905ea119...288a | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Threat Names:
Gen:Trojan.Heur.RP.nrX@bmcRAIki

cMtPPElYjtIPF5hA.exe

Windows Exe (x86-32)

Created at 2020-07-23T08:01:00

...

Remarks (1/1)

(0x02000005): The operating system was rebooted during the analysis because the sample installed a new system service.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cMtPPElYjtIPF5hA.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mpdev:bin (Dropped File)
c:\windows\syswow64\mpdev.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.19 MB
MD5 2cc4534b0dd0e1c8d5b89644274a10c1 Copy to Clipboard
SHA1 735ee2c15c0b7172f65d39f0fd33b9186ee69653 Copy to Clipboard
SHA256 905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a Copy to Clipboard
SSDeep 3072:YbbuRdAcgqu4c61lVJLfrfYEV3g+5Up48:YbyRdlvTfLfrfYE3g+4 Copy to Clipboard
ImpHash 09c4d73af3796a3e85e763e475143c5d Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x402460
Size Of Code 0x1800
Size Of Initialized Data 0x12ee00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-07-22 18:43:17+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x17db 0x1800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.83
.rdata 0x403000 0x121414 0x121600 0x1c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.82
.data 0x525000 0xd598 0xd600 0x123200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.02
.rsrc 0x533000 0x1d8 0x200 0x130800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.85
Imports (3)
»
KERNEL32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStringTypeW 0x0 0x531f80 0x131e74 0x130074 0x240
GetStringTypeA 0x0 0x531f84 0x131e78 0x130078 0x23d
LCMapStringW 0x0 0x531f88 0x131e7c 0x13007c 0x2e3
LCMapStringA 0x0 0x531f8c 0x131e80 0x130080 0x2e1
SetEnvironmentVariableA 0x0 0x531f90 0x131e84 0x130084 0x3d0
GetOEMCP 0x0 0x531f94 0x131e88 0x130088 0x213
GetACP 0x0 0x531f98 0x131e8c 0x13008c 0x152
CompareStringW 0x0 0x531f9c 0x131e90 0x130090 0x55
CompareStringA 0x0 0x531fa0 0x131e94 0x130094 0x52
GetCPInfo 0x0 0x531fa4 0x131e98 0x130098 0x15b
MultiByteToWideChar 0x0 0x531fa8 0x131e9c 0x13009c 0x31a
InterlockedIncrement 0x0 0x531fac 0x131ea0 0x1300a0 0x2c0
InterlockedDecrement 0x0 0x531fb0 0x131ea4 0x1300a4 0x2bc
GetEnvironmentStringsW 0x0 0x531fb4 0x131ea8 0x1300a8 0x1c1
GetEnvironmentStrings 0x0 0x531fb8 0x131eac 0x1300ac 0x1bf
FreeEnvironmentStringsW 0x0 0x531fbc 0x131eb0 0x1300b0 0x14b
WriteFile 0x0 0x531fc0 0x131eb4 0x1300b4 0x48d
FlushFileBuffers 0x0 0x531fc4 0x131eb8 0x1300b8 0x141
SetFilePointer 0x0 0x531fc8 0x131ebc 0x1300bc 0x3df
GetStartupInfoA 0x0 0x531fcc 0x131ec0 0x1300c0 0x239
SetHandleCount 0x0 0x531fd0 0x131ec4 0x1300c4 0x3e8
GetFileType 0x0 0x531fd4 0x131ec8 0x1300c8 0x1d7
SetStdHandle 0x0 0x531fd8 0x131ecc 0x1300cc 0x3fc
UnhandledExceptionFilter 0x0 0x531fdc 0x131ed0 0x1300d0 0x43e
GetCurrentProcess 0x0 0x531fe0 0x131ed4 0x1300d4 0x1a9
TerminateProcess 0x0 0x531fe4 0x131ed8 0x1300d8 0x42d
TlsGetValue 0x0 0x531fe8 0x131edc 0x1300dc 0x434
SetLastError 0x0 0x531fec 0x131ee0 0x1300e0 0x3ec
TlsAlloc 0x0 0x531ff0 0x131ee4 0x1300e4 0x432
LoadLibraryA 0x0 0x531ff4 0x131ee8 0x1300e8 0x2f1
GetProcAddress 0x0 0x531ff8 0x131eec 0x1300ec 0x220
GetModuleHandleA 0x0 0x531ffc 0x131ef0 0x1300f0 0x1f6
GetLastError 0x0 0x532000 0x131ef4 0x1300f4 0x1e6
LoadLibraryExA 0x0 0x532004 0x131ef8 0x1300f8 0x2f2
USER32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadIconA 0x0 0x53200c 0x131f00 0x130100 0x1d6
GetClipboardOwner 0x0 0x532010 0x131f04 0x130104 0x112
GetDesktopWindow 0x0 0x532014 0x131f08 0x130108 0x11c
IsMenu 0x0 0x532018 0x131f0c 0x13010c 0x1be
GetInputState 0x0 0x53201c 0x131f10 0x130110 0x12c
GetCapture 0x0 0x532020 0x131f14 0x130114 0x101
GetWindowTextLengthA 0x0 0x532024 0x131f18 0x130118 0x18d
GetDC 0x0 0x532028 0x131f1c 0x13011c 0x11a
GetCursor 0x0 0x53202c 0x131f20 0x130120 0x116
CloseWindowStation 0x0 0x532030 0x131f24 0x130124 0x4a
CountClipboardFormats 0x0 0x532034 0x131f28 0x130128 0x50
VkKeyScanW 0x0 0x532038 0x131f2c 0x13012c 0x2f7
GetClipboardSequenceNumber 0x0 0x53203c 0x131f30 0x130130 0x113
GetKeyState 0x0 0x532040 0x131f34 0x130134 0x131
GetClipboardViewer 0x0 0x532044 0x131f38 0x130138 0x114
GetSystemMetrics 0x0 0x532048 0x131f3c 0x13013c 0x16f
IsCharAlphaW 0x0 0x53204c 0x131f40 0x130140 0x1b0
IsCharLowerA 0x0 0x532050 0x131f44 0x130144 0x1b1
GetListBoxInfo 0x0 0x532054 0x131f48 0x130148 0x13b
PaintDesktop 0x0 0x532058 0x131f4c 0x13014c 0x218
GetMenuCheckMarkDimensions 0x0 0x53205c 0x131f50 0x130150 0x13e
GetLastActivePopup 0x0 0x532060 0x131f54 0x130154 0x138
GetThreadDesktop 0x0 0x532064 0x131f58 0x130158 0x173
GDI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject 0x0 0x53206c 0x131f60 0x130160 0x1f4
DeleteColorSpace 0x0 0x532070 0x131f64 0x130164 0xcc
GetPixelFormat 0x0 0x532074 0x131f68 0x130168 0x1ec
AddFontResourceW 0x0 0x532078 0x131f6c 0x13016c 0x7
CreateMetaFileW 0x0 0x53207c 0x131f70 0x130170 0x45
GetObjectType 0x0 0x532080 0x131f74 0x130174 0x1e3
GetEnhMetaFileA 0x0 0x532084 0x131f78 0x130178 0x1ba
Digital Signatures (1)
»
Certificate: OTRBXJVNJJOIXXBVFO
»
Issued by OTRBXJVNJJOIXXBVFO
Country Name -
Valid From 2020-07-17 11:55:06+00:00
Valid Until 2039-12-31 23:59:59+00:00
Algorithm sha1_rsa
Serial Number 39 7D A7 D7 7D AC EB AC 42 58 FB AD 4D 67 AA 85
Thumbprint FC FD 6A CB 7D 7E 83 95 50 E8 CB A1 09 40 F6 1A BD 8B 30 C7
Memory Dumps (12)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
cmtppelyjtipf5ha.exe 1 0x00400000 0x00533FFF Relevant Image True 32-bit 0x00401D40 True False
...
