Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.612476099604452
Filename:	dqwdq.dll
Filesize:	224768
MD5:	ecce8845921a91854ab34bff2623151e
SHA1:	736a4cfad1ed83a6a0b75b0474d5e01a3a36f950
SHA256:	13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033
SHA512:	36fda34df70629d054a55823a3cc83f9599446b36576fbc86a6aac6564460789e8b141eeb168d3e4578f28182da874dd840e57b642af1a1a315dfe08a17b53e0
SSDEEP:	6144:pjU6yx1p7lvER8SPD/xzL0ruSSbAOfyV:Ju1pZvPuDF0ruSSbkV
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:...9...:...?.8.:...>...:.k.>...:.k.9...:.k.?...:...;...:...;...:.+.3...:.+.:...:.+.8...:.Rich..:................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary	Security Software Discovery

Details

File:	C:
Category:	dropped
Dump:	C_.6.dr
ID:	dr_204
Target ID:	6
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997148559535663
Encrypted:	true
Ssdeep:	768:/DinR42+qjZW9ajPh6tnYv46xRH+zBPpmBxf2zHNvQTgTBFPNj5A/J+cbayzfmTx:riPnrhS6xRcjVQABxNduPbaUfoav+Vb
Size:	65536
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Found Joe Sandbox artefacts in file paths (likely an evasion)	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content
Sigma detected: Suspicious Call by Ordinal	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection
Writes ini files	System Summary	File and Directory Discovery

