file.exe

Status: finished

Submission Time: 2024-05-12 12:02:07 +02:00

Malicious

Trojan

Spyware

Evader

PrivateLoader, RisePro Stealer

Comments

Details

Analysis ID:
1440164
API (Web) ID:
1440164
Analysis Started:

2024-05-12 12:02:08 +02:00
Analysis Finished:

2024-05-12 12:12:03 +02:00
MD5:
72007357beb74fea20e7daa285212b16
SHA1:
e37f50ace578fc3a69fb7a312a659d51491e32b0
SHA256:
6a1bda6fa37b02776b44c80fc1d8329bd7fbd49ff46eaf37346e5c436a52ec9e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 43/73

malicious

Score: 18/38

malicious

IPs

IP	Country	Detection
147.45.47.126	Russian Federation
34.117.186.192	United States
104.26.5.15	United States

Domains

Name	IP	Detection
ipinfo.io	34.117.186.192
db-ip.com	104.26.5.15

URLs

Name	Detection
https://db-ip.com/demo/home.php?s=81.181.60.1196
https://t.me/risepro_botomania
https://ipinfo.io/widget/demo/81.181.60.11eG
Click to see the 67 hidden entries
https://ipinfo.io/wv~1
https://t.me/risepro0.11
https://t.=
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://ipinfo.io/Mozilla/5.0
https://www.ecosia.org/newtab/
https://ac.ecosia.org/autocomplete?q=
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://t.me/RiseProSUPPORT
http://upx.sf.net
http://5.42.96.7/cost/go.exe68v
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
http://147.45.47.102:57893/hera/amadka.exee
http://5.42.96.7/cost/go.exeOw
https://www.maxmind.com/en/locate-my-ip-address
http://5.42.96.7/cost/go.exec.vTK
https://ipinfo.io/widget/demo/81.181.60.11P
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://db-ip.com/demo/home.php?s=81.181.60.11
https://db-ip.com/demo/home.php?s=81.181.60.117
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
https://support.mozilla.org
http://www.winimage.com/zLibDll
https://db-ip.com:443/demo/home.php?s=81.181.60.11&OLa
https://ipinfo.io:443/widget/demo/81.181.60.11o
http://pki-ocsp.symauth.com0
https://ipinfo.io/
https://db-ip.com/demo/home.php?s=81.181.60.111
https://t.me/risepro_botlater
https://ipinfo.io/:
https://t.me/risepro_bot
http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
http://5.42.96.7/cost/lenin.exe9
https://t.me/risepro_botomaniaJ
https://t.me/risepro_botlater60.11
http://5.42.96.7/cost/go.exe-Q
https://db-ip.com/
https://ipinfo.io/widget/demo/81.181.60.11m
http://147.45.47.102:57893/hera/amadka.exe
https://ipinfo.io:443/widget/demo/81.181.60.11
https://t.j
https://db-ip.com/demo/home.php?s=81.181.60.11G
https://duckduckgo.com/ac/?q=
https://t.me/RiseProSUPPORTv
https://db-ip.com/$
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
https://t.me/risepro_bot6
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://5.42.96.7/cost/go.exe
https://t.me/RiseProSUPPORT9?
https://t.me/risepro_botrisepro
https://t.me/RiseProSUPPORTB
https://db-ip.com/O
https://t.70
https://db-ip.com/demo/home.php?s=81.181.60.11SRL
https://duckduckgo.com/chrome_newtab
https://ipinfo.io/widget/demo/81.181.60.11
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
https://t.me/risepro_bot(
https://db-ip.com:443/demo/home.php?s=81.181.60.11
http://5.42.96.7/cost/lenin.exe
https://db-ip.com/demo/home.php?s=81.181.60.11Z