buffer 1 0x00210000 0x0021FFFF First Execution False 32-bit 0x0021F5C0 False False
...
buffer 1 0x00210000 0x0021FFFF Content Changed False 32-bit 0x0021EF5D False False
...
cmtppelyjtipf5ha.exe 1 0x00400000 0x00533FFF Content Changed True 32-bit - False False
...
cmtppelyjtipf5ha.exe 1 0x00400000 0x00533FFF Content Changed True 32-bit 0x0040114E False False
...
cmtppelyjtipf5ha.exe 1 0x00400000 0x00533FFF Content Changed True 32-bit 0x00406DAB False False
...
cmtppelyjtipf5ha.exe 1 0x00400000 0x00533FFF Content Changed True 32-bit 0x00404E8D False False
...
mpdev:bin 2 0x00400000 0x00533FFF Relevant Image True 32-bit 0x00401D40 True False
...
buffer 2 0x00290000 0x0029FFFF First Execution False 32-bit 0x0029F5C0 False False
...
buffer 1 0x00220000 0x0022EFFF Image In Buffer True 32-bit - False False
...
cmtppelyjtipf5ha.exe 1 0x00400000 0x00533FFF Final Dump True 32-bit - False False
...
mpdev.exe 25 0x00400000 0x00533FFF Relevant Image True 32-bit 0x0040240E True False
...
c:\windows\tasks\sa.dat Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 6 Bytes
MD5 f1a6cd5adaab953a6764ea364e17bfb8 Copy to Clipboard
SHA1 c99a1eb2d8974a667d2e0bc2dc1efcbe0ef23387 Copy to Clipboard
SHA256 12dc5ccd7fecafe070976a1916e9672e3d53085633c86957aee305ccc584184c Copy to Clipboard
SSDeep 3:A:A Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_32.db Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24 Bytes
MD5 ae08a2f7fbf44ad3cb6cbc529df8b1dd Copy to Clipboard
SHA1 bb2665ee5cd1821d48cca1cb07cdfde9ed6081a6 Copy to Clipboard
SHA256 8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f Copy to Clipboard
SSDeep 3:illt:ilX Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_1024.db Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24 Bytes
MD5 b623140136560adaf3786e262c01676f Copy to Clipboard
SHA1 7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d Copy to Clipboard
SHA256 ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140 Copy to Clipboard
SSDeep 3:ill0:il Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_sr.db Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24 Bytes
MD5 2034995f0bbaa16db835b462eb78152a Copy to Clipboard
SHA1 ce19b1a236f95307067d4979f8dd96c70d69c18a Copy to Clipboard
SHA256 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799 Copy to Clipboard
SSDeep 3:illhlnll:ilL Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mpdev Dropped File Binary
Whitelisted
...
»
Also Known As \\?\C:\Windows\system32\IME\IMESC5\imscui.DLL (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 362.50 KB
MD5 5c89afb4e22ebfb429cd1a0384c43c3d Copy to Clipboard
SHA1 7c85cd8776cc66e2f8e25bb05ed7739acf751c1a Copy to Clipboard
SHA256 929a930d627998617ce3c73eaa6e9c265428313b0648b1e6c78729f971b17e7d Copy to Clipboard
SSDeep 6144:wIvnpHZVDRCZWvw7vkLMSroKWfUkzaX9Sj/R:wS1zIziGfF Copy to Clipboard
ImpHash 73704df6adc536c6787b048324b885ae Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
PE Information
»
Image Base 0xfee0000
Entry Point 0xff03289
Size Of Code 0x36c00
Size Of Initialized Data 0x24400
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2009-07-14 01:06:39+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Microsoft Pinyin IME UI
FileVersion 10.1.7600.16385 (win7_rtm.090713-1255)
InternalName IMSCUI
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename IMSCUI.DLL
ProductName Microsoft® Windows® Operating System
ProductVersion 10.1.7600.16385
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0xfee1000 0x36a64 0x36c00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.data 0xff18000 0x6cf8 0x6400 0x37000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.21
.rsrc 0xff1f000 0x19320 0x19400 0x3d400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.5
.reloc 0xff39000 0x4160 0x4200 0x56800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.85
Imports (9)
»
msvcrt.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_initterm 0x0 0xfee1348 0x36934 0x35d34 0x1d5
_XcptFilter 0x0 0xfee134c 0x36938 0x35d38 0x6a
malloc 0x0 0xfee1350 0x3693c 0x35d3c 0x4de
_callnewh 0x0 0xfee1354 0x36940 0x35d40 0x112
free 0x0 0xfee1358 0x36944 0x35d44 0x4a6
memmove 0x0 0xfee135c 0x36948 0x35d48 0x4ec
_purecall 0x0 0xfee1360 0x3694c 0x35d4c 0x2fc
