14B2B159913886F53BCF52163A209EE78B144E3B9D6BE029F4F60E0A388F40BD
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%..a...a...a...h.4.u......c....[`.c......r......k......b.......m...u...h...a...........k.....X.`.......`...Richa...................PE..d...`.3`.........."..........~......T..........@.............................`............`.................................................L........@.......0...............P..X...H...p...............................8...............p............................text...<........................... ..`.rdata..te.......f..................@..@.data........ ......................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc..X....P......................@..B........................................................................................................................................................................................................................................

              C:\palera1n\vcruntime140.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Category:dropped
              Size (bytes):87736
              Entropy (8bit):6.502774183038492
              Encrypted:false
              SSDEEP:
              MD5:6888A93E3BE0D92BF2293E2BD3043DDB
              SHA1:403C038F61D45D4BD74B59D13B3EB0DEA9E04A9D
              SHA-256:B989172491BCF631322D87D7B812FB5598B8FCDD1E2A30C119F5265080CD13B8
              SHA-512:C549F73EA34B0BD70EFD726547E154500AE9FB4AC72EC8ACA2233447CDE06147AAC7B1C00692A4E5F55A2E57268AB3EB3DEA76EA20F9DDF99AA779E568A88BE5
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9Jy.X$*.X$*.X$*9..*.X$*. .*.X$*.X%*.X$*..!+.X$*.. +.X$*..'+.X$*..,+.X$*..$+.X$*...*.X$*..&+.X$*Rich.X$*........PE..d.....W.........." .........T......`........................................p.......Y....`A........................................`...4............P.......0...........>...`..p...p...8............................................................................text...G........................... ..`.rdata...5.......6..................@..@.data........ ......................@....pdata.......0......................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................

              C:\palera1n\zip.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:dropped
              Size (bytes):103424
              Entropy (8bit):6.240710537489593
              Encrypted:false
              SSDEEP:
              MD5:617CEFBBFA6A07B61436DB83EFB0A215
              SHA1:E186715C9E067D510537FCBFE0219C7AA723AEC1
              SHA-256:5D9CF87EB136E5699FEF3DF425607153B13EFA24B726EA982A1A8F80EB124091
              SHA-512:D6830B64C26170680AE1554762B22C8B078E38A67370CD858AB6F116CD48C80DAFEEED3C0BE5302FF31C76B591876F4428F76483135BDDD88F008BE8DA11DB83
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z..........................%.............................."......................"......".......".......Rich....................PE..d.....3`.........." .....$...l......t'....................................................`..........................................l..,....{......................................pL..T............................L..8............@...............................text...8".......$.................. ..`.rdata..ZH...@...J...(..............@..@.data................r..............@....pdata...............v..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

              C:\palera1n\zlib1.dll

              Download File
              Process:C:\Users\user\Desktop\palera1n.exe
              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
              Category:modified
              Size (bytes):86528
              Entropy (8bit):6.470720007149983
              Encrypted:false
              SSDEEP:
              MD5:68E75DE6FAB2E89775F0736266BFF9F0
              SHA1:DEDA64062BD37592AE981D6DB9796FC2649763E9
              SHA-256:B45BE7FA62570A92BDC0AB5B965B7E2B703B2551B0AB082B753281B9860DC31F
              SHA-512:D2BAF79B19C7DA786B62AE4DF71F54864D31E8A8F204E085E8679AD0A5C6CA61574C1F891F9B3287572BC19CAA4C081F642D6BE1008F7F054968885480F3C485
              Malicious:false
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S.S.S.Z.-.[...P..My.W...X...[...P.G...Q.S.c....\....R..A.R....R.RichS.................PE..d.....3`.........." .........x.......................................................z....`..........................................D..H...8L..........0....p..................h....4..T............................5..8...............p............................text............................... ..`.rdata...a.......b..................@..@.data...H....`.......<..............@....pdata.......p.......>..............@..@.rsrc...0............J..............@..@.reloc..h............P..............@..B........................................................................................................................................................................................................................................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.999645914282275
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
              • Win32 Executable (generic) a (10002005/4) 49.97%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:palera1n.exe
              File size:27'929'600 bytes
              MD5:e0da7ebe8736791ac92c501a78bcd643
              SHA1:a56321571978d0b24a983e6b50eeb703e4db8e48
              SHA256:4fa681dfa8fd5998e6e737c5b4be4ba30123902eece3a06381ea69f36efb85db
              SHA512:dce233d4c9fe80bb032dfcedd80d507bf036fcdd4347b102598aad193795248c1814f8740c7b9b121960ade082fadc965ebb510a5b348ce11e16e6814da2c1d0
              SSDEEP:786432:LRy8erxtykBxL3gNxPOQhqhVPNnzO2tEynWuQyGM5C5J:Lg7xjoOQMjByhynI+aJ
              TLSH:785733BCDB5C5AB4F2DC5E7CE0F23209C639C8BC244ADBAA5188E57EAF11D0451F5922
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........."...0......~........... ........@.. ....................................`................................

              File Icon

              Icon Hash:518c8c8e8e8ce017

              Static PE Info

              General

              Entrypoint:0x1e9cb9e
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x64C78208 [Mon Jul 31 09:42:32 2023 UTC]
              TLS Callbacks:
              CLR (.Net) Version:v4.0.30319
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              xchg eax, esp
              adc dword ptr [ebx], eax
              fld qword ptr [eax]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x1a9cb480x53.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a9e0000x7c00.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1aa60000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x1a9aba80x1a9ac00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0x1a9e0000x7c000x7c00False0.9019027217741935data7.7538733680043155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x1aa60000xc0x200False0.044921875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0x1a9e1000x6925PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.985956830255972
              RT_GROUP_ICON0x1aa4a380x14data1.05
              RT_VERSION0x1aa4a5c0x314data0.4289340101522843
              RT_MANIFEST0x1aa4d800xd0aXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3927501497902936

              Imports

              DLLImport
              mscoree.dll_CorExeMain