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
Category:	dropped
Dump:	mpengine.dll.4.dr
ID:	dr_174
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.999601191874517
Encrypted:	true
Ssdeep:	393216:EQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQS:EQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ3
Size:	16127488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\DefenderCSP.dll
Category:	dropped
Dump:	DefenderCSP.dll0.4.dr
ID:	dr_176
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997532164264437
Encrypted:	true
Ssdeep:	6144:J04T2Xtghtf04T2Xtghtf04T2Xtghtf04T2Xtghtf04T2Xtgho:J04T29gL04T29gL04T29gL04T29gL04g
Size:	299256
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\Drivers\WdBoot.sys
Category:	dropped
Dump:	WdBoot.sys0.4.dr
ID:	dr_177
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996159306321766
Encrypted:	true
Ssdeep:	1536:QjvGfSoe3wtYUz/7pxa4HuaWGgTYJpcD4c24Kr14:QjbQpDHpWLwcsc2x14
Size:	49568
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\Drivers\WdDevFlt.sys
Category:	dropped
Dump:	WdDevFlt.sys0.4.dr
ID:	dr_178
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9973794970651015
Encrypted:	true
Ssdeep:	1536:o1dRUQSbQww+baSxe/6PlwcGysva22aYKLxJYUq0n39c1dRUQSbQww+baSxe/6Pb:IRdSC9PcGDvdfLORdSC9PcGDvdfLm
Size:	127224
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\Drivers\WdFilter.sys
Category:	dropped
Dump:	WdFilter.sys0.4.dr
ID:	dr_179
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997216016982024
Encrypted:	true
Ssdeep:	6144:SsIuaG4sIuaG4sIuaG4sIuaG4sIuaG4sIuaG4sIu6:SZ44Z44Z44Z44Z44Z44ZT
Size:	434424
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\Drivers\WdNisDrv.sys
Category:	dropped
Dump:	WdNisDrv.sys.4.dr
ID:	dr_180
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996717641537559
Encrypted:	true
Ssdeep:	1536:Nh5nO1Mf9ffOeWGed752wfIkIpIZqTyHzvJyGYB9+dAh5nO1R:n5nwQ9ffTe6wgVyJ9S35nwR
Size:	78072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpAsDesc.dll
Category:	dropped
Dump:	MpAsDesc.dll1.4.dr
ID:	dr_182
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996775254450194
Encrypted:	true
Ssdeep:	1536:dNVZXaLrsHVvSfo52sta3nxa7NWQ0nk9Zmm/t3LJIFdKlrCMYNNVZXaLrsHVvSfH:zVELro1Sg5NYImIL/5LJIE2tDVELro1w
Size:	95032
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpAzSubmit.dll
Category:	dropped
Dump:	MpAzSubmit.dll0.4.dr
ID:	dr_184
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997843154867119
Encrypted:	true
Ssdeep:	24576:rBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgB6:rGGGGGGGGGGGGGGGGGGGGGE
Size:	1409256
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpClient.dll
Category:	dropped
Dump:	MpClient.dll1.4.dr
ID:	dr_186
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996671500609808
Encrypted:	true
Ssdeep:	12288:S071/071/071/071/071/071/071/071/071/071/071/071/071/071/071/07c:XQQQQQQQQQQQQQQ9
Size:	1044728
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe
Category:	dropped
Dump:	MpCmdRun.exe2.4.dr
ID:	dr_188
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9976604635631
Encrypted:	true
Ssdeep:	12288:JHqBWCbL0HqBWCbL0HqBWCbL0HqBWCbL0HqBWCbL0HqBWCbL0HqBWCbL0HqBWCbG:JH670H670H670H670H670H670H670H62
Size:	673816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCommu.dll
Category:	dropped
Dump:	MpCommu.dll.4.dr
ID:	dr_190
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997253976625275
Encrypted:	true
Ssdeep:	6144:GzJi0ktzJi0ktzJi0ktzJi0ktzJi0ktzJiC:GzJiPtzJiPtzJiPtzJiPtzJiPtzJiC
Size:	348408
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpDetours.dll
Category:	dropped
Dump:	MpDetours.dll2.4.dr
ID:	dr_192
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996874136051699
Encrypted:	true
Ssdeep:	3072:dxa/8evgdJA2iVgyxa/8evgdJA2iVgyxa/B:dx8XIs2iVgyx8XIs2iVgyx8B
Size:	155880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpDlpCmd.exe
Category:	dropped
Dump:	MpDlpCmd.exe0.4.dr
ID:	dr_194
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99701024663991
Encrypted:	true
Ssdeep:	6144:ckhYmFs5UkhYmFs5UkhYmFs5UkhYmFs5UkhYmFs5U:1Ym+fYm+fYm+fYm+fYm+S
Size:	318456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpOAV.dll
Category:	dropped
Dump:	MpOAV.dll0.4.dr
ID:	dr_198
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9970503464413385
Encrypted:	true
Ssdeep:	12288:vh1LPHeh1LPHeh1LPHeh1LPHeh1LPHeh1LPHeh1LPHeh1LP4:5ZfcZfcZfcZfcZfcZfcZfcZA
Size:	495864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpRtp.dll
Category:	dropped
Dump:	MpRtp.dll.4.dr
ID:	dr_200
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99840442119737
Encrypted:	true
Ssdeep:	24576:pWFGWFGWFGWFGWFGWFGWFm0cMeRt0cMeRt0cMeRt0cMeRt0cMeRt0cMeRt0cMeRz:pnnnnnnycMe0cMe0cMe0cMe0cMe0cMeH
Size:	1454312
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpSvc.dll
Category:	dropped
Dump:	MpSvc.dll.4.dr
ID:	dr_0
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997721559838513
Encrypted:	true
Ssdeep:	24576:qttttttttttttttttttttttttttttttttttttttttbWObtEWObtEWObt4:6hShShC
Size:	2883816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpUpdate.dll
Category:	dropped
Dump:	MpUpdate.dll.4.dr
ID:	dr_1
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997082448201914
Encrypted:	true
Ssdeep:	3072:EidoLoll9i9nXLdpTw59aBll+idoLoll9i9nXLdpTw59aBll+idoLollK:Eid79ih3TvBll+id79ih3TvBll+id7K
Size:	143592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpUxAgent.dll
Category:	dropped
Dump:	MpUxAgent.dll.4.dr
ID:	dr_2
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998313850758918
Encrypted:	true
Ssdeep:	12288:Cm0jEo7h6vLm0jEo7h6vLm0jEo7h6vLm0jEo7h6vLm0jEo7h6v3m18bhm7m18bhN:Cm0Rwm0Rwm0Rwm0Rwm0Roq8oq8oq8K
Size:	528616
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
Category:	dropped
Dump:	MsMpEng.exe.4.dr
ID:	dr_5
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997058960594315
Encrypted:	true
Ssdeep:	3072:/YoM4uKoRARRvz+egr3eKJ8YoM4uKoRARRvz+egr3eKJ8Z:d2Ab7+ti2Ab7+te
Size:	136656
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpLics.dll
Category:	dropped
Dump:	MsMpLics.dll.4.dr
ID:	dr_7
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9892399317731435
Encrypted:	false
Ssdeep:	384:jgek47zFTtMi0lTgxGDFMAGdxFeI5RnDbjqzOeV//U1nKI4WkBDb:jrZmTgaONBe6PjqhVneKFWkl
Size:	20728
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
Category:	dropped
Dump:	NisSrv.exe.4.dr
ID:	dr_8
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998600740865545
Encrypted:	true
Ssdeep:	49152:teeeeeeeek777777777777777777777777f:teeeeeeeek777777777777777777777T
Size:	2727416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\MpAsDesc.dll
Category:	dropped
Dump:	MpAsDesc.dll.4.dr
ID:	dr_21
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996943975006299
Encrypted:	true
Ssdeep:	1536:4x0xrsiymFX5XIXEa2v0FH8W0/t5Hnou29onmUwQwyfMs2XBvADx0xrsiymFX5XC:4SdsUCE1v0FH8lznorom+waMsGCDSdsJ
Size:	95032
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\MpClient.dll
Category:	dropped
Dump:	MpClient.dll.4.dr
ID:	dr_23
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996748410162103
Encrypted:	true
Ssdeep:	12288:Ugebsgebsgebsgebsgebsgebsgebsgebsgebsgebsgebsgebsgey:Uwwwwwwwwwwwwq
Size:	816888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\MpCmdRun.exe
Category:	dropped
Dump:	MpCmdRun.exe.4.dr
ID:	dr_25
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997306022028454
Encrypted:	true
Ssdeep:	12288:it2nciOut2nciOut2nciOut2nciOut2nciOut2nciOut2nciOut2nciOut2X:8+czo+czo+czo+czo+czo+czo+czo+cD
Size:	559272
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\MpDetours.dll
Category:	dropped
Dump:	MpDetours.dll.4.dr
ID:	dr_48
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996664817138886
Encrypted:	true
Ssdeep:	1536:yn1ehrrsuEBtb7i2/vkkCdAV0HZS6tM+kjxmEn1ehrrsuEBtb7i2/j:OoZrsD3krm0H8+klmsoZrsDb
Size:	102136
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\MpOAV.dll
Category:	dropped
Dump:	MpOAV.dll.4.dr
ID:	dr_50
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997209276443009
Encrypted:	true
Ssdeep:	6144:beorwLeorwLeorwLeorwLeorwLeorwLeorR:bp4p4p4p4p4p4pR
Size:	432376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\MsMpLics.dll
Category:	dropped
Dump:	MsMpLics.dll0.4.dr
ID:	dr_52
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.985481408740001
Encrypted:	false
Ssdeep:	384:duiViervDbJhYaII63yPvYcflFX7wsGCPSjiG42zZ:d9ie7ga5uGvYcDbPPSjiG1
Size:	12536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\X86\endpointdlp.dll
Category:	dropped
Dump:	endpointdlp.dll.4.dr
ID:	dr_19
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997088308723754
Encrypted:	true
Ssdeep:	12288:h/8xd/8xd/8xd/8xd/8xd/8xd/8xd/8xa:h0xd0xd0xd0xd0xd0xd0xd0xa
Size:	491256
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\endpointdlp.dll
Category:	dropped
Dump:	endpointdlp.dll2.4.dr
ID:	dr_181
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99711915752648
Encrypted:	true
Ssdeep:	12288:EmaGmEBmaGmEBmaGmEBmaGmEBmaGmEBmaGmEBmaGmEBmaGmEBmaGmEBm6:EmwEBmwEBmwEBmwEBmwEBmwEBmwEBmwd
Size:	631032
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\mpextms.exe
Category:	dropped
Dump:	mpextms.exe0.4.dr
ID:	dr_196
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99744391689749
Encrypted:	true
Ssdeep:	12288:SsTIYYsTIYYsTIYYsTIYYsTIYYsTIYYsTIYYsTIYYsTIYYsTIYS:SOIYYOIYYOIYYOIYYOIYYOIYYOIYYOI3
Size:	657288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\DefenderCSP.dll
Category:	dropped
Dump:	DefenderCSP.dll.4.dr
ID:	dr_54
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997267486627255
Encrypted:	true
Ssdeep:	6144:9S4ol5tM1VS4ol5tM1VS4ol5tM1VS4ol5tM1VS4ol5tMU:Cl5Eal5Eal5Eal5Eal5p
Size:	303336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\Drivers\WdBoot.sys
Category:	modified
Dump:	WdBoot.sys.4.dr
ID:	dr_56
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996060732676022
Encrypted:	true
Ssdeep:	768:JjIfq2XAg+piANO+N67K2y7ubSAWJfcY3XEzdqdqFwMF+15ybpe3cwSAZGAxRzpA:JjfjpiANOIkcCnWSeAdqRkCAOwMGAxR+
Size:	48536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\Drivers\WdDevFlt.sys
Category:	dropped
Dump:	WdDevFlt.sys.4.dr
ID:	dr_58
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997318090506148
Encrypted:	true
Ssdeep:	3072:xeV8DS/dNx6ghHOMvlIreV8DS/dNx6ghHOMvlIrM:b+dZhHOMtE+dZhHOMtf
Size:	135400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\Drivers\WdFilter.sys
Category:	dropped
Dump:	WdFilter.sys.4.dr
ID:	dr_60
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997677151396051
Encrypted:	true
Ssdeep:	12288:5aQujRXhlKaQujRXhlKaQujRXhlKaQujRXhlKaQujRXhlKaQujRXhlKaQujRXF:5ejVKejVKejVKejVKejVKejVKejL
Size:	433384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpAzSubmit.dll
Category:	dropped
Dump:	MpAzSubmit.dll.4.dr
ID:	dr_65
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997284229910663
Encrypted:	true
Ssdeep:	12288:C+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+b9w+bz:D
Size:	1409272
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe
Category:	dropped
Dump:	MpCmdRun.exe0.4.dr
ID:	dr_77
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998770343344661
Encrypted:	true
Ssdeep:	24576:lFFFFFPPD7SalPD7SalPD7SalPD7SalPD7SalPD7SalPD7Sao:LDWatDWatDWatDWatDWatDWatDWao
Size:	851472
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpDetours.dll
Category:	dropped
Dump:	MpDetours.dll0.4.dr
ID:	dr_79
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9973392585583865
Encrypted:	true
Ssdeep:	3072:h8V40xR1bPFLVn+fzqV8V40xR1bPFLVn+fzqV8V40xR1bg:h8Vl8Vl8V8
Size:	155880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpDlpCmd.exe
Category:	dropped
Dump:	MpDlpCmd.exe.4.dr
ID:	dr_81
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998128988326854
Encrypted:	true
Ssdeep:	6144:E3w96HMk3R9Mrt8rWtpHNDxDkR8rWtpHNDxDkR8rWtpHNDxDkR8rWtpHNDxDkR87:EA96HMk3Pat8ytDxwR8ytDxwR8ytDxwt
Size:	372176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpEvMsg.dll
Category:	dropped
Dump:	MpEvMsg.dll.4.dr
ID:	dr_83
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997433379800124
Encrypted:	true
Ssdeep:	3072:OtSBzPhpDw3kJ8o4zBPLcqon9ktSBzPhpDw3kJ8o4zBPLcqon9ktSBn:Ot+zPDM28lBLu9kt+zPDM28lBLu9kt+n
Size:	143592
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpUpdate.dll
Category:	dropped
Dump:	MpUpdate.dll0.4.dr
ID:	dr_88
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99696074893692
Encrypted:	true
Ssdeep:	3072:3W7oHlWzn3uXrpy8EIZoN3g0fzl+k+FcsW7oHlWzn3uXrpy8EIZoN3g0fzl+k+Fy:3pHlsneXrpy8ropg0fkcspHlsneXrpyf
Size:	151800
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpUxAgent.dll
Category:	dropped
Dump:	MpUxAgent.dll0.4.dr
ID:	dr_90
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996996217739292
Encrypted:	true
Ssdeep:	12288:jTrB9GWZTrB9GWZTrB9GWZTrB9GWZTrB9GWZTrB9GWZTrB9GWZTrB9GWZTrBr:jCwCwCwCwCwCwCwCwN
Size:	545000
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpLics.dll
Category:	dropped
Dump:	MsMpLics.dll1.4.dr
ID:	dr_92
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.989100319356466
Encrypted:	false
Ssdeep:	384:DjeJMqcjAdrTiKFZEZeGCJy4EKtYyRPzmeSqnchG+Ka1oRneRkQ0syaOiTxyfWmO:DiuqwAdrfZEZ/Lb0YIz8swueuQx6MAA7
Size:	20712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\X86\MpAsDesc.dll
Category:	dropped
Dump:	MpAsDesc.dll0.4.dr
ID:	dr_106
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997283046485531
Encrypted:	true
Ssdeep:	3072:kRZ4t8QNmUhFIRSkbAPERZ4t8QNmUhFIRSkbAPERZ4t8QNmUhFIRSkbAPl:kEaUhFQSrMEaUhFQSrMEaUhFQSrt
Size:	200936
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\X86\MpClient.dll
Category:	dropped
Dump:	MpClient.dll0.4.dr
ID:	dr_108
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998282337569285
Encrypted:	true
Ssdeep:	12288:3wABAwABAwABAwABAwABAwABAwABAwABAwABAwABxNNNB:J444444444V
Size:	898280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\X86\MpCmdRun.exe
Category:	dropped
Dump:	MpCmdRun.exe1.4.dr
ID:	dr_110
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998557735776328
Encrypted:	true
Ssdeep:	12288:qa1ra1ra1ra1ra160RfIc0RfIc0RfIc0RfIc0RfIc0Rf1:qiriririri68Ic8Ic8Ic8Ic8Ic81
Size:	694104
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\X86\MpDetours.dll
Category:	dropped
Dump:	MpDetours.dll1.4.dr
ID:	dr_113
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998267953201667
Encrypted:	true
Ssdeep:	3072:ZzmDF3q3IgOGSMjVeRk+/bvJmVJ5SSr5HRhW9OpcRLO1+:ia3IZGSIeL/bvI9NjW9Op0OY
Size:	102120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\X86\MsMpLics.dll
Category:	dropped
Dump:	MsMpLics.dll2.4.dr
ID:	dr_115
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.984040769870162
Encrypted:	false
Ssdeep:	192:6IYaztu/35CliacYlq44AXqjMebvkhfbE0Ar16WZ+pEYycdnUmx/kB+BUhNO06I:6/UlBcYlqhebe5gpqWUUWhA6
Size:	12520
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\X86\endpointdlp.dll
Category:	dropped
Dump:	endpointdlp.dll1.4.dr
ID:	dr_94
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	SysEx File - Matsushita
Entropy:	7.996960615945733
Encrypted:	true
Ssdeep:	12288:em2aTd8Jhm2aTd8Jhm2aTd8Jhm2aTd8Jhm2aTd8Jhm2aTd8Jhm2aTd8Jhm2aTdL:emkmkmkmkmkmkmkmb
Size:	503528
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\endpointdlp.dll
Category:	dropped
Dump:	endpointdlp.dll0.4.dr
ID:	dr_62
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997137656243514
Encrypted:	true
Ssdeep:	12288:YJEozvJEozvJEozvJEozvJEozvJEozvJEozvJEozvJEozvJEozz:YJ1J1J1J1J1J1J1J1J1Jx
Size:	643304
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\mpextms.exe
Category:	dropped
Dump:	mpextms.exe.4.dr
ID:	dr_85
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997049012125064
Encrypted:	true
Ssdeep:	24576:O6GA6GA6GA6GA6GA6GA6GA6GA6GA6GA6GA6GA6Ga:3000000000000z
Size:	855608
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html
Category:	dropped
Dump:	energy-report.html.4.dr
ID:	dr_153
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.994773682957383
Encrypted:	true
Ssdeep:	768:wc/7GXowv3PG8QXl+K+kKIHLb9hz17YnmaX219TPi+:wcaVQXl+QKIrzumaGTe+
Size:	35009
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	\Device\Harddisk0\DR0
Category:	dropped
Dump:	DR0.6.dr
ID:	dr_203
Target ID:	6
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998520351183541
Encrypted:	true
Ssdeep:	24576:39MKXf9MKXf9MKXf9MKXf9MKXf9MKXf9MKXf9MKXS2Bhq2Bhq2Bhq2Bhq2Bhq2Bf:3WKXfWKXfWKXfWKXfWKXfWKXfWKXfWKd
Size:	1114112
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes directly to the primary disk partition (DR0)	Persistence and Installation Behavior	Bootkit

