Play interactive tour
Edit tourWindows Analysis Report VisBridge-1.0.4+Setup.exe
Overview
General Information
| Sample Name: | VisBridge-1.0.4+Setup.exe |
| Analysis ID: | 499619 |
| MD5: | b33f67f583b9c1f1f726d15b249d4242 |
| SHA1: | 6b554808aa148de2686fbd434f0d20b344bd3b60 |
| SHA256: | 081dbbe7d110a89155e0cd7800bc9c1a714e82ceecfa3ef80e733043387b000b |
| Infos: | |
Most interesting Screenshot:  | |
Detection
| Score: | 10 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 0% |
Compliance
| Score: | 20 |
| Range: | 0 - 100 |
Signatures
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops certificate files (DER)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Binary contains a suspicious time stamp
PE file contains more sections than normal
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file overlay found
Creates a process in suspended mode (likely to inject code)
Classification
Analysis Advice |
|---|
| Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
| Sample may be VM or Sandbox-aware, try analysis on a native machine |
| Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
| Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
| Sample searches for specific file, try point organization specific fake files to the analysis machine |
Process Tree |
|---|
|
Malware Configuration |
|---|
| No configs have been found |
|---|
Yara Overview |
|---|
| No yara matches |
|---|
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Jbx Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
Compliance: |   |
|---|
| Uses 32bit PE files | Show sources | ||
| Source: | Static PE information: | ||
| EXE planting / hijacking vulnerabilities found | Show sources | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | EXE: | Jump to behavior | ||
| DLL planting / hijacking vulnerabilities found | Show sources | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Creates a software uninstall entry | Show sources | ||
| Source: | Registry value created: | Jump to behavior | ||
| Uses secure TLS version for HTTPS connections | Show sources | ||
| Source: | HTTPS traffic detected: | ||
| Creates install or setup log file | Show sources | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| PE / OLE file has a valid certificate | Show sources | ||
| Source: | Static PE information: | ||
| Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources | ||
| Source: | Static PE information: | ||
| Binary contains paths to debug symbols | Show sources | ||
| Source: | Binary string: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 23_2_01A242E8 | |
| Source: | Code function: | 23_2_01A26430 | |
| Source: | Code function: | 23_2_01A26429 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 23_2_01A2207A | |
| Source: | Code function: | 23_2_01A237C9 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00B7B01B | |
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Command and Scripting Interpreter12 | Windows Service1 | Windows Service1 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | DLL Search Order Hijacking2 | Process Injection12 | Disable or Modify Tools1 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Search Order Hijacking2 | Virtualization/Sandbox Evasion22 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection12 | NTDS | Virtualization/Sandbox Evasion22 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Timestomp1 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Search Order Hijacking2 | DCSync | File and Directory Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery14 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 2% | ReversingLabs | |||
| 2% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 2% | ReversingLabs | |||
| 2% | ReversingLabs | |||
| 2% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs |
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
| No Antivirus matches |
|---|
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| www.gtlvisitme.com | 38.90.155.59 | true | false | unknown | |
| raw.githubusercontent.com | 185.199.108.133 | true | false | unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| low | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| low | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| low | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown |
Contacted IPs |
|---|
General Information |
|---|
| Joe Sandbox Version: | 33.0.0 White Diamond |
| Analysis ID: | 499619 |
| Start date: | 08.10.2021 |
| Start time: | 17:26:57 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 14m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | VisBridge-1.0.4+Setup.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 33 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | CLEAN |
| Classification: | clean10.winEXE@13/139@2/2 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 17:29:21 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 185.199.108.133 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| raw.githubusercontent.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| FASTLYUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\squirrel.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1265 |
| Entropy (8bit): | 5.340171064243184 |
| Encrypted: | false |
| SSDEEP: | 24:ML9E4Ks2wKDE4KhK3VZ9pKh7E4O1lEE4UVwuE4IWUAE4KI6ns:MxHKXwYHKhQno7HKlEHU5HIW7HKjs |
| MD5: | 2B685AA47865989751DE7902665B5087 |
| SHA1: | DCB3866EB74BADD6BB666D7AF77D400DE737B78D |
| SHA-256: | E759F970EE1AEFCDDB619CDE7597128332F2C4F90E3A02E789788A184E59BC92 |
| SHA-512: | DC6842C3B2694B844D2351A3D500CF007E63D73251D44960F7EAF69A13CCDD1C17C758FE78F79E235ED9C69141769C704B1223B726CBFF739D1FFB2FC1D510F2 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\Desktop\VisBridge-1.0.4+Setup.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 79 |
| Entropy (8bit): | 4.859310698323247 |
| Encrypted: | false |
| SSDEEP: | 3:iWTQLdOgxWjer/LrGTzdn:H8WijGTx |
| MD5: | F932F5FA861E01D175FE247730F5B120 |
| SHA1: | 23FD85E3D0B9B80B9EACB2647A5564C92C059140 |
| SHA-256: | E6F4B8ACBCE1A0C91B50829C77D3364B3F682E8FA31BFC0B0AA40C3E03FDAB84 |
| SHA-512: | 9B5C38AC10F26EEA8F4209EBBAA1F84A8FD0C16826518507A61B1CF6E9198A5C72F1BF78352B4B26F6724F2E3B5BCC741B9022F1496C7DEDE0D0045092719B05 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2752 |
| Entropy (8bit): | 5.208769188734254 |
| Encrypted: | false |
| SSDEEP: | 48:ED/AZLT7hgcpJZVWgBNNXzHSxBNN4zvIbIWzlGAgATQn0pJ2VWgBNNXzHSxBPdRG:iygk38lRLFLS8xen |
| MD5: | DF797A834FB3793ADEFE313B3EC58366 |
| SHA1: | 80CBA8B552A1C111D5827D775C6076029730A4B2 |
| SHA-256: | AC69EC242CBB9CEB0C1EA9CE81E2F4BEFE4B3A190863066FA7766056F40AE7AB |
| SHA-512: | CBC3350D1301EC51F69AE26346F11FD8305B239C14E4891A4932AE78FE56758EE27FE9A05216039A455EAFB5561D3973B2151B8D18940F507574A05F641D129E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\Desktop\VisBridge-1.0.4+Setup.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1830120 |
| Entropy (8bit): | 5.886179785302717 |
| Encrypted: | false |
| SSDEEP: | 24576:1NMFwWMK8zptHroPjSWijyJsVB3Fm27jmHxefUFU7+KgJhzV31s66:pWfqoPj6cxefUFU5gJhtg |
| MD5: | C45A02058073AEB5783F40F78CBF6130 |
| SHA1: | 559D64954F25355775E44708C83CC231B042ABF9 |
| SHA-256: | B353A149830EBBB9DD6F0B277F399F489B604C0224448F6300D64EF6162B0073 |
| SHA-512: | DDA56D82B516292FE3CDB9F61069C7216361AC68864161119B0F454B0D258451CDBE1F94F73033EE90C5EF3214B8CA97C61475F1EC103D379C92FA5BBBEAA638 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\Desktop\VisBridge-1.0.4+Setup.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86206808 |
| Entropy (8bit): | 7.997914386294035 |
| Encrypted: | true |
| SSDEEP: | 1572864:V5dzV9dD6WVlrj2szPiLh4R2Z3S7BQKwhiXWU4+D3ztxEKrIqAe+:V5fjFdxzPU4RwMfwhimgD3znFrwe+ |
| MD5: | 070CA605F2C06710E83C21B29B786499 |
| SHA1: | B409029996343C5B19AA9CFD7B18BCDDED443F26 |
| SHA-256: | BD373CB5E6AA47D876C8A436F5D4C6FF5A54BB99685F0BC57AF4FB3319B7CDE1 |
| SHA-512: | 62CE2D551A0C63297CF58FB4E4860A697A0BF7C9928B225F017E77CC2C97D952B5D125D3305D2FB23C5E99F5ADDCD7565F664FEEF730FB3474B6231E618C1036 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\Desktop\VisBridge-1.0.4+Setup.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44410 |
| Entropy (8bit): | 7.7070750223988425 |
| Encrypted: | false |
| SSDEEP: | 768:5XxIn344C+JtOb7Q+8Phv9YaZuJ+Hz7X9Dbzjy2CXdSksvlxkZPbM/zEffvTeq6e:5XxIn344C+Jty7Q+8Phv9YaZuJ+Hz7Xk |
| MD5: | B5A42ECDE0B058B3C4E661E0EC84400B |
| SHA1: | 7E2BFC653C5BC6997553C150A0823DAAE372CD99 |
| SHA-256: | CE636D201EF86FFBF4EE8C8762B4D9DC255BE9D5F490D0A22E36FE0C938F7244 |
| SHA-512: | B7F4A7BDDB226066F7EDF23DFB9BEE658C30AE03DFE727EC739F51FD98C63831F732343C14A6CA080F31BAED38BF9064CDD57C9D1DAAF4C42C029FE83D846DC0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\squirrel.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1830120 |
| Entropy (8bit): | 5.886179785302717 |
| Encrypted: | false |
| SSDEEP: | 24576:1NMFwWMK8zptHroPjSWijyJsVB3Fm27jmHxefUFU7+KgJhzV31s66:pWfqoPj6cxefUFU5gJhtg |
| MD5: | C45A02058073AEB5783F40F78CBF6130 |
| SHA1: | 559D64954F25355775E44708C83CC231B042ABF9 |
| SHA-256: | B353A149830EBBB9DD6F0B277F399F489B604C0224448F6300D64EF6162B0073 |
| SHA-512: | DDA56D82B516292FE3CDB9F61069C7216361AC68864161119B0F454B0D258451CDBE1F94F73033EE90C5EF3214B8CA97C61475F1EC103D379C92FA5BBBEAA638 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1060 |
| Entropy (8bit): | 5.124434796745036 |
| Encrypted: | false |
| SSDEEP: | 24:VDiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:VDiJzfPvGt7ICQH+sfIte36AFD |
| MD5: | 45574510C534A8195F53B30E3810239E |
| SHA1: | 10BFA95A2F25DF14DFE6A55A9E73D9FA5BECDB60 |
| SHA-256: | C44607A865E7A6DB05552BAA0EF71F9887D96ACD00D123854B44996BC27C0E33 |
| SHA-512: | B59D4C8E07748B68DA51B2163A2EBAFD51CDC546A1776A1105C19F6727DAD697692D4FCB137578BB43DC615342A08C2E9E103384B80FC81C3C669AECC9C443C8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\squirrel.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 196 |
| Entropy (8bit): | 5.115936780987772 |
| Encrypted: | false |
| SSDEEP: | 3:O1LdFxQEBM2F2UZHsOBEREIqANLWO0nacwRE2J52U5sMyYpi1LdFxsMXFtlU1K:idFSVUB4hqiL1cNwi232UydFZt |
| MD5: | 727EDB3BF1D777CC3A48A673BD624AE3 |
| SHA1: | BCCA2735D99D73BF3A06AD16162DC0040656317D |
| SHA-256: | 3C01C5114B915AC73E2DC45B2AA44136B24BFB1192A7C9420CDF3C06C6F2ACB2 |
| SHA-512: | F339ED4EC597C0B1FE11F655AC0C7BB9825C3EEFAA3BADAF686C247D292F030357B10FC612DA962DAED0319A33693615788C2899416DAFCDE22150485668AB19 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76677120 |
| Entropy (8bit): | 6.472286092716795 |
| Encrypted: | false |
| SSDEEP: | 786432:jidzCEXJ1ygeL7g6zRBPd6nShjXWm19CELXwZp7cDd/DC:jidzDXWP7g6zRByS9LnLgZNcRLC |
| MD5: | B2106517AA8D0A9519851F425F432EA3 |
| SHA1: | 244B531F1B1DE508907B105053484AEC86CC37C8 |
