Edit tour
Windows
Analysis Report
htkeUc1zJ0.exe
Overview
General Information
| Sample name: | htkeUc1zJ0.exerenamed because original name is a hash value |
| Original sample name: | 64fbd4176cf9fb77d63173f809b2433d.exe |
| Analysis ID: | 1576844 |
| MD5: | 64fbd4176cf9fb77d63173f809b2433d |
| SHA1: | 737e70ae50f2616dc445d8244d192a63d48a11bc |
| SHA256: | 80ff41fea4b4580608227df8a352de5497fc84b6bf5bca9613265cedd1005c5a |
| Tags: | exeuser-abuse_ch |
| Infos: | |
 | |
Detection
| Score: | 88 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
htkeUc1zJ0.exe (PID: 6572 cmdline: "C:\Users\ user\Deskt op\htkeUc1 zJ0.exe" MD5: 64FBD4176CF9FB77D63173F809B2433D) 
conhost.exe (PID: 6740 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - htkeUc1zJ0.exe (PID: 5228 cmdline:
C:\Users\u ser\Deskto p\htkeUc1z J0.exe MD5: 7D77F1110DE8074096D1993EC3061470) - schtasks.exe (PID: 2180 cmdline:
schtasks.e xe /CREATE /RL HIGHE ST /SC ONL OGON /TR " C:\Users\u ser\Deskto p\htkeUc1z J0.exe" /T N w3oN7Nli bd06 /F MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 2124 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - conhost.exe (PID: 5768 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 1856 cmdline:
cmd.exe /c schtasks. exe /Query /XML /TN w3oN7Nlibd 06 > C:\Us ers\user\D esktop\1gG 2smsf.xml MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 1704 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - schtasks.exe (PID: 4924 cmdline:
schtasks.e xe /Query /XML /TN w 3oN7Nlibd0 6 MD5: 48C2FE20575769DE916F48EF0676A965) 
WerFault.exe (PID: 1608 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 624 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3288 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 640 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5800 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 648 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4124 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 752 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6792 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 728 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 180 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 768 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4124 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 150 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5164 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 198 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 1340 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 744 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3744 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 196 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6316 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 612 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6672 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 228 -s 122 4 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- htkeUc1zJ0.exe (PID: 2364 cmdline:
C:\Users\u ser\Deskto p\htkeUc1z J0.exe MD5: 7D77F1110DE8074096D1993EC3061470) - conhost.exe (PID: 1196 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - schtasks.exe (PID: 6640 cmdline:
schtasks.e xe /CREATE /RL HIGHE ST /SC ONL OGON /TR " C:\Users\u ser\Deskto p\htkeUc1z J0.exe" /T N w3oN7Nli bd06 /F MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 6716 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 1344 cmdline:
cmd.exe /c schtasks. exe /Query /XML /TN w3oN7Nlibd 06 > C:\Us ers\user\D esktop\dO0 BLEiJk.xml MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 1704 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - schtasks.exe (PID: 2476 cmdline:
schtasks.e xe /Query /XML /TN w 3oN7Nlibd0 6 MD5: 48C2FE20575769DE916F48EF0676A965) - WerFault.exe (PID: 5088 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 364 -s 712 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5348 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 364 -s 956 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T16:41:22.890495+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49733 | 172.232.31.180 | 443 | TCP |
| 2024-12-17T16:41:31.971678+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49731 | 172.232.31.180 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T16:41:31.608968+0100 | 2824544 | 1 | Domain Observed Used for C2 Detected | 172.232.31.180 | 443 | 192.168.2.4 | 49731 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040AFC0 | |
| Source: | Code function: | 2_3_0040AFC0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | Code function: | 2_3_00405180 | |
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_25060D90 | |
| Source: | Code function: | 0_2_004501C0 | |
| Source: | Code function: | 0_2_004501C0 | |
| Source: | Code function: | 0_2_004501C0 | |
| Source: | Code function: | 0_2_0044D330 | |
| Source: | Code function: | 0_2_0044D330 | |
| Source: | Code function: | 0_2_004383E0 | |
| Source: | Code function: | 0_2_00405480 | |
| Source: | Code function: | 0_2_0041F650 | |
| Source: | Code function: | 0_2_0041F730 | |
| Source: | Code function: | 0_2_00402C90 | |
| Source: | Code function: | 0_2_00402D70 | |
| Source: | Code function: | 0_2_00424EB0 | |
| Source: | Code function: | 2_3_004501C0 | |
| Source: | Code function: | 2_3_004501C0 | |
| Source: | Code function: | 2_3_004501C0 | |
| Source: | Code function: | 2_3_0044D330 | |
| Source: | Code function: | 2_3_0044D330 | |
| Source: | Code function: | 2_3_004383E0 | |
| Source: | Code function: | 2_3_00405480 | |
| Source: | Code function: | 2_3_0041F650 | |
| Source: | Code function: | 2_3_0041F730 | |
| Source: | Code function: | 2_3_00402C90 | |
| Source: | Code function: | 2_3_00402D70 | |
| Source: | Code function: | 2_3_00424EB0 | |
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00409B40 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0045C5EB | |
| Source: | Code function: | 0_2_0045E95D | |
| Source: | Code function: | 0_2_00409CD3 | |
| Source: | Code function: | 0_2_00409CA3 | |
| Source: | Code function: | 0_2_00409D53 | |
| Source: | Code function: | 0_2_00409D03 | |
| Source: | Code function: | 0_2_00409D33 | |
| Source: | Code function: | 0_2_00409DE3 | |
| Source: | Code function: | 0_2_00409D83 | |
| Source: | Code function: | 0_2_00409DB3 | |
| Source: | Code function: | 0_2_00409E43 | |
| Source: | Code function: | 0_2_00409E73 | |
| Source: | Code function: | 0_2_00409E13 | |
| Source: | Code function: | 0_2_00409ED3 | |
| Source: | Code function: | 0_2_00409EA3 | |
| Source: | Code function: | 0_2_25065704 | |
| Source: | Code function: | 0_2_25060103 | |
| Source: | Code function: | 0_2_25060133 | |
| Source: | Code function: | 0_2_25060163 | |
| Source: | Code function: | 0_2_25060193 | |
| Source: | Code function: | 0_2_250601C3 | |
| Source: | Code function: | 0_2_250601F3 | |
| Source: | Code function: | 0_2_25060053 | |
| Source: | Code function: | 0_2_25060083 | |
| Source: | Code function: | 0_2_250600B3 | |
| Source: | Code function: | 0_2_250600E3 | |
| Source: | Code function: | 0_2_25060223 | |
| Source: | Code function: | 0_2_25060253 | |
| Source: | Code function: | 0_2_25060283 | |
| Source: | Code function: | 0_2_25062869 | |
| Source: | Code function: | 0_2_25064A3D | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | Process created: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_0040AFC0 | |
| Source: | Code function: | 2_3_0040AFC0 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-51360 | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00409FC0 | |
| Source: | Code function: | 0_2_25060400 | |
| Source: | Code function: | 2_3_00409FC0 | |
| Source: | Code function: | 0_2_00405D10 | |
| Source: | Code function: | 0_2_00409960 | |
| Source: | Code function: | 0_2_00409970 | |
| Source: | Code function: | 2_3_00409960 | |
| Source: | Code function: | 2_3_00409970 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_004026C0 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 Scheduled Task/Job | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 1 Virtualization/Sandbox Evasion | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Obfuscated Files or Information | NTDS | 1 System Network Connections Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 22 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 87% | ReversingLabs | Win32.Trojan.Copak | ||
| 100% | Avira | TR/Patched.Ren.Gen | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| ww99.cutit.org | 69.16.230.228 | true | false | unknown | |
| 78626.bodis.com | 199.59.243.227 | true | false | high | |
| cutit.org | 172.232.31.180 | true | true | unknown | |
| sedoparking.com | 64.190.63.136 | true | false | high | |
| pastebin.com | 104.20.4.235 | true | false | high | |
| ww7.cutit.org | unknown | unknown | true | unknown | |
| ww1.cutit.org | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.20.4.235 | pastebin.com | United States | 13335 | CLOUDFLARENETUS | false | |
| 64.190.63.136 | sedoparking.com | United States | 11696 | NBS11696US | false | |
| 199.59.243.227 | 78626.bodis.com | United States | 395082 | BODIS-NJUS | false | |