Details

File:	C:\$Recycle.Bin\S-1-5-18\desktop.ini
Category:	dropped
Dump:	desktop.ini2.4.dr
ID:	dr_27
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.497547701109367
Encrypted:	false
Ssdeep:	3:Oejffbro7vp+15heU9NYmp74J/zoACMTlo+CHW7eBL8WCBI:xXrspS/eU84qcACMEGeAFBI
Size:	129
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Writes ini files	System Summary	File and Directory Discovery

Details

File:	C:\$Recycle.Bin\S-1-5-21-3425316567-2969588382-3778222414-1000\desktop.ini
Category:	dropped
Dump:	desktop.ini4.4.dr
ID:	dr_29
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.590570956923321
Encrypted:	false
Ssdeep:	3:OK7Zu0K7HCPgRh0UyNrPYdKkXfNOojm1wfQB4d9ln:OK7ZnK75htogdNfNRowfo4rl
Size:	129
Whitelisted:	false
Reputation:	low

Details

File:	C:\$Recycle.Bin\S-1-5-21-3425316567-2969588382-3778222414-1001\desktop.ini
Category:	dropped
Dump:	desktop.ini5.4.dr
ID:	dr_31
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.6739421778703205
Encrypted:	false
Ssdeep:	3:68WbyIrmCqO7nLnoNgHRNpbCy3GHQhIIbMOJNg5snKn:wbykqOtYyzUC25eKn
Size:	129
Whitelisted:	false
Reputation:	low

Details

File:	C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RdrManifest3.msi
Category:	dropped
Dump:	RdrManifest3.msi.4.dr
ID:	dr_35
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.988904599544381
Encrypted:	false
Ssdeep:	384:8vz+TqNdWozw/Op092nWuy0bGPl9CBWlpFKLMXN9:r3ocAhR8Z/8LMb
Size:	15872
Whitelisted:	false
Reputation:	low

Details

File:	C:\ProgramData\Intel\GCC\IGCCSvc.db
Category:	dropped
Dump:	IGCCSvc.db.4.dr
ID:	dr_46
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.990125847458792
Encrypted:	true
Ssdeep:	384:4St8oz7neHpu73rpJjLdS+0hPFJawOSyLnSNgp5KDodv9pdIERBIau6rVqjU:4Gvuu3pJ3dSdhPFJVy12odv/Ba6BqI
Size:	20480
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2021-09-03.txt
Category:	dropped
Dump:	gcc_svc_log_2021-09-03.txt.4.dr
ID:	dr_39
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	PGP\011Secret Sub-key -
Entropy:	7.810513707650727
Encrypted:	false
Ssdeep:	24:QmobeJOr8v1IRkGv0GDctNWAFETlueHnJyXpK2TLJ/gQB:NJOre+RXsGAuA+TVpQE2Hmy
Size:	1085
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2021-09-14.txt
Category:	dropped
Dump:	gcc_svc_log_2021-09-14.txt.4.dr
ID:	dr_40
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.956800411623677
Encrypted:	false
Ssdeep:	96:qSarGcjRBO74YgKEVCaWKRAP7ElQ8YGpxxA4PnknzWRlYkURXK8sBRYXa7:qSMGcjRU7VEVCaWKRAPoQ4p44PQk5UBK
Size:	4802
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2021-09-22.txt
Category:	dropped
Dump:	gcc_svc_log_2021-09-22.txt.4.dr
ID:	dr_41
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.961088457079815
Encrypted:	false
Ssdeep:	96:E6KIlh5e6uHqcSRb+wvPng72h9FrPOjPNvrYWKN5DDjWyLhuS:X5e6cqbRbFQi9VODN0WKffzuS
Size:	4802
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2021-09-30.txt
Category:	dropped
Dump:	gcc_svc_log_2021-09-30.txt.4.dr
ID:	dr_42
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.740439813546335
Encrypted:	false
Ssdeep:	12:mIDRNowXTshcySISBqzIxvnhtQ6kYhhI5mBdYomjG+8TrYfJNz8jWxh/gCV:lNlXTo3DSMmMYhhZBupiY3qWXoS
Size:	741
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2022-01-20.txt
Category:	dropped
Dump:	gcc_svc_log_2022-01-20.txt.4.dr
ID:	dr_43
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.7465590584273905
Encrypted:	false
Ssdeep:	12:APNHwUzKLfTTYb8PZFzEuqy9DY1vwpBVTvtBqBnYRuEhGQn3aFS9DT1jOWoOSNi:AP6UWLfFBEXmBtvtuYYkb3H9T8WoOSs
Size:	830
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2022-02-23.txt
Category:	dropped
Dump:	gcc_svc_log_2022-02-23.txt.4.dr
ID:	dr_44
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.858701760409601
Encrypted:	false
Ssdeep:	24:ah479msI6b5u5M/CHuS1kyX/fK0yyQEgYiDZhaUj8fzZcnRzX2l9:ah47BK5MKT1kyvfhJgYi1BjkzZcnRyb
Size:	1482
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Intel\GCC\gcc_svc_log_2022-03-02.txt
Category:	dropped
Dump:	gcc_svc_log_2022-03-02.txt.4.dr
ID:	dr_45
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.713314489025272
Encrypted:	false
Ssdeep:	12:y5l6jAMezU9GLh7ISCNvYy4WFcoeel53CdEeJRYsW5AEsAuy1/WQlOUQUjEF1AdU:ySj7F07JjiFbR3qfNnKuQl0ZFidA3q4Z
Size:	741
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml
Category:	dropped
Dump:	DeploymentConfig.1.xml.4.dr
ID:	dr_101
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.861180622969835
Encrypted:	false
Ssdeep:	24:U/5BcksjJU4fF+hks5oZrrg4FLqoyjPvOoikjcmnY/lHrzsI4cKB2hBYNLOyHeVE:EikC684kfrg4FmoyjeLtZEInKBjLOb6D
Size:	1382
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json
Category:	dropped
Dump:	TELEMETRY.ASM-WINDOWSSQ.json.4.dr
ID:	dr_120
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.5015053602235735
Encrypted:	false
Ssdeep:	3:pDFfAZWG21m2WzxvPx8:QEFax8
Size:	53
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json
Category:	dropped
Dump:	utc.allow.json.4.dr
ID:	dr_102
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998048200977907
Encrypted:	true
Ssdeep:	24576:W99999999999999999999VHk4Hk4Hk4Hk4Hk4Hkx:IkWkWkWkWkWkx
Size:	1769557
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json
Category:	dropped
Dump:	utc.app.json.4.dr
ID:	dr_103
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996590718561773
Encrypted:	true
Ssdeep:	1536:2fgepN51Ec0QnXNuMMVaiwzvk2S8IHESYVeKmQMNvxe13f8M6nfgepN51Ec0QnXO:cpNHT0kYsI2S8mEF59E7HpNHT0kY9
Size:	93837
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk
Category:	dropped
Dump:	utc.app.json.bk.4.dr
ID:	dr_122
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996793502485899
Encrypted:	true
Ssdeep:	1536:TTCWkkxnzaVvQqOPdcnjsSMcGZqObxqP/bHGk356tQ3Q4TCWkkxnzaVvQqOPdcnX:6PKuOqOmn4HqCxS/bH35H32PKuOqOmnX
Size:	93837
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json
Category:	dropped
Dump:	utc.cert.json.4.dr
ID:	dr_104
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.928243124082789
Encrypted:	false
Ssdeep:	48:GvvuYmbZgYCnbDATufHNBRAKkXHEn6qkDxNcIA2gt8cxp3MGZpg/tWY3O7+GlHle:GvuRZgYiDc8LAr3nqkdNcSgtdjnBAbEI
Size:	2723
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.bk
Category:	dropped
Dump:	utc.cert.json.bk.4.dr
ID:	dr_123
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9328195745154995
Encrypted:	false
Ssdeep:	48:GK2kaO38GsIUVN/oh3VWarBEZteWFoWAim2rCocF07XODs:GJhyVsI2NwT2Z8WZ/zcFYOg
Size:	2723
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json
Category:	dropped
Dump:	utc.privacy.json.4.dr
ID:	dr_128
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997364512036823
Encrypted:	true
Ssdeep:	24576:EaUaUaUaUaUaUaUaUaUaUaUaUaUaUaUaUaUaUam:F111111111111111111m
Size:	1226452
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json
Category:	dropped
Dump:	utc.tracing.json.4.dr
ID:	dr_130
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.259991029008325
Encrypted:	false
Ssdeep:	3:JasI62WIPlDix67El6Wn:JaUIPsx6gxn
Size:	41
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk
Category:	dropped
Dump:	utc.tracing.json.bk.4.dr
ID:	dr_131
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.113649565593692
Encrypted:	false
Ssdeep:	3:A57nG2R151LHQCU:cA
Size:	41
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl
Category:	dropped
Dump:	Diagtrack-Listener.etl.4.dr
ID:	dr_132
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996934473284421
Encrypted:	true
Ssdeep:	6144:pBhbLuFcYMgylPBhbLuFcYMgylPBhbLuFcYMgylPBhbLuFcYMgyl9:x3uqYMgcz3uqYMgcz3uqYMgcz3uqYMgu
Size:	262144
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\EventStore.db
Category:	dropped
Dump:	EventStore.db.4.dr
ID:	dr_47
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996891094853247
Encrypted:	true
Ssdeep:	1536:RVxXb9od1p40l9vPcW0KEIL+1JeOgVqJjTZ0jjcVxXb9od1p40l9vPcW0KEIq:nxxAnVD70tefVyjTZ0KxxAnVD707
Size:	98304
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db
Category:	dropped
Dump:	EventStore.db0.4.dr
ID:	dr_105
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9946343215589915
Encrypted:	true
Ssdeep:	768:cf6k4rJqbe9q+BxEPZPw5RH8r8tllbfbQXXEaJSIRRY3Eo/9Uq28dL:cSk8qSxXt3tzDcEjWwpeqLdL
Size:	32768
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db
Category:	dropped
Dump:	EventStore.db1.4.dr
ID:	dr_133
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.993034012155337
Encrypted:	true
Ssdeep:	384:3bDzdOhVM/JDK+4JJAHxkooThtJBy2IfQFTY9vXpR86TpsGgIKY5pr6w64Fe1Y2V:3bDzd3RK3S/atJGf28RX0eqtFY5prb6H
Size:	24576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Diagnosis\osver.txt
Category:	dropped
Dump:	osver.txt.4.dr
ID:	dr_67
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	3.321928094887362
Encrypted:	false
Ssdeep:	3:nES:j
Size:	10
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
Category:	dropped
Dump:	MicrosoftEdgeUpdate.log.4.dr
ID:	dr_124
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998220925258445
Encrypted:	true
Ssdeep:	12288:sLxELxELxELxELxELxELxELxELxELxELxELxELxELxELxELxELxELxHcQKcQKcQZ:sGGGGGGGGGGGGGGGGGFxKxKxKxKj
Size:	1450388
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml
Category:	dropped
Dump:	wlidsvcconfig.xml.4.dr
ID:	dr_125
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.986558560527615
Encrypted:	false
Ssdeep:	192:qqRT1Jz8HtB3ZNOw6NK+nfJFt1zxI0zRFe/PI9XnuZF88yZWiVCLY+tnLqvK8z:fzpAzZh6NTr1ztz3e/PWU8Ki8Yw2vB
Size:	12975
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml
Category:	dropped
Dump:	wlidsvcconfig.xml0.4.dr
ID:	dr_126
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.985366167860017
Encrypted:	false
Ssdeep:	192:inhHeMT/yhIv/0d6JZ+fq9CWoAmnzXyy5mATEjS6pqs1BgtQqZeolvqrA:EcxhIvMmLKzyvc65gyqeCvqrA
Size:	12703
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\MF\Active.GRL
Category:	dropped
Dump:	Active.GRL.4.dr
ID:	dr_68
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.987902765391793
Encrypted:	false
Ssdeep:	384:cNAZgvCSYeIyqKqm6++ySNvifkx9fpAQFOCHtPEnY6v98M:cNAGFY3yqKqm6Hfn1FOChJ6X
Size:	14972
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\MF\Pending.GRL
Category:	dropped
Dump:	Pending.GRL.4.dr
ID:	dr_69
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9873012090200755
Encrypted:	false
Ssdeep:	384:jZZcnAqj+1ria1zb2tqvmmicDO6EtnUK/X9lGaIsp3m:jPcnlj+B1zStYDmtUK/NsF
Size:	14972
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edb.chk
Category:	dropped
Dump:	edb.chk.4.dr
ID:	dr_70
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9780190277883
Encrypted:	false
Ssdeep:	192:GDNOYfq+jzYwGupC/KfHp2/vRoLYlxXbYxVMtF/TrXTmnB:uNFDnNC/KI/vwYlxXsxm7/TrXG
Size:	8192
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edb.log
Category:	dropped
Dump:	edb.log.4.dr
ID:	dr_71
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9970652346824815
Encrypted:	true
Ssdeep:	24576:Ot++TcTcTcTcTcTcTcTcTcTcTcTcTcTcTcTcTcTcTt:X+TcTcTcTcTcTcTcTcTcTcTcTcTcTcTd
Size:	1310720
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edb00001.log
Category:	dropped
Dump:	edb00001.log.4.dr
ID:	dr_127
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996850955264729
Encrypted:	true
Ssdeep:	24576:7grOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrOFkgrM:heeeeeeeeeeeeeeeeeeea
Size:	1310720
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs
Category:	dropped
Dump:	edbres00001.jrs0.4.dr
ID:	dr_139
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997126434306544
Encrypted:	true
Ssdeep:	24576:NiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiSSiS8:N3S3S3S3S3S3S3S3S3S3S3S3S3S3S3SM
Size:	1310720
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs
Category:	dropped
Dump:	edbres00002.jrs.4.dr
ID:	dr_140
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998376186732872
Encrypted:	true
Ssdeep:	24576:UynDkynDkynDkynDkynDkynDkynDkynDkynDkynDGQjQjQjQjQjQjQjQjQjQ8:eQjQjQjQjQjQjQjQjQjQ8
Size:	1310720
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log
Category:	dropped
Dump:	edbtmp.log.4.dr
ID:	dr_141
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99741001697355
Encrypted:	true
Ssdeep:	24576:GEBfQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8dQ8d:GI/JJJJJJJJJJJJJJJJJJd
Size:	1310720
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Category:	dropped
Dump:	qmgr.db.4.dr
ID:	dr_72
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998434172229092
Encrypted:	true
Ssdeep:	24576:YfXRfXRfXRfXRfXRfXRfXRfXRfXRfXRfXRfXRfXg9gckO9gckO9gckO9gckO9gcz:mX5X5X5X5X5X5X5X5X5X5X5X5XdTTTTq
Size:	1310720
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
Category:	dropped
Dump:	qmgr.jfm.4.dr
ID:	dr_142
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.989021494260307
Encrypted:	false
Ssdeep:	384:EDDB88rrRmHJESNsGQEq17ZBKlLnA3UtmIWteKi48XF9W:oBLYHJEislEq17ZKAEtmGKidi
Size:	16384
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Office\Licenses\5\Perpetual\21661362613886715948323998795
Category:	dropped
Dump:	21661362613886715948323998795.4.dr
ID:	dr_134
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.989251786079904
Encrypted:	false
Ssdeep:	384:FsahVOgNOYWjIkX4h9BTHE2BBAQoPgYh0TcmXsbmtrnvz:pFh9B38gk0sClvz
Size:	17748
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
Category:	dropped
Dump:	Windows.edb.4.dr
ID:	dr_144
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.999775896660703
Encrypted:	true
Ssdeep:	393216:IJcJcJcJcJcJcJcJcJg+++++++++++++++++++++++++++++++++++at7t7t7t7n:IJcJcJcJcJcJcJcJcJ4
Size:	25165824
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm
Category:	dropped
Dump:	Windows.jfm.4.dr
ID:	dr_145
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.990119805968218
Encrypted:	true
Ssdeep:	384:uQOV6uai3e2rTCnG9Y+DAjzmMJrao9C64cMXaU6ASPiLF:uLV6XiPqxjjr1IbKU6tC
Size:	16384
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp
Category:	dropped
Dump:	edb.jcp.4.dr
ID:	dr_146
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.973407698007657
Encrypted:	false
Ssdeep:	192:DPtlRjciWaHrv7nIJ0E0vXUvfBDb6m+Ssl/KUmEGifCLop1DyCgQgk:DPRYiWirC0PDj/gEjm+1zgQgk
Size:	8192
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx
Category:	dropped
Dump:	edb.jtx.4.dr
ID:	dr_147
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997435442500962
Encrypted:	true
Ssdeep:	24576:53G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3M:xUUUUUUUUUUUUUUUM
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0000C.jtx
Category:	dropped
Dump:	edb0000C.jtx.4.dr
ID:	dr_135
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997076573510593
Encrypted:	true
Ssdeep:	24576:8e/kmFGe/kmFGe/kmFGe/kmFGe/kmFGe/kmFGe/kmFGe/kmFGe/kmFGe/kmFGe/t:9kmFbkmFbkmFbkmFbkmFbkmFbkmFbkmj
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0000D.jtx
Category:	dropped
Dump:	edb0000D.jtx.4.dr
ID:	dr_136
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998494590500819
Encrypted:	true
Ssdeep:	24576:7E+wE+wE+wE+wE+wE+wE+wE+wE+wE+wE+Yw5Aw5Aw5Aw5Aw5O:gqqqqqqqqqqniAiAiAiAiO
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0000E.jtx
Category:	dropped
Dump:	edb0000E.jtx.4.dr
ID:	dr_137
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997287406962453
Encrypted:	true
Ssdeep:	24576:uJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM8vPJM1:xRRRRRRRRRRRRRRRH
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs
Category:	dropped
Dump:	edbres00001.jrs.4.dr
ID:	dr_138
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997295568128553
Encrypted:	true
Ssdeep:	24576:wP1P1P1P1P1P1P1P1P1P1P1P1P1P1P1Pc:wP1P1P1P1P1P1P1P1P1P1P1P1P1P1P1U
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs
Category:	dropped
Dump:	edbres00002.jrs0.4.dr
ID:	dr_143
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997139355840595
Encrypted:	true
Ssdeep:	6144:IWgyDDr4WgyDDr4WgyDDr4WgyDDr4WgyDDr4WgyDDr4WgyDDr4WgyDDr4WgyDDrb:7jjjjjjjjjjjjjjjf
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx
Category:	dropped
Dump:	edbtmp.jtx.4.dr
ID:	dr_148
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997538174320433
Encrypted:	true
Ssdeep:	24576:NUWUWUWUWUWUWUWUWUWUWUWUWUWUWUWUw:NUWUWUWUWUWUWUWUWUWUWUWUWUWUWUWZ
Size:	1048576
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db
Category:	dropped
Dump:	SmsInterceptStore.db.4.dr
ID:	dr_159
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997334213643632
Encrypted:	true
Ssdeep:	3072:ubnAVcdn/MN76oPKVbnAVcdn/MN76oPKVbnAVcdn/MN76oPKs:kEoEcFEoEcFEoEcs
Size:	196608
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm
Category:	dropped
Dump:	SmsInterceptStore.jfm.4.dr
ID:	dr_151
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.988908989669247
Encrypted:	false
Ssdeep:	384:8QOQNlz7m1QU2hM/048sJSl5hPWg1PX2efrBW:8bepbUuOUlrPW2G2rBW
Size:	16384
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk
Category:	dropped
Dump:	edb.chk0.4.dr
ID:	dr_149
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9794045665371245
Encrypted:	false
Ssdeep:	192:zSZRqb77qkqg6nocsNSoB9RKtxMsVUqGAy6mkRleZi4OX:zSZRqb77lqg6noJNSoBSzrUqG7kai3X
Size:	8192
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log
Category:	dropped
Dump:	edb.log0.4.dr
ID:	dr_150
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997085989201927
Encrypted:	true
Ssdeep:	1536:K5oz2uCZDH1MWH3z/ug+Lc9O0v5bcInZ5z6WWYzXcY2J5kZoIe8C3IbsIi4:K5W2lRHOC3yg+Lc0glcIZ5z+YzXEuGz6
Size:	65536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00003.log
Category:	dropped
Dump:	edb00003.log.4.dr
ID:	dr_154
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997267088200333
Encrypted:	true
Ssdeep:	1536:xPcPLyz67kDPWP7NNSlRMyN96pHD3sLz+o4ocy7:xPczy26MNNSlRHWx4n+o42
Size:	65536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00004.log
Category:	dropped
Dump:	edb00004.log.4.dr
ID:	dr_155
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997014258267293
Encrypted:	true
Ssdeep:	1536:88NkFZlnnBXdgfgiy5/QJrxKkEntWkT1HRpx+F4OcSL:GJnkfRy54ttEntzdzIFLL
Size:	65536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs
Category:	dropped
Dump:	edbres00001.jrs1.4.dr
ID:	dr_156
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997220984928526
Encrypted:	true
Ssdeep:	1536:W5qUHFgbG0vOGR/84afi66JzGYMF8K+FemJMaLsNd5iv:W0wqb7GT4ayGY4bxmJMaWdo
Size:	65536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs
Category:	dropped
Dump:	edbres00002.jrs1.4.dr
ID:	dr_157
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996912066935962
Encrypted:	true
Ssdeep:	1536:UbzSodZEGwCgmVUTDu1Ny588F9bQ0B3A6l675mpX:loHEGwdmWINij3bQ0Bmk
Size:	65536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log
Category:	dropped
Dump:	edbtmp.log0.4.dr
ID:	dr_158
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997239970929628
Encrypted:	true
Ssdeep:	1536:/88ue9kUvngCpb2txbErmoZnA20vSubkY:UHe9kOLb2rbErmoZAvSakY
Size:	65536
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
Category:	dropped
Dump:	guest.bmp.4.dr
ID:	dr_160
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997212221997719
Encrypted:	true
Ssdeep:	6144:upQ4vuTwPGApQ4vuTwPGApQ4vuTwPGApQ4vuTwPGApQ4vuTwPGApQ4vuTwPGApQw:6G8fG8fG8fG8fG8fG8fG8fG8fG8fT
Size:	602168
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\guest.png
Category:	dropped
Dump:	guest.png.4.dr
ID:	dr_161
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.971988476503295
Encrypted:	false
Ssdeep:	96:0mpwUKYAACGupx4Sm8m6fjWXybGwQveILCEIW91335jfVj0GP6YKJof:0mpIYAAjuYSmIfj+jnLCEIM1339fgLJa
Size:	6053
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-192.png
Category:	dropped
Dump:	user-192.png.4.dr
ID:	dr_162
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.924224155400615
Encrypted:	false
Ssdeep:	48:6jUO/n1RSCm3LdDaj3e6rIbtv4qtv+pxCCdG5ss3q1eF:6/n1RO3Ld+j3e6s5vLtJCisv1s
Size:	2392
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-32.png
Category:	dropped
Dump:	user-32.png.4.dr
ID:	dr_165
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.459877768664658
Encrypted:	false
Ssdeep:	12:H7KuhJGq1HlKqWlLNWpC/5o040eJ/bJ+pNUUJv:HNjGmCWU/5on0wzJMeUB
Size:	441
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-40.png
Category:	dropped
Dump:	user-40.png.4.dr
ID:	dr_166
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.614958024012289
Encrypted:	false
Ssdeep:	12:67es2BHoLX0p1yvCsj62QfB6D59SeEtadrCnLRpY61vKtsJKCo50n:67es2ZoLX212jxQfMHTv2PYUKsKCo50
Size:	525
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-48.png
Category:	dropped
Dump:	user-48.png.4.dr
ID:	dr_167
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.726659329597286
Encrypted:	false
Ssdeep:	12:O40kXgz2iODua9rCD5URRiQTLDxuCb5yeeBQQHRaq+JYDxlyIFloykO4:OIa2tBlMOkQTL71wBQPq+YDuIFa
Size:	617
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
Category:	dropped
Dump:	user.bmp.4.dr
ID:	dr_168
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.996885951799525
Encrypted:	true
Ssdeep:	6144:Ei4L5KaZpFi4L5KaZpFi4L5KaZpFi4L5KaZpFi4L5KaZpFi4L5KaZpFi4L5KaZp6:cKalKalKalKalKalKalKalKalKaq
Size:	602168
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user.png
Category:	dropped
Dump:	user.png.4.dr
ID:	dr_169
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.970669049515044
Encrypted:	false
Ssdeep:	96:ltZmU0tvb/7QmX7rrqnH8t5hlLI92Yp1WFiwdNq5yZ+NwZspM/HSp9Xe3rS:lvTwbFX73q2PInbedEjuZsTe3e
Size:	6053
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
Category:	dropped
Dump:	Policy.vpol.4.dr
ID:	dr_152
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.491716135770952
Encrypted:	false
Ssdeep:	12:bfLIXpGPrjE0RAROn9gEpomRNZRLjoze7dg3R/Jeq:/IXpGPM0GROn9Lpb88CR/JH
Size:	444
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
Category:	dropped
Dump:	mpasdlta.vdm.4.dr
ID:	dr_163
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998986034574037
Encrypted:	true
Ssdeep:	98304:0mUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUmUo:pJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJz
Size:	5596592
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm
Category:	dropped
Dump:	mpavdlta.vdm.4.dr
ID:	dr_164
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998302745377061
Encrypted:	true
Ssdeep:	98304:ImmmmmmmmmmmmmmIhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhw:ImmmmmmmmmmmmmmH
Size:	4019120
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg
Category:	dropped
Dump:	mpengine.lkg.4.dr
ID:	dr_175
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.99952710003847
Encrypted:	true
Ssdeep:	393216:zIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIID:zIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIw
Size:	15846512
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log
Category:	dropped
Dump:	Detections.log.4.dr
ID:	dr_117
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	ISO-8859 text, with no line terminators
Entropy:	1.0
Encrypted:	false
Ssdeep:	3:in:in
Size:	2
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log
Category:	dropped
Dump:	History.Log.4.dr
ID:	dr_119
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.9839948470119095
Encrypted:	false
Ssdeep:	3:ldc81/GJ8tA7mpATZjPbF1f3:LjGMpABPbF1f3
Size:	78
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log
Category:	dropped
Dump:	Unknown.Log.4.dr
ID:	dr_121
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.864726676381293
Encrypted:	false
Ssdeep:	3:M8CsxOQEiZ8CU7ip2sHkiGZr1/0:M2EiSDK2sEiGj/0
Size:	74
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
Category:	dropped
Dump:	mpenginedb.db.4.dr
ID:	dr_3
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9982195452073785
Encrypted:	true
Ssdeep:	24576:tlqeFlqeFlqeFlqeFlqeFlqeFlqeFlqeFlqeFlqeFlqeLJJJK:tlrFlrFlrFlrFlrFlrFlrFlrFlrFlrFu
Size:	929792
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-wal
Category:	dropped
Dump:	mpenginedb.db-wal.4.dr
ID:	dr_4
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.998555874312047
Encrypted:	true
Ssdeep:	24576:7XNXNXNXNXnVa2fVa2fVa2fVa2fVa2fVa2fVa2fVa2fVa2fVa2fVZ:D1111Va29a29a29a29a29a29a29a29ak
Size:	1009432
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml
Category:	dropped
Dump:	AppxProvisioning.xml.4.dr
ID:	dr_170
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.991188067921473
Encrypted:	true
Ssdeep:	384:gfIDXXWgqD6I3gYpL7Oi7geLVzYk7cI1ugxKsQ+uHIO5iYgfpj/GX:gGzwH0UVzYT+vQ+uHifs
Size:	20377
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
Category:	dropped
Dump:	cversions.2.db.4.dr
ID:	dr_171
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.987968896799018
Encrypted:	false
Ssdeep:	384:azFEZvuYVh+ZeLcg2/e89He3NsjOV7ASLv64eOftB:aEZvuYVhGeIX59HeuCV8SLvfeOlB
Size:	16384
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx
Category:	dropped
Dump:	dmrc.idx.4.dr
ID:	dr_172
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997439756495798
Encrypted:	true
Ssdeep:	12288:LHCLoHCLoHCLoHCLoHCLoHCLoHCLoHCLoHCLoHCLoHCLA:LHC0HC0HC0HC0HC0HC0HC0HC0HC0HC0h
Size:	715976
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json
Category:	dropped
Dump:	ASAP_CloudPolicy.json.4.dr
ID:	dr_173
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9230457798346965
Encrypted:	false
Ssdeep:	48:qKAkdsOyf1W/60gsEnEmqiQ2NFW3BMPVLTb9IFdDqkO6+dxLv:UQLViZsEnEpl3B0VLTb9IFdDq6+fv
Size:	2019
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json
Category:	dropped
Dump:	CTAC.json.4.dr
ID:	dr_187
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.997018851145907
Encrypted:	true
Ssdeep:	1536:n6GfXkKJUUGkNoMIOM5YHzCDBxURMmfFsRFBqHzo26J5QWz5DWaXzG:6GfF8kNNIxYTCD4S4TpEN4
Size:	67421
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json
Category:	dropped
Dump:	CortanaUWP.json.4.dr
ID:	dr_185
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.105794762530013
Encrypted:	false
Ssdeep:	6:xJv3Ud8kxeyMkBN7vBG72rnxyyB774IaaD/3on:7cd8jy3PvcqQq/Y
Size:	259
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json
Category:	dropped
Dump:	DirectXDbVersion.json.4.dr
ID:	dr_189
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.422329508595745
Encrypted:	false
Ssdeep:	3:z+jNCMzslWCzwQSwG0kn:G0MzEWCUKYn
Size:	51
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\FeatureConfig.bak.json
Category:	dropped
Dump:	FeatureConfig.bak.json.4.dr
ID:	dr_191
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.993841908591488
Encrypted:	true
Ssdeep:	768:kaA3Kl9nd13va43ijs8dCF3yBNqU/y23WCoX0m:kaA6ry8kfBbmCe0m
Size:	30501
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\FeatureConfig.json
Category:	dropped
Dump:	FeatureConfig.json.4.dr
ID:	dr_193
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.994486733957543
Encrypted:	true
Ssdeep:	768:dg6KAPbpfByK5ThJreBnx5ImMbfyVxuVf7x7Eg/n:K6xpgYTGx+Pvl/n
Size:	31213
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json
Category:	dropped
Dump:	StorageGroveler.json.4.dr
ID:	dr_195
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.537044778834531
Encrypted:	false
Ssdeep:	12:IYqS3Zo5bSYRXZ8Ety/t8SEl4ltkVbO+nUQuUp:PeSu8iy/tbO4ltM64z
Size:	413
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json
Category:	dropped
Dump:	TroubleshootingSvc.json.4.dr
ID:	dr_197
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	5.576977058336781
Encrypted:	false
Ssdeep:	3:riA0Kg7o8XXfMZuhdS+Un:BI00QX
Size:	53
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json
Category:	dropped
Dump:	UsoSettings.json.4.dr
ID:	dr_199
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.842908709451722
Encrypted:	false
Ssdeep:	24:tbIvb9vJf671uoLfFF1fLJOmkqzL+3n4qb7NoqzjUOkC7b6RvXiBnhlf:d0SfZlJk0S/7b/3fb6RvyBhV
Size:	1271
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\config.json
Category:	dropped
Dump:	config.json.4.dr
ID:	dr_183
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.965361033224225
Encrypted:	false
Ssdeep:	96:CMfm7fGBWuPkNUkDbHemDaXxm71Ev1Akq8rYlM3beYSqCHybX4Kx8gNp:M7feDklHdDaXs7q9WKYl44DKegNp
Size:	5382
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
Category:	dropped
Dump:	Acrobat Reader DC.lnk0.4.dr
ID:	dr_26
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.899949673986293
Encrypted:	false
Ssdeep:	48:EGlhyKjiBk3rkNboW842SFRsqmo5hlm2s3qF9auazFeAahuonoCrr+:xlkKUk3L4WE5hlvs6F9/a8hl5r6
Size:	2136
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
Category:	dropped
Dump:	desktop.ini3.4.dr
ID:	dr_28
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9274702358258775
Encrypted:	false
Ssdeep:	48:SA6C3zal7HMXC6fbobOQWm4bB2PCWJyqSl3Aegj1p4/1XRvPHpF1d+D1+sg94m+S:6IU7HqC6sOTmrCW4qm3fNXRpFSJLgOs9
Size:	2850
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk
Category:	dropped
Dump:	dfrgui.lnk.4.dr
ID:	dr_30
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.832657865961017
Encrypted:	false
Ssdeep:	24:NxBGKiLgKXA9BS3gz7IZ7lsK7L35lMCFudjZyWAzVk1goooKD32fFelhiIw:bAKiUvBJz7Ixfv5lvFu6rVkyovK6faiz
Size:	1158
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
Category:	dropped
Dump:	services.lnk.4.dr
ID:	dr_32
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.8398711154727145
Encrypted:	false
Ssdeep:	24:z6NruFtKShZaoTpnhB3tPKErpSy/8IYw8lhHrXaLgQX/LMCZ:zIruFtDZaoTRhBdfwy/8IT8lBmZXjXZ
Size:	1158
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk
Category:	dropped
Dump:	AutoIt Help File.lnk.4.dr
ID:	dr_34
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.807336444074934
Encrypted:	false
Ssdeep:	24:9RAcmWu8dJUGtaRBJF7rI4VMIoI+9I5izRTv/QVoPn1HS:UWtaRVfII+9I5yLIVo9S
Size:	1077
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk
Category:	dropped
Dump:	Check For Updates.lnk.4.dr
ID:	dr_36
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.840399170222723
Encrypted:	false
Ssdeep:	24:RD+g6veRnGQR9HBdeDJvuy7jXivnbR+FLGsm+oWuWaHRFz7jyQPA1oi:tz/G2IGynXivbR+vm+otRxdazf
Size:	1234
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk
Category:	dropped
Dump:	Examples.lnk.4.dr
ID:	dr_49
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.821201436733058
Encrypted:	false
Ssdeep:	24:WW9cylo8b4JJSK1cUwFg0wwBrw9fd27ZtA3rrw8BaxfJsEAM:roHJn1UVY9f867rvUfsE1
Size:	1065
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk
Category:	dropped
Dump:	Run Script (x64).lnk.4.dr
ID:	dr_51
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.830393364354571
Encrypted:	false
Ssdeep:	24:2TrevTsG6Rk/f2H3rxPe+ckAe6bTqjP/0AF+KCAIdraMrh:2TrevQAfGrx2+ckAKEO+KCTraOh
Size:	1104
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk
Category:	dropped
Dump:	Run Script (x86).lnk.4.dr
ID:	dr_53
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.826603055750584
Encrypted:	false
Ssdeep:	24:qr4ajgCBzV2Br77VZwMGvsdmO9oMMK3jwA3qodR75/Tq:qkazBx2pzwamOaXKTwAj/7Zq
Size:	1082
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk
Category:	dropped
Dump:	SciTE Script Editor.lnk.4.dr
ID:	dr_55
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.8453409602456405
Encrypted:	false
Ssdeep:	24:cz0LMXxIby850GFthNvL1HnCNvgSKabsyzGGi4flxz0kPgem1OXTGJTC:cQLIIxtrpHSvRK2BzzhI6sTC
Size:	1180
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
Category:	dropped
Dump:	Excel.lnk.4.dr
ID:	dr_75
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.921388301557703
Encrypted:	false
Ssdeep:	48:5zz/LxxV8MLDbXlwjgi3/xiaG5pGIfiBQOEuSnU5eaFX/nmA1rxx+hV1/B9JT+gZ:dLX/ijgisR5p7fiWOEuSUN9+Arx+T1pl
Size:	2413
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
Category:	dropped
Dump:	Firefox.lnk0.4.dr
ID:	dr_76
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.808400289569847
Encrypted:	false
Ssdeep:	24:3us+MrYU0gnrLmn+CrNf081jX0LVEcyOztS9ezphONiy:3us+M8U/ri+CV4LVEHORSihO8y
Size:	1005
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Category:	dropped
Dump:	Google Chrome.lnk0.4.dr
ID:	dr_57
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.901409133277432
Encrypted:	false
Ssdeep:	48:fIYRwp3UFrhbsGK70uKf+XE3AbjhTP+VVuD5d/QyeSuBrLI:fTwpOK75vUQJG2voDZLI
Size:	2112
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
Category:	dropped
Dump:	Microsoft Edge.lnk0.4.dr
ID:	dr_59
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.918805719510396
Encrypted:	false
Ssdeep:	48:UV1xHwY/IaMkgnb6bksg41I340ltcXrBa9/:UV1xQY/Iavgnews31Iz0rgV
Size:	2438
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
Category:	dropped
Dump:	OneDrive.lnk.4.dr
ID:	dr_96
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.926398066052481
Encrypted:	false
Ssdeep:	48:Y6BuYFzn2NotgES8GmfepT2o6N109BNT9q2QFI0f+dVGNn67hp:Y69z2egERfepK5N10rd9qLI02d+nSp
Size:	2250
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
Category:	dropped
Dump:	OneNote.lnk.4.dr
ID:	dr_97
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.925920907282698
Encrypted:	false
Ssdeep:	48:bKXiEShVkJ1IksKMZTwD4RppK4fTbhi4eySbCgHZIQ1jpYsVqNjmZl20:bKXLKeb34PRppDTbkrlbtZI4FqNjwo0
Size:	2393
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
Category:	dropped
Dump:	Outlook.lnk.4.dr
ID:	dr_98
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.926901170175157
Encrypted:	false
Ssdeep:	48:4AGOHyeaJnu95FT1wUULJ69tKO+t+/o0Ic0+pu9jG7rhALHqQt:QOShJnc5FT1gN69x+/F+AGRALHqu
Size:	2407
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
Category:	dropped
Dump:	PowerPoint.lnk.4.dr
ID:	dr_99
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.919512041147782
Encrypted:	false
Ssdeep:	48:VyadbXJDO5c6mgEUZ59RIHdeObowfyo32ojS9zqJ0R+ypq1r:YadbZwZvvhRIfoqnwqqR+y0r
Size:	2450
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini
Category:	dropped
Dump:	desktop.ini8.4.dr
ID:	dr_61
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.811481984464078
Encrypted:	false
Ssdeep:	3:li0EPmLrRgzF3i0MKszXWVvgkFpM3nbCpj9Sy5zuoGVTqbUuSs89l0z:lX+mPRopMKszm2Mp6bk9Sy5zn5bUu890
Size:	174
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\jbxinit.au3
Category:	dropped
Dump:	jbxinit.au3.4.dr
ID:	dr_63
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9529324249275914
Encrypted:	false
Ssdeep:	96:02X/NNtGsJOVWvw1sL4q5k0rAjp/CsiRty/Ke0hF:02vhGsJKsw6LNMjdbi/UKj
Size:	4336
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk
Category:	dropped
Dump:	Task Manager.lnk.4.dr
ID:	dr_66
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.830303410593617
Encrypted:	false
Ssdeep:	24:RfuMILVjMXTCzyozpMfJ7s/X59MNSRYAyo4CJ44EbIInUrSR:cMILqXTSywps6Tg2YY4+43DESR
Size:	1120
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini
Category:	dropped
Dump:	desktop.ini9.4.dr
ID:	dr_64
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.3157832736608155
Encrypted:	false
Ssdeep:	6:Uc/zAKphlB3WzF3hDv+1GLLuR2KdE31kmDAp4BZSWTvmW7HIwXaE:5hh3EFRD6wKg1kWZ/hTJo2R
Size:	338
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf18E.tmp\Speech Recognition.lnk
Category:	dropped
Dump:	Speech Recognition.lnk.4.dr
ID:	dr_80
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.826927726331741
Encrypted:	false
Ssdeep:	24:/HMMV+DHCjdra4pz/YrnOCM1R0K6SAmck+v4srsp8Mt2VHA3WypE:fMMVcij1pzKOCXK6aN+JrsLt2Vg3WypE
Size:	1244
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf18E.tmp\desktop.ini
Category:	dropped
Dump:	desktop.ini12.4.dr
ID:	dr_78
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.458378344187928
Encrypted:	false
Ssdeep:	6:Dx7xXEINPIr0yzighBH8VmTSCHvYGhV2oEvJ/dvGSy9wHTMsGrQO8Qn+f5Lsao+B:DRxXE2M/BHIkzhUoEtBGSOnMhQAsaoZ4
Size:	370
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf382.tmp\About Java.lnk
Category:	dropped
Dump:	About Java.lnk.4.dr
ID:	dr_82
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.917574336532396
Encrypted:	false
Ssdeep:	48:wYlZNoXD7kooJg0qrYX0hMPlTy/35b+QMHdDyJ:vNoX/HMqT+4pb+QMHcJ
Size:	2132
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf382.tmp\Check For Updates.lnk
Category:	dropped
Dump:	Check For Updates.lnk0.4.dr
ID:	dr_84
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.901527072941599
Encrypted:	false
Ssdeep:	48:qzuLWjIFXBk3itEmuHn3S3Fg9fqVnAILgGpr0bVAga:hLCqRk3itEmuHn3MFm4nA7z5o
Size:	2150
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf382.tmp\Configure Java.lnk
Category:	dropped
Dump:	Configure Java.lnk.4.dr
ID:	dr_86
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.913814438219541
Encrypted:	false
Ssdeep:	48:FITFqcTo1arzHkWGvEFGXKzf9D6KNPwsy9biDrJxg3it5D:DIrzEZvzXg9D/NYJ+D3g32D
Size:	2108
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf382.tmp\Get Help.url
Category:	dropped
Dump:	Get Help.url.4.dr
ID:	dr_87
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.94137495532049
Encrypted:	false
Ssdeep:	3:2GLrNBKErp0J41rkUz8wRg+ZNQDUuT6m7zpaXLKnes7s7saVTUV1U4nhfKRhkyZk:2GLrNB8J45kUEem7FSYXs7sNychskKlK
Size:	188
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tmf382.tmp\Visit Java.com.url
Category:	dropped
Dump:	Visit Java.com.url.4.dr
ID:	dr_89
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.004487091903072
Encrypted:	false
Ssdeep:	3:dpcqduzby2AX9r480fNGhIGfryzqOHBlpiHoqYXBoFl4QlvqnU3/V+CZgbtPJpTd:Yq3d2PN2IGf+GOFi2Hgqa+sg9JlvoA/
Size:	184
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfB3.tmp\Desktop.ini
Category:	dropped
Dump:	Desktop.ini.4.dr
ID:	dr_91
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.841571377237802
Encrypted:	false
Ssdeep:	3:jhOqz+NP2J5kiA4YP8IIvHW+TznoapfKRHB3onLcZnOAPbufUXStCVeXo:jh8YDqtIvHW+Tzh8Rh38cMu+ULuo