??0exception@@QAE@XZ 0x0 0xfee1364 0x36950 0x35d50 0xc
_CxxThrowException 0x0 0xfee1368 0x36954 0x35d54 0x63
_amsg_exit 0x0 0xfee136c 0x36958 0x35d58 0x101
??1exception@@UAE@XZ 0x0 0xfee1370 0x3695c 0x35d5c 0x10
?what@exception@@UBEPBDXZ 0x0 0xfee1374 0x36960 0x35d60 0x39
??0exception@@QAE@ABQBD@Z 0x0 0xfee1378 0x36964 0x35d64 0x9
memmove_s 0x0 0xfee137c 0x36968 0x35d68 0x4ed
_unlock 0x0 0xfee1380 0x3696c 0x35d6c 0x3a6
_onexit 0x0 0xfee1384 0x36970 0x35d70 0x2eb
??1type_info@@UAE@XZ 0x0 0xfee1388 0x36974 0x35d74 0x11
_except_handler4_common 0x0 0xfee138c 0x36978 0x35d78 0x159
__CxxFrameHandler3 0x0 0xfee1390 0x3697c 0x35d7c 0x73
__dllonexit 0x0 0xfee1394 0x36980 0x35d80 0x8d
??0exception@@QAE@ABV0@@Z 0x0 0xfee1398 0x36984 0x35d84 0xb
memcpy_s 0x0 0xfee139c 0x36988 0x35d88 0x4eb
wcsstr 0x0 0xfee13a0 0x3698c 0x35d8c 0x564
memcpy 0x0 0xfee13a4 0x36990 0x35d90 0x4ea
_vsnwprintf 0x0 0xfee13a8 0x36994 0x35d94 0x3ce
memset 0x0 0xfee13ac 0x36998 0x35d98 0x4ee
_lock 0x0 0xfee13b0 0x3699c 0x35d9c 0x242
ADVAPI32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AllocateAndInitializeSid 0x0 0xfee1000 0x365ec 0x359ec 0x20
OpenThreadToken 0x0 0xfee1004 0x365f0 0x359f0 0x1fc
OpenProcessToken 0x0 0xfee1008 0x365f4 0x359f4 0x1f7
GetTokenInformation 0x0 0xfee100c 0x365f8 0x359f8 0x15a
CheckTokenMembership 0x0 0xfee1010 0x365fc 0x359fc 0x51
FreeSid 0x0 0xfee1014 0x36600 0x35a00 0x120
UnregisterTraceGuids 0x0 0xfee1018 0x36604 0x35a04 0x302
RegisterTraceGuidsW 0x0 0xfee101c 0x36608 0x35a08 0x28a
GetTraceLoggerHandle 0x0 0xfee1020 0x3660c 0x35a0c 0x15d
GetTraceEnableLevel 0x0 0xfee1024 0x36610 0x35a10 0x15c
GetTraceEnableFlags 0x0 0xfee1028 0x36614 0x35a14 0x15b
TraceMessage 0x0 0xfee102c 0x36618 0x35a18 0x2f6
ConvertStringSecurityDescriptorToSecurityDescriptorW 0x0 0xfee1030 0x3661c 0x35a1c 0x72
GetSidSubAuthorityCount 0x0 0xfee1034 0x36620 0x35a20 0x158
GetSidSubAuthority 0x0 0xfee1038 0x36624 0x35a24 0x157
RegOpenKeyExW 0x0 0xfee103c 0x36628 0x35a28 0x261
RegQueryValueExW 0x0 0xfee1040 0x3662c 0x35a2c 0x26e
RegCloseKey 0x0 0xfee1044 0x36630 0x35a30 0x230
IsValidSid 0x0 0xfee1048 0x36634 0x35a34 0x186
ConvertSidToStringSidW 0x0 0xfee104c 0x36638 0x35a38 0x6c
KERNEL32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0xfee111c 0x36708 0x35b08 0x4c8
GetCurrentProcess 0x0 0xfee1120 0x3670c 0x35b0c 0x1c0
GetCurrentThread 0x0 0xfee1124 0x36710 0x35b10 0x1c4
OutputDebugStringW 0x0 0xfee1128 0x36714 0x35b14 0x38a
lstrcmpW 0x0 0xfee112c 0x36718 0x35b18 0x542
GetFullPathNameW 0x0 0xfee1130 0x3671c 0x35b1c 0x1fb
GlobalUnlock 0x0 0xfee1134 0x36720 0x35b20 0x2c5
GlobalLock 0x0 0xfee1138 0x36724 0x35b24 0x2be
CreateProcessW 0x0 0xfee113c 0x36728 0x35b28 0xa8
FreeLibrary 0x0 0xfee1140 0x3672c 0x35b2c 0x162
GetProcAddress 0x0 0xfee1144 0x36730 0x35b30 0x245
LoadLibraryW 0x0 0xfee1148 0x36734 0x35b34 0x33f
GetSystemDirectoryW 0x0 0xfee114c 0x36738 0x35b38 0x270
GetShortPathNameW 0x0 0xfee1150 0x3673c 0x35b3c 0x261
InterlockedExchange 0x0 0xfee1154 0x36740 0x35b40 0x2ec
Sleep 0x0 0xfee1158 0x36744 0x35b44 0x4b2
InterlockedCompareExchange 0x0 0xfee115c 0x36748 0x35b48 0x2e9
QueryPerformanceCounter 0x0 0xfee1160 0x3674c 0x35b4c 0x3a7
GetTickCount 0x0 0xfee1164 0x36750 0x35b50 0x293
GetCurrentProcessId 0x0 0xfee1168 0x36754 0x35b54 0x1c1
GetSystemTimeAsFileTime 0x0 0xfee116c 0x36758 0x35b58 0x279
TerminateProcess 0x0 0xfee1170 0x3675c 0x35b5c 0x4c0
UnhandledExceptionFilter 0x0 0xfee1174 0x36760 0x35b60 0x4d3
SetUnhandledExceptionFilter 0x0 0xfee1178 0x36764 0x35b64 0x4a5
DeleteCriticalSection 0x0 0xfee117c 0x36768 0x35b68 0xd1
TlsFree 0x0 0xfee1180 0x3676c 0x35b6c 0x4c6
TlsAlloc 0x0 0xfee1184 0x36770 0x35b70 0x4c5
InitializeCriticalSection 0x0 0xfee1188 0x36774 0x35b74 0x2e2
GetLastError 0x0 0xfee118c 0x36778 0x35b78 0x202
TlsGetValue 0x0 0xfee1190 0x3677c 0x35b7c 0x4c7
CompareStringW 0x0 0xfee1194 0x36780 0x35b80 0x64
FindResourceExW 0x0 0xfee1198 0x36784 0x35b84 0x14d
LeaveCriticalSection 0x0 0xfee119c 0x36788 0x35b88 0x339
EnterCriticalSection 0x0 0xfee11a0 0x3678c 0x35b8c 0xee
lstrlenW 0x0 0xfee11a4 0x36790 0x35b90 0x54e
GetUserDefaultUILanguage 0x0 0xfee11a8 0x36794 0x35b94 0x29e
InterlockedDecrement 0x0 0xfee11ac 0x36798 0x35b98 0x2eb
InterlockedIncrement 0x0 0xfee11b0 0x3679c 0x35b9c 0x2ef
GetModuleFileNameW 0x0 0xfee11b4 0x367a0 0x35ba0 0x214
GetEnvironmentVariableW 0x0 0xfee11b8 0x367a4 0x35ba4 0x1dc
GetTempPathW 0x0 0xfee11bc 0x367a8 0x35ba8 0x285
SetEnvironmentVariableW 0x0 0xfee11c0 0x367ac 0x35bac 0x457
CreateFileW 0x0 0xfee11c4 0x367b0 0x35bb0 0x8f
CloseHandle 0x0 0xfee11c8 0x367b4 0x35bb4 0x52
WriteFile 0x0 0xfee11cc 0x367b8 0x35bb8 0x525
BeginUpdateResourceW 0x0 0xfee11d0 0x367bc 0x35bbc 0x38
EndUpdateResourceW 0x0 0xfee11d4 0x367c0 0x35bc0 0xed
GetCurrentThreadId 0x0 0xfee11d8 0x367c4 0x35bc4 0x1c5
LocalFree 0x0 0xfee11dc 0x367c8 0x35bc8 0x348
DeleteFileW 0x0 0xfee11e0 0x367cc 0x35bcc 0xd6
UpdateResourceW 0x0 0xfee11e4 0x367d0 0x35bd0 0x4df
FindResourceW 0x0 0xfee11e8 0x367d4 0x35bd4 0x14e
SizeofResource 0x0 0xfee11ec 0x367d8 0x35bd8 0x4b1
LoadResource 0x0 0xfee11f0 0x367dc 0x35bdc 0x341
LockResource 0x0 0xfee11f4 0x367e0 0x35be0 0x354
ExpandEnvironmentStringsW 0x0 0xfee11f8 0x367e4 0x35be4 0x11d
GetModuleHandleW 0x0 0xfee11fc 0x367e8 0x35be8 0x218
GlobalAlloc 0x0 0xfee1200 0x367ec 0x35bec 0x2b3
GlobalFree 0x0 0xfee1204 0x367f0 0x35bf0 0x2ba
GlobalHandle 0x0 0xfee1208 0x367f4 0x35bf4 0x2bd
OutputDebugStringA 0x0 0xfee120c 0x367f8 0x35bf8 0x389
SetLastError 0x0 0xfee1210 0x367fc 0x35bfc 0x473
GDI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OffsetViewportOrgEx 0x0 0xfee105c 0x36648 0x35a48 0x23e
PatBlt 0x0 0xfee1060 0x3664c 0x35a4c 0x246
GetTextMetricsW 0x0 0xfee1064 0x36650 0x35a50 0x226
CreateFontIndirectW 0x0 0xfee1068 0x36654 0x35a54 0x40
CreateCompatibleDC 0x0 0xfee106c 0x36658 0x35a58 0x30
DeleteDC 0x0 0xfee1070 0x3665c 0x35a5c 0xe3
CreateDIBSection 0x0 0xfee1074 0x36660 0x35a60 0x35
GetLayout 0x0 0xfee1078 0x36664 0x35a64 0x1ed
ExtTextOutW 0x0 0xfee107c 0x36668 0x35a68 0x138
SelectObject 0x0 0xfee1080 0x3666c 0x35a6c 0x277
SetBkColor 0x0 0xfee1084 0x36670 0x35a70 0x27e
CreatePen 0x0 0xfee1088 0x36674 0x35a74 0x4b
SetTextColor 0x0 0xfee108c 0x36678 0x35a78 0x2a6
TextOutW 0x0 0xfee1090 0x3667c 0x35a7c 0x2b9
GetDIBits 0x0 0xfee1094 0x36680 0x35a80 0x1ca
EnumFontFamiliesExW 0x0 0xfee1098 0x36684 0x35a84 0x125
CreateSolidBrush 0x0 0xfee109c 0x36688 0x35a88 0x54
GetCurrentObject 0x0 0xfee10a0 0x3668c 0x35a8c 0x1c4
SetBkMode 0x0 0xfee10a4 0x36690 0x35a90 0x27f
MoveToEx 0x0 0xfee10a8 0x36694 0x35a94 0x23a
LineTo 0x0 0xfee10ac 0x36698 0x35a98 0x236
GetTextExtentExPointW 0x0 0xfee10b0 0x3669c 0x35a9c 0x21b
GetTextExtentPoint32W 0x0 0xfee10b4 0x366a0 0x35aa0 0x21e
CreateRectRgnIndirect 0x0 0xfee10b8 0x366a4 0x35aa4 0x50
CombineRgn 0x0 0xfee10bc 0x366a8 0x35aa8 0x22
ModifyWorldTransform 0x0 0xfee10c0 0x366ac 0x35aac 0x239
LPtoDP 0x0 0xfee10c4 0x366b0 0x35ab0 0x234
DPtoLP 0x0 0xfee10c8 0x366b4 0x35ab4 0xa4
SetGraphicsMode 0x0 0xfee10cc 0x366b8 0x35ab8 0x28d
SetMapMode 0x0 0xfee10d0 0x366bc 0x35abc 0x294
SetWorldTransform 0x0 0xfee10d4 0x366c0 0x35ac0 0x2ae
GetDeviceCaps 0x0 0xfee10d8 0x366c4 0x35ac4 0x1cb
DeleteObject 0x0 0xfee10dc 0x366c8 0x35ac8 0xe6
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree 0x0 0xfee13b8 0x369a4 0x35da4 0x68
CoTaskMemAlloc 0x0 0xfee13bc 0x369a8 0x35da8 0x67
CoCreateInstance 0x0 0xfee13c0 0x369ac 0x35dac 0x10
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x9 0xfee1218 0x36804 0x35c04 -
VariantInit 0x8 0xfee121c 0x36808 0x35c08 -
SysAllocString 0x2 0xfee1220 0x3680c 0x35c0c -
SysFreeString 0x6 0xfee1224 0x36810 0x35c10 -
SysAllocStringLen 0x4 0xfee1228 0x36814 0x35c14 -
SysStringLen 0x7 0xfee122c 0x36818 0x35c18 -
VariantCopy 0xa 0xfee1230 0x3681c 0x35c1c -
USER32.dll (67)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OffsetRect 0x0 0xfee1238 0x36824 0x35c24 0x225
PtInRect 0x0 0xfee123c 0x36828 0x35c28 0x240
GetSysColor 0x0 0xfee1240 0x3682c 0x35c2c 0x17b
SetRect 0x0 0xfee1244 0x36830 0x35c30 0x2ae
GetSystemMetrics 0x0 0xfee1248 0x36834 0x35c34 0x17e
DrawEdge 0x0 0xfee124c 0x36838 0x35c38 0xc3
SetCursor 0x0 0xfee1250 0x3683c 0x35c3c 0x288
LoadCursorW 0x0 0xfee1254 0x36840 0x35c40 0x1eb
ScreenToClient 0x0 0xfee1258 0x36844 0x35c44 0x26d
ClientToScreen 0x0 0xfee125c 0x36848 0x35c48 0x47
GetWindowRect 0x0 0xfee1260 0x3684c 0x35c4c 0x19c
DestroyIcon 0x0 0xfee1264 0x36850 0x35c50 0xa3
CopyIcon 0x0 0xfee1268 0x36854 0x35c54 0x53
GetIconInfo 0x0 0xfee126c 0x36858 0x35c58 0x133