| SHA-256: | A24D656946A2A8EF8130939E7E505C5338CEC88C438C838FC99B45E5F04A4E44 |
| SHA-512: | A8AFEC38C54A87C415437E940BD503DD13C76EB04ED6F8335F31106F60339B80AC0E24EE25DAC07B9AF5C6F42C94684FB3ADF2829947645711A8D81F8A8ABC79 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 180594 |
| Entropy (8bit): | 7.841177755114997 |
| Encrypted: | false |
| SSDEEP: | 3072:IDKzwVbpDhO54UCZIQ2w5+vfdYCJdx10khejSTS9SO0vVm7O0U27IIABNHlJMgfI:IDKzwVXOHCZ3x5c1YC7x10fSucY7OP2j |
| MD5: | D5719B1F791AC999C3CFDA2E4405BDCE |
| SHA1: | C5D94054BCB271DEE08714C313476ABD67BE28CA |
| SHA-256: | 7CB9D93A16E5621AB765E3F3B459F4698AE496035E283F2C0C390B188A487741 |
| SHA-512: | CE75BDE78DDF6BC394662C5D0CE107BA375B13BF75A31BA1888DFFA74900FA86BABD65CE222C38DB73A11C8D54B3C6F6046B8F71CE80281EEC884FD7F0CD1583 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 320847 |
| Entropy (8bit): | 7.924574929324259 |
| Encrypted: | false |
| SSDEEP: | 6144:0rDQYak+9bMOHCZLz73QYV85u/oFYvwoytKi6obByPGlPFYKyo+:0YfzEg5u/oFFpxLlFYZ |
| MD5: | 0649DF49260E18326C9A54545131AAEC |
| SHA1: | 76DE40E3B828CB42CB8B9BEB31808EA2145EDA56 |
| SHA-256: | 070A6CB68318A032EC17CD7B07F8AF8BD6983F16997F50A231D232396A2F570F |
| SHA-512: | C196726564EA218C1E58121F43AB6F138A676A47CD53AD9099DAEC4CC3A491CF7F9127C56F31F8EC460080BA5F2F56EB2F6C7D37E286E05C4DBD9592552185D4 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4524696 |
| Entropy (8bit): | 6.367051782021837 |
| Encrypted: | false |
| SSDEEP: | 49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt |
| MD5: | 7641E39B7DA4077084D2AFE7C31032E0 |
| SHA1: | 2256644F69435FF2FEE76DEB04D918083960D1EB |
| SHA-256: | 44422E6936DC72B7AC5ED16BB8BCAE164B7554513E52EFB66A3E942CEC328A47 |
| SHA-512: | 8010E1CB17FA18BBF72D8344E1D63DED7CEF7BE6E7C13434FA6D8E22CE1D58A4D426959BDCB031502D4B145E29CB111AF929FCBC66001111FBC6D7A19E8800A5 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2815720 |
| Entropy (8bit): | 6.614537805087733 |
| Encrypted: | false |
| SSDEEP: | 49152:CVtTXiHnB+JD20P2jtEkt1HTSPSbVfhOfs9XOee7dhljxwELGpCWCcnYhpZ6ozHm:CHiUJRu1ELYnYaaXkv |
| MD5: | 72A2B9FBF0DFD2D692D5E19440FC1759 |
| SHA1: | 282D306CBEF728750332B5E46B048080D8205AA3 |
| SHA-256: | DBB66FCF59B5585ED53842E4C749468890B6EA0FA2235901457C006A26F875AA |
| SHA-512: | 456A3DDFF36935891A617851347AD1F85BEA08265D01C9D8209B4CD83BAD5902CEDAD9C48719B4FA471D88A0E08491604A254FDA13B48CAB85F12B2942141F39 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10518160 |
| Entropy (8bit): | 6.2302696739268475 |
| Encrypted: | false |
| SSDEEP: | 196608:Ub+wSv9AAQbNjliXUxR0rHf93WhlA6tj1w:U5KlQbBliXUxR0rHf93WhlA6tj+ |
| MD5: | 9732E28C054DB1E042CD306A7BC9227A |
| SHA1: | 6BAB2E77925515888808C1EF729C5BB1323100DD |
| SHA-256: | 27993E2079711D5F0F04A72F48FEE88B269604C8E3FBDF50A7F7BB3F5BFC8D8E |
| SHA-512: | 3EB67AB896A56DAB4A2D6EEA98F251AFFD6864C5F5B24F22B61B6ACC1DF4460D86F0A448F1983AAC019E79FF930286C3510891BE9D48EF07A93FF975A0E55335 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 442088 |
| Entropy (8bit): | 6.293643898878802 |
| Encrypted: | false |
| SSDEEP: | 6144:FY9Lb+XOh+hzKL+ptr9kDMp6pd4JIXOiVc:FILb+XOhGKLq4d4JIX5c |
| MD5: | 5E2177192D287234220E22D341C05718 |
| SHA1: | BFD2FFB039ACBA887A97C2504B7FABB47F2A482D |
| SHA-256: | 3A2D10B10F19CCE59BCCB5CD761161E0489B6C13F34BE0E44000D5D5E6BEBEAC |
| SHA-512: | A72F714954A19D7800218EDFAE18380E3F2CE594B964B544027185C32F8F92225805F4244DC3BD2BAB50103A6B0D5520860C2B4BC529DCF28942081D53CD6D1E |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9662696 |
| Entropy (8bit): | 6.290273344437268 |
| Encrypted: | false |
| SSDEEP: | 98304:b4lfzYMbCZTXEalBkICxa8WGyWhk0P93Z:b4lfzYMWflBkI6a8WKy09Z |
| MD5: | 853691EE18BC309F46649B5163D4F80D |
| SHA1: | 92790BC1FBCF057719EAC28DC7847DEA601CAC6A |
| SHA-256: | 73D573F0756BDAED37549500364D5F78D969B1DC672923ADB062FB0D5306B10B |
| SHA-512: | 2220666A6EFAB2C9640D4FFDC6F6B200E3188E549CD99D61C749700CC1C5B0069654BCFCAC9C462678AA41E922CF66D5F7480D1D0C168F2729ACE1129E87FB34 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 140647 |
| Entropy (8bit): | 5.043381693262826 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 587EF55BC43FE3ABC9EBD8388690183B |
| SHA1: | DADD41EA934E10391BF93869805524B676CF35C2 |
| SHA-256: | FDCCEDDC2A8684DEC0C5C2DB5296A308603F371EB6C65B6F5C76754B1801462F |
| SHA-512: | DB75A55620367E89446E517A98FDE821E1E2D599FAFD5EAA6B103D443BD58D27AC33C62FC5A5496EBE2823C66703D289427DC4F8098A6DAD3F251EE3B392D6A8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 143318 |
| Entropy (8bit): | 5.1192878665400245 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B3D9ACE0595615ED68FF956DD31A9FBD |
| SHA1: | CDEBCE17D8CEC1DCADAC7140175484C6CDAA9A86 |
| SHA-256: | 917C2F4DD9C3CD219B928924F4BFD7CD021606784FEF1D81E4F22F0D330DE646 |
| SHA-512: | 4E694389B8F167BF9B78C8E7EFEF1250767AD2FD936E1B877591A5D0AFE1DEAD088CEC1E68AE0598E1D0FD81417F38E3F414A6AC088D14CA33C00F5B50751A9D |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152814 |
| Entropy (8bit): | 4.853160877910549 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B3AEBE7284F46164CC33DA9DE0F2E27B |
| SHA1: | F5437E6A18AAAE167888FE6B049BF7D15909A4A9 |
| SHA-256: | 59D1D359999C71216A57EB9A8BE11874FA6C9DADA4C01EC97A0B6043F5D1D75E |
| SHA-512: | BB7E3583658184A61182F52F96AB3440DF0EF40B5EC4BF57F7131546AB1BC3D81013C617D4666066FFFFCA900ED49E773E18E94D21BF6A59F5F63DEED8772FAF |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 201245 |
| Entropy (8bit): | 4.443619562641865 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 54DC3B4C2267200DD592148A21DAD5E4 |
| SHA1: | 807DF65465A6C4B0C6FFF2919A27ECAED5C24C1A |
| SHA-256: | 024A2879D0699A3BB2A299BA4C28990191BCDF714388A349FA73B737374D5758 |
| SHA-512: | AFC3294BE91AE5421F3B2F233B5CAC803BAA767E19EEC3CE9B129D5CBF6FA52A46E4A85304F58F201E37BBA03D6ED12C35EA1DDE1FA30CAF72026A6D25DEB2C2 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98674 |
| Entropy (8bit): | 5.429585599804141 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4013547D6A142CE975A459C7426509CC |
| SHA1: | 2AE1910131188FE21C28FD0C28D32A2969D5485F |
| SHA-256: | F96FC2656D0C6FC548181635980318AEB3A4684F12BF54CA5671B96F01CA9FAA |
| SHA-512: | 34B5FA0A0D30FF60AF9F162364048E384970F753889EDBD9B7334EFD394045F3A873B7193D277E4C83D1534F2C20F20DAC747112A74EEA2038A2E6BD34E674E5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 100715 |
| Entropy (8bit): | 5.837901521339819 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0048483FBB6FCC164BB5DFDB0567EDA6 |
| SHA1: | 55BC0D015999434860F71DB5E28C6AA04625BDCB |
| SHA-256: | E29823920D7D2971CCF99BB011A3A54A92C56DD5232D0F12143EBF5F88614430 |
| SHA-512: | 585534B48764FB48518168F0535CB27CF7526B599C1463A0A58BF761E016D8D44F934E09C8A1B1DB8CE7485DE7FF98EE17682F78D42A67F8A8801E23D41535C7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 91966 |
| Entropy (8bit): | 5.447848710170554 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DB4E5FEA714D290A57B1DC3C32FC83CD |
| SHA1: | 03229C65914F87A94A1D2765C457B03F37EB1A97 |
| SHA-256: | 1C0A1EB3AA161D39D330060E7BBAB3308FD6F2DE83A25D28955B34658C14E141 |
| SHA-512: | F5E117A6CF3AB9D44E334CD04651FB0ABF7E9900E90D95D27FF2662AD929303A4D5E9A1D748CEFBDFE2A19938C56BD9999BF096BB086D68A3CA7E55F58BD45CE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98107 |
| Entropy (8bit): | 5.487724190447551 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 311B773A9895CF4A54764D174D597AA0 |
| SHA1: | 6444C04EEBFC9D3F8E65BEB8C564ED37D1673F88 |
| SHA-256: | CEA9628D52BFCA596D23D8846972D145C9EAD5629B9D6CC20B2083CEB6E15E45 |
| SHA-512: | 1A284870FCF2737452D0DE49333128EB8072D15AD248966A7BB07FF8D38A2212DF40674587D7CA5422CD0BB2ACF4849902EA7F8092C3A45A57C6E93773378193 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 170724 |
| Entropy (8bit): | 4.908729260334555 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5CEE60CBC80305D2809BF4E272109484 |
| SHA1: | E8E556FFF48D57D20D62FE0DFC8E51C8F00678F7 |
| SHA-256: | 2524B33236CFA90845D02F22C3BE510F8410FBF89C79856EB28DDCD5C885E7EF |
| SHA-512: | CFAAC077AC4E0E06ECBE4440A4FEBDCA79D77F254896459E1B2C257A76955E3647B01697DAB4103C05907648AE25AB4775A491D9617091A78308EE2CE8F3B946 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 81989 |
| Entropy (8bit): | 5.506771279147103 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6EFCFC841A59201EA9F6794E8253F263 |
| SHA1: | E094556A2A387BB84AB56F06FBDA25596A8254CE |
| SHA-256: | 51C9CEFC2ADD35EA6EDEDFFB3DCDBC4AA616A515E99AD166B896E6E9F0C09CE7 |
| SHA-512: | 97C559C10CD82483054822F1164E813E7E09349A70A9AFC32FFC3000929AA05032BFD8BCCAAA0369EF10A86EF2CB99466DE87CD17A7A512F596CE9B100B6E37A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 82753 |
| Entropy (8bit): | 5.496486042395325 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 69D7C5168DE6B4311A36C39CA7CA60F0 |
| SHA1: | 40FF72437B51677065D68A6486E3B03E0A27102D |
| SHA-256: | FDEB2723F423DFE7EE4C19CC052398CBE796BFCE7D432D0ABE4EA40E6C6E3DAB |
| SHA-512: | 4E1FD01BD7D5F65F8AA2F0B2F4845106DF916A53DD4898D0CEC7FC538C2908D22F4FFD3DACF023C7854F4854534468A9BC93763BE21075661501C6CECA2CA0E7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96465 |
| Entropy (8bit): | 5.396846953703645 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0528657080F23F99B4868C7B7A44701B |
| SHA1: | 75F87D39EFC7CE8EFCCF826EE50CED53ADDD7B1A |
| SHA-256: | 2110D69AD5952F037130E8DF869C170C299FC2FBE9A6D002E919219AF673E504 |
| SHA-512: | 030104F1A46334EA8F67B843C59BDA775DEB372E89B64EFF63F73E719D34FD1305975F60912BC3F0B4FDF38D8868829D427EB9DAF44D29FC01DA60BA7B29569F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98766 |
| Entropy (8bit): | 5.370238318958416 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 2D23B7392C15DA1143E404E9CB0F174F |
| SHA1: | 199AC9A5838A9D0861CA2ABBB1387EF8914EACB4 |
| SHA-256: | 2BABD67A3A43C5674FCF1D0AD7165F54C2F1E7D39A0BA99CCE49631F08BA408C |
| SHA-512: | 0A3087F53932F52F2D76EB619875207467A02726AAAF94EE0AAD4AF4B73DA8F859F4FF63DBD8E203358E53F49D5EEFD5BC9D50294BD30047B0058C4A3A55659A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 88235 |
| Entropy (8bit): | 5.500611162999328 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 7181963D67E84ACBA65823D95C71C4D9 |
| SHA1: | 694452230D2A22E918F59D7CD5E029A127520327 |
| SHA-256: | 544363C3057E7B4BC132AD8FE320EBC12170D0B706F00706AB1DE5CD9DB21942 |
| SHA-512: | D2B79DBA2D688743EEFF805530B95808B80C62B9C262E786423DB69B8C2112B56E9BA82EF3CACC39D3303593449A3C4A446D6B615BF549F2CFB7D31ED866A456 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 136948 |
| Entropy (8bit): | 5.207380833001933 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D74CE015109AB5938DBC38F50CD010FA |
| SHA1: | E3DB2BE146B2CF6E6FA4A1784573B20127FEFBFC |
| SHA-256: | E098DA4339B9E5F59119AE7EDDF567C775B85AC32A4D5AFCA4F88AF8F4C496CA |
| SHA-512: | 73BED8BE98BE6C18FEA762DA27F68081B3BBC6DAC9C2DB82F16D8D0729C867A8F658F6B57E489C90E8C3B01BAB6459D562D7D7D6022FCD44BB90F9F4ED206DFD |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 90993 |
| Entropy (8bit): | 5.45089195578874 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9D2E06C40BF09B84C580AC9F47729E33 |
| SHA1: | C4BD3A450758B01D4BA4A4AE49606BD94D8353AF |
| SHA-256: | 00CD5BBE18B8FE92218ABBF2F5847F940642AB3F02B92CBC9EC89E38217153E2 |
| SHA-512: | C561004F7C98B88C23664E47D683100E6F7094F8F6EB4DA6DE31E2978983AF9AA9D2D917B4F021DBF2ADE64108E8CDC3259CC22B7B1D49B838C5ADA799FE4150 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 100246 |
| Entropy (8bit): | 5.225847902351937 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6FB2A5C3D866A4F04A0C4CB77B0DACAA |
| SHA1: | D9CA70EEF11DE7F3DBE83888CC56B44BFDAFD138 |
| SHA-256: | 5C235AD9F256ADA278F7AFB139EED9C5EB9EB8154A8F60581D9D67B90225E0A3 |
| SHA-512: | 02CA2D6D59C003B4C705495DF6C26C17F9B901CCDA10D2B8351F986CD0BEC955F2699075B9971C11CE22783B8B571732A22C9E36F6AD7B43BCF677C10A30F1A8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 106408 |
| Entropy (8bit): | 5.394027058129029 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5AD4C6BF4AABB6AD1A3EA7F4195EDECB |
| SHA1: | 8CBAAC148ADC93A32813A1873EE55EA69FC98FF7 |
| SHA-256: | D7B484EB37004F7CC67492DE617FE79EC040EB85A5B192515C13D8FE286FBCB0 |
| SHA-512: | 8056A4D716041ED2886DCA18AB410B23BFAE12E8AC181CA33E13FE7D8B6D0A5A479FAAB9E0D67A5E3D3B9FCC1A7CF4C4193CA1F6C7939C6FE4ACA81E069813A4 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192119 |
| Entropy (8bit): | 4.489665808153001 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A54336A9B493ACA63C8A68C0101EA98F |
| SHA1: | CFBB0B636AAB219BF25EB4B64A9449B25BE63F24 |
| SHA-256: | CF59481E3115DF302EB4BE2CA5DC7305D2752683B16021EEB32E390D0E762AF2 |
| SHA-512: | 58AD77B36A52892813BAAB769026491ED249643BD923CC33C4FD4AED85E3FCA5D75F9C09A5E3555D26A8768809A5981C764E1E1D482003E26ADE90AA19C65385 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 119935 |
| Entropy (8bit): | 4.880707163375687 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 282D40F2BB10CD0C449A9E8E886ECB19 |
| SHA1: | 3763402E515C68907C07180EFCD584CE71711067 |
| SHA-256: | 2941C4CB656BF8B8F5B27A44E1A60FF15751516CD6EB7015399C6002CA1D9C50 |
| SHA-512: | 6086979D67BB4EA0400F1A0E1469F5F4A7DE3F3B880BFB9D755CE1EB8CDDC16A888FFF9E74A0E5B135907E88F115B45BF876EE78D00054DC9B14AEB9E8254EFE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 198052 |
| Entropy (8bit): | 4.455180946377406 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A5DD558CE96041169F47421C95E43D96 |
| SHA1: | 0B20D322AAD4836AEBE271ECAFEBA012FC011F5B |
| SHA-256: | 6F08EBD28C703A4FC1142D296901B0CF2D6A34143C91363D0555C9E548C88770 |
| SHA-512: | DC96D157CFAB89F1E2D56FA8D6754693F100349EC5F2D1A15C0B9E7F00FA98714E3D73D09C572761821C41263E1E5A5F0465475EAA19FD3290ED3D56374D6595 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96027 |
| Entropy (8bit): | 5.53821706221157 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F35A2275448CB3694572F7D769BBEEA6 |
| SHA1: | 557BD9ECD5646729BC32854C495546EF43186D16 |
| SHA-256: | 4D4294BA0AFC76944CFADD39850F430443FE03967BA18978EB8F2EA45CAA35AC |
| SHA-512: | 66C8C30716CA96AE81CC7C9BD39F12EBD6427C00E097C94CE357ED5E3EAE6BC48BF3C97BE74A628D4BFC6EF9BBF279581DE8B1776C035486FE16F1E0623937B7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 102624 |
| Entropy (8bit): | 5.657724837619036 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 51846B21B193E3C46E22E52D4B378F41 |
| SHA1: | 39A49DC473D8103EA381A81840D65DA66FC5CB37 |
| SHA-256: | 65C2A61B382707028EC5E1A1D307D02E623F0C6AF313EB7834B39734BFABAABB |
| SHA-512: | C4DC6F8E542EB2AB196E11065CC2EE8963DBC04253FF7B3620C67A6D6721738A6008F12EF1BB7CA24FCEBEA4A4974A41407D409525B56A7BBC26F07BFCFADE60 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 88546 |
| Entropy (8bit): | 5.3782769811723465 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 31751C408273F18D352CFC8E842D5F93 |
| SHA1: | 2666CB7A297470A770E4588EECC44EDEF7077BC8 |
| SHA-256: | 72D2B03E45DA3D0091AC0CCEAAB8EC231C1750EBE1D33D1D5E7FA0EE36A023CE |
| SHA-512: | D85472E400889864C4412D8FE7F1E9AA6A465F79ED8912545ACB3A62ED411AB16C4BD2A176390A47DF7D4ACA07E7AD373680054FA405C3CEC68D342201270439 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96162 |
| Entropy (8bit): | 5.3036606540514635 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 489836D02C0EEE96C1DC09D1ACDC5CDA |
| SHA1: | 84B48AEF823999D0650E6D49E5F5F03FC7AD4D5E |
| SHA-256: | 95E8465B44841ED6C58A5C3F708B726343E7401B5F07769A8023C0DA56BC96E1 |
| SHA-512: | 2C70B41796EE94C5DEB0329FAC2C6DF36FCB75B687FE75C26FAF423EFD2FA8D81E56B5C3225B19A6235FBB256263021C59E461393ED99850033F064928832A86 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 116114 |
| Entropy (8bit): | 5.838162760573745 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FDEC518417A7F06C4154FC9E37593456 |
| SHA1: | 0AEAECE9D345DEB14F8C6580B83A85988EBBBEF1 |
| SHA-256: | 1D3C578CBFFE948D0A067037B36E278E9079CF867C34A6782F021F36F69B6EE3 |
| SHA-512: | F682BC5006D964C9F7DE789E15B25027B02D57C95AA49F34ED8E16593C7747F6A6E0F4B8F30E255F5F47F224D222EF86CDB0AC078634D8C1024F77446B80BF7A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 221022 |
| Entropy (8bit): | 4.393581366702196 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4ECC3C72AA44C780B23865607FA1CB41 |
| SHA1: | 52318009C1CB842145619FD6D4F074339E65962F |
| SHA-256: | DDC03DEC274CE2DE380E95DC5C3F5A71902D410C9786D5492E3FC96B508607CB |
| SHA-512: | 09B29ABE06B4166F441AD6563ADC172AEE9D489ACECFE1DB92A8551B88DE791BE38E0976F3FAB6EF6CDC9AE33BCC9374C7417ABA2728B26E9E1E48F290C258B7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98020 |
| Entropy (8bit): | 6.161281254258991 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 278CE6DEE522E4A06F3E3D81EFEC86D2 |
| SHA1: | B2CEB8C5457F8492F527C26B2A8192210EDF58DE |
| SHA-256: | 0BCFE82B5227B4192D10412866E50FBD39EB74FF4E55FAF44A31D4E96C395AE5 |
| SHA-512: | 32ECCE1C5B3B3046E13296313E8323ED4B6C17C731CA3613AAC44C848D72C41B02716EA1087DB8B453E7CE28675D97760FF110F23BDAB5B19D3D4B0482B6EDA0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 104357 |
| Entropy (8bit): | 5.634470665995158 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3491FE5E5DDB518871416D36F177DA8E |
| SHA1: | FCBE343DDB9BB96DE4A88FC977AB5D24FB086E34 |
| SHA-256: | ABC098128DF2ADDF98DA189C11C2D754617018AE0F243C575BCEEFA30B8F2016 |
| SHA-512: | 092CBADC4BF811B2AC97EB96C79F486A4AF6E133E9B18DB5815800DC105472A765EDE7997036BC9B553143A19F6E83296292DE734470C58D9A2726557B19F66C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 103112 |
| Entropy (8bit): | 5.642650382548857 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 296177539AC1A39C763F88EF9A32A423 |
| SHA1: | DBD24E6E6EA7C141C5E37240756DA8ECF66DFF5F |
| SHA-256: | A084BD27DB3465F25481DF227AD26FC90D6AE65AFE68B191BFFC54C4BF43C3FE |
| SHA-512: | AD4CCE2405F07818BDC99A97FE8F30A0030FF99537E389BC922B8F13ACC3F3E23562E362FC11B6A8319771C8AB16D10A68B47561AB354230D9D1B2029025B461 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 232496 |
| Entropy (8bit): | 4.404148177181483 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 54AA3D2CB528E1DAC4B2B0021A5554DF |
| SHA1: | BEE1D9C974ACF78CB7EAC45643D3D4284A200562 |
| SHA-256: | D8C52BF352B1E849087FA3183EE99CE7816C6FE6A7CB1C7C487C982DC84EDDAD |
| SHA-512: | CCF2FF836A5E589AC10E9293801512ED4E659E26B04C88452830581C0E639D4641A1A1360203403416FECA30F5BE9AB0AA6B86F19778C18E21FB30F4FF7FE4D6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 189028 |
| Entropy (8bit): | 4.481714062823696 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E6125DE2636D91AB5A398BBCEC54E4B7 |
| SHA1: | CD1C85758CD1EA4D889EAA021C08B50E163A4513 |
| SHA-256: | 2C9B68038A192C51BCC88F3095C371FAD5F9F1430036D4E37C685BEAE19A29A3 |
| SHA-512: | A00EF5CFD6D133D08266F1BAE3C8FF7A4827BC46AA98F62A849B8564DB2DB3C2F7B2A0661EBD0700A98926E51EF16C3B0C28B38A59C20C7706F4C91A6ABB6BE9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 90631 |
| Entropy (8bit): | 5.283371349101743 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D153C90614A3A944176694DEB6C4C5FE |
| SHA1: | CCB4397AD0C601A2900DF0B280D77DD6DC88552F |
| SHA-256: | 4431F80E1BD18FC4041B1B34B06C28F16591276CF3C18224270D7FE76DBE8A12 |
| SHA-512: | 38608CA71FC2F70E750CC8908D82787C3F60FD53D707D560A1A3CB4283DEA64AD98217D4D286A55D925F51284F40FBDFE3C7E0C4073F545AE1B09EEF2622DAC1 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 89298 |
| Entropy (8bit): | 5.4262718114593325 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3B440DB0C1D7B413165AD95F1C3C19B6 |
| SHA1: | 095D0EB86F2F87D70757B5A0BC1AD6F2495F8F08 |
| SHA-256: | 7AB0290EC676A8D403F149F89A35FE7B032CF5BD98AF6C5E5C63C4F0BA460E6D |
| SHA-512: | 389F082A284605F01BBD8EA656288830D225051A5CD6CD7E7C45B83296607ACFC7F05AE1A1237A95A8B4A4DB56DDAF488B57D02F6EB855C1874BDC4E06D35826 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 93542 |
| Entropy (8bit): | 5.378472517881294 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A30EEC9EA34FBD282F774F8734C8F6BA |
| SHA1: | 75014371BA98B1D403D7CB9F82580842C54E5E28 |
| SHA-256: | 49C9A3FCB53E0E81D9FD19E7A902C7307B2FEDFCF2AF2BF7365857DA1ACC021E |
| SHA-512: | D24FF4439B81296C3287B9C30BE7DD798BC94B094E5C04F06902992004EAF2DE4E0F07F7A7E3F02CEA63FBFFF22AA5C8AD694334671B6F5FD6817D6DEB4A42AB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 100963 |
| Entropy (8bit): | 5.757917987320697 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B0C6B7C7306197C340C9514F0AEC0ED6 |
| SHA1: | 85302361F3EA8DA3BB805444E83E0D809933CE31 |
| SHA-256: | 13A118EDC68E08E59C25A342101072C97FED8E90904883FAED71050728937FE7 |
| SHA-512: | 419C76DB396974495F31657D287531B171310AB6E39520600F6DEA340716C6FD9D6E0D2CCF027CEB0C8BBA3C6C3AF6C31BAF1EE513FD2D2A847285838EA4A197 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 95812 |
| Entropy (8bit): | 5.446634817144736 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 406327FB6D4B8E07B511D2015058444B |
| SHA1: | 2318F774DE9D6682C22BD90EEC6C9DC629976BF9 |
| SHA-256: | 202907899EAB5AB6E2F34C5261B65D06B4A959CF68D5D33886BC8EA6F6A1E23E |
| SHA-512: | 218FC6A683F3142659A8F8695FC4C1D2A76F8DAF504DA45B1A98D25B5BF488CB0E4A72570AF3887B1AF78009761B49C892B7E4F1E0AD10501B7763B773271AEE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96586 |
| Entropy (8bit): | 5.429426980014273 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 41357EEA11638DBB92F44E1595433F8D |
| SHA1: | 57CCD0D800CE9D7C38A41A032FB8D048E0D34F96 |
| SHA-256: | CD58087D558F8EC827F4F8DBB54D4BB11062BB716B9EB0FC08D9D629CDFFAF52 |
| SHA-512: | 5BB671734D15B12ADEC4EA18EA127C81DE2118BB2A8C1A57BD927CDAA51ECF97B3BE77C9D3F40384BF2D31423579CFA49105656F3C93B3956D2DDC841DEFE475 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98910 |
| Entropy (8bit): | 5.4746357373073655 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 22535F6BAE4ECFF3BFFC3718580E9599 |
| SHA1: | E7AA8B69713ACF0519589BE8E0BDE0E527279E03 |
| SHA-256: | 2409CA23765892465265B09730093FF475C32BD27ADE0B9F62E8CA4D27B71624 |
| SHA-512: | FB928449DC9C47ABC0B02B647B70387E3A9BDC6D39FFB140B4ED3F70B0B3ECDA553E4144D848013439E066CF9D2996518AABA99CB3DACDADF6A11AD99674A018 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 156213 |
| Entropy (8bit): | 5.009668050397232 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8DECCB7783FCB621E42179A461BFE51A |
| SHA1: | C1C91EFCDF03E7578A37C3A9506BD148ECFD8DBC |
| SHA-256: | 5535F872950EB70B7F9F40B1A5CB4DF67DA1FBA08775B4FFC3B89DC704A897BE |
| SHA-512: | ADAE4F840F0CFECBDE8295A27D4C5C80BC92603397D586AA024139EA35DC9BC0BC54E79E30CFFB44B003F40D82E710907F40A73CC3459461EC92902D961B6EF6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 102315 |
| Entropy (8bit): | 5.79926220582958 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 022E1EE505FAEABBA98EA21A65103C64 |
| SHA1: | F7C9F5A991FCD87FB942AAC40FC7170F1C86363B |
| SHA-256: | C26E5579EFEDFC9AEF52B130677A10DFFED2E64AC3CF77918783CA167A4EE11F |
| SHA-512: | 6A21A3031E8B33C9F1D512E089BF1E473DFB735B36549C611E21579B57EE8CE89F93752B637673F72456C8F3ADD30C2DD8F5F6C44DE1024C44E919CC5B93DE97 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 97837 |
| Entropy (8bit): | 5.499956002880514 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 052A9D575A32F8F67D928180E4C11658 |
| SHA1: | 1DFBC1CD6B52C9CF1EC643F98D2F78E94E161A11 |
| SHA-256: | 3CC8D12187D16A72D9146B11AA5D37EC95BE55136CB253C6BB59B2E6E027E1F0 |
| SHA-512: | 8D6C58518022E5DE2B518D138AB14EAEB58AFBF18C475DA71B697310B7DC2331F10940ED65891A591110DC8DE181F311F999E33B1D13A93351E408B91CF60EB0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 146803 |
| Entropy (8bit): | 4.954795402580545 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9B855E0C0EA4ED7D85F9AF6A5D255F97 |
| SHA1: | 2CA357DAFE2E702CD2724F5FA83DAA6366EC63B7 |
| SHA-256: | 51807B20F03F3DAA9DCD941B6ABABBBCF8638B622FA30F70B1E74514A4F1F649 |
| SHA-512: | 00178E7B4428C61EDFAA74EDEDDC1D46A1FDB12B974FE9FAE302394D0DFF0E08C16F019DBE86F8B91C26A09421D72C6F94D706952D5BE15F61012B5AC5CA43EB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 89307 |
| Entropy (8bit): | 5.530038375090032 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9C321B7491059AC968C6821E484B8120 |
| SHA1: | 26EEF827CE1A0975603839436808B3810C78C7E6 |
| SHA-256: | 52EF2C2DBEFC132520BFF8B30D64376070BB582D66A0F61452418E21F654FE63 |
| SHA-512: | BF57CE8033012AC698398077B86956C8DCBE4C022088DFF748ED660D5DA50FB53F0FC70646810ECF10B5C4E8430C7DD8ABEE0D71EEDAA5278FCF7A14F7580E1B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 90948 |
| Entropy (8bit): | 5.376857793458875 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E2D811AD5123EEE00181198C18B0E8EA |
| SHA1: | 07E93FEDD2A3367B356E45EF1048105AB32158A1 |
| SHA-256: | B7F8CDFA1A3615B0BF948A904B2F0DF797EF64B9CE88C3E22E09695C024D8ED8 |
| SHA-512: | F625357BD175DC56D754B0EDF37DD56334CB912F53F5E5397E874E1FB4957F1EF823217FCA8DB83AAF312E3AABC4622751810B4144165837C66926B7A5095ABC |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 226902 |
| Entropy (8bit): | 4.213485778062286 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1E05E82845CA768066045B741DC17C25 |
| SHA1: | 3742BE7FA7FAEF1A58AD7B526C6D23AB1B0EE3C9 |
| SHA-256: | 4EA70CBE5FED7813502BE5BF08D2E818CFF04827136BD935D873E28CA42C0A9B |
| SHA-512: | C60FF659B3421E9612A11F2FCD05E8A323717AE9293A3AFA6F319312097841763DBB8392ADE983EAE83B70A98EA6E97F0C4301213332B5877BEB94733D1EC8D9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210749 |
| Entropy (8bit): | 4.418934036596949 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | AB1991435E9E71F1735DD2529E89E9B9 |
| SHA1: | E21582302C08685A3AEBA25FA3E823244825D73D |
| SHA-256: | 9318FE32F0B20056D66C32A70F193E0DBF38540714F9D2F5F8D30663DF1E1D2B |
| SHA-512: | 0400AEABB3F2026A7B4A20FB8DA11234516C4829CD433759D1613C272F44C8C67801017E446E03A4B5A627E4D95A91D09B350F518DF7CAAC220A90A21A582981 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 181793 |
| Entropy (8bit): | 4.497287946485233 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | AB99EEDF367DA503E9B0982547E8A3A2 |
| SHA1: | DDFE2A88E18EBFB4139C6D8A413B26F429CE4F14 |
| SHA-256: | 86CEBC8D93BC6B636B135E03CA32B049D0A7A843194C75CA48D25430C8C7EC77 |
| SHA-512: | 1150F32B44884C85FCD8588A4953481326655BDD9B908D513B4FD3C0D39CD11E660BBE6BBA1E6F4E34F5E6C5A490BCF5BF3CA6628873415EC48930E1B9E28356 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 94187 |
| Entropy (8bit): | 5.64553424655566 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 54AC3B3AF173B25578E9AAF24BC98397 |
| SHA1: | 508F326895F8BD64D97B8E22730DF1F0B9136D23 |
| SHA-256: | 09146F4A345A514D1F8038618E03CC483D4052576BAFEF42AA4914FF6B601670 |
| SHA-512: | 6B08C4732CD827B7EFCFDCCF6C288B07CE8265A03AF5B8CB44888E5320C06F073F07AEFF5A4EC82A6F9431FA09A0C9B4472A12DC416AD8143C5AF84F33418A99 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 156936 |
| Entropy (8bit): | 5.041414148208884 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8451540E681333E67E9E7D68C0B2835B |
| SHA1: | BC7A27A0211871641940278F39D83DB89C4912CC |
| SHA-256: | 8F88A5BEF8AFBA06FBA8DC8BD538B04550495C1B3BC384ACE4451250DB9713F3 |
| SHA-512: | 80C0112E55BB9C6E0E004A163C2C84B7AC903726C7B91D62DD4D879171BA570A4924E5B3F5D1515D87B26193E52B79FE95F878BB989321E4C90A49120CAF9D43 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 110870 |
| Entropy (8bit): | 5.821906933652033 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D36508C839E88C94D06D13BC180A6728 |
| SHA1: | 3D246DD877A12BEB3C2552B017F3BD949A09956B |
| SHA-256: | F96A6E27114B97FF6CFF59E4AAEBEA8D0B4DF47AC385491AF26BF2999F8B4B40 |
| SHA-512: | FF2062FE98B7938A91537A576B869AB87AAC0617DDC121B4E8A3332F034940B36961EF8D52C7933443D13D04E3B167DC9B0E080DE5894829FAF982CAE680EDCC |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 82758 |
| Entropy (8bit): | 6.718765096437211 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 311CA2D3E7B6F8E41275D6E5BF3FCF1A |
| SHA1: | 7C989745F3BD799BE2B0D1CE840F7A15D61D22CC |
| SHA-256: | 7079B08504EE73E9585DDB32B05ECBC02FE3F03AB0229A5F9849D51C947F7908 |
| SHA-512: | 5315B62B1B43F317539515D790AF22B4B438B908F3B13CBEEE0346141133491A04A2C6A42B129E6C5E7CD04DC1474E29514A6BB37E1A854736ECFC38C68536AA |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 82982 |
| Entropy (8bit): | 6.718646638109085 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 49551908E78EB54D5538D9A1D9B52EB5 |
| SHA1: | 2EE5F5C0139FA399B268D2446233F9BDCF2FA91B |
| SHA-256: | 61C4AA03F3A1C8BE949F9F98E3079C5BF103C3A7CABB69047E2997C9DDF5312F |
| SHA-512: | 2476F9D979C0CE4E17C2E74FF99E71FEF7C49FD769B06AEE97A8DF349566E056AA2938A8A0088B846FF676E9484C0F8A7097065FF5340FB24D2459902C0A7155 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4329630 |
| Entropy (8bit): | 7.990525634727587 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 977BDF44C3BD2FA5ECE6F23915A7ACC6 |
| SHA1: | DF371EDC31EB80FE0899447DEAC2921F519C8CC5 |
| SHA-256: | 2FE8DD43B377A908DF6454EC3005B3E25409A82BFB45C35BA871F05CC578C21E |
| SHA-512: | D437BCC48BEC3AD66A5CD0E6D6C3948276B897F6ECA034B3C221EA1DC00FE7B27425D1491A1634B6AC843FC1F12AECD20BF2A7DA5FE8023AAC824ADC0F791639 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32 |
| Entropy (8bit): | 3.8042292966721747 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 49D9E9FC0F17772A3D849F0BA6D78598 |
| SHA1: | 524F020615A2D48E543AA42BD6BFBE0E1F35E962 |
| SHA-256: | 2608F2AB98654B1CEF3AD58D6211EFD2336EEFAA8F14E75E8A4344204D15C687 |
| SHA-512: | 205B539C11B1F0EA7E00C9C701784D1E19531B9040741D568A34C039B33184A86A7E3D6DBA7733D792AC81011AF09CB4793B9AD35021369F1E5A3911D2FEF846 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4406 |
| Entropy (8bit): | 7.912021942468378 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D9980E18BCD0BF719B560FF088CDC909 |
| SHA1: | 22F0656257D4D41BE46BF7B5300937F546833225 |
| SHA-256: | 68627275BCBDAD4E556CB007DCEC75A4D0E3FDB5DB3E28167279854E259E0106 |
| SHA-512: | D5B63246CC1C6B3AD077977CDEB73BAE6C5F9CE8C86EE5058EE25B0C2536F6EE9CAAE247B94E9B64C1C5FAA3B17B83DE4703269D2FF37A2404FD5B8710418E22 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 357 |
| Entropy (8bit): | 4.858748073407714 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0341E90E5B5AE36F6399D9F43E579479 |
| SHA1: | 4C7FF562E6BDBFA4830B1F54A7E3CE8E3A1B3E04 |
| SHA-256: | E11569E52B0AD3EB2352FD792DA2C61796A09355497E1B2DF64333803926439C |
| SHA-512: | 0B5779DBC4FDB1E636F7129611F8E608AD7A4250D69DB60B9AA7E2453E090699A1F748BD571B916E794582614BF118D949A1A7B852535B5BEB71A7E90A510451 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 917 |
| Entropy (8bit): | 4.837512089878404 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 46EE85AA4F35FA7EE03A82918A8DF014 |
| SHA1: | 605C7ECDB3CD9B82CBBC67DC8FDACD350D619A19 |
| SHA-256: | 7844F89A62925880E85044CFB824906B87F9350861DA126CF9E8C7A6A0DC32C5 |
| SHA-512: | BCAC20543EA1761E31381A81BFEAE0275C57BCCB779B1A1529B5360B426340D8CC9CF47BA74DE1F2FB6DDCA7AAA6A3170140ABBF1D5C67B3607A7D0B5397D300 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1490 |
| Entropy (8bit): | 4.769555186208311 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1705930D68717013F6401422A062D5E4 |
| SHA1: | 97D72E137E399E2473D35F23E1A486C28FCF44B6 |
| SHA-256: | 5DD9A721AE5E3C81611B56B0AC7DF93D3631BEA4F69E97C51E01A5B9EA085C9A |
| SHA-512: | 2AB634FD0C29AB7352AC75F26E6BC9C4C6FBE5DACF0F69CA7F0590C88C97C039212C8996CA307E29C4DAC620E616A6CE13EAC8625F9B5C71D3D27A5C607D754D |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48389 |
| Entropy (8bit): | 7.993508605037426 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | A5ADA738AE10173ABE4638C90CB539AB |
| SHA1: | E8E7E7857263A1FE38CA6D8B795DB991B9AB4B77 |
| SHA-256: | 05FA8298A003B825A7304BB789B5ADCE6129E5755A853AF3CE016562A5C3963C |
| SHA-512: | DB772A79314DD4FBB70A60294F88D96B428E65F7FF6DB4BBC02A0471EA8BD39853C4FF4E16C7FD4CAB552D6EEFE98C1ECACA8C0919056F38C889C76EF624EF6A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 168463 |
| Entropy (8bit): | 2.288360816313362 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 57A7140BA38C0E5D92D56029DD9023F4 |
| SHA1: | 8FD5B29D70F44CE37E18ED4217258F3B22115E6E |
| SHA-256: | 2FBD08F5E3FF8F25B6F69A184E6CFD55E02A92A36CB1E069F9DFC8D99FD67B13 |
| SHA-512: | 016DDD0FA2C2F274B3D13A20122DB411B26662E87AFF408C6C25EB08EBE73801890DB5C87B65CFAEA8B082775FA53B0B2769E8388EC74D3E667218CDF6ADEAA8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 699 |
| Entropy (8bit): | 4.954730289156135 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | CA7A4835C7FB360787B5F908B9C0816C |
| SHA1: | ECB74124EA1E589452408F13E623B5001738205B |
| SHA-256: | ADCC7C227AF5226E1586066A4F6919A7D718F1036C2F409DB2D19B9F10AC6F80 |
| SHA-512: | D65BC7E803095BBC42770AA7F26083971954E0A94B632E755443080634C6C4AAF8C2FC9DDE468838CD1CCCFE8DBDF8C5CB1B4E5BB01027384EA618459F227056 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4211 |
| Entropy (8bit): | 4.9385264480732465 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8205A06493C659D23D1AECFE4742E1C8 |
| SHA1: | A40B99728DEC00C1C45DC9F5009C714A2E7D0EA2 |
| SHA-256: | 3E6D8BD0A353544D8EF8545A22B5D0DF884D8D563AB13BF20596E7B60FFF98B1 |
| SHA-512: | EA0E3A4036D5DD527178DB951388384AF47A28D105E289014A25F5CE42D7668C128A3A42B03DD326EAC3C483362A097DDBE60B04F2A58D776B3144DFCBD27BEE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 211596 |
| Entropy (8bit): | 5.214563629054663 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F1BF0F8D5F5576B921510319BDF1481D |
| SHA1: | CE43BC3CFACFF650CF22A8916119726EA0A5F1E1 |
| SHA-256: | 5D4F74385850DF8D8846DDE5458A218936E453EBD13A62FEB689E145ADB88473 |
| SHA-512: | BCEA49F74AC5A41FCDA66F846157562F69FB0C1DACA5E854DFB51FCED56ABEEB5A790B91758E179C39B5B8CE18CEC22BC9F484F9BCF68FD3F065461154DB99A7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35 |
| Entropy (8bit): | 4.028445159431229 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FEE4C819F56872F8BF4D0EB00DD6EA24 |
| SHA1: | AC230013846FEE33170DA58EC1A21609E7895064 |
| SHA-256: | 7BA7F8BD99CF2DB751EFD7937B0D5081D7E93818C073D9EEF79B1A1938FD8B1B |
| SHA-512: | 0E263527BBDF4DB9F733C3FD1286D57F76073F2BC51C7EE021FA65B6BD6A9C7BE8C8F80EBB3B8342248AA6B26D9C84F2187FD8808BF210ECEA43FE5030895DA6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5492 |
| Entropy (8bit): | 4.487885919809553 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1BD48599514708649C236D3551270FD8 |
| SHA1: | 84170E4282E3FB35C446516F989532720BC315C8 |
| SHA-256: | CEAB48D6AD3DA427A1C7A1D50889986D3F07AE6E28103DA36D0BAE7354CC0A81 |
| SHA-512: | 0D54C7FBE7F51C54FA3446C3856B53BB35695B1BE8DFC96E8C89F7EEBA3842D0AAC99F220BD823445DC6C093D7A35ECEEFF42B75AD3DD5F1A3953ED8C58647F5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 3.9898980954642878 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E45F4B42AD3A220D7CBF46565C488717 |
| SHA1: | E9B8F5B806DBFD2854EFAA441208BE6C53A611F7 |
| SHA-256: | 2F9AEBD7A15D0A9E62D69BFF1C888BB93EC5EAB506A9DB272DE622DEFDA4735C |
| SHA-512: | E3AE799B24C338A42C26F2B101FFEF9A52BAAA38FAB1B32B6A9CBBD5DC55AD97C129ECCD8BAF9B9EE1978769FC5E15C065AD88A6BEAB6AFA4DC06E8F7BD24A21 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 103 |
| Entropy (8bit): | 4.284121485442542 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 03892AC59023194511827ECB60BF8A55 |
| SHA1: | BA4E43C90EAE79B101B49C849DE0D074D2EE67F6 |
| SHA-256: | 08EB5ECFF1BDCE19A2908DF9D60A1BF918C58130C9D3176415D0B76403F174D9 |
| SHA-512: | D70449F212967A2DD57202C13021AE1482AC0395CF6C9864D609EC7E153607D64FA91FE4AEB683F890BE9F577B551A53303C75F3ECB5BB7EBEC28B97639A9824 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10255 |
| Entropy (8bit): | 4.635911532416969 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D92E60EE98664C54F68AA515A6169708 |
| SHA1: | F0B513A735CC88CC1F37C5EE0CAEC2A9E154BD86 |
| SHA-256: | 9CF5DE169B595CDAE317551EF69A794B59FA3D1E151DB4190D337FE08D13D5F8 |
| SHA-512: | 477FB6A7B187FF3D043B413022C3AAA7EF83FB8EDF026F25EFC3C6F032AFDB4B2EE0C2028E4C70A0769D1F1CBA78D10EEB284B2A70EBF4C171540A1D7AAC6BBD |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 832 |
| Entropy (8bit): | 4.9551933727996085 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8E386943339B0E9CC652816ECFE6F710 |
| SHA1: | 8E3C7EADCA3BFE25CA68BFE15A0CCC2D8C9471D0 |
| SHA-256: | 913A5BC29AC3A8C1678FA9FDA57A65F85C6F5907555A3A36C77CE4EB4199D8A4 |
| SHA-512: | B507A050C92463A6926042BE8E311BFE5EE19FC0F2F8A5AA6FE894E0ACF6CA5C630289865ADFFDB148928B61C24C740E60C79C89C0AD8E815151D0EDE80B2A62 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 4.5412925036196805 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0029CC38C7891B598D622564B2A9B4B5 |
| SHA1: | 8E98BA29F74652C95320E02F243471D489CA1737 |
| SHA-256: | E34046D32EDF13334E8E410B6B2C504461EF5E562FDA19A1068CA5EA7D587AE4 |
| SHA-512: | CBA70098305A4B4454F3622048ADD11D1E49BCF200F7197892CE72C97603A90172E45765E9489B117C2B8BB1714BBC64999D94EAB194AAA8F81AF7D07EFFEA4D |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1027 |
| Entropy (8bit): | 4.782176311889541 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 82B9483BCFFB68E349758C54D4E4B2B2 |
| SHA1: | BC68E51EEEA227C01C04A51434C4730158465969 |
| SHA-256: | 800EFEE091FC95F5809A01DF5C9B06A3BD577FA935C5F9FC6A2D2CC8A795F401 |
| SHA-512: | 0020D6E3370910D991E4B0D6A39C6B37395568303E6EAD12BF3269237F487E83CD44EBE21AED0D8DAC91ACCC8B15F1F83F1F888C4AC421223061FD5AAF5B2DB1 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46 |
| Entropy (8bit): | 4.958344564752663 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 55352D85883681DF5F0FA66D3F32A872 |
| SHA1: | 90709E4FB4CE17729974B3A140CCBF330519835C |
| SHA-256: | 64E6B64F19837A76C30865579AABDDE1A825729AE0204BA73BA6DE77296CE18E |
| SHA-512: | BD3F23A4D44A5DF32AE36277D55BF3335D4E8A2954B2AE2DB3167996058B8C6D1E74C2DD9DD2C934BC1D70C15C026FC075A53D47E7B856750047FB86F6B22F58 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 180 |
| Entropy (8bit): | 4.301685598072847 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F69AF9893C473D8E925169156A42F70C |
| SHA1: | 8D154AEDDF66A7BCBD433E3C619F76BB0D920AE2 |
| SHA-256: | 7B7D5A5736DDDAE0E7CF1C06CDF41DDD9F98E73DB8F57A18FE4C9BD0F52F9AA3 |
| SHA-512: | 4239496B31071B799E30DCC18A05E6E95279799418A97DD57141A4D0F07EE0DDB057E09CB13C30C400202474B61E71175495B3CC411747ADE097D12F4EE87DD0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 72 |
| Entropy (8bit): | 4.255848091329463 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B0205B7904BEF0AD0B403FBCF4F57434 |
| SHA1: | 90FEF7CC1058BD0F85B0959C4FCD49230A29593E |
| SHA-256: | F4580152A6F48954B44CB2A0A002FA500467663DB5A6DC8E796B52533DC04EC1 |
| SHA-512: | FD7F6D36580B9F9D94247FB4EC398C7BFE7715399D11A1D6FA1EFC51E95405EE8F5E6559C5861B0D032AB425F0DE24C7E84BB4C03594E715FA21CD47461A69B4 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 140 |
| Entropy (8bit): | 4.230134094195066 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 75C6CBB25B2A5720C8663637A2678879 |
| SHA1: | E87A69A064F6A95B166333D46B919AFBC5487F59 |
| SHA-256: | 839E44EE0A96A3E302DC6472800B51822982B77D08F19200AB2CC70534781FD8 |
| SHA-512: | 9FEE1C0DF8C2098D418BA0816E47EEFE46063E5DC62D5B9B9B2DC951968627F4E5B53B7C27F42FB6C8CAAC0AF10E3BD4C32526913C3B467E6059237601A77DE0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11707 |
| Entropy (8bit): | 5.135546321275976 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 504A70C7EB9EBA0C4B26965CF4D252C6 |
| SHA1: | C35E6A85B4A8732EC8AF63BEEA964483E1B2DD94 |
| SHA-256: | D8C1B0717964E189010B13521379C3B970EECC889CB8B788AC21D8DD85247165 |
| SHA-512: | CB9836AF90C63DEEAF5C2DD5085685B3213B3579337D69F9B44DFB5C61C6BFFA5A940C4D9E9B8BB8DF4A845C0F7008077FA35598B27FE45079FB921FE8528E50 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1107 |
| Entropy (8bit): | 5.12256218715534 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DDD815A475E7338B0BE7A14D8EE35A99 |
| SHA1: | D16A2786962571280A11CAE01D5E59AEB1351C9A |
| SHA-256: | 98C970DE440DCFC77471610AEC2377C9D9B0DB2B3BE6D1ADD524A586E1D7F422 |
| SHA-512: | 47B612EF4E93F1AF62891E295E9FBAC05E02CF1726F56C36FAD5314376E28CBCAF7C8355527BC0BDA54C26CBE097BC8CA5CB4F79AA9E3AB6F1D875DCA41D4AAC |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1059 |
| Entropy (8bit): | 5.556812469512553 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F8739CAB4AE015EE84820716A8AC193A |
| SHA1: | 89EB5A7B8385734EF7FF4F910D4605CDE0BC12FD |
| SHA-256: | F6466507E02C62F14E477AF08E4A13EC883152B54D87FEEFFB8F0D6DE6E9013B |
| SHA-512: | EF875B744303169B5600CE5C42A0791A38BF933983F5011BA2EA9560AC5449E6FE9D4AE706EFC970B40096B9533A425FFC53265353EAD256BE44606790688BF1 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 17918 |
| Entropy (8bit): | 5.215109378560089 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 03694893D682191B3C893701BA6F4A55 |
| SHA1: | 38096A9C10830714695A97A8501B817EB0A7534E |
| SHA-256: | CDA3DBD285A2B65894758565A565E7BC2E7C3696225AF7B5BD01454240DF0AEA |
| SHA-512: | 3B80EA8A912EC4DDF1A1E2FC3F3EBD8F4BC6F591F9B2732694CB5627C549D7911C1A6EB82AB68AC025E13E090B3E39B8B4AE66A9159F45696B6343CE76213F54 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 321 |
| Entropy (8bit): | 4.465851094571166 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 510AF4D67A35446E6DCCEA1429399C3A |
| SHA1: | 4963889B7905ABD5A8955B8D27C3079E2D449564 |
| SHA-256: | 2E5AB9AE90F41699E00D00FCA16765024F437300A0568C2208669CC281BA7656 |
| SHA-512: | BB8D1E0E4C99A82D32FB40DAA9A79E2ABF3A3F495B3DC9AFA883021110B3CA9EB93E052D71E98D6494722DF947EC280D66F4BCA36BB0AE975F05D710E8C47415 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1736 |
| Entropy (8bit): | 4.788611478595854 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 06F3BABBDC43C6C4DD1493B6C1AF32E2 |
| SHA1: | 93FEF7CF3ED6F04D2CFC3CD0B8D5D972D35CFD29 |
| SHA-256: | 2430869ADB61A5E24A3612110A9B49A948E6DB43AB7E947C003A9C19C478E609 |
| SHA-512: | AD65132ED6F675F6F318FEFA36F4E6C23F3FF4DC47D02575F6D5BEF7B062A2E90AEA1A43DD5327C2565BE3D834C969FF2AE3EFDB2ADD4A958882A6F056F659EA |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40 |
| Entropy (8bit): | 4.362814895472354 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 79F3814F32362C1C6F9DBB8A1E3B01BF |
| SHA1: | AA7655EE80C9A485313675F9379C2F18D33EA061 |
| SHA-256: | 996B381F353555CB172EBB2802BB2A7323442FF67B7B530CC26834058D7F31A2 |
| SHA-512: | 61367EC2AFF9349E203A295FE1BC28FADDC6D80B556660F56EA49D6625D6228212FE82D7398114509A3B8D9AD4026429F0EBB849579C7481928F47F37C8632D5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1138 |
| Entropy (8bit): | 4.7852828549554145 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 71A7656944FFE50CC27EBE02491AE49B |
| SHA1: | 8EBF0F80660D982FC68F00F82855696157E74B10 |
| SHA-256: | 6C3D2C892DB282317913CE7C340DD2EDCCD326BCAFD18B644B8738144967D6EE |
| SHA-512: | 5B0010B41304E212A22D2C89EFF65CE410B000C71C4AB8C7FDBA8F549BA0629FE27F37C142058B041FB889BC73E00959AD58F673866EE7D29724687DA3C3F320 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4734 |
| Entropy (8bit): | 4.98143252477633 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 62CFEE6D6DD5FFEC5D3ED35073791AEC |
| SHA1: | C41ADC79487F377D3DFB397C531812FB9CC429A2 |
| SHA-256: | 0144AB6A52B9330C567DE11A5C3A4AEA35CDAC47A4C106482AA24AE8054CDC6F |
| SHA-512: | 920AEA250D98E29E8005EF0185DF5E34BC426D321785DF07CBABACE60BDBCFC6C92E2FF0C9F226A54925D2C7D595035EFEABABC935C7F1A4C704E7A7EF641339 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4394 |
| Entropy (8bit): | 4.818652396947732 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 74BDCCF347345D27FE8A4AC3ADD99C60 |
| SHA1: | A2B8A915C86FC750F56A7137860F19EC1182EE21 |
| SHA-256: | D8D1C1D6C387AB67C3F28D78FD0B20B9BECD69442DB9D3EFE110CA464B509C8A |
| SHA-512: | C2D47EFEE2A4442BE6375D623F46B4C7EE9552C132B9229EB284BDD98629EDD02664167805B0AF9B3FAAA9B1906E9ED0C5E383396D4995CEF7051F9A450E1B99 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 263 |
| Entropy (8bit): | 4.632071401695598 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DD13897EA2EED92695BB7E4E744A9148 |
| SHA1: | 182314D32E789E4F9C29E3150AE392F1630F171C |
| SHA-256: | 9A34FEDEB2D269C46ED94E6F13039EB0D16D866DD460EC66FA3ACD78122FA9FE |
| SHA-512: | 0B53BC984178336AC516601E72D477D2BEEEF6936800DA17D3A79C153E0036F7428517EBD75D296729F65856C7E07749029F5AA192B2AC071EFC4D3E39750A32 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 373 |
| Entropy (8bit): | 4.732381821992279 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B22697B673C7C3586F22AE0206258FDE |
| SHA1: | B2F2996B1F38B6CEC0B1746BE6CFE458F2585EAC |
| SHA-256: | 949AE67EC1B655694F83DCE57D47D9D77234F9E7D698616932A90E69C7AFEE91 |
| SHA-512: | 4FFD89DBC519A1F6C2F56A1B26F1AAD445DF8D5096DA1453645DBB67DC58B17AE9143906357CA4AF60059740C3BA34F7233049652B805D1AFED3FD206CD55A0C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6015 |
| Entropy (8bit): | 4.983354444087808 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 25807A97FBB1FCC42A013ABC7D7768C4 |
| SHA1: | F24D52CBC9144B011DEF218234FF7B50E7DDCB19 |
| SHA-256: | A3E83594A4CE88997E2E4FC66BC942B17B9D736290AD62560C7F09D6D0989AD0 |
| SHA-512: | 8D316B63700126D7C8965A886E9B35A332D3F7E68D28F2264D235C0AFAD28066F877F25821E1983DDDE5F2D5052716CC73338779B41B6F4D1B90AD33DC3E9F24 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2764 |
| Entropy (8bit): | 4.722254619992073 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | AE157C9A8E70902576C2D8A06DBCDE32 |
| SHA1: | 0D10EE921436FA5FF5988445CC67676219DFFFBE |
| SHA-256: | 4BD92209CB9DACF3E3773E725ACB7AAEC43EA9E78540324E4D0F73E5CE9ADEF7 |
| SHA-512: | 4C2F31F1F2A297AB6C55A21D58A5C26CAD22C1ED1913E7A48605111D217257AE2D9F26EA889E8610E011BA9B9C487C91ECDB4CEA3437534FAF905E8FB89BA248 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1077 |
| Entropy (8bit): | 5.1041829250749355 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FD56FD5F1860961DFA92D313167C37A6 |
| SHA1: | 884E84EBFDDAFD93B5BB814DF076D2EBD1757BA8 |
| SHA-256: | 6652830C2607C722B66F1B57DE15877AB8FC5DCA406CC5B335AFEB365D0F32C1 |
| SHA-512: | 2BEC1EFB4DC59FA436C38A1B45B3DBD54A368460BCBBB3D9791B65275B5DC3C71A4C54BE458F4C74761DCCB8897EFAAB46DF5A407723DA5C48F3DB02D555D5B9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 704 |
| Entropy (8bit): | 4.420367267663251 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | CBD55880A650B56C3D5ACDDBBDBEE9BC |
| SHA1: | 4D354DA7ECE1C7D5689B8104F3B6F3DCBAC7790E |
| SHA-256: | 30FBFAA3840B2F63978AD4BCD7ED8DC24D277B818E4755FE93EDA8CB1BC8B74C |
| SHA-512: | E329A6F6A38DD33BD60334A8DEC4A91AA6E7DAB28F0893240374AE6A303C12646399D821403E3B80EB51317D1808E6ABF30BD91B0BD99951F96815A22BA105C7 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1721 |
| Entropy (8bit): | 4.954772186039823 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 90E631C6AFCCDE3ED414D3D230734864 |
| SHA1: | E875D9FA741FE44893C778974860F362724E35EC |
| SHA-256: | C9AC67FF103C01871B0FF09E2F094631991908C1FD0DC08BDB53287E5A760AE5 |
| SHA-512: | BC98602BB2B67AE4FEFAC895CEF22F3C25B2E765D9074121700DC523365FEB252BA813684275F74B7FFCA4A8CBF34B68384AAE1A84BB76D09E55413741172005 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 936 |
| Entropy (8bit): | 4.76103729380122 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D09EF36E9C8134374337901B0F147A97 |
| SHA1: | 55EE334BD02C1B8305D533E0572BA399C38EB0A8 |
| SHA-256: | 17D9ACFE78D4456B6F9AA6DBB46722052224681B94AAFC5DFDC41CC0246B76FB |
| SHA-512: | 473A0DA87617D9F165B58EE8FD6443D10E0281A73D923F327F2B2CAADC03E163AF4E75642A3CAB2A0C2C2D39C1A5B035580B46DD16944BE1E0E0268778ECCAB0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250 |
| Entropy (8bit): | 4.574941511855462 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A7D81905E8B1EE15523969B674A19567 |
| SHA1: | EA3BA6F377B4F3901DA977FE4532862A86B09D47 |
| SHA-256: | 4DF95088BF976361127297D3963C48670CE722169EC84E4C4B6841147BCD98DC |
| SHA-512: | 5C1FF86D57EBBA0DD1DB539D4D06B1290F65BD9CAC77B675E65EF8BCD3EE15246F90C689323AC43289C0BE067A898FDAB89197DCA5D2111B13AFACC6097D99E5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 416733 |
| Entropy (8bit): | 5.211355386965018 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 415D5D86B9D5F925A14E5D5C682E7D46 |
| SHA1: | 5849BBBBB8D9897C77D1FFEDCAEA7EC352AB0FED |
| SHA-256: | 123BF66115C282B89CCB2AB12632CD36CB73D72A72BA6CC01ECFEE444A516B5D |
| SHA-512: | FB3961075E68210F8D5A46D75C8B0753131186E24F0026FF9BC78B717BB44B895228E6047C332DDC418E30AFED90E8F0215024DCA79E3AD00B0F4216935F1486 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 571 |
| Entropy (8bit): | 4.70296397320282 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 11BBAE4DBCEC65E57A3E297A4593F7DF |
| SHA1: | CE4633036C40C7CBD8BC87692F628CF6662529B5 |
| SHA-256: | 682FCE62CD552F56CC22D0A44A475A409B4C9CB01DD9AF3DCC0E8851402A7BAF |
| SHA-512: | AAA3BFFE7ED77D8AFF46F7656D6A109E6D08F34154D836FB60A4366304B9068B66740143BD676FF1DDCE25E6DA9472A0CCA3401F5BAE176F1732C029ED9A1496 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31305728 |
| Entropy (8bit): | 6.640472767098696 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B62DDDE801903903B0ACEC13DCC437ED |
| SHA1: | 3EB50835968E04EDDF20F1CFC5DDD7DFC42EDCCB |
| SHA-256: | 9C104CF6F184296B4BDECD0F1072F7FAA8B06E84634C2FE70EDAAD033B362085 |
| SHA-512: | 5D023BC1E5100CDDC7FC28DDB3A221693ABBE0A927D36C900B1884F88FB6ED67D23E856032B9DAEEC3C8D64D4B8E689707539D7049C5A77ADA5CF5DBC85673C7 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 445 |
| Entropy (8bit): | 4.793265959382089 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 89A0715E6BC899236C1984CECEC37320 |
| SHA1: | 11419FB11BF0935954D4707CC9DDE4A0CFF1EDAA |
| SHA-256: | 2BD0FD7F9D5F67B43D85F7AF4DF259B87DC7C3326DB1DDD03390550F5292A44F |
| SHA-512: | B0920AE291D19497986FEFDCD9152068A09D7E589408BEF92CBA26F7877FF7C92CC8EBA52A6B616ABA3089EAA96A1FE26638A86F33502CA6B2C4E947D8EEEEA5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 299 |
| Entropy (8bit): | 4.456398287631657 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 448DDEE3EBDF881C828E9F11CCC41AAD |
| SHA1: | 21F43CF7F1ABD5F60A130B466A9873DF04EAE2E3 |
| SHA-256: | B952BDF814C083A8814A5FDB5F9450D184CA353032C959E411A41AB0959E37CE |
| SHA-512: | B53DD1809DDB8BAFAC9EC29473D0E9B5FF9EF943AD46CF5B34C3864D0FFC9B5517D34F7D7148739C3214CFAFC3A5A29FBADA88D6EF3E6CCC0F05055D56F7053B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51261 |
| Entropy (8bit): | 7.987363968648695 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 37888E00D494DF7A7692D2736C22D8BD |
| SHA1: | 817A3022998B65354691FDF3A16A0C290C3524A2 |
| SHA-256: | 84DF747179C96DD8D63F310495DE465C39EFF8AA575D5082257BDDDBD998E1C1 |
| SHA-512: | BBA9CC1F13E39556E372C18F2B59F259960AD6F822F3DC5F80A6E7E3BDD322BA027A306D5EED8DDACECD2B884CBF23D2A30703D1AAA235BB5F24FFE1F43B79A1 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1830120 |
| Entropy (8bit): | 5.886179785302717 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C45A02058073AEB5783F40F78CBF6130 |
| SHA1: | 559D64954F25355775E44708C83CC231B042ABF9 |
| SHA-256: | B353A149830EBBB9DD6F0B277F399F489B604C0224448F6300D64EF6162B0073 |
| SHA-512: | DDA56D82B516292FE3CDB9F61069C7216361AC68864161119B0F454B0D258451CDBE1F94F73033EE90C5EF3214B8CA97C61475F1EC103D379C92FA5BBBEAA638 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 171499 |
| Entropy (8bit): | 7.9955790836903144 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | E6206AADD29EB87AB1D398266885B5A4 |
| SHA1: | 6BDB54ED5FE55C9A1977CF2F3B27BC0ED560A889 |
| SHA-256: | E55F6E08FF8BAED84B5DE903466311AE08B15E99DBBEA2B5764D855A52E6FAD8 |
| SHA-512: | 82739CCBF1823DCE179EBA73948F1F2263213D12D684282DFAAED3F147528074DF82468453ED33B504D10D84357D834C0F29D928274D45DDFDC69A88989F2522 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86206808 |
| Entropy (8bit): | 7.997914386294035 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 070CA605F2C06710E83C21B29B786499 |
| SHA1: | B409029996343C5B19AA9CFD7B18BCDDED443F26 |
| SHA-256: | BD373CB5E6AA47D876C8A436F5D4C6FF5A54BB99685F0BC57AF4FB3319B7CDE1 |
| SHA-512: | 62CE2D551A0C63297CF58FB4E4860A697A0BF7C9928B225F017E77CC2C97D952B5D125D3305D2FB23C5E99F5ADDCD7565F664FEEF730FB3474B6231E618C1036 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57 |
| Entropy (8bit): | 4.283088322451805 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 58127C59CB9E1DA127904C341D15372B |
| SHA1: | 62445484661D8036CE9788BAEABA31D204E9A5FC |
| SHA-256: | BE4B8924AB38E8ACF350E6E3B9F1F63A1A94952D8002759ACD6946C4D5D0B5DE |
| SHA-512: | 8D1815B277A93AD590FF79B6F52C576CF920C38C4353C24193F707D66884C942F39FF3989530055D2FADE540ADE243B41B6EB03CD0CC361C3B5D514CCA28B50A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 24 |
| Entropy (8bit): | 2.1431558784658327 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 54CB446F628B2EA4A5BCE5769910512E |
| SHA1: | C27CA848427FE87F5CF4D0E0E3CD57151B0D820D |
| SHA-256: | FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D |
| SHA-512: | 8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48 |
| Entropy (8bit): | 2.955557653394731 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B7CC8E5DE024751DC8BD4603A2CF6A4F |
| SHA1: | 416FC127115B938851600A43E603F0F7C0A17397 |
| SHA-256: | F8D2483E11C5DDA1452EFF06F2F052430E74E6E4730AF7E24E8F855FA59467D0 |
| SHA-512: | CA95FD6805CAB6B5CE091B3225D0130DEC7DCEF658FCC6B1264A161D7603AF04EAC399C2F344E93DAFE28E0D9CB13C6987676B55B59772497843D8ECED83D23F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48 |
| Entropy (8bit): | 2.955557653394731 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B7CC8E5DE024751DC8BD4603A2CF6A4F |
| SHA1: | 416FC127115B938851600A43E603F0F7C0A17397 |
| SHA-256: | F8D2483E11C5DDA1452EFF06F2F052430E74E6E4730AF7E24E8F855FA59467D0 |
| SHA-512: | CA95FD6805CAB6B5CE091B3225D0130DEC7DCEF658FCC6B1264A161D7603AF04EAC399C2F344E93DAFE28E0D9CB13C6987676B55B59772497843D8ECED83D23F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 24 |
| Entropy (8bit): | 2.1431558784658327 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 54CB446F628B2EA4A5BCE5769910512E |
| SHA1: | C27CA848427FE87F5CF4D0E0E3CD57151B0D820D |
| SHA-256: | FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D |
| SHA-512: | 8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48 |
| Entropy (8bit): | 2.9972243200613975 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0D29873F626624DB8821DCBDA3AA1EF4 |
| SHA1: | BC1E23A4837664BB711A392D825074FD9FE5EC0A |
| SHA-256: | 4BE435B2F4BFE22A852EB0A90E97087192116ECAE9C20A4B3C3E224A58B27FED |
| SHA-512: | 169166C42E8C3BE6069C3283999660EF565B2733FFB7B3D0808E8F04ACFCF5E5CC1B4D63D21D5B2381E4B07E8370702B141ECEC4D157FFD80F1D1076BE0E5C6C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48 |
| Entropy (8bit): | 2.9972243200613975 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0D29873F626624DB8821DCBDA3AA1EF4 |
| SHA1: | BC1E23A4837664BB711A392D825074FD9FE5EC0A |
| SHA-256: | 4BE435B2F4BFE22A852EB0A90E97087192116ECAE9C20A4B3C3E224A58B27FED |
| SHA-512: | 169166C42E8C3BE6069C3283999660EF565B2733FFB7B3D0808E8F04ACFCF5E5CC1B4D63D21D5B2381E4B07E8370702B141ECEC4D157FFD80F1D1076BE0E5C6C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8192 |
| Entropy (8bit): | 0.01057775872642915 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | CF89D16BB9107C631DAABF0C0EE58EFB |
| SHA1: | 3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B |
| SHA-256: | D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E |
| SHA-512: | 8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8192 |
| Entropy (8bit): | 0.012096502606932763 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 259E7ED5FB3C6C90533B963DA5B2FC1B |
| SHA1: | DF90EABDA434CA50828ABB039B4F80B7F051EC77 |
| SHA-256: | 35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09 |
| SHA-512: | 9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8192 |
| Entropy (8bit): | 0.011852361981932763 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0962291D6D367570BEE5454721C17E11 |
| SHA1: | 59D10A893EF321A706A9255176761366115BEDCB |
| SHA-256: | EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7 |
| SHA-512: | F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8192 |
| Entropy (8bit): | 0.012340643231932763 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 41876349CB12D6DB992F1309F22DF3F0 |
| SHA1: | 5CF26B3420FC0302CD0A71E8D029739B8765BE27 |
| SHA-256: | E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C |
| SHA-512: | E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 368 |
| Entropy (8bit): | 0.3511578769559919 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DA5BB6DEC39C1E770BA5CB770EBC6496 |
| SHA1: | A4816E9EB8F1F7CA612246E272FAD6C61FD0D793 |
| SHA-256: | 5D91258634D520167BFBE4DC8E78CBC13A42D5A8272C682F11565DD2C9A2DBE2 |
| SHA-512: | 630C84A3421EFABD448B235635972DB269AF8D1DB49A80C75EB4562B085CA5800979BCF982D70DF2393443320EC435DA4798DEA672F71D4DEE9A9D0968EB5EAF |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16 |
| Entropy (8bit): | 3.2743974703476995 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 46295CAC801E5D4857D09837238A6394 |
| SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
| SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
| SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16 |
| Entropy (8bit): | 3.2743974703476995 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 46295CAC801E5D4857D09837238A6394 |
| SHA1: | 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B |
| SHA-256: | 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 |
| SHA-512: | 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 128 |
| Entropy (8bit): | 5.340346462063166 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 00A24D82CC2AE60F36AC4C65B3FCEEC2 |
| SHA1: | D7BE6AE42EB438E362681ED6F97AEE2FB46C6C40 |
| SHA-256: | 8F73A65A93CE829C98EEF4D3269401B6CC05AEEC6CC87A993FA03D046C60ABCF |
| SHA-512: | A441CA9349CECABCC117B9790E26B317639F3F0CFDC01667A4C12886825A24248D1E9C39D1B36493C31F4CEA548F8DD8F23DA60306917653D94905E42763F28E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 41 |
| Entropy (8bit): | 4.704993772857998 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5AF87DFD673BA2115E2FCF5CFDB727AB |
| SHA1: | D5B5BBF396DC291274584EF71F444F420B6056F1 |
| SHA-256: | F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 |
| SHA-512: | DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
| Process: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57 |
| Entropy (8bit): | 4.283088322451805 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 58127C59CB9E1DA127904C341D15372B |
| SHA1: | 62445484661D8036CE9788BAEABA31D204E9A5FC |
| SHA-256: | BE4B8924AB38E8ACF350E6E3B9F1F63A1A94952D8002759ACD6946C4D5D0B5DE |
| SHA-512: | 8D1815B277A93AD590FF79B6F52C576CF920C38C4353C24193F707D66884C942F39FF3989530055D2FADE540ADE243B41B6EB03CD0CC361C3B5D514CCA28B50A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 7.9988820421364 |
| TrID: |
|
| File name: | VisBridge-1.0.4+Setup.exe |
| File size: | 86984728 |
| MD5: | b33f67f583b9c1f1f726d15b249d4242 |
| SHA1: | 6b554808aa148de2686fbd434f0d20b344bd3b60 |
| SHA256: | 081dbbe7d110a89155e0cd7800bc9c1a714e82ceecfa3ef80e733043387b000b |
| SHA512: | 05e8498789aa393284c82044f07dce4d2a71e7748cb068d1260ce98b33cac9e2a8c49076cd90044deb5e73a42f5c1be9dc7f1319ffbbd668cefbbecda08535a9 |
| SSDEEP: | 1572864:FSP1UmwZ3rgRXWbNUP7O9ovh7QRCLe1uNsJ/lsfrza02OLdSVngKX2+0YP:Fbb2XGUPSihURCqaY/lsDj2OLY9xl0YP |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...,...,...,..0....,..0....,..0....,...(...,.../...,.|S....,...)...,.|S....,.|S....,...-.;.,.3.%...,.3.....,.......,.3....., |
File Icon |
|---|
 | |
| Icon Hash: | f0968eecaaeca892 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x40ab0b |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x5C5CF096 [Fri Feb 8 02:59:34 2019 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | bcf80497fe587a3956d64dc513da9548 |
Authenticode Signature |
|---|
| Signature Valid: | true |
| Signature Issuer: | CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | C387518D605BE1F3D688AE99C5073C06 |
| Thumbprint SHA-1: | CF32CEC509AC2D230E0DBDDF10BDD3FEC3104E32 |
| Thumbprint SHA-256: | D7E8A67A1B8A39F64AC6C61EC2C18749B1F1DAF9D64F0D2BFA2B69F188D147ED |
| Serial: | 08DA6E067C3E6BCC09AA120FBD6A23DB |
Entrypoint Preview |
|---|
| Instruction |
|---|
| call 00007F2A40E5671Dh |
| jmp 00007F2A40E5603Fh |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| push dword ptr [ebp+08h] |
| mov esi, ecx |
| call 00007F2A40E5621Dh |
| mov dword ptr [esi], 0041E44Ch |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| and dword ptr [ecx+04h], 00000000h |
| mov eax, ecx |
| and dword ptr [ecx+08h], 00000000h |
| mov dword ptr [ecx+04h], 0041E454h |
| mov dword ptr [ecx], 0041E44Ch |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| push dword ptr [ebp+08h] |
| mov esi, ecx |
| call 00007F2A40E561EAh |
| mov dword ptr [esi], 0041E468h |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| and dword ptr [ecx+04h], 00000000h |
| mov eax, ecx |
| and dword ptr [ecx+08h], 00000000h |
| mov dword ptr [ecx+04h], 0041E470h |
| mov dword ptr [ecx], 0041E468h |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, ecx |
| lea eax, dword ptr [esi+04h] |
| mov dword ptr [esi], 0041E42Ch |
| and dword ptr [eax], 00000000h |
| and dword ptr [eax+04h], 00000000h |
| push eax |
| mov eax, dword ptr [ebp+08h] |
| add eax, 04h |
| push eax |
| call 00007F2A40E5792Dh |
| pop ecx |
| pop ecx |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| lea eax, dword ptr [ecx+04h] |
| mov dword ptr [ecx], 0041E42Ch |
| push eax |
| call 00007F2A40E57978h |
| pop ecx |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, ecx |
| lea eax, dword ptr [esi+04h] |
| mov dword ptr [esi], 0041E42Ch |
| push eax |
| call 00007F2A40E57961h |
| test byte ptr [ebp+08h], 00000001h |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x282cc | 0x50 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2b000 | 0x52c8694 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x52f2a00 | 0x1e18 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x52f4000 | 0x1928 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x266f0 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1e388 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1e000 | 0x1a0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x27e90 | 0xe0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1c82b | 0x1ca00 | False | 0.587012145197 | data | 6.65400129577 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x1e000 | 0xac3a | 0xae00 | False | 0.443830818966 | data | 4.94244604691 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x29000 | 0x1750 | 0xc00 | False | 0.244791666667 | data | 3.27959027222 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x2b000 | 0x52c8694 | 0x52c8800 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x52f4000 | 0x1928 | 0x1a00 | False | 0.770132211538 | data | 6.52899094753 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| DATA | 0x2b310 | 0x52c5c78 | Zip archive data, at least v2.0 to extract | English | United States |
| FLAGS | 0x52f0f88 | 0xc | data | English | United States |
| RT_ICON | 0x52f0f94 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 15794040 | English | United States |
| RT_ICON | 0x52f127c | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
| RT_ICON | 0x52f1b24 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 15794040 | English | United States |
| RT_ICON | 0x52f1e0c | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
| RT_STRING | 0x52f26b4 | 0x418 | data | English | United States |
| RT_STRING | 0x52f2acc | 0x472 | data | English | United States |
| RT_GROUP_ICON | 0x52f2f40 | 0x22 | data | English | United States |
| RT_GROUP_ICON | 0x52f2f64 | 0x22 | data | English | United States |
| RT_VERSION | 0x52f2f88 | 0x324 | data | English | United States |
| RT_MANIFEST | 0x52f32ac | 0x3e7 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
Imports |
|---|
| DLL | Import |
|---|---|
| KERNEL32.dll | LoadResource, FindResourceW, lstrlenW, GetProcAddress, GetModuleHandleW, DeleteCriticalSection, GetTempPathW, GetLastError, GetTempFileNameW, MoveFileW, WaitForSingleObject, GetExitCodeProcess, CloseHandle, DeleteFileW, GetModuleFileNameW, GetCurrentProcess, LoadLibraryW, FreeLibrary, InitializeCriticalSectionEx, GetFileAttributesW, CreateFileW, SetFilePointer, ReadFile, VerSetConditionMask, GetCurrentDirectoryW, MultiByteToWideChar, LocalFileTimeToFileTime, WideCharToMultiByte, CreateDirectoryW, WriteFile, SetFileTime, FreeResource, SizeofResource, LockResource, CreateProcessW, GetSystemDirectoryW, SetDefaultDllDirectories, GetCurrentThreadId, DecodePointer, RaiseException, LeaveCriticalSection, EnterCriticalSection, lstrcmpiW, LoadLibraryExW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, SystemTimeToFileTime, VerifyVersionInfoW, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsDebuggerPresent, OutputDebugStringW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetStdHandle, GetACP, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW, HeapSize, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, GetStringTypeW, FlushFileBuffers, WriteConsoleW |
| SHLWAPI.dll | PathIsUNCW |
| COMCTL32.dll | InitCommonControlsEx |
Version Infos |
|---|
| Description | Data |
|---|---|
| LegalCopyright | Copyright 2020 GTL |
| InternalName | Setup.exe |
| FileVersion | 1.0.4 |
| CompanyName | GTL |
| SquirrelAwareVersion | 1 |
| ProductName | VisManager standalone application |
| ProductVersion | 1.0.4 |
| FileDescription | VisManager standalone application |
| OriginalFilename | Setup.exe |
| Translation | 0x0409 0x04b0 |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 8, 2021 17:29:59.531618118 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:29:59.531677008 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:29:59.531805038 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:29:59.571326971 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:29:59.571363926 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:29:59.611315012 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:29:59.611449003 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:29:59.619234085 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:29:59.619265079 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:29:59.619533062 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:29:59.659359932 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.008625984 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.051142931 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576205969 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576265097 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576296091 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576322079 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576335907 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.576347113 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576371908 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.576387882 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.578732014 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.578764915 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.579881907 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.579925060 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.579952955 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.579961061 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.579974890 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580004930 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580213070 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580250978 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580266953 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580288887 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580332041 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580369949 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580404997 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580430984 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580446005 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580459118 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580481052 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580522060 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580532074 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580544949 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580569029 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580585003 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580621958 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580658913 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.580662966 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580677032 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.580760002 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.581178904 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.581224918 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.581310034 CEST | 443 | 49839 | 185.199.108.133 | 192.168.2.7 |
| Oct 8, 2021 17:30:00.581331015 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.581398010 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
| Oct 8, 2021 17:30:00.598149061 CEST | 49839 | 443 | 192.168.2.7 | 185.199.108.133 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 8, 2021 17:29:59.479645014 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
| Oct 8, 2021 17:29:59.498513937 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
| Oct 8, 2021 17:30:29.424072981 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
| Oct 8, 2021 17:30:29.442071915 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Oct 8, 2021 17:29:59.479645014 CEST | 192.168.2.7 | 8.8.8.8 | 0xd18e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 8, 2021 17:30:29.424072981 CEST | 192.168.2.7 | 8.8.8.8 | 0x6f9e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Oct 8, 2021 17:29:59.498513937 CEST | 8.8.8.8 | 192.168.2.7 | 0xd18e | No error (0) | 185.199.108.133 | A (IP address) | IN (0x0001) | ||
| Oct 8, 2021 17:29:59.498513937 CEST | 8.8.8.8 | 192.168.2.7 | 0xd18e | No error (0) | 185.199.109.133 | A (IP address) | IN (0x0001) | ||
| Oct 8, 2021 17:29:59.498513937 CEST | 8.8.8.8 | 192.168.2.7 | 0xd18e | No error (0) | 185.199.110.133 | A (IP address) | IN (0x0001) | ||
| Oct 8, 2021 17:29:59.498513937 CEST | 8.8.8.8 | 192.168.2.7 | 0xd18e | No error (0) | 185.199.111.133 | A (IP address) | IN (0x0001) | ||
| Oct 8, 2021 17:30:29.442071915 CEST | 8.8.8.8 | 192.168.2.7 | 0x6f9e | No error (0) | 38.90.155.59 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
|---|
|
HTTPS Proxied Packets |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49839 | 185.199.108.133 | 443 | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-10-08 15:30:00 UTC | 0 | OUT | |
| 2021-10-08 15:30:00 UTC | 0 | IN | |
| 2021-10-08 15:30:00 UTC | 0 | IN | |
| 2021-10-08 15:30:00 UTC | 2 | IN | |
| 2021-10-08 15:30:00 UTC | 3 | IN | |
| 2021-10-08 15:30:00 UTC | 5 | IN | |
| 2021-10-08 15:30:00 UTC | 6 | IN | |
| 2021-10-08 15:30:00 UTC | 7 | IN | |
| 2021-10-08 15:30:00 UTC | 9 | IN | |
| 2021-10-08 15:30:00 UTC | 10 | IN | |
| 2021-10-08 15:30:00 UTC | 11 | IN | |
| 2021-10-08 15:30:00 UTC | 13 | IN | |
| 2021-10-08 15:30:00 UTC | 14 | IN | |
| 2021-10-08 15:30:00 UTC | 15 | IN | |
| 2021-10-08 15:30:00 UTC | 17 | IN | |
| 2021-10-08 15:30:00 UTC | 18 | IN | |
| 2021-10-08 15:30:00 UTC | 19 | IN | |
| 2021-10-08 15:30:00 UTC | 21 | IN | |
| 2021-10-08 15:30:00 UTC | 22 | IN | |
| 2021-10-08 15:30:00 UTC | 23 | IN | |
| 2021-10-08 15:30:00 UTC | 25 | IN | |
| 2021-10-08 15:30:00 UTC | 26 | IN | |
| 2021-10-08 15:30:00 UTC | 27 | IN | |
| 2021-10-08 15:30:00 UTC | 29 | IN | |
| 2021-10-08 15:30:00 UTC | 30 | IN | |
| 2021-10-08 15:30:00 UTC | 31 | IN | |
| 2021-10-08 15:30:00 UTC | 33 | IN | |
| 2021-10-08 15:30:00 UTC | 34 | IN | |
| 2021-10-08 15:30:00 UTC | 35 | IN |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 17:28:01 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\Desktop\VisBridge-1.0.4+Setup.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb70000 |
| File size: | 86984728 bytes |
| MD5 hash: | B33F67F583B9C1F1F726D15B249D4242 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
General |
|---|
| Start time: | 17:28:24 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\AppData\Local\SquirrelTemp\Update.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x9a0000 |
| File size: | 1830120 bytes |
| MD5 hash: | C45A02058073AEB5783F40F78CBF6130 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Antivirus matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 17:29:20 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\squirrel.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xdf0000 |
| File size: | 1830120 bytes |
| MD5 hash: | C45A02058073AEB5783F40F78CBF6130 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | low |
General |
|---|
| Start time: | 17:29:22 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b8200000 |
| File size: | 123533032 bytes |
| MD5 hash: | 921F9BAD8A3988D0DF1B9C3255C7DB7F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
General |
|---|
| Start time: | 17:29:39 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b8200000 |
| File size: | 123533032 bytes |
| MD5 hash: | 921F9BAD8A3988D0DF1B9C3255C7DB7F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
General |
|---|
| Start time: | 17:29:56 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b8200000 |
| File size: | 123533032 bytes |
| MD5 hash: | 921F9BAD8A3988D0DF1B9C3255C7DB7F |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
General |
|---|
| Start time: | 17:30:13 |
| Start date: | 08/10/2021 |
| Path: | C:\Users\user\AppData\Local\VisBridge\app-1.0.4\VisBridge.exe |
| Wow64 process (32bit): | |
| Commandline: | |
| Imagebase: | |
| File size: | 123533032 bytes |
| MD5 hash: | 921F9BAD8A3988D0DF1B9C3255C7DB7F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
Disassembly |
|---|
Code Analysis |
|---|
Execution Graph |
|---|
| Execution Coverage: | 28.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 7% |
| Total number of Nodes: | 43 |
| Total number of Limit Nodes: | 2 |
Graph
Executed Functions |
|---|
Function 01A242E8, Relevance: 2.4, Strings: 1, Instructions: 1105COMMON
Download Yara Rule
Control-flow Graph |
|---|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01A26429, Relevance: 1.6, APIs: 1, Instructions: 60nativeCOMMON
Download Yara Rule
Control-flow Graph |
|---|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01A26430, Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
Download Yara Rule
Control-flow Graph |
|---|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01A264F0, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
Control-flow Graph |
|---|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01A25E58, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
Control-flow Graph |
|---|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 016AD0D9, Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 016AD0D8, Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|