Size:	170
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Math Input Panel.lnk
Category:	dropped
Dump:	Math Input Panel.lnk.4.dr
ID:	dr_95
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.849098730604613
Encrypted:	false
Ssdeep:	24:hrDzFdmlsqS2IpSrOO2uUN87IM62odGC5atBXJg6RNg:1H8S2IYEoo41tBXJO
Size:	1199
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Notepad.lnk
Category:	dropped
Dump:	Notepad.lnk.4.dr
ID:	dr_107
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.846172640218983
Encrypted:	false
Ssdeep:	24:jw0uHQ8XLgqe2uCBnL8zfNajDhLnwb69WEPYwQlyxTVTBRfUYrnYLW:AH1LpyFajDqG9WVlyx1UYrYLW
Size:	1175
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Paint.lnk
Category:	dropped
Dump:	Paint.lnk.4.dr
ID:	dr_109
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.814603387781195
Encrypted:	false
Ssdeep:	24:iadEVDzk4zRNAksC4pmVxH6Jz1RQPvB7JehtjmgutovjwK:9dkY4t+BK/p1+tjd7H
Size:	1131
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Quick Assist.lnk
Category:	dropped
Dump:	Quick Assist.lnk.4.dr
ID:	dr_111
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.8305336408799215
Encrypted:	false
Ssdeep:	24:K8NB9z70QDnDkS8WVYSIWnQ4TmscEcWqO71xnlSgMTMm:K8NX0MMmYu5mBEcWhxlSgMom
Size:	1181
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Snipping Tool.lnk
Category:	dropped
Dump:	Snipping Tool.lnk.4.dr
ID:	dr_112
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.806330894868045
Encrypted:	false
Ssdeep:	24:975ikeIgrY2ZbFMDV6zLHuc84repBreMfMcXSb7//QKGi5d:bwYYK6zLHwCMHM7fzd
Size:	1134
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Steps Recorder.lnk
Category:	dropped
Dump:	Steps Recorder.lnk.4.dr
ID:	dr_114
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.809497291714697
Encrypted:	false
Ssdeep:	24:uWYmRs5geF59VXpxM2/6ZChVw7tsT7EuLzcNPgO19x+:FbaV9VXp62q6VwxU7DcNP2
Size:	1113
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\Wordpad.lnk
Category:	dropped
Dump:	Wordpad.lnk.4.dr
ID:	dr_116
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.844108842122346
Encrypted:	false
Ssdeep:	24:9I2FCdIMmsHPvr0lT4Azda97aTgKc5rSFqv/yoayag:7IdvmsHPvrCSasKc5+uDa2
Size:	1171
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmfFEEE.tmp\desktop.ini
Category:	dropped
Dump:	desktop.ini13.4.dr
ID:	dr_93
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.89098736457184
Encrypted:	false
Ssdeep:	24:AlFyvOa2BAiMTCjjNP1MhauWQgC5EVnUogOmkuOnuoDPQCjZ/n4tz/lKVt4GPbEx:aFBa2BApTwtMZTNEVnUJOmkuoJjVnK9r
Size:	1472
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini
Category:	dropped
Dump:	desktop.ini14.4.dr
ID:	dr_118
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.999153405090017
Encrypted:	false
Ssdeep:	6:IcKIfLkG6IS4gW2suhGKExlIC1onfazR/NJeH:IcKIDkjWPuQKSS8hNQH
Size:	218
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
Category:	dropped
Dump:	Word.lnk.4.dr
ID:	dr_100
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.925711589651927
Encrypted:	false
Ssdeep:	48:0Iv9JEYnQ1JckX90enr7eyJHUDUZpIOgWc+GwtyXbuWPjcvOLjLKiWlfc0n4dtp:xnzqG+rneq0AfURTlPGOLC5fJnup
Size:	2451
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
Category:	dropped
Dump:	desktop.ini11.4.dr
ID:	dr_74
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	COM executable for DOS
Entropy:	7.519819909835654
Encrypted:	false
Ssdeep:	12:udeqAALOw3D17+FeOcX7iwGXJ6OP6J6ZYR:Weq/kFRcX7iRJlCJ6M
Size:	400
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
Category:	dropped
Dump:	desktop.ini10.4.dr
ID:	dr_73
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.852173452633363
Encrypted:	false
Ssdeep:	3:alJe7/8BoBVXyCpGYs+LCohGKYhdeZTqbtS7H+smY+PZH5k1g6KtBQ1lq/Cno0sr:ee7oUVdPsGrhnMdeZTqJeH+pTP5sTvEN
Size:	174
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Mozilla\profile_count_308046B0AF4A39CB.json
Category:	dropped
Dump:	profile_count_308046B0AF4A39CB.json.4.dr
ID:	dr_6
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.0705959688345175
Encrypted:	false
Ssdeep:	3:pGRvYR3mvIAStyLAykHR3HIWGn:kRvY1mQAS0w3A
Size:	78
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\active-update.xml
Category:	dropped
Dump:	active-update.xml.4.dr
ID:	dr_9
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	DOS executable (COM, 0x8C-variant)
Entropy:	7.840002737076578
Encrypted:	false
Ssdeep:	24:rjWF0jqvMwCg+VMzDsYWfjrh3qJU5QW//1tKfBk1VJ5v7fil9i:fFqEwN++zQj1qJQuc5vOa
Size:	1089
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.json
Category:	dropped
Dump:	update-config.json.4.dr
ID:	dr_10
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.091693564605415
Encrypted:	false
Ssdeep:	3:FeqlBcwg6dkLJ559cVjAcH+5j2kjU:g6mL2Fe92kA
Size:	79
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\0\update.status
Category:	dropped
Dump:	update.status.4.dr
ID:	dr_129
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	PGP\011Secret Sub-key -
Entropy:	3.584962500721156
Encrypted:	false
Ssdeep:	3:bv0n:j0
Size:	12
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Oracle\Java\installcache\baseimagefam8
Category:	modified
Dump:	baseimagefam8.4.dr
ID:	dr_20
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	empty
Entropy:	0.0
Encrypted:	false
Ssdeep:	3::
Size:	0
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\log.txt
Category:	dropped
Dump:	log.txt.4.dr
ID:	dr_12
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.212788929928609
Encrypted:	false
Ssdeep:	6:29c9zMA2X/jvhUuMZ3eugru/uIf85vn9y2iLAuEGYq:h9z4rvh3I0u/hf85vntiNqq
Size:	247
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Category:	dropped
Dump:	Acrobat Reader DC.lnk.4.dr
ID:	dr_13
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.925708571866371
Encrypted:	false
Ssdeep:	48:yRw5ZsOiOqKJgqA/2xqobiDCwooQZvAhGATNIWou:7Zs7OUqAuxqYXZIRIS
Size:	2124
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Desktop\Firefox.lnk
Category:	dropped
Dump:	Firefox.lnk.4.dr
ID:	dr_11
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.781659526819438
Encrypted:	false
Ssdeep:	24:1iz+ES8xEc6XI2oIwiU/BFgVgeM6DLntqdGjiHs1skZckKbBNhE6:0z9S8eciI2oz/BmVgwnXi/Bfd
Size:	993
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Desktop\Google Chrome.lnk
Category:	dropped
Dump:	Google Chrome.lnk.4.dr
ID:	dr_14
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.914387043433392
Encrypted:	false
Ssdeep:	48:C9DXtHiwXbGY7SzMLuXKN/UDtufPkTu1bLJXohWIbTwGu:6tCkbguIYfs6PYh5Twp
Size:	2100
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Desktop\Microsoft Edge.lnk
Category:	dropped
Dump:	Microsoft Edge.lnk.4.dr
ID:	dr_15
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.9228492423215755
Encrypted:	false
Ssdeep:	48:HF0oXk2pM4O3LGBCAj00KqnZaSu9QA7pLDYzhcq:l0oXbpVOaBCAj00RnZaSRUpvwcq
Size:	2276
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Desktop\desktop.ini
Category:	dropped
Dump:	desktop.ini6.4.dr
ID:	dr_37
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.868006139427407
Encrypted:	false
Ssdeep:	3:DD3eRhLMADmmcPuja5E0UhtJAPO7WwdIxs6wOpn24S5Vo+YwRzoQVy:DD3S3mmcPuiE0ykPUWwdMsbOpEVswRzE
Size:	174
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Documents\desktop.ini
Category:	dropped
Dump:	desktop.ini.4.dr
ID:	dr_16
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.235264781500162
Encrypted:	false
Ssdeep:	6:AX5rGZfNyf5cJlE+z9MOacOJZgnjGQDBqs+AroBMFgdPOY5:AX5IecJlJ1mZgjFqsPryMFM
Size:	278
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Music\desktop.ini
Category:	dropped
Dump:	desktop.ini0.4.dr
ID:	dr_17
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.446278003216274
Encrypted:	false
Ssdeep:	6:M2qRXX2KMFqc31QBMFR9B4p+rzLXzYrqAFKPqURkRjBFF6Kxsc86XmoN:dqxXmTU2K+HP7AC6RVFh46Xn
Size:	380
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Pictures\desktop.ini
Category:	dropped
Dump:	desktop.ini1.4.dr
ID:	dr_18
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.479238947688677
Encrypted:	false
Ssdeep:	6:0nE+COe7Iuj8F8hMMdMcLFj/OK5JRxnN0B2H95DpwPNagKI+ntXw7baVhlv698ZS:0ZuhRxj/OKbRxnq8YcgKIYtXSbaVSm0
Size:	380
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\Public\Videos\desktop.ini
Category:	dropped
Dump:	desktop.ini7.4.dr
ID:	dr_38
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	7.461363775665883
Encrypted:	false
Ssdeep:	6:bvWkf5BNAAnQRZpm2dz1ucMBrKLpyfLXx6gFDYtOig5w/CcNnFzdwBO2xOT2cg1U:bvWkf53AAkZpm2acMBrKLcfLXPwOdwqI
Size:	380
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\bootTel.dat
Category:	dropped
Dump:	bootTel.dat.4.dr
ID:	dr_33
Target ID:	4
Process:	C:\Windows\SysWOW64\rundll32.exe
Type:	data
Entropy:	6.418874788090393
Encrypted:	false
Ssdeep:	3:vZ6krZXbpNBrcuBNWseSrfHPoiBEYbNtflSbnOpzmvn:v/NX9ZBNreSroUxLlSbO+n
Size:	112
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
dqwdq

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportdqwdq

Files

Processes

Memdumps

IOC Report
dqwdq