| 69.16.230.228 | ww99.cutit.org | United States | 32244 | LIQUIDWEBUS | false | |
| 172.232.31.180 | cutit.org | United States | 20940 | AKAMAI-ASN1EU | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1576844 |
| Start date and time: | 2024-12-17 16:40:06 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 10m 42s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 49 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | htkeUc1zJ0.exerenamed because original name is a hash value |
| Original Sample Name: | 64fbd4176cf9fb77d63173f809b2433d.exe |
| Detection: | MAL |
| Classification: | mal88.troj.winEXE@35/62@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target htkeUc1zJ0.exe, PID 5228 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: htkeUc1zJ0.exe
| Time | Type | Description |
|---|---|---|
| 15:41:08 | Task Scheduler |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.20.4.235 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Njrat | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | WSHRAT | Browse |
| ||
| 64.190.63.136 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| cutit.org | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| ww99.cutit.org | Get hash | malicious | Unknown | Browse |
| |
| sedoparking.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| pastebin.com | Get hash | malicious | Xmrig | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | 77Rootkit, XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | SheetRat | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 78626.bodis.com | Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| NBS11696US | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| Get hash | malicious | Simda Stealer | Browse |
| ||
| LIQUIDWEBUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, TechSupportScam | Browse |
| ||
| BODIS-NJUS | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | TechSupportScam | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Mint Stealer | Browse |
| |
| Get hash | malicious | Mint Stealer | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
|
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_1a540924-e4fe-4585-a4ee-40fd7e6041bb\Report.wer 
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9977934960504329 |
| Encrypted: | false |
| SSDEEP: | 192:62LaR0dg3ppmnxjfpiN8zuiF+Z24IO8v:62LaSK54xjh9zuiF+Y4IO8v |
| MD5: | 24092C6D558E195D17E6F339EC652464 |
| SHA1: | 9BE387583E40ED8A88601E41E303F77183271EEE |
| SHA-256: | F9DE58F1F7DD1172F2C72C0666D72DCE4402F1A17B895449234C96DB2FCAE5EA |
| SHA-512: | 74EE427C321DF0F38B335DD2022E8C78B924C5683CFEEFAD2C87C19FACD084A1E92978336419E52E12A2E8E1C5C52A7ACFF0F217A2D9B9C0C80C1F2D237C6C82 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_23aeb822-7bfa-4a8c-b861-00b3495e2c1c\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9983419465582798 |
| Encrypted: | false |
| SSDEEP: | 192:uoIjc2L4R0yFFlajfpi18zuiFjZ24IO8v:VMc2L4SyFFsjh1zuiFjY4IO8v |
| MD5: | DEB79BC5B5CA0F1AE891BEBFEA651C20 |
| SHA1: | 94E51E0EF59585C35B3519928C4052C247E53911 |
| SHA-256: | B47555AF2A89860E50AE50BE4AE4FFCC432A16893885BC0130C6F6391B8E6DDD |
| SHA-512: | F54CAA6E29E0070E8A2D90B5ED35C307BF91D2F1C981213027C4766A9E801860603DDC3AB3A719652D88BDEE14CEDC180B1304A34F1C3F6F6351111BC91EDBFF |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_2d43509c-6ac9-44f2-b9b6-9d1099da5121\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9980423996899206 |
| Encrypted: | false |
| SSDEEP: | 96:Uv2Lej3LmnidLTsohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmR:7ejc2LTR056rwjfpi18zuiFIZ24IO8v |
| MD5: | 5BAAAFB0C40E4ADC5C244AC9B1E22E4A |
| SHA1: | D0609D68F8759C41EDEDD71F3FDC2039B997CD33 |
| SHA-256: | 335EC681B74EEAC0B9A8D3BDD53FC839E4DA07F864A2F3C8F410C8531139FA48 |
| SHA-512: | EBFA23574BE29D44C903D3552663FDDCB6A628D1B956378E71F67BA6B5AD56DC691006B85247E728FD861ECFC4ED0D955FDA812A66686A72D7D95FB31F22EFF5 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_382a9316-7080-4196-8cc1-3d671443b342\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9788559012526702 |
| Encrypted: | false |
| SSDEEP: | 96:j4bj3LmnidL5sohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmxjM:jqjc2L5R056rwjfpi1DzuiFIZ24IO8v |
| MD5: | 4033F9B20118BBE374ED330CE0BD3017 |
| SHA1: | 9276F9ED3E09DF9BFFB2B6AAB0AF7E41A592D857 |
| SHA-256: | F61F52E82A850F22E2111EAA69FD1514C7983C86EEEE54BF2F21CBE0C4803EAC |
| SHA-512: | 2109DE657976C7DF81F586616D439F6824BEB6F2DC61718B78F698D6A08A11672F23E24E7ADFF99FA8A5DF20A35AE38C05A50EAB5EA8D750C9C528384E180116 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_536f9302-fa66-4c0c-91cd-55fa30c7de1b\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8063039192796307 |
| Encrypted: | false |
| SSDEEP: | 96:jiT3j3LmnidL5sohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmxZ:y3jc2L5R056rwjfp2zuiFFZ24IO8v |
| MD5: | 76BA786DAA1D87DC1F06791A42F1A4D5 |
| SHA1: | 2124EE93A1993B2818677398C987523D819F25AD |
| SHA-256: | 395CB208340D1934720C10F9B066A167EDCE93F289E2CD90C8D89B6747155AE4 |
| SHA-512: | 9EAFA81DB714D99D3860E018345E76253E53BDEA65CA02BFC0F3544DEAC89CA2318C35591CAFF0BF1D97A12F1EF64387028433DE57761BE36BB47B2AB4B702B4 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_74a0d91b-509b-4ff3-9e29-8bae3952371b\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8062973471088591 |
| Encrypted: | false |
| SSDEEP: | 96:7Xsj3LmnidLOsohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmxjP:7sjc2LOR056rwjfp2zuiFFZ24IO8v |
| MD5: | 06263E35C519A0C6464AFC1D108F14D1 |
| SHA1: | EDA2972F0C15C6B83A36A678C7E7D841E4922139 |
| SHA-256: | 7D90C325B83E3475648339B28830ADD490A290CAB38104A20930284F519B6C1F |
| SHA-512: | AA1EDDE20A0DDA7E76A85C954F793A0B62CAFE24854CDCC7C31ADE0764C927E8D3459F882FCF4893FE1B1E233FE70555DF01D96431F191E58CCA68FFB13C3AF7 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_7dccc105-38d8-4b18-9f68-f8ccae0c71fd\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8130143101936602 |
| Encrypted: | false |
| SSDEEP: | 96:KfbF6ppj3LmnidLYsohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHR:Kajc2LYR056rwjfpazuiFIZ24IO8v |
| MD5: | C9144DA8BF8CA8189ADCDD58ADF2548F |
| SHA1: | A931651FFD8806AC782E2C0BF91015199191CE35 |
| SHA-256: | BBE0983BC969EB640DB79C9B982C0D2535D6B167EEB268FFCCEA3F30AA60E15B |
| SHA-512: | 01FE0B157C1AFE45E9A49AEFD29D05FB855406DC217666EDF19FF5D40C33E202ACD2E7126FDB77866FAFA25CE9FB66FEDBD52A30D2187A6C736300572E95FEF4 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_87a6b387-4836-49db-8cb5-e1961228c0cd\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9978359132990824 |
| Encrypted: | false |
| SSDEEP: | 192:Wjc2LmR0dg3ppmnxjfpi18zuiFZZ24IO8v:qc2LmSK54xjh1zuiFZY4IO8v |
| MD5: | AD48A4A094DF8D0C40F200A1FF976860 |
| SHA1: | 9459EC978230A738C15064BEC86EDCDC5DE7AF7B |
| SHA-256: | 431301034FE7C5146BF18F0ED0247B36534B4EB7E7A99244861526592E82A642 |
| SHA-512: | 8FE35613CF30026B6632FE6E82229258D024205B5A47B5E1E6A3EE564C1E07B8D998B320DA5F3799BB9BAC339C9AB1D02136650F3BD3A16429B184B9AB9F0603 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_8f2ce934-1637-47ff-8144-6b506939df17\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8063094576743787 |
| Encrypted: | false |
| SSDEEP: | 96:YI+59j3LmnidLBsohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmc:fSjc2LBR056rwjfp2zuiFFZ24IO8v |
| MD5: | E1117EF2A2B76591374DC4924E07D797 |
| SHA1: | 5FE6B8CCE1ED77AA9D0820B726487F688EB119F3 |
| SHA-256: | 97FCFC78A9A82BBA78E444591D4FDA44216EFC5F12C1E831BAEFCA9681ED0F00 |
| SHA-512: | 96C9E0FFAF301329E4B4CF722BBE4D4674B10CE8EAEA702DEB591CC5DDE69EFDC69E912B1AEA52517E6BD3EC850EB197CD21E63EEAABFC027072B0F91F4E6644 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_b9194d91-a0de-457c-a31b-e41e6d1a9c7e\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9978566034881741 |
| Encrypted: | false |
| SSDEEP: | 192:f2LT1R0dg3ppmnxjfpiN8zuiF+Z24IO8v:f2LhSK54xjh9zuiF+Y4IO8v |
| MD5: | 1FA5A15C4AED96C54268C3F59FDF919A |
| SHA1: | 8D7BED1A0C005277C5C095EC71BA3A32640519EE |
| SHA-256: | C8138633E46571BAE1CB0F2A95C1228B631AC38AB173997709256E0F0454A4C3 |
| SHA-512: | 8651B45B4DB01DFC513AA0A155483788FC457030D96E67CCB4A2AEB04E72BA9F98D25905DF933F14245667E1292B98DF780DBA7FC2CB1226CEC157088F7A8E1F |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_bf67dbf8-9365-4045-a8e7-b53f6ebdea19\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9979274407778681 |
| Encrypted: | false |
| SSDEEP: | 192:Sjc2LER0dg3ppmnxjfpi18zuiFZZ24IO8v:Oc2LESK54xjh1zuiFZY4IO8v |
| MD5: | 68D7FCE690E68009C2D62B1319D22867 |
| SHA1: | DBA4FCA3E1912C33B71A4997E38C33419AB84B85 |
| SHA-256: | E00F7A7F4258D7232D7CFD5D74AC482966C370D927328D2A6399C27F44C5660C |
| SHA-512: | F6631B38CA16F1CE46FE401E810237C1A11EA9DB3A472085C903AAF1F3105EC15C17F5C77F28B8924C74EADCF49E4F3D48BFB174E7ADD0746D04C382DECA8A66 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_c6948025-5af9-4d6a-ae3e-a53840996eec\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9977519368820817 |
| Encrypted: | false |
| SSDEEP: | 192:R7Kjc2LAR0dg3ppmnxjfpi18zuiFZZ24IO8vo:R6c2LASK54xjh1zuiFZY4IO8v |
| MD5: | 7CFBFCF59876B44D8062691D3FD44A90 |
| SHA1: | D41E7051CCFAFB6CEF3FBF86A4BB17CDC3D13E41 |
| SHA-256: | 28855D54A8E4BC15AC090AC89B1F2F09F88F98A7F88FAC0AE3E93BACC79B013A |