Dropped files

Name	File Type	Hashes
C:\ProgramData\MPGPH131\MPGPH131.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ZeTvTkc8PqqpWi0gm5JPfdt.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
C:\Users\user\AppData\Local\Temp\OGKFocHES6dDgKTCWPSJdQR.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
Click to see the 78 hidden entries
C:\Users\user\AppData\Local\Temp\8klzCUsmQMVYazLTWo6KoKU.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\02zdBXl47cvzcookies.sqlite	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\IdCNLqBK5BIzWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\DPh3g7VanZ0uLogin Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\D87fZN3R3jFeplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\C053a7OlzkOwHistory	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\4mK_R6tOoPGgWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\3vXQ9NJu865mWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\3b6N2Xdh3CYwplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\STqIiTxIo5J7Login Data For Account	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\zByDc7TM5G4BCookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\x6iuAgWaPHROLogin Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\v8KCsYORX8h7Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\rh5eReF6pk1JWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\m78YdG3PG6psHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\fp5Zfw4ryWNTWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\_2Udgx0R4lC0Login Data For Account	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\TRbMB5IbyYCfLogin Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\SBUYXJCvH4fCWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\JsdnoRPI_10LHistory	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\trixy1kjtHrReFnXF\Cookies\Chrome_Default.txt	ASCII text, with very long lines (769), with CRLF line terminators	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#
C:\Users\user\AppData\Local\Temp\trixyr3JGE0E2FYa9\passwords.txt	Unicode text, UTF-8 text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixyr3JGE0E2FYa9\information.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixyr3JGE0E2FYa9\Cookies\Chrome_Default.txt	ASCII text, with very long lines (769), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy7qiYjWFiJkre\passwords.txt	Unicode text, UTF-8 text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy7qiYjWFiJkre\information.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy7qiYjWFiJkre\Cookies\Chrome_Default.txt	ASCII text, with very long lines (769), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy1kjtHrReFnXF\passwords.txt	Unicode text, UTF-8 text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy1kjtHrReFnXF\information.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\JRPAhKRZ9ZTqHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\x7WOFKlgU8fPWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\sI5BW4MD5Iw7History	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\rakgGBowKZnMHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\opKyAgExHDMyCookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\oUhaH1047Io5Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\ad9xHU1sHgxoWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\D87fZN3R3jFeplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanr3JGE0E2FYa9\M4EU2Y_AAhWdWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER214F.tmp.dmp	Mini DuMP crash report, 15 streams, Sun May 12 10:03:11 2024, 0x1205a4 type	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\1_QlH4gDMSHgHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\19u7ECnptzzlWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\02zdBXl47cvzcookies.sqlite	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\rage131MP.tmp	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER22B9.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER226B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER226A.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER21FC.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\3b6N2Xdh3CYwplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20C3.tmp.dmp	Mini DuMP crash report, 15 streams, Sun May 12 10:03:11 2024, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2019.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F9B.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C00.tmp.dmp	Mini DuMP crash report, 15 streams, Sun May 12 10:03:10 2024, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_f72aa47e83387be13decffad958dd6df2948b_3ea92c58_dec5365b-211a-4509-a3ee-25eef0619427\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_a2f39f18c7bab85a936641112cf4d8a65518de_de9be973_94773830-acbf-49ed-a888-c6bd52737c00\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_a2f39f18c7bab85a936641112cf4d8a65518de_de9be973_9436b2ab-098a-4a19-b205-1dc59dcf74a1\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\hxHjRwjYwPT3Login Data For Account	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\ITZ0bicyJ58aHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\HK3i7VEtGMBbWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\BdOSr6ULfsrrHistory	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\3b6N2Xdh3CYwplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\02zdBXl47cvzcookies.sqlite	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\sYcixjslgY3sWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\rMqqLrP0489yHistory	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\otYgbid_VcgTLogin Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\mHC5xGA2ZDf7Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span7qiYjWFiJkre\J0EAMZmTySltWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\ctu1BJdIHpHIWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\azTbUSfG7fMXWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\PJJYS_IpzF0mCookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\JhTxiIG1NfyxHistory	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\D87fZN3R3jFeplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\ByL8mAxGwSmaWeb Data	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\B087runuAKfxWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1kjtHrReFnXF\66rslgkYekRJHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe