Windows Analysis Report
Yx1Wz608PO.exe

Overview

General Information

Sample name: Yx1Wz608PO.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: 85a6e921e4d5107d13c1eb8647b130a1d54ba2b6409118be7945fd71c6c8235f
Analysis ID: 1531091
MD5: 295f29368a4822ed7babaac02992ca00
SHA1: 01cbcf366462db800d4785f05c126e743f5bfe0e
SHA256: 85a6e921e4d5107d13c1eb8647b130a1d54ba2b6409118be7945fd71c6c8235f
Infos:

Detection

Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Yx1Wz608PO.exe Avira: detected
Antivirus detection for dropped file
Source: C:\Users\user\Desktop\rifaien2-AjoycwODvDSL5IAO.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-1u0hu8IxGgzV53b3.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-AbJq5JvGluWbFwwZ.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-7c2sZoOt8ZtCld1t.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-2ZT16A8KKoDdHefl.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-7bKKZTcwZ1AvB69O.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-3v9iLS8WuKhI5HYt.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-5nuJmBGqOVTVsVLa.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-6Q71fxUu8dtMFFZU.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-9KCDfoTvJTmqygky.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-96Wr0t4vpAyIwn2t.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-4cVt4GKfpP1OEa7u.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-0Jvg60acvlNTEetj.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-0G3Ju1SgiNMbtyyd.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-BxQHxwmcvdOeGoyr.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-COs3jWZ0Jp7WCrwG.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-9ZuBld8Y8200Rptx.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-6wusbbrgmMpcBTFV.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-6R5WtqjpUktSTdyX.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-A57jwvvBTZZBhtF8.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-04RCQxCd2dv0My0K.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-3Yd5eRNryysSeb1S.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-2McOOOA0Nrrao2kH.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-5JMaNQJ1bicgDKr9.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-7tNM8tQoTbkooJnZ.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-DlmIbpKoNTOiCR62.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-9PANsJP5rpGyNZO8.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-A6jVTXjeaWbirx4X.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-BtW7KCBSW9z60IjW.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-AJCcQtfVrsedwKsZ.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Source: C:\Users\user\Desktop\rifaien2-BGQBJ4RqEFRi5PE5.exe Avira: detection malicious, Label: TR/Crypt.ULPM.Gen2
Multi AV Scanner detection for submitted file
Source: Yx1Wz608PO.exe ReversingLabs: Detection: 84%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 90.8% probability
Machine Learning detection for dropped file
Source: C:\Users\user\Desktop\rifaien2-AjoycwODvDSL5IAO.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-1u0hu8IxGgzV53b3.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-AbJq5JvGluWbFwwZ.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-7c2sZoOt8ZtCld1t.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-2ZT16A8KKoDdHefl.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-7bKKZTcwZ1AvB69O.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-3v9iLS8WuKhI5HYt.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-5nuJmBGqOVTVsVLa.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-6Q71fxUu8dtMFFZU.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-9KCDfoTvJTmqygky.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-96Wr0t4vpAyIwn2t.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-4cVt4GKfpP1OEa7u.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-0Jvg60acvlNTEetj.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-0G3Ju1SgiNMbtyyd.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-BxQHxwmcvdOeGoyr.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-COs3jWZ0Jp7WCrwG.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-9ZuBld8Y8200Rptx.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-6wusbbrgmMpcBTFV.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-6R5WtqjpUktSTdyX.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-A57jwvvBTZZBhtF8.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-04RCQxCd2dv0My0K.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-3Yd5eRNryysSeb1S.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-2McOOOA0Nrrao2kH.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-5JMaNQJ1bicgDKr9.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-7tNM8tQoTbkooJnZ.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-DlmIbpKoNTOiCR62.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-9PANsJP5rpGyNZO8.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-A6jVTXjeaWbirx4X.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-BtW7KCBSW9z60IjW.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-AJCcQtfVrsedwKsZ.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\rifaien2-BGQBJ4RqEFRi5PE5.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: Yx1Wz608PO.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0041C97D CryptHashData, 0_2_0041C97D
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0041C90E CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, 0_2_0041C90E
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0041C998 CryptAcquireContextA,CryptCreateHash, 0_2_0041C998
Uses 32bit PE files
Source: Yx1Wz608PO.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49735 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49738 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49733 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49730 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49737 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49732 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49756 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49731 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49743 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49734 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49749 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49739 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49742 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49741 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49736 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49744 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49740 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49770 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49759 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49771 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49747 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49757 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49763 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49758 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49774 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49761 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49767 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49762 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49769 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49766 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49752 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50343 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49773 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50341 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50346 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49764 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49745 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50348 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50347 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49776 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49772 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49765 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49777 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50351 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49754 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50337 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50345 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50338 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50369 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50349 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50380 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50339 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50394 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49760 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50357 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50406 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50400 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50363 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50342 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49768 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50415 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50431 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50436 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50441 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50420 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50453 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50340 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:49775 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50447 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50461 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50388 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50467 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50334 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50472 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50487 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50511 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50505 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50517 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50534 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50477 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50344 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50528 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50540 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50546 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50552 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50374 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50495 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50563 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50482 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50569 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50575 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50597 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50587 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50604 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50425 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50610 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50616 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50629 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50581 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50622 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50664 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50651 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50668 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50667 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50645 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50635 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50675 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50674 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50671 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50679 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50670 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50658 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50673 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50672 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50677 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50678 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50669 -> 104.21.59.199:80
Source: Network traffic Suricata IDS: 2839369 - Severity 1 - ETPRO MALWARE Win32/Snojan Variant Uploading EXE : 192.168.2.4:50676 -> 104.21.59.199:80
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------4e7e7b554839d13b
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------142ce2cdffdf34b0
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------d48a53f32ef5d37f
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------4718040dbafb764f
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------af56a742c571d9e0
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------bcc4ac1b0bd7fb55
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------6ae216d247ad7eeb
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e130ab798e73e0f4
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------532e5ab0b1a980a1
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e05c97539ecf59ff
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------743a0c72bf65e03a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------a648496c58ebcb01
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9a061703ece1419c
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------def472c998c78c1a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------5092572f761dc69a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------f660ad1ffa63ec9d
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e3deb8ed571961ed
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------188c36fed9bfd46b
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------5feadd704bd55df3
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------317846ba52db1f0e
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------90b615ecd0519329
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------ed24a01c41b78c95
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------02423f29208d8a6a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------b790d8cd4253e432
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------008ec9c9388986e5
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------bcbc777eb0afa494
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------979afb58d44533df
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e8a8d9d8a8cb5e05
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------936634186fc1722e
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e7548d2706a79244
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------7ff2c58a46fd8171
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------24c085c66643b620
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------a93ea5bc55f98110
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------ccec6148239fb0d9
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------1b4a0b5658b504f7
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------cbd89f6b5abbf536
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------a216be62cb313a11
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------cd847dbde7971065
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------c9a2a9dee96dd686
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------3df0e20c66334a97
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------ddeefa03af69d1b5
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------491c7f8f328fb558
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------eafad353d9259ff0
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------db0822d568abc3af
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------bcc66e65e2a16dfa
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9fb4d071e48747f9
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------df52247007dd9842
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------0320226342237386
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9e9eb89944d959dc
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------314c1045dd7f33f0
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------06aae9fd55956f43
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------16380e3ad29b0a3f
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e3761a7cb61128d0
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------5de42e96fd7737be
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------c102964ba24d28f9
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------7450b24dfa13dc9b
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------eb4ec8381649ca4b
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------857c341d246f6442
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------6e5a66bcce05e925
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------7d685a7b988b5b76
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------162665c345818d3a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------0814bc3f32678c34
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------6eb2393ab8bdaec4
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9180640e8e03fb47
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------c3feb45c23b91389
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------45ac1e8b075f23ab
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------220a91bd4275ff8f
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------10987f3dba7b8ba2
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------54d6701390f1359e
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9e44483e83578f98
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e862cfc74b2d837a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------5ab0a0a9fdf3feb7
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------28ae5d406d29d5dd
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------71dc45c1864fe54a
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------21ba93eab2e59036
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------cfc8a2e1386ba0d3
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9f8686089861a424
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------20747c28f04719ea
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------2e12553f599da4b1
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------cfe097e049e3bfdc
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------195ea7def299d14e
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------0a0c92b3a13fa1ff
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------6d6a26ee1f55d493
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------baf8ca8c125bc2d7
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------f636d0fd5bd1b2b3
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------8ea40c4e793780ea
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------3fc2adabe40d23c0
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------f110703771d3b163
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------960e2df1b40955a4
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------0e3c9113582fc869
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------051a453587c5d1db
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------d2280a20484b2b3d
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------58e6070edb4102f1
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e8d4e7c41e278816
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------1d7255d7ea7d95bf
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------be4076f175c3cfbc
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------9ebeedf5b179b265
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------7e6c9f54ab1f2ce6
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------e8cad9e8ec35c906
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------1558b441da3b1554
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------c7961b1416b16e47
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------2f04685edf1750ac
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------c722134d6ced8385
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------3770501155b39116
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------336efb25eae9a6d8
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------5a9c1eaa9a0ff996
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------187a70f54ca5a6cc
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------84888a50c82bae2c
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------4246ecac0e2175da
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------613482adbc0749ad
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------3cd2a45a6b5dd9a8
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------5ca0265911a3d560
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------541e2d7b6059d205
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------a2cca30724ff9e58
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------942ae704a91573a2
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------1fb8ec72121b0494
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------c8f6f82fc191b291
Source: global traffic HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------7f64f605b4f71fd7
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0040E460 recv,WSAGetLastError, 0_2_0040E460
Source: global traffic DNS traffic detected: DNS query: wecan.hasthe.technology
Source: unknown HTTP traffic detected: POST /upload HTTP/1.1Host: wecan.hasthe.technologyAccept: */*Content-Length: 85412Expect: 100-continueContent-Type: multipart/form-data; boundary=------------------------4e7e7b554839d13b
Source: Yx1Wz608PO.exe, Yx1Wz608PO.exe, 00000000.00000002.2936292507.000000000041F000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: Yx1Wz608PO.exe String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html#
Source: rifaien2-VzjNx1jPI8EBAf3Q.exe.0.dr String found in binary or memory: http://wecan.hasthe.techno
Source: Yx1Wz608PO.exe, 00000000.00000003.2910707806.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000002.2936292507.000000000041F000.00000040.00000001.01000000.00000003.sdmp, Yx1Wz608PO.exe, 00000000.00000002.2936472491.000000000075D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wecan.hasthe.technology/upload
Source: Yx1Wz608PO.exe, 00000000.00000002.2936292507.000000000041F000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://wecan.hasthe.technology/uploadcurl_easy_perform()
Source: Yx1Wz608PO.exe, 00000000.00000003.1785668103.000000000080E000.00000004.00000020.00020000.00000000.sdmp, ConDrv.0.dr String found in binary or memory: https://computernewb.com/collab-vm/
Source: Yx1Wz608PO.exe, 00000000.00000003.1960134896.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1825136115.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1907198978.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1867666082.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1785668103.000000000080E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://computernewb.com/collab-vm/6
Source: Yx1Wz608PO.exe, 00000000.00000003.2910707806.000000000080E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://computernewb.com/collab-vm/=
Source: Yx1Wz608PO.exe, 00000000.00000003.1736593212.000000000080E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://computernewb.com/collab-vm/H
Source: Yx1Wz608PO.exe, 00000000.00000003.1805520266.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1888550938.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1844942781.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1979592108.000000000080E000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1937729048.000000000080E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://computernewb.com/collab-vm/h
Source: Yx1Wz608PO.exe, 00000000.00000003.2910758923.000000000075D000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000003.1697948033.000000000075D000.00000004.00000020.00020000.00000000.sdmp, Yx1Wz608PO.exe, 00000000.00000002.2936472491.000000000075D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://computernewb.com/collab-vm/logy
Detected potential crypto function
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_00412CBF 0_2_00412CBF
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0041D570 0_2_0041D570
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_00407DB5 0_2_00407DB5
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: String function: 004180D5 appears 37 times
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: String function: 0040E249 appears 67 times
Uses 32bit PE files
Source: Yx1Wz608PO.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: mal84.winEXE@2/119@1/2
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_004032F7 GetLastError,strerror,strncpy,strncpy,FormatMessageA,curl_msnprintf,strrchr,strrchr,GetLastError,SetLastError, 0_2_004032F7
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-MkDE7nUolYAvIS4K.exe Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7428:120:WilError_03
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Yx1Wz608PO.exe ReversingLabs: Detection: 84%
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File read: C:\Users\user\Desktop\Yx1Wz608PO.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Yx1Wz608PO.exe "C:\Users\user\Desktop\Yx1Wz608PO.exe"
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Section loaded: rasadhlp.dll Jump to behavior
PE file contains sections with non-standard names
Source: Yx1Wz608PO.exe Static PE information: section name: UPX2
Source: rifaien2-O1lC3PbxC9VoVOC0.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-sz8sEdTvyndgp7Ss.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-WBUGMs1oWatC1b9R.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-Iz6XhHUHigVtubDW.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-ohgyDPAuvT69bY1P.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-nSkjqsOEKHn8zr0H.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-b3ZWCYI3KgQ9GVd3.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-2McOOOA0Nrrao2kH.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-xqnIfi8BvwfeKF7n.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-7tNM8tQoTbkooJnZ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-hjuuzUmtGWBSTnRJ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-7c2sZoOt8ZtCld1t.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-FgpAC8WJsCEb80wY.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-9PANsJP5rpGyNZO8.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-QmVIHCjf9VqYQ95N.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-cBftW9zYcUyutts4.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-BtW7KCBSW9z60IjW.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-J68guXWHhSRdzOvX.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-9KCDfoTvJTmqygky.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-4cVt4GKfpP1OEa7u.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-sRruH8z25Svnoo9L.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-pZiVwtzAoHPN50fS.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-P95T1li6WZS69JnD.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-epoE6KTuro0m1xNJ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-5JMaNQJ1bicgDKr9.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-eei39BxrAlW6aX8E.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-0G3Ju1SgiNMbtyyd.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-yaHGIObEHeHxPiG1.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-tolfs77xPfDJew2m.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-NxxFR5QGAAQFk5K5.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-3Yd5eRNryysSeb1S.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-5nuJmBGqOVTVsVLa.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-MkDE7nUolYAvIS4K.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-I6zVOkc7a2MoLHpC.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-OTSOrmhlpPBxx1z0.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-1u0hu8IxGgzV53b3.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-YQ9gXxkityqTj37o.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-DlmIbpKoNTOiCR62.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-vsxK6NHsLYHm3jak.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-vo3rAgWF4nEMJ6aR.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-ymsS3UBlm6KtwJ4n.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-iW7fhM4FzUmYb7vN.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-SZUDU6LfgbhpapuC.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-OMok4oiMxwrfC1T9.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-j3TM965RhhPaWaoT.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-cR40kHbNSjvP90Vq.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-VJi5bt4v05AnA3zO.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-IUG4zGcbBzvzNdJv.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-ToqId0cmF9KU3PM3.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-BxQHxwmcvdOeGoyr.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-YmUvcvAsSxinM0iL.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-SKNw52t2NOdB7utQ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-HGWO8ZYntiaZkSsz.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-7bKKZTcwZ1AvB69O.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-6R5WtqjpUktSTdyX.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-vHRnMKXku4QndQxg.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-XK86MMSGqdyh0W5j.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-COs3jWZ0Jp7WCrwG.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-TYDJ5mBBlE7fOmsC.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-sN0y7l8Im6L0ds43.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-lPPuG2RrxVsPwO3X.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-G55U73FCHlQNV6Tv.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-bq6a0w9PvOP4ugLz.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-oe1pzZn0FqkWwHnO.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-2ZT16A8KKoDdHefl.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-r2gYxmdgnH5fh0Tl.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-pjdvkdP0LsUtRXiu.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-i3DqfztkSkxjdOOT.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-dJL9srUqHWxbpcQx.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-pzfLarqkprlSO2uY.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-TcaUQfBZEuTk2vBh.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-wBSYZWWVkUWmC8pQ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-lT8PohiYenvvawzn.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-d57ykrWvlTZrDkZc.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-xQCbPBaBXuF4MpsD.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-6Q71fxUu8dtMFFZU.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-AjoycwODvDSL5IAO.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-zp2ChanxJl0jb6U5.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-OIzrhQpACDLMrvoU.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-S9mLKeVTibmzm085.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-LRhmhC00EPTolTjv.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-iQ6mR49yFM8ZeZJU.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-04RCQxCd2dv0My0K.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-Yf4NmWwsZ4N1yY95.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-AJCcQtfVrsedwKsZ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-lb1B7z5W8Hr4HXyC.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-AbJq5JvGluWbFwwZ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-XzoPd5NlxkpB2Qkz.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-T5UBOmxC86bktOIn.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-0Jvg60acvlNTEetj.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-ifcsZ28RZVEhoCrQ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-LUEYWSrnqnW64tyL.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-L9Cwe3j2i64ZA5Re.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-dOfNWxhGxDVM5njb.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-6wusbbrgmMpcBTFV.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-96Wr0t4vpAyIwn2t.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-dIQ7PuzulNOWjRao.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-9ZuBld8Y8200Rptx.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-jjtIOSCKSFCJbo5i.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-kcYq3LQT7lYbdaDe.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-nIZ5n5lptzBCBPzM.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-VzjNx1jPI8EBAf3Q.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-E8VR5WWssDiJ6hpJ.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-WbnLg1fQUOoUplSV.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-GswVbQAeth6AirwL.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-A6jVTXjeaWbirx4X.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-3v9iLS8WuKhI5HYt.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-EJnWcEY70jNTCKDa.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-OEkS0r3Z3ATRkGxW.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-kCfzpzzrLEJySBVF.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-A57jwvvBTZZBhtF8.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-mZiov3C61rXFF0QW.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-vRPnVm1Qja67kBU8.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-BGQBJ4RqEFRi5PE5.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-R4CZoQ4QiFrvNxlX.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-SMLg9RViRYG2pkp6.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-ddYzW9sGfJmlWZnw.exe.0.dr Static PE information: section name: UPX2
Source: rifaien2-zmf4GTpATeIJdXHM.exe.0.dr Static PE information: section name: UPX2
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Drops PE files
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-2McOOOA0Nrrao2kH.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-3v9iLS8WuKhI5HYt.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-R4CZoQ4QiFrvNxlX.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-ifcsZ28RZVEhoCrQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-b3ZWCYI3KgQ9GVd3.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-0Jvg60acvlNTEetj.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-kCfzpzzrLEJySBVF.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-BGQBJ4RqEFRi5PE5.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-IUG4zGcbBzvzNdJv.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-6R5WtqjpUktSTdyX.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-QmVIHCjf9VqYQ95N.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-XK86MMSGqdyh0W5j.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-5JMaNQJ1bicgDKr9.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-S9mLKeVTibmzm085.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-04RCQxCd2dv0My0K.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-i3DqfztkSkxjdOOT.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-OTSOrmhlpPBxx1z0.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-3Yd5eRNryysSeb1S.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-A57jwvvBTZZBhtF8.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-iW7fhM4FzUmYb7vN.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-COs3jWZ0Jp7WCrwG.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-pZiVwtzAoHPN50fS.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-5nuJmBGqOVTVsVLa.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-SMLg9RViRYG2pkp6.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-MkDE7nUolYAvIS4K.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-SKNw52t2NOdB7utQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-lPPuG2RrxVsPwO3X.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-nSkjqsOEKHn8zr0H.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-7tNM8tQoTbkooJnZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-OEkS0r3Z3ATRkGxW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-pzfLarqkprlSO2uY.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-cBftW9zYcUyutts4.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-TYDJ5mBBlE7fOmsC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-EJnWcEY70jNTCKDa.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-zmf4GTpATeIJdXHM.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-dOfNWxhGxDVM5njb.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-epoE6KTuro0m1xNJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-VzjNx1jPI8EBAf3Q.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-YmUvcvAsSxinM0iL.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-eei39BxrAlW6aX8E.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-OIzrhQpACDLMrvoU.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-YQ9gXxkityqTj37o.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-LUEYWSrnqnW64tyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-sRruH8z25Svnoo9L.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-dIQ7PuzulNOWjRao.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-OMok4oiMxwrfC1T9.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-J68guXWHhSRdzOvX.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-hjuuzUmtGWBSTnRJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-tolfs77xPfDJew2m.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-wBSYZWWVkUWmC8pQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-kcYq3LQT7lYbdaDe.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-bq6a0w9PvOP4ugLz.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-vsxK6NHsLYHm3jak.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-TcaUQfBZEuTk2vBh.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-1u0hu8IxGgzV53b3.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-ToqId0cmF9KU3PM3.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-mZiov3C61rXFF0QW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-r2gYxmdgnH5fh0Tl.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-6wusbbrgmMpcBTFV.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-dJL9srUqHWxbpcQx.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-NxxFR5QGAAQFk5K5.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-d57ykrWvlTZrDkZc.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-WbnLg1fQUOoUplSV.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-DlmIbpKoNTOiCR62.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-AjoycwODvDSL5IAO.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-I6zVOkc7a2MoLHpC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-9ZuBld8Y8200Rptx.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-GswVbQAeth6AirwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-lb1B7z5W8Hr4HXyC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-Iz6XhHUHigVtubDW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-9PANsJP5rpGyNZO8.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-WBUGMs1oWatC1b9R.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-jjtIOSCKSFCJbo5i.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-xqnIfi8BvwfeKF7n.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-AJCcQtfVrsedwKsZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-6Q71fxUu8dtMFFZU.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-BtW7KCBSW9z60IjW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-FgpAC8WJsCEb80wY.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-xQCbPBaBXuF4MpsD.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-nIZ5n5lptzBCBPzM.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-BxQHxwmcvdOeGoyr.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-96Wr0t4vpAyIwn2t.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-A6jVTXjeaWbirx4X.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-2ZT16A8KKoDdHefl.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-L9Cwe3j2i64ZA5Re.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-T5UBOmxC86bktOIn.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-HGWO8ZYntiaZkSsz.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-yaHGIObEHeHxPiG1.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-O1lC3PbxC9VoVOC0.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-cR40kHbNSjvP90Vq.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-ohgyDPAuvT69bY1P.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-ymsS3UBlm6KtwJ4n.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-j3TM965RhhPaWaoT.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-0G3Ju1SgiNMbtyyd.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-sz8sEdTvyndgp7Ss.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-lT8PohiYenvvawzn.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-XzoPd5NlxkpB2Qkz.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-zp2ChanxJl0jb6U5.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-vRPnVm1Qja67kBU8.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-7c2sZoOt8ZtCld1t.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-P95T1li6WZS69JnD.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-4cVt4GKfpP1OEa7u.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-7bKKZTcwZ1AvB69O.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-pjdvkdP0LsUtRXiu.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-vo3rAgWF4nEMJ6aR.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-SZUDU6LfgbhpapuC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-Yf4NmWwsZ4N1yY95.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-AbJq5JvGluWbFwwZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-E8VR5WWssDiJ6hpJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-VJi5bt4v05AnA3zO.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-9KCDfoTvJTmqygky.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-LRhmhC00EPTolTjv.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-vHRnMKXku4QndQxg.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-oe1pzZn0FqkWwHnO.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-iQ6mR49yFM8ZeZJU.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-sN0y7l8Im6L0ds43.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-G55U73FCHlQNV6Tv.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe File created: C:\Users\user\Desktop\rifaien2-ddYzW9sGfJmlWZnw.exe Jump to dropped file
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_004013A0 rdtsc 0_2_004013A0
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\conhost.exe Window / User API: threadDelayed 453 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-2McOOOA0Nrrao2kH.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-R4CZoQ4QiFrvNxlX.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-3v9iLS8WuKhI5HYt.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-ifcsZ28RZVEhoCrQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-b3ZWCYI3KgQ9GVd3.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-0Jvg60acvlNTEetj.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-kCfzpzzrLEJySBVF.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-BGQBJ4RqEFRi5PE5.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-IUG4zGcbBzvzNdJv.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-6R5WtqjpUktSTdyX.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-QmVIHCjf9VqYQ95N.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-XK86MMSGqdyh0W5j.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-5JMaNQJ1bicgDKr9.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-S9mLKeVTibmzm085.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-04RCQxCd2dv0My0K.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-i3DqfztkSkxjdOOT.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-OTSOrmhlpPBxx1z0.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-3Yd5eRNryysSeb1S.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-A57jwvvBTZZBhtF8.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-iW7fhM4FzUmYb7vN.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-COs3jWZ0Jp7WCrwG.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-pZiVwtzAoHPN50fS.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-SMLg9RViRYG2pkp6.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-5nuJmBGqOVTVsVLa.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-MkDE7nUolYAvIS4K.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-SKNw52t2NOdB7utQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-lPPuG2RrxVsPwO3X.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-nSkjqsOEKHn8zr0H.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-OEkS0r3Z3ATRkGxW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-7tNM8tQoTbkooJnZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-pzfLarqkprlSO2uY.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-cBftW9zYcUyutts4.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-TYDJ5mBBlE7fOmsC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-EJnWcEY70jNTCKDa.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-zmf4GTpATeIJdXHM.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-dOfNWxhGxDVM5njb.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-VzjNx1jPI8EBAf3Q.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-epoE6KTuro0m1xNJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-YmUvcvAsSxinM0iL.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-eei39BxrAlW6aX8E.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-OIzrhQpACDLMrvoU.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-YQ9gXxkityqTj37o.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-LUEYWSrnqnW64tyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-dIQ7PuzulNOWjRao.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-sRruH8z25Svnoo9L.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-OMok4oiMxwrfC1T9.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-J68guXWHhSRdzOvX.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-hjuuzUmtGWBSTnRJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-wBSYZWWVkUWmC8pQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-kcYq3LQT7lYbdaDe.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-tolfs77xPfDJew2m.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-bq6a0w9PvOP4ugLz.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-vsxK6NHsLYHm3jak.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-TcaUQfBZEuTk2vBh.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-1u0hu8IxGgzV53b3.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-ToqId0cmF9KU3PM3.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-mZiov3C61rXFF0QW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-r2gYxmdgnH5fh0Tl.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-6wusbbrgmMpcBTFV.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-dJL9srUqHWxbpcQx.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-NxxFR5QGAAQFk5K5.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-d57ykrWvlTZrDkZc.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-WbnLg1fQUOoUplSV.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-AjoycwODvDSL5IAO.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-DlmIbpKoNTOiCR62.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-9ZuBld8Y8200Rptx.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-I6zVOkc7a2MoLHpC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-GswVbQAeth6AirwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-lb1B7z5W8Hr4HXyC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-Iz6XhHUHigVtubDW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-9PANsJP5rpGyNZO8.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-jjtIOSCKSFCJbo5i.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-WBUGMs1oWatC1b9R.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-xqnIfi8BvwfeKF7n.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-AJCcQtfVrsedwKsZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-6Q71fxUu8dtMFFZU.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-BtW7KCBSW9z60IjW.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-FgpAC8WJsCEb80wY.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-nIZ5n5lptzBCBPzM.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-xQCbPBaBXuF4MpsD.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-BxQHxwmcvdOeGoyr.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-96Wr0t4vpAyIwn2t.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-A6jVTXjeaWbirx4X.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-2ZT16A8KKoDdHefl.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-L9Cwe3j2i64ZA5Re.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-T5UBOmxC86bktOIn.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-HGWO8ZYntiaZkSsz.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-yaHGIObEHeHxPiG1.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-cR40kHbNSjvP90Vq.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-O1lC3PbxC9VoVOC0.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-ohgyDPAuvT69bY1P.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-j3TM965RhhPaWaoT.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-ymsS3UBlm6KtwJ4n.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-0G3Ju1SgiNMbtyyd.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-sz8sEdTvyndgp7Ss.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-lT8PohiYenvvawzn.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-XzoPd5NlxkpB2Qkz.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-vRPnVm1Qja67kBU8.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-zp2ChanxJl0jb6U5.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-7c2sZoOt8ZtCld1t.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-P95T1li6WZS69JnD.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-7bKKZTcwZ1AvB69O.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-4cVt4GKfpP1OEa7u.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-pjdvkdP0LsUtRXiu.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-vo3rAgWF4nEMJ6aR.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-SZUDU6LfgbhpapuC.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-AbJq5JvGluWbFwwZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-E8VR5WWssDiJ6hpJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-Yf4NmWwsZ4N1yY95.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-VJi5bt4v05AnA3zO.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-9KCDfoTvJTmqygky.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-LRhmhC00EPTolTjv.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-vHRnMKXku4QndQxg.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-iQ6mR49yFM8ZeZJU.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-oe1pzZn0FqkWwHnO.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-sN0y7l8Im6L0ds43.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-G55U73FCHlQNV6Tv.exe Jump to dropped file
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Dropped PE file which has not been started: C:\Users\user\Desktop\rifaien2-ddYzW9sGfJmlWZnw.exe Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe TID: 7424 Thread sleep time: -3540000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Thread delayed: delay time: 30000 Jump to behavior
Source: Yx1Wz608PO.exe, 00000000.00000002.2936639424.000000000095E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_004013A0 rdtsc 0_2_004013A0
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_00401020 SetUnhandledExceptionFilter,__getmainargs,__p__fmode,__p__environ,759E4600,_cexit,ExitProcess,759E4600,_setmode,_setmode,_setmode, 0_2_00401020
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0040101C SetUnhandledExceptionFilter,__getmainargs,__p__fmode,__p__environ,759E4600,_cexit,ExitProcess,759E4600,_setmode,_setmode,_setmode, 0_2_0040101C
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0041CD18 cpuid 0_2_0041CD18
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0040E858 memset,GetVersionExA,getsockopt,setsockopt, 0_2_0040E858
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\Yx1Wz608PO.exe Code function: 0_2_0040E924 GetLastError,setsockopt,setsockopt,WSAIoctl,memset,memset,strncmp,strncmp,htons,htons,bind,memset,getsockname,WSAGetLastError,htons,WSAGetLastError,connect,WSAGetLastError, 0_2_0040E924
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1531091 Sample: Yx1Wz608PO Startdate: 10/10/2024 Architecture: WINDOWS Score: 84 21 wecan.hasthe.technology 2->21 27 Suricata IDS alerts for network traffic 2->27 29 Antivirus detection for dropped file 2->29 31 Antivirus / Scanner detection for submitted sample 2->31 33 4 other signatures 2->33 7 Yx1Wz608PO.exe 119 2->7         started        signatures3 process4 dnsIp5 23 wecan.hasthe.technology 104.21.59.199, 49730, 49731, 49732 CLOUDFLARENETUS United States 7->23 25 172.67.183.40, 50488, 80 CLOUDFLARENETUS United States 7->25 13 C:\Users\...\rifaien2-zp2ChanxJl0jb6U5.exe, PE32 7->13 dropped 15 C:\Users\...\rifaien2-zmf4GTpATeIJdXHM.exe, PE32 7->15 dropped 17 C:\Users\...\rifaien2-ymsS3UBlm6KtwJ4n.exe, PE32 7->17 dropped 19 115 other malicious files 7->19 dropped 11 conhost.exe 7->11         started        file6 process7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.59.199
 wecan.hasthe.technology United States
13335 CLOUDFLARENETUS true
172.67.183.40
 unknown United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
wecan.hasthe.technology 104.21.59.199 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://wecan.hasthe.technology/upload true
    		unknown