| SHA-512: | 781794E30E624B69B7F33D428B41EB1B0FC967E111545592A9B7EED2F3AD769AE18B870892189723E80EA0E641755C7AC8916A99CC139FA836A04AFFF13F5ED8 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_de4597d5-4181-403e-8efa-187779a11be5\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8060301934410549 |
| Encrypted: | false |
| SSDEEP: | 96:Vdpj3LmnidLGsohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmxjP:Rjc2LGR056rwjfp2zuiFFZ24IO8v |
| MD5: | AB01E617F29896AF743F253E91028884 |
| SHA1: | 1E3F4BFA45B79000485F267ADF420F955BB87D28 |
| SHA-256: | 02832860266BB8B4EF2E84DC4EB3B313ADDD61A99F67F460A3823A2221666226 |
| SHA-512: | FC3058072A6B98C9A8FD3B8465276B68068CA828D3F4565F5D2AB17C97384DEC13A140DC2F0D8F7180D598E5E31E785478AFCB92FC7178AF862A6DC6C0CD8D69 |
| Malicious: | true |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_htkeUc1zJ0.exe_0597f579148c1ca1dea1243fab83426c2b897d_d84cdf62_e0cee837-3717-4c08-a884-76d2010b7029\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8062233291110353 |
| Encrypted: | false |
| SSDEEP: | 96:FFj3LmnidLGsohM1yDfsQXIDcQnc6rCcEhcw3rb+HbHgQggeQzOqgOyjZHhmxjzb:vjc2LGR056rwjfp2zuiFFZ24IO8v |
| MD5: | 75091B3A6B3F555A92D882E217956183 |
| SHA1: | B67676F441FBD57A869D6473665F490B497AA499 |
| SHA-256: | 988207CDA5E533D4B3096E12B9A0C2F1EBF534583F470E202D52E5F4367AD26A |
| SHA-512: | 58AD7061B4413B2B59E8B15AE7E9D50B3ACAE8D38032067427DFC97C185F57B0AF2D3E9F64083413220618DEE32F0C9194C96140E0938BEFC9F4B0564C594C74 |
| Malicious: | true |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46514 |
| Entropy (8bit): | 2.064023937854866 |
| Encrypted: | false |
| SSDEEP: | 192:Y6iqbXQuMOSdeA/ebXuVKCLYLz1nygP0gbXauls/zDoR9Bx4g2n8:4q7QuDSIA6nzly4s/zsR9BCgr |
| MD5: | F45BDC697367AE79EF4FF0109D925C85 |
| SHA1: | FAFD0D99C551BFD8BDDB052501C39376CC5258A6 |
| SHA-256: | A541F56ED79066601919A886080FF58D51AB6DB916C6AFA13A339C642E293A16 |
| SHA-512: | 943D450CDE7C649EDC797107F560905E5A751F2381518D65103B91088AD76DD0E75E1B7019EDA963A9FE57567BC65A0C5AFA2E14E76DDD865CD65950627AB750 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8286 |
| Entropy (8bit): | 3.6954528981751316 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpQ6Xo6YUn6rgmf1JXYZpB189b6vsfjem:R6lXJ+6Y6Yk6rgmf1JXYk6UfT |
| MD5: | 30F8196A3338FAF1A3C9E0DE49458709 |
| SHA1: | 5C36977FAE2D875EDEE1E408E8FB4E3255D8CF68 |
| SHA-256: | 976BEC4B31153F4B8E8F11B70888D8D1CEF9656E1F21DD624A932E94B49604F4 |
| SHA-512: | DB4F2AF62F4398EF617475DD2BC6361B0297F379A2D74B0425F347CBA1D403848EC52BB5546FAA2B584A5D906329CA6738C8E67F2D775929286576FA80DBC8F2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.448849366186772 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsdJg77aI90fWpW8VY7SYm8M4JEgNdUFT+q8lQu36H45f+3E3Isd:uIjf3I7+O7VyJL28KHsP3Isd |
| MD5: | 22A075AE10D9D22B7FF7EC1D9D816757 |
| SHA1: | DA7FE45EC431CD169421E756336AB77AC8937D7C |
| SHA-256: | 5AE685996D5C94136167CD768CCFE076F539B2C445C5375089A1ADB86ABA7116 |
| SHA-512: | 45DD6782117BC233F03EC445DDB71BAD6D091A6CE020E17B7B0754D45166148EC963241EEF56B485ECF31343C80E72A804101F646A8EADC1110F079CFFA7E335 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 94458 |
| Entropy (8bit): | 2.227667369245406 |
| Encrypted: | false |
| SSDEEP: | 384:iWcA3FDSeMWHnSW4Hhj0sZIiwK9rmbCXAu9GID8R6k6MQ+iOOfT0F:iNABSe43BgUIiwK9rK6D87HQ+7ST0F |
| MD5: | 241467B7DEF45596FA7F368A97551FB2 |
| SHA1: | 0352A222D90E221498B49DC2771AD67D91F32EB0 |
| SHA-256: | 042FA79B4BEE62751F222F928B52DB71FFBEFEC52EE90F128ABEAF5212761024 |
| SHA-512: | EB246A66F76F219AD1B00D67C48400DBAE8DC902CC105D978D53CFFA24599A12BC79E21BACC908AE85167F9EFE5464CC75BE510A547F5C8461B7B2C4384DED87 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8310 |
| Entropy (8bit): | 3.6963570629433877 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpp6yN6YUg6rgmf1JXYZpBl89bkvsfCGMm:R6lXJn6I6Yz6rgmf1JXYUkUfC0 |
| MD5: | A679ECD285D17657D5F08B6CB9E57808 |
| SHA1: | E04134013F9B9C19949C436694DAE932D7066DB1 |
| SHA-256: | A7F6381CC2B4BEE611635BF49009CCE0FCB611A0DD477AFB067ECA800CEDDDC2 |
| SHA-512: | F01FED62F31B0F406BDC006667ACC6F317C23018AF870D67A932E3158E6E54455DD4303B52E6305F601B6DD0BEA377E259DD02E917A4847262486D3F7E46A3DE |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.45105849402926 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsBJg77aI90fWpW8VYrrYm8M4JEgNdUFW+q8lQu36H45f+3E3Isd:uIjfTI7+O7VbJLD8KHsP3Isd |
| MD5: | A802177596BF1E2FD5467C96685FCFA3 |
| SHA1: | C7D04433CF6E2BD95F43B8ECAFBFCB87D437D7D3 |
| SHA-256: | FFE3DAAC91949E47AD805C62AEB64E94D5609E7B09FB4CF6D7F5CFCFACE68008 |
| SHA-512: | C178F98ACFB9FA1FD3B55327B4B1FF6DD03FB112F8B3C6DB54064A2D9F91937138FD708BD3BA5956EA91716F023EC141534972E43C5ABA7D8FF52A5CE5C83C22 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 69136 |
| Entropy (8bit): | 2.055023982397388 |
| Encrypted: | false |
| SSDEEP: | 384:GCj8Yb/pSIHUNfKzlLwsrGBcVOZy5Q1nKM7Un:GC4YjpS+UNSdwUIIQC |
| MD5: | B4EFAED10D422BAA7C35AF89B9022987 |
| SHA1: | 83FEDF8432242042874BD47751A720A0D15C6548 |
| SHA-256: | B18B518AE90FE187F23EAAF6949C51CFDCDF9CCDA76061937F98B69721775100 |
| SHA-512: | 3EE99A80003E468F4B0F8CA700CC2A0E3997828E570F3A9D036497FD1BD31DADF54320A450FD12B30E0469066D75049AB4EC9B34764643EB70E49823C5B76B75 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8284 |
| Entropy (8bit): | 3.6960113651192 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpE6+uO6YUS96rgmf1JXYZpBG89bIvsfzJ4m:R6lXJa6+uO6Y16rgmf1JXYZIUfzj |
| MD5: | F8F8C91896B44472D6AB3CC05313EA18 |
| SHA1: | 966FF790E5F922E4EF1D2D8EB19627DA139FDA79 |
| SHA-256: | F09429467D42DEB68E34F67CA5C1150915329DE875FC1E7AE2834EEC9C518E98 |
| SHA-512: | C021B6474BAA810960334113BC57D1B650315E984AAA5E03866C5FADAD83B3B7DD86B5B194707F05C94F4C8F005899F2E5332F3A1E3E95441CB230C558E77E4E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.450249040894526 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsdJg77aI90fWpW8VY7sYm8M4JEgNdUFEm+q8lQu36H45f+3E3Isd:uIjf3I7+O7V8JL/m8KHsP3Isd |
| MD5: | 3C30CB3C822010A5DBF29AF315268948 |
| SHA1: | 7C21600CE7241AC32E2063391152C406F522C0B8 |
| SHA-256: | A89978899FFEB4F254F59A79159DE7CD566CAE89BC7FE411EDDE37A9E74634F9 |
| SHA-512: | 1784E3F4363E66E96AD06E4658B2CDC9F9FCC68773C57E3C8175B15B29E2C2DDD6599AFD403DA5D73F1255F6D0B48D297ACEE6C8A2597D82B206328096269579 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 88190 |
| Entropy (8bit): | 2.2485431237911735 |
| Encrypted: | false |
| SSDEEP: | 384:ih3fHXNiSeMtMnh24HhTsFIuwMmbv6fnSidezVg8eZO:ilf30Se/XBTgIuwMKUdSpeZO |
| MD5: | B01526D05EC4E46DC1CA8775E4AF6C3D |
| SHA1: | 4448C7D233C9CBB7CD7D4940980EB9A8E12DC857 |
| SHA-256: | 9A4413160D664DA02B22A81DB9D6ECC5247B8C72B597EFCACF5A39816574784F |
| SHA-512: | 6318BAA41C7605C7849956E773A473141062B71BA7E201826F174A284F2C1852EE99A6C71AD529DD1D1AF8CA68DE19C9DB077D7FBA62767B4983C9B53E126A09 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8312 |
| Entropy (8bit): | 3.6953572160352888 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJp86IB6YU76rgmf1JXYZpBw89b0vsfY8m:R6lXJS6e6YI6rgmf1JXYb0Ufi |
| MD5: | 0883D09169D44B8E95532EF6AE330AFF |
| SHA1: | BC20715457A7A77D97385B43EE13C4CA87A22ED0 |
| SHA-256: | 92131587CE4FEE947D4DEEDFD38D31B666EE932256FF31DD300D18F0D541663A |
| SHA-512: | 3BDC8BE4FF7A8F629246C6525016841DA5FA554BD23E0F62605787D8E91086DBE0A8DE75D4F9D051423EB779591C95FA7F5348DAC7F86F52624997859297A907 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.451722631149647 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsBJg77aI90fWpW8VYvYm8M4JEgNdUFNHk+q8lQu36H45f+3E3Isd:uIjfTI7+O7VnJLoHk8KHsP3Isd |
| MD5: | EF438862CAC5A323B1A36241876FAFB3 |
| SHA1: | BB321FFED2323057BE90874A766321BAD35247A9 |
| SHA-256: | C95D6DCFEC2F06B3326597E0CF07E3353B9C943D7D34E258E0EB87136ECA87D3 |
| SHA-512: | 3F2CA5F63E850F00EFC78618E188E7E69461DEA4FD118D4E572D7AD71512F9CB4C831A05A30A3F2E074C82A33CB7EC999EE748B217EBD2E50C147E1424926B5E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 81848 |
| Entropy (8bit): | 2.2800244103136644 |
| Encrypted: | false |
| SSDEEP: | 384:/7vIXiTWnOfSeMfRnhM5bsL3HwsLr2JMqtwWnvY8o6/4:jvIyqn0SeWAbyHwse1vYWA |
| MD5: | 346AAD15DE2F18118F80FB813187693D |
| SHA1: | 371CBFBD07A192E1BAAC0A72405BD9B361ADA1D1 |
| SHA-256: | 59DA734849FE7675EF8077127AD1794CB79188ED8A2CF7FC7D5FB50DCB9990C4 |
| SHA-512: | 794E0F177074FB6378DD276A203A40423A37A795BF15966F48EC1BC69CFF231A5F8E1BACAC9F09129B902D1F5C9E27962BB110D23A93B8E421A97ED2414D9A71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8312 |
| Entropy (8bit): | 3.693780953488003 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpZ68k6YUC6rgmf1JXYZpBw89b0vsf368m:R6lXJn6P6YR6rgmf1JXYb0Uf3g |
| MD5: | CDB052640886032EF707298BB7B028E5 |
| SHA1: | 4E7283C0741E0726D4C13EF1401B4D4C784E4E13 |
| SHA-256: | 9AF455D4300C47E99AB9CA6AB81C49EC48B000D0EA98A73290D72D243FE823B3 |
| SHA-512: | 5E8E4CD869B4CABBC385BC73B845F485A7EF78D0824B6569265425B626F636266C86292B7615707354612F93DA0568AD27FAF4056E151B0EC809F349BBF75BB4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 68692 |
| Entropy (8bit): | 2.068396012128746 |
| Encrypted: | false |
| SSDEEP: | 384:qj8YbfnSIaUNfBsPADzlLOVOZy5hCPKyXJg:q4YTSLUN5xdwII4Jg |
| MD5: | 5AF7023C6BC35B06F27C805FABEFE602 |
| SHA1: | B03D03218C1522979D8B84CB0042F89BA943DA60 |
| SHA-256: | 8E7C3A8AE64469F526916C484B78E438D6B99B02C123EDB002DE84795B05F5DB |
| SHA-512: | 78230AE002B478088A80E7E674A797AE3DEC423A99B2397D36694B3CCF3BBCFC5EDB4C1D26C702A51D049FD56AE09FFCAE52F56CA2C9989F3D9DDEF199C3E3E8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.4540917273426075 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsBJg77aI90fWpW8VYgYm8M4JEgNdUFSjBR+q8lQu36H45f+3E3Isd:uIjfTI7+O7VUJLjNR8KHsP3Isd |
| MD5: | 1FBCD1B5D74895A26F7A128A30CAE57C |
| SHA1: | D7A9D501FD9556D93BDB53989FE8BB39EF0129F1 |
| SHA-256: | 6C027C4F8C6D97453ADB3537D07D5A5DB1C45C6085A3C776F944BD509B743F9F |
| SHA-512: | 8E8B31373734B05D8CADA2A9B17B389F21AB4A9992FE0D7FD9571567CD911246E5B4A5663D7F2F713C04366373B6F17F58E1BBAB9194B3F96F34218FD5F055B5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8284 |
| Entropy (8bit): | 3.6942159731281947 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpf6+V56YU86rgmf1JXYZpBY89bnvsfytm:R6lXJh6+L6YP6rgmf1JXYznUfB |
| MD5: | F6BB233D169DAE6D2EF32429C32F6688 |
| SHA1: | 2DDF869DA8DAD9431EFC5ED91176D17133D608F8 |
| SHA-256: | C02090B4EF41479E86EA26938D71274E4EF6173584E0544BF6983FBD65A7423C |
| SHA-512: | 8DA8C302AE187079184C95E178F5FF67B044F3FBAD29D4D342D6AA229D9721BCFC92482B0193915B17093F3B7BD1786B15E84E484E3E3792DBE528220110BE92 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.4531449036746835 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsdJg77aI90fWpW8VY70Ym8M4JEgNdUFp+q8lQu36H45f+3E3Isd:uIjf3I7+O7VgJLM8KHsP3Isd |
| MD5: | D03B2435E8F7A67207CC9D8511704663 |
| SHA1: | AD29448832BA2FBCFD80DC13838A5D4078D2A02F |
| SHA-256: | 92FF8A518FCAC928A5BFC62A8CADBC49B8B99CAEA83FEDDE80F8E635B40F029A |
| SHA-512: | A510A5DC670F4D5C8BE2E54C06B4C59C5FB8D5043F09AA27B0E8C7D070BBFBFFD4C842CAB9FBD12F747501D858B660E71526C941DCE8CF8AC00E265CAAE92ED8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 68432 |
| Entropy (8bit): | 2.091286914699873 |
| Encrypted: | false |
| SSDEEP: | 384:FD8YbtTySIg3XfTsLzenEzlLOVOZy5hCF7fvXkuXF3I:GYVySrXb2mEdwII4OCI |
| MD5: | 412FE3321F5E4B2FF0CB4B2B824E3CE0 |
| SHA1: | 43A0EF590C03140886049EF820F61C7556F7A058 |
| SHA-256: | 42CD40583E83964F527BFCB6237E6FBA5A5DE00C6BF21468D7CC97BE10EB2F73 |
| SHA-512: | C9225CAF2981C6FEF383DF1926C42CCBC389468195833C9C18291A1E42AEB8C0C9207543069F5C467A1318E62C3433209FB8A2A738ECE444E835E82832BC0DB6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8286 |
| Entropy (8bit): | 3.697157883184296 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpu6Us6YUO6rgmf1JXYZpBRb89bevsfsFqm:R6lXJw6Us6Yt6rgmf1JXYXceUfsJ |
| MD5: | 9276BB929D093F169F9CFD608F7DC42D |
| SHA1: | 671EA40016125C67DCBA1389D723271518997925 |
| SHA-256: | 8B9C48860CEE5E58AA65B3CBF948E1618C3060E412DA4D1B40C6229312460317 |
| SHA-512: | 9261EE50015493A620FD247DA00B7F5D1B16D807D43139A176F5E953CD67F9E3BDC0945ECD7BBE829C28357B717E554F0C53D1A3182C36B36B101C0E4FB14E01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.450431039927989 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsdJg77aI90fWpW8VY7pYm8M4JEgNdUFb+q8lQu36H45f+3E3Isd:uIjf3I7+O7VdJL+8KHsP3Isd |
| MD5: | 3ACF1B732ECDD46F51713BF2B50BE090 |
| SHA1: | 969B3CEF8E8D0D3AA81F810394E3E9EB72A3B3A3 |
| SHA-256: | 5B4E3B4302AC6DE3AA72974E0AC440B60764C993EBCB73CB144880DBF3BFCE44 |
| SHA-512: | 3EE72F5F9050A5DBBBD215F9A2C3682F45EE46AC8770D94B1BF6E3DA15A5CBDD28A92560D1E2581EB8CACD728C9CF71C22EE02D07A5CBAA3BCFB18E02D6F5110 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 82490 |
| Entropy (8bit): | 2.295281181776775 |
| Encrypted: | false |
| SSDEEP: | 384:h7vIXiv8Se9HdaAestewlw5/Z9s8pwDraDc0tPwr+Q7:1vIyUSe99+cewlw9Zmrb02a2 |
| MD5: | A1268DC810C0A991BE9549757B5066A6 |
| SHA1: | 7196141346FCBD183A49F72F5B90D47A996517D8 |
| SHA-256: | 51F542591C52105B08DDDA8A12307DA11ECA5ACDA37BD34E54726D000F68205C |
| SHA-512: | E0FA5AC834D9E18ABBFDDD03FAD15D32863E99FE66B3E5684ADC1E586382D6136BE28164876012EA2B40CE2F864285BC3FA5BA82DD2838B20D4B49EFB3A4C722 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 75578 |
| Entropy (8bit): | 2.079002217336725 |
| Encrypted: | false |
| SSDEEP: | 384:MCOpYrIAesSIKopiUks/5x9kEzlLehzhCSc2A:qYM0SDUkeXkEdehz4t |
| MD5: | 22F47CEBB282F4745743B654C0489368 |
| SHA1: | F070791C806DFEC52048AEF422E3D61EB1B35502 |
| SHA-256: | 62E4F5CCA1EDBF43A0CA33ACB70187A0EBE5CED0A5822CDC5BA23A64687BF63A |
| SHA-512: | 43F8BFCF5C9E5A88C82C5B1ACEDFD538BBB2FD78397C81AEF502701012A5F7C3A3CF54AF270D4B00BE82DABD0F7CAB974A338F5145B03C73284B03CDA7C6C4A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8286 |
| Entropy (8bit): | 3.695935721979889 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpW6B66YUQM6rgmf1JXYZpBv89bsvsfBEm:R6lXJI686YBM6rgmf1JXYmsUf3 |
| MD5: | C32E99D600D3E59B3F5DA55922B89CDE |
| SHA1: | 02B9A6C41319A8D159B91E06AB4837AF495BD448 |
| SHA-256: | CA698E66F67BD0CDDFF6D9CD73F04629D0DD1613F6E2B2FFA98A6B5A32D5E834 |
| SHA-512: | CFCF17BBD5988E14ACC0C386FC76A8E1ABEFF80A56B9E1B382375C9BB643F82783E9A95EE15A5540F239E829EE410BAC98A77ABF16277772C86BD24ED6423B4C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.452210525311086 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsdJg77aI90fWpW8VY7dYm8M4JEgNdUF2YQf+q8lQu36H45f+3E3Isd:uIjf3I7+O7V1JLlYk8KHsP3Isd |
| MD5: | 761147E3E55DD8592A8C3C091A0D0CA5 |
| SHA1: | C277A0D09F3B5D7386A4F056B04BA22704224E73 |
| SHA-256: | E2676878CE32A5306F5547134034EC69ED47B8FAEF06509CC09277BD68EF8F59 |
| SHA-512: | 39BEEA341C441F5DCEA2775FF6328189D8FFE9A0BF44F2E08413DA1B902D198F22F613F68311692D4121DF9C27D4CB0542EBC932C6B076B6D30B426E1DAEA370 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6330 |
| Entropy (8bit): | 3.718716603984012 |
| Encrypted: | false |
| SSDEEP: | 96:RSIU6o7wVetbPn6eGtY1JXgiSH5aMOUJ89bP7psfR9Dm:R6l7wVeJPn6esY1JXYZpBJ89bzpsfRxm |
| MD5: | 8C511E4B36286202D745B35A84A8C0C8 |
| SHA1: | 38DBD27C915F61DDD53F7E61D1E64424D4FD7050 |
| SHA-256: | 9EF0CDB22CDBAB88AEFFF4BCA244B3E46322E2F11443B729FFA1411655B74431 |
| SHA-512: | 8CE257CC280304CD2ABE267DFE6044F5A00CECCCA43925775C80454F4EA6BC9BDA1A072C0526442C97D527C077694EEED3636F77C5FBB1BF9A45C1D9ECEDB804 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.449903317621443 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsqJg77aI90fWpW8VY5Ym8M4JEgNdUFoP+q8lQuv345f+3E3Iad:uIjf4I7+O7VBJLL8v3sP3Iad |
| MD5: | FD21A81A6914303862E594BD1CDED3D0 |
| SHA1: | 29C1C5C4A466F5ED61B1F7B9D7AAF34F754E63D6 |
| SHA-256: | EAE28AEF4BA05A40A7BB0CDC652F6C84ED8D845FCCF2B52D7F6E91AB48F0F3CB |
| SHA-512: | F1E0A3226B41FA0DA8E2C4887DC0D248B28EA1A9AE60FAD925B8BFAD7CAFC4A37415EC9F78FC1866ECFDBB18633E798EA32BDD08BC818D5C8C6ECA6664A3CA18 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 78088 |
| Entropy (8bit): | 1.8929605122272735 |
| Encrypted: | false |
| SSDEEP: | 384:A4t1gxSi8pJmgmsrn+rMxEzlyLCplNpodmaL8u:11oS0gmCgMxE0egUaYu |
| MD5: | 2C491FA41CFB1DB687E109433BB24C9B |
| SHA1: | E671E96A810F3EC578D84B46105CDC7BCB9B91CA |
| SHA-256: | 847C128A915421EC50F1AAE7AD88C24507F03927EE1B1FD179CC05C8D513D2D3 |
| SHA-512: | 8FE1069DDBDD18A55E3B5AA8AF02D20F18A7937CD7210C148D2B289C801E2B123E57BDE263E2865CE4E0277C0D554962DB79D74AC84A5DDEA2110EDC87BBFAE5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8288 |
| Entropy (8bit): | 3.6962167156767283 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpj46vTaA6YUQ6rgmf1JXYZpB+89bLvsfr5m:R6lXJ946x6Yr6rgmf1JXYBLUf4 |
| MD5: | DFC1C36738222A89137867B190945B93 |
| SHA1: | 2105A1FDBBADDC088A12AB6F887FA8FFA9115DE8 |
| SHA-256: | C163BA94382FE4BADEC7AB9B5E5A8F9126FDD6FEF671BB0B6B9E65E92D05F6A9 |
| SHA-512: | A6655365E3206C40E755F0B5D54F8E2D54AF1D83C307CCD994029734D3E4EC7D720FE9AEA12CF87FDC1C9D3758303E56A14BF298A34849B8DC1C617FA2BD0408 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.451618033733472 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs2rJg77aI90fWpW8VY7dIPYm8M4JEgNdUFT+q8lQu36H45f+3E3Isd:uIjf2FI7+O7V4ISJLS8KHsP3Isd |
| MD5: | CC577D0BE42EDF460504CC5C10724C8A |
| SHA1: | 2010237C262323EF932400798725ED4FE0237122 |
| SHA-256: | 36715B2CD7248937AFCB1B7055AF223693126D852F728C7BC35FDFE13031DC6F |
| SHA-512: | CFC1F8CB032A78431C37456497CE9E1D33C3FE5A5ECDEAC0D8B47AC8EADB150D9769B14619E3FD857D3E557DA3CD885D7DB104BC241A93B21850CA200921744B |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76416 |
| Entropy (8bit): | 2.355105412981425 |
| Encrypted: | false |
| SSDEEP: | 384:CnyUoo6LSedHdasasSBww/Dx1DKQWK/DzZTv0Abr:UyUoo8Sed9qbBwwbjXDtvJ3 |
| MD5: | 511F31CFEB7AAE7C4713AB166305C52A |
| SHA1: | F2E0F8BC726DECB8C73355EF33EB4602806F4D2C |
| SHA-256: | 003CD0EA2E181BCDCBC554770BC3CB2F4F39E8D1C00D1AA80B978400EE65FEBA |
| SHA-512: | F121DD66C8CB46A1F5B0D6ACDEC2B1CD9B77DD901CFCD54D1156C0CB2404321290C78734B999437B9FFA7EAAC959292EB3C27CAD925441A7FE1FE1923C978AEE |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6330 |
| Entropy (8bit): | 3.717298929040246 |
| Encrypted: | false |
| SSDEEP: | 96:RSIU6o7wVetbPf6CGY1JXgiSH5aMOUr89bPbpsfj9jm:R6l7wVeJPf6jY1JXYZpBr89bjpsfjBm |
| MD5: | 8FBA5AE6B1072FA1F4FD821EF504C569 |
| SHA1: | 301DBCC0EB89F5D3DB79304D3D9D7CD093A75854 |
| SHA-256: | EA51E3F9CF1F3D1398B99C682FB4F16F4D20082853C7CFB2147D77F6DFBFB6E0 |
| SHA-512: | F8AD69643BC9C9634574EDB1E1DA501D76C2A39AC20E8779EB6BAB9C442560A11D8364EDBF5374ED57900B5865D7E74246EB05E46EC2A9F9E0B25FD2FC43228A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.449814250473576 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsqJg77aI90fWpW8VYiRYm8M4JEgNdUFg+q8lQuv345f+3E3Iad:uIjf4I7+O7VNQJLx8v3sP3Iad |
| MD5: | D9275D9E5241554C3FDA76EB59A19C71 |
| SHA1: | E177A438FE7ADB053401239D786B21E84D9D15C4 |
| SHA-256: | 76C8A0603A492771E4868DE6C55EED7151DFD216A6C0A05B8F5D67859224C59B |
| SHA-512: | DC04E5E9C1E02B834E5F152DD146BBD23F60E1A5FD2A53C4E7F8E17D5BCBDB04C08BF31F166DE184180020FC5CBE8BB25D510D7EFF9672E8A876408E28D3CB1F |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 108772 |
| Entropy (8bit): | 2.2667231558157797 |
| Encrypted: | false |
| SSDEEP: | 384:fDaAWhsSeBJ0QnjbowsBYBKPyL1ihUShaX+YxE/zpUcXnUD/555vsqrNm:uAusSejblDBl1WhaOeyzmcXK557E |
| MD5: | 4E630E680139C9DF1F039082AE27F735 |
| SHA1: | 6391AB69223E6B69F2A6BDC50CE628D8DCE104EB |
| SHA-256: | 029C8E3FD7F0E96C1B526A436A35C7E40D7F491026371EF1FA2A631596D13D4B |
| SHA-512: | 7609738B30B458CF488324957DADF4842AD1E25A2D7BF84AE2BC3AA2DC9E8D735ACC4D41A29C8037D34FA7AA7983507764BFD4E652B0A57E8C83FB5953369CBF |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8292 |
| Entropy (8bit): | 3.6952115297419224 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpJ6y6YUX6rgmf1JXYZpBT89b5vsfxTm:R6lXJH6y6YM6rgmf1JXYS5UfI |
| MD5: | 90DC17FD935DBFE385D21A91EEE9F64E |
| SHA1: | FA9336442E3363462BA2294593ECBE943B378994 |
| SHA-256: | EA55B420C1F16732061CE4FF8F1514E8A2FF45EDB209622DAF3B3EBC0595E26B |
| SHA-512: | 5735A89734BE94B8965C8E8B03DE96B755EB650D2CF2041A79B1D914216F26A893B30B7D1F98868C8DC7A93FB8E3AD8FDA497436B6C8B815B5B3603229E20BA2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.452065628163082 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs2rJg77aI90fWpW8VY3tYm8M4JEgNdUF6+q8lQu36H45f+3E3Isd:uIjf2FI7+O7VSsJL/8KHsP3Isd |
| MD5: | 1DDD687849FB53D3CA301AF91DB1E5D6 |
| SHA1: | 1DD7BD658BB4CE4E7367C3198A0C494138088604 |
| SHA-256: | 89F6C4E348BA9FEE2854898D94065FA411C6DC31183D630EBDB6EDC290B8A16D |
| SHA-512: | 708E1B2A236F07D65596A5EB2FDCCBFB45282F567F87C435448253CC539B1C85E75FB9AC30BFD0BCA2856EBD9CB1E8D69B4E9907D2B55643FB17B513C106B457 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 123956 |
| Entropy (8bit): | 2.310026722428655 |
| Encrypted: | false |
| SSDEEP: | 384:aGpgwnfihSeM+/Ddqn81NfwBKPyL1ihU/vsXYPy6xO1CTdP19npI42pXvcLjhYLO:dgvhSerN1NoBl1LvJhzdPNeXvNO |
| MD5: | FD7934E1EF6E20ABDAE58813192D1C99 |
| SHA1: | F12787301E60B730FE9CEF1342EFFD6386D2EA38 |
| SHA-256: | CD07404A1691260401995CFAE3A9FAE4D53AD7B397A3E2E52FF2A2BD6620F97D |
| SHA-512: | AED3C20B2E079ED9CB23EC4723FE4E4ABED48530F4E19A150EBC3B4847F59CED69E5CE1110A94CE6312F16C7572FF070AC562B742965C002EA4773A5BFA34F40 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8292 |
| Entropy (8bit): | 3.6948352666275848 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJp46RC6YUk6rgmf1JXYZpBT89bivsf92m:R6lXJm6k6Yf6rgmf1JXYSiUf1 |
| MD5: | 46F8CDDC19A66080E79483D1CA1AB179 |
| SHA1: | 09555F08E033333A13D3BF1691A64372C230D3D4 |
| SHA-256: | CA413ED37D8731389C354CA2780BFBE926B206A545858DA359C05B196FA13025 |
| SHA-512: | 537218BC738B809EBA0B24797975AA1A388D7386B38E697D77A5569A601A01BD13600312DDC070568F8506B2594859A38D97F6BFC0F39E42376653008102506C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.452236297226789 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs2rJg77aI90fWpW8VYwYm8M4JEgNdUFWL+q8lQu36H45f+3E3Isd:uIjf2FI7+O7VoJLZ8KHsP3Isd |
| MD5: | ED787107BF932D7A6FF589463B0770AF |
| SHA1: | 1DFCB7AF0A532FDCEC3CDF7DF5CD092A51F0B239 |
| SHA-256: | 2FBAF7626DDDC3B118B838FBE794B966DC181A3E6011F974F784F068B7FEF83D |
| SHA-512: | E84881E78AFE4261AB7F7F64B7E359F03758E2FC2BCA9D28ED14DD140D4B064A80371B7E8D13FEED773B2B96715BFF8F01274315D2A0F1EFF651867FF16CD113 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 99192 |
| Entropy (8bit): | 2.173976654721859 |
| Encrypted: | false |
| SSDEEP: | 384:mQgniZ/SeMFvn/gsEiRwXOqyE7RlQzZueN0WFxEQNJI/uKi:pgidSesg9YwXOPhuevxKhi |
| MD5: | 57C8A2A10363D177DA888C1D5BA08DF1 |
| SHA1: | BC9B622D6E1FA6860EBC50B2FB5B809AE396546E |
| SHA-256: | 08B37DB17D93ECA9FD0F83DA9D98D71B6F0B5B28DA8D5436A67BC26542FD336E |
| SHA-512: | 2328FBB420549A3D8627C24E3D910B37C271929826C0DF7D19BF0BFECBED5C5F1A8CCCA51CB4820DF3720EDB6609FF5697EF73DD2B523D572353BE0A7FEDC25D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8312 |
| Entropy (8bit): | 3.695371154570197 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJpj6lQ6YUB6rgmf1JXdkZpBa89bOvsfetam:R6lXJN6S6YS6rgmf1JXaVOUfc |
| MD5: | 16300AD45E01B9CAA4D8E06FFA49DA37 |
| SHA1: | 41FBB6DFC211098C76195CFE4B7864DB23D02229 |
| SHA-256: | 7045500BED2F85BEDE562371292D502B0554F051C4A7425BDE53E81A6E066043 |
| SHA-512: | BAD6520D5F3C5C505F0E3EEC252CE0098CC0FED07E8AEA1D42151187BA8831F6BCF1FBB152E169A1842BB7A54C4F2DA56815824F2E251606ED09D938EA74B9DC |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4585 |
| Entropy (8bit): | 4.453499868979685 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs/Jg77aI90fWpW8VYcF5Ym8M4JEgNdUFCP+q8lQu36H45f+3E3Isd:uIjfhI7+O7VvoJLRP8KHsP3Isd |
| MD5: | C5B0CD3017D483692190C6BFA300581B |
| SHA1: | 556643DB820178EC992411AA17979A7D4F7386A4 |
| SHA-256: | AEFC0B2778131E98D2C0AAE9D324E19FF5F456915C935D6BAC4890A42F536107 |
| SHA-512: | 504A2F0FE9917C219C32B2C6A8B81D7A673B2F129A1CE52821A1C596146772830DEAEDF41E9F84A899BAA7AD63600356C45B79DE9D7551FC67E4C3CF7C468F52 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\cmd.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 1245 |
| Entropy (8bit): | 5.256331100535602 |
| Encrypted: | false |
| SSDEEP: | 24:2dcd4+ScU2/P1m6edKIL6LMhEMO5pwHYeGaDt0cORv23f9Apgln:cmtbn1edKIL6QdOQHuaDN3gC |
| MD5: | BC4AF0BDDDBFD455F19E0322214052DA |
| SHA1: | 916F3C17EE72CFE52E3BF71420E2FD53E451EB00 |
| SHA-256: | 3828B3C6AB9C9311A345CA256E34118DDA6B11F3DFEA6D42C82B08642E97C61C |
| SHA-512: | 8227CD7B045A9BA05CB9E8C5C4113858BA74053FA57771CF762BA1B82CEEF2116494452F095460F32F1169E949EA36FEC9BA0381C22D96049E522BEB7A88FBF8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\cmd.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 1245 |
| Entropy (8bit): | 5.252972011852054 |
| Encrypted: | false |
| SSDEEP: | 24:2dcd4+ScU2jx1m6edKIL6LMhEMO5pwHYeGaDt0cORv23f9Apgln:cmtbjx1edKIL6QdOQHuaDN3gC |
| MD5: | F42A69A2F07118DC86A2CE4A23A2D8FF |
| SHA1: | 686987E4C2BF9B6047E540F6E4598597C3B711D8 |
| SHA-256: | E13BE217812E20C1659BEF7A2D0C948C4876A38F04BA86BDC4EE80C3AB9E1C39 |
| SHA-512: | 3E2238CF51D8C0AF54315E6DD3E82421FFC92C63C96C14F41D3FBCACF04234D883F464C376A63BDAA18A2B5F32E89BA285337CC42323E0B0797E46E7617FB0A0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 3136080 |
| Entropy (8bit): | 5.757124319357467 |
| Encrypted: | false |
| SSDEEP: | 49152:Df8YD/FsmFicakLoY4fIKSW6TItcakL62XgNzcwO2RmBoV8cakLoY4fIKSW6TIty:Df8k/FsmFicakH4fInW6McakpXgNzcwp |
| MD5: | 7D77F1110DE8074096D1993EC3061470 |
| SHA1: | 6F95F8C582A80C2D5F6201B17C82C1516431E8A3 |
| SHA-256: | 9D66D4EB338794F23A10E6BB736094F6E314D58188054C1D6817A7858A7B65E8 |
| SHA-512: | 83F87764BE24887135678341DC7E961497B796F01571B7BD192EB3384375880C8A15098EDD43084FB04682DE0D01388F7C65DC78714B76CD5C8008F56A54CDE4 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3136080 |
| Entropy (8bit): | 5.757124319357467 |
| Encrypted: | false |
| SSDEEP: | 49152:Df8YD/FsmFicakLoY4fIKSW6TItcakL62XgNzcwO2RmBoV8cakLoY4fIKSW6TIty:Df8k/FsmFicakH4fInW6McakpXgNzcwp |
| MD5: | 7D77F1110DE8074096D1993EC3061470 |
| SHA1: | 6F95F8C582A80C2D5F6201B17C82C1516431E8A3 |
| SHA-256: | 9D66D4EB338794F23A10E6BB736094F6E314D58188054C1D6817A7858A7B65E8 |
| SHA-512: | 83F87764BE24887135678341DC7E961497B796F01571B7BD192EB3384375880C8A15098EDD43084FB04682DE0D01388F7C65DC78714B76CD5C8008F56A54CDE4 |
| Malicious: | true |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.465449353414441 |
| Encrypted: | false |
| SSDEEP: | 6144:FIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNpdwBCswSb6:mXD94+WlLZMM6YFHT+6 |
| MD5: | 40B86B0D624EC737A5F904FC4C89F1CF |
| SHA1: | 90AC731A2716377913111CA91D826CC3F01BF501 |
| SHA-256: | BDFB559EB4317FB78F0532A3F63593CA3CB1C7709F50EF2DFFED686E5D556446 |
| SHA-512: | AFC94006E7D854093B6CCCEBA0699CA52980C1852D2673F00692D2578DF53A0F405FE90B67B6E73ECA6E1B71162EFB38031280B7CB1AEBC54EBE96E58E737E84 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 5.756460153004245 |
| TrID: |
|
| File name: | htkeUc1zJ0.exe |
| File size: | 3'136'080 bytes |
| MD5: | 64fbd4176cf9fb77d63173f809b2433d |
| SHA1: | 737e70ae50f2616dc445d8244d192a63d48a11bc |
| SHA256: | 80ff41fea4b4580608227df8a352de5497fc84b6bf5bca9613265cedd1005c5a |
| SHA512: | e5305aeff37a8610b260b76afa680ab432ad900ff03631af367b60edcfb497d602e2cdf30be233c816ddb9edf2b25861d76b21ed5b901378512462aee7bcf20f |
| SSDEEP: | 49152:C+5puFNqGpcakLoY4fIKSW6TItcakL62XgNzcwO2RmBoV8cakLoY4fIKSW6TItcl:C+5puF4GpcakH4fInW6McakpXgNzcwOE |
| TLSH: | 76E523A3B63D85F2DC5D31721FAB6472837DAE84C37612510ADCA858CEB5C6B082B7D1 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................................%.......%...@...........................%............................................ |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x659f9f |
| Entrypoint Section: | UPX1 |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows cui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
| DLL Characteristics: | |
| Time Stamp: | 0x0 [Thu Jan 1 00:00:00 1970 UTC] |
| TLS Callbacks: | 0x659c92 |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 52d5086abc1dabd2119b92104f1111a0 |
| Instruction |
|---|
| mov eax, 005DE6A0h |
| jmp eax |
| or edi, ebx |
| and eax, eax |
| sub edx, ecx |
| dec edi |
| sub ebx, esi |
| mov edi, edx |
| sub edx, 5A504817h |
| add esi, eax |
| not esi |
| sub eax, edx |
| sub ecx, FA379E8Ah |
| inc esi |
| sub ebx, edx |
| add ebx, ebx |
| or esi, ecx |
| mov ebx, 23BD1CF7h |
| inc edx |
| dec ebx |
| ret |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x25b000 | 0xf4 | UPX2 |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x259a5c | 0x18 | UPX1 |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x1dc000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| UPX1 | 0x1dd000 | 0x7e000 | 0x7d200 | 40e3c2fc15d4b919ac514d1b327d291b | False | 0.6978782935814186 | data | 5.750671110773164 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| UPX2 | 0x25b000 | 0x1000 | 0x200 | ad4d5e0c26cac0971bc8645faa91861a | False | 0.31640625 | data | 2.2453931745398656 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| DLL | Import |
|---|---|
| KERNEL32.DLL | LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect |
| oleaut32.dll | SysFreeString |
| user32.dll | MessageBoxA |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-17T16:41:22.890495+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49733 | 172.232.31.180 | 443 | TCP |
| 2024-12-17T16:41:31.608968+0100 | 2824544 | ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit CnC) | 1 | 172.232.31.180 | 443 | 192.168.2.4 | 49731 | TCP |
| 2024-12-17T16:41:31.971678+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49731 | 172.232.31.180 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 17, 2024 16:41:14.365425110 CET | 49730 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:14.365461111 CET | 443 | 49730 | 104.20.4.235 | 192.168.2.4 |
| Dec 17, 2024 16:41:14.365622997 CET | 49730 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:14.365694046 CET | 49730 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:14.365798950 CET | 443 | 49730 | 104.20.4.235 | 192.168.2.4 |
| Dec 17, 2024 16:41:14.365849972 CET | 49730 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:15.118967056 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:15.119020939 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:15.119203091 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:15.260694027 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:15.260720968 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:19.725594044 CET | 49732 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:19.725655079 CET | 443 | 49732 | 104.20.4.235 | 192.168.2.4 |
| Dec 17, 2024 16:41:19.725743055 CET | 49732 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:19.725872040 CET | 49732 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:19.725955009 CET | 443 | 49732 | 104.20.4.235 | 192.168.2.4 |
| Dec 17, 2024 16:41:19.726025105 CET | 49732 | 443 | 192.168.2.4 | 104.20.4.235 |
| Dec 17, 2024 16:41:19.739522934 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:19.739548922 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:19.739852905 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:19.751017094 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:19.751064062 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:21.031366110 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:21.031537056 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.550721884 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.550801992 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.551785946 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.551902056 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.555746078 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.603332043 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.890562057 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.890640974 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.890675068 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.890719891 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.890722990 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.890773058 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.898019075 CET | 49733 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:22.898056984 CET | 443 | 49733 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:23.630131960 CET | 49734 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:23.750674963 CET | 80 | 49734 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:41:23.750787973 CET | 49734 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:23.751063108 CET | 49734 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:23.870534897 CET | 80 | 49734 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:41:24.916553974 CET | 80 | 49734 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:41:24.916631937 CET | 49734 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:25.316097975 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:25.723390102 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:25.723537922 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:25.723902941 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:25.843427896 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.045860052 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.045885086 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.045902014 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046000004 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.046036959 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046056032 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046117067 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.046185970 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046202898 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046217918 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046233892 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046242952 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.046250105 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.046271086 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.046293974 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.166030884 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.166095018 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.166138887 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.166201115 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.237891912 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.237957001 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.237967014 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.238012075 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.241921902 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.241980076 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.242032051 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.242084980 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.250358105 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.250422955 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.250468016 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.250566959 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.258918047 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.258980036 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.259015083 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.259069920 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:27.267256975 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:27.267329931 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:31.526192904 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.526376009 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.608938932 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.608968019 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.609332085 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.609395981 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.611130953 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.651344061 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.971235037 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.971324921 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.971340895 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.971398115 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.976212025 CET | 49731 | 443 | 192.168.2.4 | 172.232.31.180 |
| Dec 17, 2024 16:41:31.976234913 CET | 443 | 49731 | 172.232.31.180 | 192.168.2.4 |
| Dec 17, 2024 16:41:31.977286100 CET | 49741 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:32.046224117 CET | 80 | 49736 | 64.190.63.136 | 192.168.2.4 |
| Dec 17, 2024 16:41:32.046367884 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:41:32.096971035 CET | 80 | 49741 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:41:32.097094059 CET | 49741 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:32.097323895 CET | 49741 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:32.217211008 CET | 80 | 49741 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:41:33.261677027 CET | 80 | 49741 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:41:33.261809111 CET | 49741 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:41:33.746964931 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:41:33.867167950 CET | 80 | 49743 | 199.59.243.227 | 192.168.2.4 |
| Dec 17, 2024 16:41:33.867367029 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:41:33.867597103 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:41:33.987153053 CET | 80 | 49743 | 199.59.243.227 | 192.168.2.4 |
| Dec 17, 2024 16:41:34.983200073 CET | 80 | 49743 | 199.59.243.227 | 192.168.2.4 |
| Dec 17, 2024 16:41:34.983254910 CET | 80 | 49743 | 199.59.243.227 | 192.168.2.4 |
| Dec 17, 2024 16:41:34.983319998 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:41:34.983320951 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:41:44.984303951 CET | 80 | 49743 | 199.59.243.227 | 192.168.2.4 |
| Dec 17, 2024 16:41:44.984445095 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:42:29.916976929 CET | 80 | 49734 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:42:29.917057991 CET | 49734 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:42:38.263602972 CET | 80 | 49741 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:42:38.263710022 CET | 49741 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:43:04.409832954 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:04.410008907 CET | 49741 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:43:04.529558897 CET | 80 | 49741 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:43:04.877016068 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:05.564610004 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:06.861417055 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:09.377046108 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:09.705578089 CET | 49734 | 80 | 192.168.2.4 | 69.16.230.228 |
| Dec 17, 2024 16:43:09.705626965 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:43:09.826726913 CET | 80 | 49734 | 69.16.230.228 | 192.168.2.4 |
| Dec 17, 2024 16:43:10.955212116 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:43:13.455212116 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:43:14.267693043 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:18.564634085 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:43:23.973692894 CET | 49743 | 80 | 192.168.2.4 | 199.59.243.227 |
| Dec 17, 2024 16:43:28.564634085 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:43:48.564856052 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Dec 17, 2024 16:44:28.455712080 CET | 49736 | 80 | 192.168.2.4 | 64.190.63.136 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 17, 2024 16:41:14.218353033 CET | 57978 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 16:41:14.357032061 CET | 53 | 57978 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 16:41:14.598084927 CET | 59208 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 16:41:15.099361897 CET | 53 | 59208 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 16:41:22.899207115 CET | 51682 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 16:41:23.237021923 CET | 53 | 51682 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 16:41:24.919334888 CET | 59177 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 16:41:25.314878941 CET | 53 | 59177 | 1.1.1.1 | 192.168.2.4 |
| Dec 17, 2024 16:41:33.264233112 CET | 63876 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 17, 2024 16:41:33.745110035 CET | 53 | 63876 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 17, 2024 16:41:14.218353033 CET | 192.168.2.4 | 1.1.1.1 | 0xea05 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 16:41:14.598084927 CET | 192.168.2.4 | 1.1.1.1 | 0x7f9e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 16:41:22.899207115 CET | 192.168.2.4 | 1.1.1.1 | 0x288f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 16:41:24.919334888 CET | 192.168.2.4 | 1.1.1.1 | 0xed90 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 17, 2024 16:41:33.264233112 CET | 192.168.2.4 | 1.1.1.1 | 0x2356 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 17, 2024 16:41:14.357032061 CET | 1.1.1.1 | 192.168.2.4 | 0xea05 | No error (0) | 104.20.4.235 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:14.357032061 CET | 1.1.1.1 | 192.168.2.4 | 0xea05 | No error (0) | 104.20.3.235 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:14.357032061 CET | 1.1.1.1 | 192.168.2.4 | 0xea05 | No error (0) | 172.67.19.24 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:15.099361897 CET | 1.1.1.1 | 192.168.2.4 | 0x7f9e | No error (0) | 172.232.31.180 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:15.099361897 CET | 1.1.1.1 | 192.168.2.4 | 0x7f9e | No error (0) | 172.232.4.213 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:15.099361897 CET | 1.1.1.1 | 192.168.2.4 | 0x7f9e | No error (0) | 172.232.25.148 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:23.237021923 CET | 1.1.1.1 | 192.168.2.4 | 0x288f | No error (0) | 69.16.230.228 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:25.314878941 CET | 1.1.1.1 | 192.168.2.4 | 0xed90 | No error (0) | sedoparking.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:25.314878941 CET | 1.1.1.1 | 192.168.2.4 | 0xed90 | No error (0) | 64.190.63.136 | A (IP address) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:33.745110035 CET | 1.1.1.1 | 192.168.2.4 | 0x2356 | No error (0) | 78626.bodis.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 17, 2024 16:41:33.745110035 CET | 1.1.1.1 | 192.168.2.4 | 0x2356 | No error (0) | 199.59.243.227 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49734 | 69.16.230.228 | 80 | 5228 | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 16:41:23.751063108 CET | 176 | OUT | |
| Dec 17, 2024 16:41:24.916553974 CET | 276 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49736 | 64.190.63.136 | 80 | 5228 | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 16:41:25.723902941 CET | 199 | OUT | |
| Dec 17, 2024 16:41:27.045860052 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.045885086 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.045902014 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046036959 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046056032 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046185970 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046202898 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046217918 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046233892 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.046250105 CET | 1236 | IN | |
| Dec 17, 2024 16:41:27.166030884 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49741 | 69.16.230.228 | 80 | 2364 | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 16:41:32.097323895 CET | 176 | OUT | |
| Dec 17, 2024 16:41:33.261677027 CET | 276 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49743 | 199.59.243.227 | 80 | 2364 | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 17, 2024 16:41:33.867597103 CET | 199 | OUT | |
| Dec 17, 2024 16:41:34.983200073 CET | 1236 | IN | |
| Dec 17, 2024 16:41:34.983254910 CET | 560 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49733 | 172.232.31.180 | 443 | 5228 | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 15:41:22 UTC | 147 | OUT | |
| 2024-12-17 15:41:22 UTC | 318 | IN | |
| 2024-12-17 15:41:22 UTC | 142 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49731 | 172.232.31.180 | 443 | 2364 | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-17 15:41:31 UTC | 147 | OUT | |
| 2024-12-17 15:41:31 UTC | 318 | IN | |
| 2024-12-17 15:41:31 UTC | 142 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:41:07 |
| Start date: | 17/12/2024 |
| Path: | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 3'136'080 bytes |
| MD5 hash: | 64FBD4176CF9FB77D63173F809B2433D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 10:41:07 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 10:41:07 |
| Start date: | 17/12/2024 |
| Path: | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 3'136'080 bytes |
| MD5 hash: | 7D77F1110DE8074096D1993EC3061470 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 10:41:08 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb20000 |
| File size: | 187'904 bytes |
| MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 10:41:08 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 10:41:08 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 10:41:08 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 10:41:08 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb20000 |
| File size: | 187'904 bytes |
| MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 10:41:08 |
| Start date: | 17/12/2024 |
| Path: | C:\Users\user\Desktop\htkeUc1zJ0.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 3'136'080 bytes |
| MD5 hash: | 7D77F1110DE8074096D1993EC3061470 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 10:41:10 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 12 |
| Start time: | 10:41:10 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 10:41:11 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb20000 |
| File size: | 187'904 bytes |
| MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 14 |
| Start time: | 10:41:11 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 10:41:12 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 17 |
| Start time: | 10:41:12 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 10:41:12 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 10:41:13 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb20000 |
| File size: | 187'904 bytes |
| MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 21 |
| Start time: | 10:41:14 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 23 |
| Start time: | 10:41:15 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 25 |
| Start time: | 10:41:16 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 27 |
| Start time: | 10:41:18 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 30 |
| Start time: | 10:41:20 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 31 |
| Start time: | 10:41:20 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 33 |
| Start time: | 10:41:22 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 37 |
| Start time: | 10:43:17 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 39 |
| Start time: | 10:43:27 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 41 |
| Start time: | 10:43:29 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 43 |
| Start time: | 10:44:28 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 45 |
| Start time: | 10:44:29 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 47 |
| Start time: | 10:44:30 |
| Start date: | 17/12/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc80000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.2% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 2.3% |
| Total number of Nodes: | 517 |
| Total number of Limit Nodes: | 16 |
Graph
Function 0040AFC0 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D10 Relevance: 2.5, APIs: 2, Instructions: 9memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 25060D90 Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071F0 Relevance: 6.3, APIs: 5, Instructions: 32memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071EF Relevance: 6.3, APIs: 5, Instructions: 31memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401630 Relevance: 6.2, APIs: 4, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407930 Relevance: 6.1, APIs: 4, Instructions: 51fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407AE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 25060AE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 25060750 Relevance: 5.2, APIs: 4, Instructions: 174memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004018B0 Relevance: 4.6, APIs: 3, Instructions: 83fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014B0 Relevance: 4.5, APIs: 3, Instructions: 43processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004079DF Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004079E0 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407A60 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407A1F Relevance: 4.5, APIs: 3, Instructions: 21COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407A20 Relevance: 4.5, APIs: 3, Instructions: 21COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004093E1 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408760 Relevance: 3.8, Strings: 3, Instructions: 82COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408890 Relevance: 3.8, Strings: 3, Instructions: 82COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004085E0 Relevance: 3.8, Strings: 3, Instructions: 59COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004086A0 Relevance: 3.8, Strings: 3, Instructions: 59COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004079AF Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004079B0 Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EBB0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EB00 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E030 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004089C0 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408A60 Relevance: 2.5, Strings: 2, Instructions: 34COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407900 Relevance: 2.5, APIs: 2, Instructions: 16COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004078FF Relevance: 2.5, APIs: 2, Instructions: 15COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D30 Relevance: 2.5, APIs: 2, Instructions: 9memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404280 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403CD0 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406230 Relevance: .3, Instructions: 259COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066B0 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E30 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004065C0 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E780 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E9E0 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B0F0 Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040B000 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406712 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405040 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A8E0 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405ED0 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407A9F Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407AA0 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405730 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408590 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408860 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408990 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071B0 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004019E0 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044D330 Relevance: 2.5, Strings: 1, Instructions: 1293COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409960 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409B40 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409970 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004501C0 Relevance: .5, Instructions: 508COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405480 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F730 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D70 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00424EB0 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F650 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402C90 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004383E0 Relevance: .1, Instructions: 85COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004026C0 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 25060400 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409FC0 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408EFF Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C10 Relevance: 6.3, Strings: 5, Instructions: 75COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408F00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041EA00 Relevance: 5.3, Strings: 4, Instructions: 261COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041EAFA Relevance: 5.2, Strings: 4, Instructions: 151COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F20 Relevance: 5.1, Strings: 4, Instructions: 62COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429670 Relevance: 5.0, Strings: 4, Instructions: 48COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407290 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040AFC0 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071F0 Relevance: 6.3, APIs: 5, Instructions: 32memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071EF Relevance: 6.3, APIs: 5, Instructions: 31memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004018B0 Relevance: 4.6, APIs: 3, Instructions: 83fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004093E1 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A1EF Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A1F0 Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EBB0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EB00 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D10 Relevance: 2.5, APIs: 2, Instructions: 9memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A120 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408EFF Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401630 Relevance: 6.2, APIs: 4, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407930 Relevance: 6.1, APIs: 4, Instructions: 51fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407AE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408F00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407290 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|