LoadImageW 0x0 0xfee1270 0x3685c 0x35c5c 0x1ef
GetClassNameW 0x0 0xfee1274 0x36860 0x35c60 0x112
GetForegroundWindow 0x0 0xfee1278 0x36864 0x35c64 0x12d
ReleaseCapture 0x0 0xfee127c 0x36868 0x35c68 0x264
SetCapture 0x0 0xfee1280 0x3686c 0x35c6c 0x280
GetCapture 0x0 0xfee1284 0x36870 0x35c70 0x108
EqualRect 0x0 0xfee1288 0x36874 0x35c74 0xf3
EndPaint 0x0 0xfee128c 0x36878 0x35c78 0xdc
BeginPaint 0x0 0xfee1290 0x3687c 0x35c7c 0xe
GetUpdateRect 0x0 0xfee1294 0x36880 0x35c80 0x187
GetCursorPos 0x0 0xfee1298 0x36884 0x35c84 0x120
DefWindowProcW 0x0 0xfee129c 0x36888 0x35c88 0x9c
RegisterClassExW 0x0 0xfee12a0 0x3688c 0x35c8c 0x24d
GetClassInfoExW 0x0 0xfee12a4 0x36890 0x35c90 0x10d
UnregisterClassW 0x0 0xfee12a8 0x36894 0x35c94 0x306
SetWindowLongW 0x0 0xfee12ac 0x36898 0x35c98 0x2c4
IsWindow 0x0 0xfee12b0 0x3689c 0x35c9c 0x1db
CreateWindowExW 0x0 0xfee12b4 0x368a0 0x35ca0 0x6e
PostMessageW 0x0 0xfee12b8 0x368a4 0x35ca4 0x236
SendMessageW 0x0 0xfee12bc 0x368a8 0x35ca8 0x27c
GetWindow 0x0 0xfee12c0 0x368ac 0x35cac 0x18e
RegisterWindowMessageW 0x0 0xfee12c4 0x368b0 0x35cb0 0x263
SetWindowPos 0x0 0xfee12c8 0x368b4 0x35cb4 0x2c6
GetMonitorInfoW 0x0 0xfee12cc 0x368b8 0x35cb8 0x15f
MonitorFromPoint 0x0 0xfee12d0 0x368bc 0x35cbc 0x218
MonitorFromWindow 0x0 0xfee12d4 0x368c0 0x35cc0 0x21a
InvertRect 0x0 0xfee12d8 0x368c4 0x35cc4 0x1c0
IsRectEmpty 0x0 0xfee12dc 0x368c8 0x35cc8 0x1d4
SetWindowRgn 0x0 0xfee12e0 0x368cc 0x35ccc 0x2c7
FillRect 0x0 0xfee12e4 0x368d0 0x35cd0 0xf6
ToUnicode 0x0 0xfee12e8 0x368d4 0x35cd4 0x2f3
GetKeyboardState 0x0 0xfee12ec 0x368d8 0x35cd8 0x142
SetCaretPos 0x0 0xfee12f0 0x368dc 0x35cdc 0x282
GetCaretPos 0x0 0xfee12f4 0x368e0 0x35ce0 0x10a
DestroyWindow 0x0 0xfee12f8 0x368e4 0x35ce4 0xa6
IntersectRect 0x0 0xfee12fc 0x368e8 0x35ce8 0x1bd
GetPropW 0x0 0xfee1300 0x368ec 0x35cec 0x16b
RemovePropW 0x0 0xfee1304 0x368f0 0x35cf0 0x269
UpdateWindow 0x0 0xfee1308 0x368f4 0x35cf4 0x311
RedrawWindow 0x0 0xfee130c 0x368f8 0x35cf8 0x24a
CallWindowProcW 0x0 0xfee1310 0x368fc 0x35cfc 0x1e
SetPropW 0x0 0xfee1314 0x36900 0x35d00 0x2ad
GetDC 0x0 0xfee1318 0x36904 0x35d04 0x121
ReleaseDC 0x0 0xfee131c 0x36908 0x35d08 0x265
keybd_event 0x0 0xfee1320 0x3690c 0x35d0c 0x330
MapVirtualKeyW 0x0 0xfee1324 0x36910 0x35d10 0x208
GetClientRect 0x0 0xfee1328 0x36914 0x35d14 0x114
GetWindowThreadProcessId 0x0 0xfee132c 0x36918 0x35d18 0x1a4
KillTimer 0x0 0xfee1330 0x3691c 0x35d1c 0x1e3
SetTimer 0x0 0xfee1334 0x36920 0x35d20 0x2bb
SystemParametersInfoW 0x0 0xfee1338 0x36924 0x35d24 0x2ec
GetFocus 0x0 0xfee133c 0x36928 0x35d28 0x12c
GetWindowLongW 0x0 0xfee1340 0x3692c 0x35d2c 0x196
IMM32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImmGetCompositionFontW 0x0 0xfee10e4 0x366d0 0x35ad0 0x34
ImmGetHotKey 0x0 0xfee10e8 0x366d4 0x35ad4 0x41
ImmGetOpenStatus 0x0 0xfee10ec 0x366d8 0x35ad8 0x4a
ImmSetOpenStatus 0x0 0xfee10f0 0x366dc 0x35adc 0x77
ImmGetContext 0x0 0xfee10f4 0x366e0 0x35ae0 0x38
ImmGetConversionStatus 0x0 0xfee10f8 0x366e4 0x35ae4 0x3b
ImmLockIMC 0x0 0xfee10fc 0x366e8 0x35ae8 0x5e
ImmUnlockIMC 0x0 0xfee1100 0x366ec 0x35aec 0x7e
ImmSetConversionStatus 0x0 0xfee1104 0x366f0 0x35af0 0x75
ImmLockIMCC 0x0 0xfee1108 0x366f4 0x35af4 0x5f
ImmUnlockIMCC 0x0 0xfee110c 0x366f8 0x35af8 0x7f
ImmGetIMCCSize 0x0 0xfee1110 0x366fc 0x35afc 0x43
ImmRequestMessageW 0x0 0xfee1114 0x36700 0x35b00 0x6a
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW 0x0 0xfee1054 0x36640 0x35a40 0xc
Exports (5)
»
Api name EAT Address Ordinal
uiImeConfigure 0x12f12 0x1
uiImeGetImeMenuItems 0x12f6f 0x2
uiImeWindowProc 0x1302b 0x3
uiInitialize 0x12fb4 0x4
uiUninitialize 0x12f79 0x5
Icons (31)
»
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.garminwasted Dropped File Text
Whitelisted
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml (Dropped File)
Mime Type text/xml
File Size 1.76 KB
MD5 cf4d61ccbf565f83e919f4bef3f0e133 Copy to Clipboard
SHA1 10a91eb0c531fd20f112aae5c5307bdcb7e5d58b Copy to Clipboard
SHA256 e15b71147e48db5567e8f166e7b8482686a00fe376a20619ea5dc430edd26171 Copy to Clipboard
SSDeep 48:cjlRIsCNt+IpgLkePjRagavYE/hC/A2vER4K5ifkNRhGGWaXc:YM9kItePPohGzsWf2M Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrg~1\appdata\local\temp\armui.ini Dropped File Text
Whitelisted
...
»
Mime Type text/plain
File Size 145.04 KB
MD5 763658fecb2c282a6d724dcfbb26fa5e Copy to Clipboard
SHA1 d013dee1a67cb2be6e8ab30d754164b979d480fc Copy to Clipboard
SHA256 72a0abf98274047a4c7ddb420e651ab3202161979f2d0fd7be3693ad6b7d7c0f Copy to Clipboard
SSDeep 3072:kThgCJdFWTbWyLKk61NmSTBjDT7lV9mztutF4NVx6Pj:Hc Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\windows\bootstat.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.00 KB
MD5 9f8db6bb92fe57273a6055f83b78bcb2 Copy to Clipboard
SHA1 3403e020eb7340a11cb160aba5cc52ac7487ef1f Copy to Clipboard
SHA256 9780c696a867ac90f13f834e13ae1a0f242531b9a72855b8ff54ea1cffc305a5 Copy to Clipboard
SSDeep 3:NlE/7k+lHlFlkflStsK8Uha6aulIillZzxl7sK8UhaCtkUlcl:iPWNSvNXaujNN9ny Copy to Clipboard
ImpHash -
c:\windows\setupact.log Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 314 Bytes
MD5 9447e12df901c4cc0f1b49d4836e2a4b Copy to Clipboard
SHA1 dadbe7e53fa9738ee26f542968c26e01ca054e53 Copy to Clipboard
SHA256 c557e93708405df203f1bf035074d8c0f2184d20c719448ea59f25e95b7840ac Copy to Clipboard
SSDeep 6:/WNVf1gKfTOJ1F34vkxDNVf1gKfTOJ1F34vkxDNVf1gKfTOJ1F34vsjAIGF2TWN6:eVgK6JPo8xDVgK6JPo8xDVgK6JPo0qFg Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 b4e54f389b8ede96ee1e372c3a3d8259 Copy to Clipboard
SHA1 c6992a9d24e62de4975b732bad1b85c11e0a452d Copy to Clipboard
SHA256 f51c2b5bbb606623ee0d2d77003b1a9544b90d3693b12971939bfb2b62a30bed Copy to Clipboard
SSDeep 3:Wvt1o8:Wvt13 Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 c3654adcd6767287ae7a3ba8bf8861f0 Copy to Clipboard
SHA1 52e214af3344be09899ec344570e6c10451c0fa6 Copy to Clipboard
SHA256 1ad946eb59dc6e145137b140bf6378d9e380b50a1aeaaa0b28375d10a457f1c2 Copy to Clipboard
SSDeep 3:51Den8:rin8 Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 96c105f6c67d2380b1d300bc6664458d Copy to Clipboard
SHA1 a8ed52f87fbec3b9184a06f25155f08daf90ed25 Copy to Clipboard
SHA256 fa477c3e4a9b502966e3652feec7ce528ab75a7a5ba73ddc08371ac326a0e747 Copy to Clipboard
SSDeep 3:0U7J3n:0q3n Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 ce203e9aa973ef792d368d297b1fb41b Copy to Clipboard
SHA1 78576af0d1c8284d8d59365c6834cc02dc9ba3aa Copy to Clipboard
SHA256 664be222277593488a273ed315170b47e622266ef632edda433716972f0e2991 Copy to Clipboard
SSDeep 3:XmIl/kn6:dtkn6 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_idx.db Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.18 KB
MD5 612d399f2462fb9b357acc13f629d365 Copy to Clipboard
SHA1 13e4ae3bb733b5da84c2997ce541be93ec97133f Copy to Clipboard
SHA256 1c4b2dc53b0ce24e0f068530354ff9760ef82f27fc7d3b6d31ad8e8161881e72 Copy to Clipboard
SSDeep 12:Rj3UlSahYqh1ldNOjhMCZNoR/hGgNDmxMZ:RrUl4YmZqjhmu Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_96.db Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 3083cd7f09b1d5833106de2ce64e1a90 Copy to Clipboard
SHA1 c58d430149a5be3cf39915160388e67661bdaf03 Copy to Clipboard
SHA256 a7ef2f649f86bab0820e42d5a4eb73c5a1d5c85523c03a3f22743ccb2829ac9a Copy to Clipboard
SSDeep 3:illalnl:ilc Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_256.db Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 ba512dce0c6c7dd96ac62734cbfe8345 Copy to Clipboard
SHA1 0c995073a5625509fd798cb14d40209f9ecdce9e Copy to Clipboard
SHA256 3c789c2abb38ea6e8f1f02152c07e6e9b44bd8ad14d4aeeb7c1178084e32377b Copy to Clipboard
SSDeep 24:G9/0sLdHEx3ybcK8U0sLdHEx3ybcK8BcbKPmUhN:GtzdHM3ybXzdHM3ybO6KO Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\b2945f6a-2378-4a2d-a700-f64d33f40fe5 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 ecf26f6b2f600a782db1972daacf2d17 Copy to Clipboard
SHA1 f8922f0aa8422f5db0e6c1b263105c175dfdcad9 Copy to Clipboard
SHA256 c9317febd4332a1d39a6d36ef585fef9c1a66bf082e7f124ce55472cf4568459 Copy to Clipboard
SSDeep 3:j1wkVPzkn:hRyn Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 12 Bytes
MD5 771b71e26fe6b8bd97b903245d0f7c9c Copy to Clipboard
SHA1 922d6f3d59f80de5205b6fefa71e12f52788b882 Copy to Clipboard
SHA256 232aa849eaadcb397ad08c20ae0d55a147fc40159140260c8e6590ab01c9a52d Copy to Clipboard
SSDeep 3:uot:u4 Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\b2945f6a-2378-4a2d-a700-f64d33f40fe5 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 12 Bytes
MD5 56a40b5ddb3a2eaf2641fcc7c4487c89 Copy to Clipboard
SHA1 a436b236ce6978421106f57b2cc8c988e9d89da0 Copy to Clipboard
SHA256 4f11185e54ea13896954b53a54d066810e45558e9f72d4897a62ed756ef45eaa Copy to Clipboard
SSDeep 3:y3Yt:rt Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 1aa463a42e7ffb2cc7932838500a4ec1 Copy to Clipboard
SHA1 1572245bf38c419f9e730a6a14694d5a9e2c182d Copy to Clipboard
SHA256 fb8acc7fd5c21ea6368e5566095528ffc096e65264ef56e2de323d80e93aba23 Copy to Clipboard
SSDeep 3:XmIBlSFn:dBlS Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 12 Bytes
MD5 740ca1587d2adebf77f23d278e108d58 Copy to Clipboard
SHA1 2c2621d7d26a96bbef33d918b5d98bed7b0ad54a Copy to Clipboard
SHA256 7e321ecae37dd8e56e393a0006cf1a864386a2f13867ba2ee8503cf9eb3461ba Copy to Clipboard
SSDeep 3:k7tFYt:kpet Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 9e9848ae195d497c4f97a7b47f43038d Copy to Clipboard
SHA1 e9043c805256fde2e246aef1d8d33e8e95ac004d Copy to Clipboard
SHA256 08b0859f37311983b6a40e317b71a5de52ea75c661583e53f7f46c448854ed85 Copy to Clipboard
SSDeep 3:XmIl/FIyk:dtq Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 bd10bfe9fb28d991d2f040d81dd70dbc Copy to Clipboard
SHA1 6fee1b59ecfcd22d29c08ed0353f1b98a36c7037 Copy to Clipboard
SHA256 9c9061a93e1d068787aaf5435b1161b99b92f59c570ab3619916f0b285572418 Copy to Clipboard
SSDeep 3:nmY/V8:mY/e Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 4c3d8437b3618272cf5e6a012fce956b Copy to Clipboard
SHA1 13a5b565dd21a8cf96e58fa663215521d47886a7 Copy to Clipboard
SHA256 4d535a0b64ea9e0693c9d28533f90f8aba85e915d467194df28df1d5e055d5f2 Copy to Clipboard
SSDeep 3:CFItwkn:CFYwk Copy to Clipboard
ImpHash -
c:\users\5p5nrg~1\appdata\local\temp\adobearm.log Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 2.25 KB
MD5 c7d932892b2de422318ffa4c618ba947 Copy to Clipboard
SHA1 b75e033abb008fa5186c97fd9a1fe06dbbfeb446 Copy to Clipboard
SHA256 075d8358af2a6e1eed04105597311aec70e14c6fb106e5e36beb800b9e5e5fc1 Copy to Clipboard
SSDeep 48:oUwvx13duYDraWIm5xKECwTx31dUYDZa0yA51cEyKIwgniELURZDqZlN8YEu5yq+:oUwvv3duyruqxKECwTt1dUyZqs1cEynU Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\system.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.07 MB
MD5 372a10c49cebe0b1f0203eb1f5cda48a Copy to Clipboard
SHA1 305636bd212bced6c395bd71153999a43a1b0b26 Copy to Clipboard
SHA256 ffd3ac5a2bf5299b3338ad6e9c74abf7cc9722db32f7b5dd1140c9dff6d9148b Copy to Clipboard
SSDeep 6144:3g1wz0VgGjS833D9mCFOrdMSLMBaiDzSDK:w1C0tG+3D9mCFOrdMSLMBaiDzSDK Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\application.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.07 MB
MD5 52007c0e06f80616c76e9da22138f06c Copy to Clipboard
SHA1 476a237ee2b2a67fb3481cbf8430c2c4002424aa Copy to Clipboard
SHA256 a48f7027429a0f4d4a0268e29eeb9a873167d022fd10c7a4c9a4545ef9cc674c Copy to Clipboard
SSDeep 12288:W1sheRoQ/hqSl1LDsM4kLF37C0r5E8XK1yXeITNhz1hatDJMB61: Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\security.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 ee548cbad00b0719b67d7bd2d792a20c Copy to Clipboard
SHA1 4b9a890d633010b43b85cc56edb47c022912731b Copy to Clipboard
SHA256 efdf99b8d320b19da4ad1fa0435b4e14bf6207b75f5049ea126ea8d361c3635e Copy to Clipboard
SSDeep 3072:WyLO7IqpT9tOervMEDrPJVtHJLv3BaHDUL99JtwHVmevD:WDGervMEpVtHJL/599JtwHVmev Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-kernel-whea%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 ca3d128048418fcbfc62c452c5393c64 Copy to Clipboard
SHA1 aa7f1ec194a117ab6d098adba96cb2b5c4279261 Copy to Clipboard
SHA256 f79fbe8fda35ff5db9815e5ac34c0795667212eb9dcd8c7e418bfa6cb70cc780 Copy to Clipboard
SSDeep 384:B7hkICqQ0RDIx9IyIQIhInI/JIHIAEIGYIOI7IeIvghVI/iY8CIXIi0IXIhCIHkc:B7RxTOLgPz+Rag03KvUigi Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-grouppolicy%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 3cc7c6480065a4bd34f2cc94a4ef03d1 Copy to Clipboard
SHA1 c4a91f0fd53926602d5224d1a69aad100c75ed4a Copy to Clipboard
SHA256 35797e5681459480fcf2f6262d200cc9e156ef23ee5e90daf4dd47ae94947d4d Copy to Clipboard
SSDeep 3072:/P3qQ2kiBNqmW+nSCJsVv06r0kJP4JqjLKTTSm:/P4hnSCJsVv06r0kJP4JqjLKTTSm Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-user profile service%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 674cc54435f00a6479b2d654094c6669 Copy to Clipboard
SHA1 c7da467257db4fc942a1f485f15abde738d865ee Copy to Clipboard
SHA256 e9f4d12ab9d47ce7a05c81744114afd7280467f515083bfde6be0560a845997c Copy to Clipboard
SSDeep 1536:zdoIScVo73eJwSQpdBCA07aVN6er+FU2PflW7fRBoeRdV+nVzpbRgL8gnRb7WPid:4YlMS1 Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-offlinefiles%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 2e96144226a29ddac9a19754574d572e Copy to Clipboard
SHA1 4c6f26989f4beb99870ba710a46fa163d930a1c8 Copy to Clipboard
SHA256 aaf41a6bc642819160aa3f274ed41495d8fe864a24a91c3b924dac3c093b70a7 Copy to Clipboard
SSDeep 1536:nwpSJQxh9R8WJQl58ipWYIWphdBdurh+sJZlpJt7iRf9JiSqhNvtAqhs9+8zhSWT:IV Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-branchcachesmb%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 db27c36b1b9d8709c7fc13dc21b9b839 Copy to Clipboard
SHA1 de5d311383947e57894dc8411cd3621b3dc4201a Copy to Clipboard
SHA256 223bbbb5ef2282eaa13b479ba0ec4eb1002356e40366b17b6ca86e8d02ae4de0 Copy to Clipboard
SSDeep 384:RrwhuhDhQ2QPhDY6hDamhDDhD8hDhhD/hDOhD1hD4hDshDchDihDohDLzhD4hDWG:RrwYrQeDQP6juj Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 72db868762127338a13062c0fd1a4d29 Copy to Clipboard
SHA1 8b80cc386495f0cde57ed07c213f39ad308adc8e Copy to Clipboard
SHA256 066d5f5f2b83256346274173157eeb15d79d824567963ac886bba53ff7175bf6 Copy to Clipboard
SSDeep 1536:u2sCaBtBbLghOy01lNHsco0kwE2YY21lRw4DWQbrsNKQQsLbNxrVkIdsA0CcxwQt:pY Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-dhcpv6-client%4admin.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 f7a39764202496ecd9314965bd512b99 Copy to Clipboard
SHA1 4cf4ba1cd75ca543d9a3e39f65ba1a3dbc56b40a Copy to Clipboard
SHA256 9f165648645e150b9555e40f75e3a91421cc5f849a5ea4e94c81314409a119d3 Copy to Clipboard
SSDeep 384:IhdtKDtotS/tSPtS7tSKtSTtSntS/tSntSNtSlptSbtSbtSPtS2tS7tSRtS7tSez:IoAH Copy to Clipboard
ImpHash -
c:\windows\tasks\schedlgu.txt Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 11.62 KB
MD5 38dd896bead08679abb2b61d592cf6f3 Copy to Clipboard
SHA1 7102b9c5f2b582fe79f027d72cdebd7166801c69 Copy to Clipboard
SHA256 44527c2e828aa98560bab3b95694aa73a6456faa364361439a79546fbed67a8d Copy to Clipboard
SSDeep 192:r1hs11161PI1Ls1qsUfURUkU0UIqUIuUjULmNm8mHmdl4rTSrSrIcrNrttUQT6j2:r1hs11161PI1Ls1qsUfURUkU0UzUvUjG Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\explorerstartuplog_runonce.etl Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.00 KB
MD5 f81c3c4dff6091bd3d900a21999da33b Copy to Clipboard
SHA1 65b8f6310b0ac02dd6970ae8a932e098eee04917 Copy to Clipboard
SHA256 5b44614094e560b0517b83620febdf1b0de8c7963787940e4c793e19a0d24e79 Copy to Clipboard
SSDeep 48:47jw8iM4DhBikMwiMlPoe+1dbakFxhwdbGG7d9tLkAxhFd9tYRgeS:47jw8iM4DqwiMlPW+kFnPGtkAjAM Copy to Clipboard
ImpHash -
\\?\C:\BOOTSECT.BAK.garminwasted Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\BOOTSECT.BAK (Dropped File)
Mime Type application/octet-stream
File Size 8.00 KB
MD5 ba747f5e22df8f2b63fa5e0fd627765c Copy to Clipboard
SHA1 a588e53440ec0393b1cae408e73606f72e94face Copy to Clipboard
SHA256 75ff1b1836fd6d04c5ea4e17b4fad1163f8059dcaf2def13f1c79c69b061a464 Copy to Clipboard
SSDeep 96:vzDaidCuhFwDG+8A4PtbiW+uGGfz/+vWVrQUqDayFB3d4:7Oid3zwDGIOtbiW4q/+ZUgBN4 Copy to Clipboard
ImpHash -
\\?\C:\BOOTSECT.BAK.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 75d3c13ab061436b625dae3c0921ac74 Copy to Clipboard
SHA1 47ecb7399a22377a2a97f712d718f85c4c55ce2f Copy to Clipboard
SHA256 3f5383b3a10eee08143fae4c8b7d26c777bbe40b3fbf8655ca69a5cfb7c99f69 Copy to Clipboard
SSDeep 48:e4QhAtVo7ie/fPtET0mdUziX0I7KLtutEkjaALP1:e4GAtVpe/fJmKziyItBF1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml (Dropped File)
Mime Type text/xml
File Size 1.53 KB
MD5 8e75b478bdb2053fb329e9255930b469 Copy to Clipboard
SHA1 fdadaebfd6d544c18d0277975c674c2c24e3526b Copy to Clipboard
SHA256 d6f4017528c0a21eef982287dc529813f4c0adcad1fb463eeb458483522f14d1 Copy to Clipboard
SSDeep 48:cjwXAoyQ7agavBmYEpYE/hCTMfY5MfXKJFMtFFK59DtWGGTMaJMM:YHoZam/iohBYa6gbWDEp Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 09472d65fcd4a8f5d1e75fa2ba9bc846 Copy to Clipboard
SHA1 e4b77a7771c8e8a4d810dd98a5921f19ac838b8b Copy to Clipboard
SHA256 805d5a97b7256ca763e30f8cc1dea7ee4172d168d0e5d1499fdc981148d9a0e8 Copy to Clipboard
SSDeep 48:e4VBIocClzoqM1din5WADxLK8+1ENnjiQuMgdoM1:e4VBFcCxoqUilLNFjcTqM1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml (Dropped File)
Mime Type text/xml
File Size 2.24 KB
MD5 12ad69413fb2305d5a5253b658631daf Copy to Clipboard
SHA1 78d7d85ad8fd1343a964b101512aeb12f79caeab Copy to Clipboard
SHA256 4917d9d7d078c5aea45a228d1873272a159d158a7d7486642d7336cc01aded47 Copy to Clipboard
SSDeep 48:cjHpBfpx/+QSXxQ0Q16QkMfQnMfoQEMqQNQZBOQxweaeQPU2ekGkWCrAZc9Ch9QD:YJBxx/+TxPM6oBoZeeBORkq2k2Cr19C6 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 f69cde58f6a150f940513cc02a51bcc2 Copy to Clipboard
SHA1 ce2fa61455e3fedb7d7ee39552d4986a2ade1e8c Copy to Clipboard
SHA256 2182e60aa5e1f2ebe1eb7796a49bdd7c4be843bae873332eb109514fe3e58b50 Copy to Clipboard
SSDeep 48:e4sZ6Q+l9PNBNDSGOJ9LwlLdqvz3c5+Oh41:e4lQ0PNrDSxRwlLe1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml (Dropped File)
Mime Type text/xml
File Size 1.42 KB
MD5 e514cf7c3b817c21b18b5fede2308843 Copy to Clipboard
SHA1 ff021edacf8909ced0c5b6cf3b1c1f036ab55394 Copy to Clipboard
SHA256 1b327c71698991c205ea4199b772f15240efde60ab540ca6952adcf7b2ee2928 Copy to Clipboard
SSDeep 24:2djH8RBuybOaoYB/6EBhhCRpH8T2uBF2uFdb8uKBHu6OKuOQFGIlH3IlHy:cjCuy0+6E/hCRh8VBzFdrK5u/OAGGZ Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 998b7231a12ffd8eec2926fb51e9b7dd Copy to Clipboard
SHA1 eac6580b373638c17e109e0eea11d53f5803a5ff Copy to Clipboard
SHA256 1403ae217e374a11b08c2a96b50248b39fb084d42958ba5845b24c7bef68c863 Copy to Clipboard
SSDeep 24:Q6zkdikbTUauNN2X01zqqBWmoK95uf5kVs4eYScHFv4PFQ0BVM/j9OtF9N5WY0eH:e4QSH/W5kG5iiFQ0BVMBYf5Gbhql1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml (Dropped File)
Mime Type text/xml
File Size 1.84 KB
MD5 56abd6af75055e6999118e8279f9baf1 Copy to Clipboard
SHA1 9aa3efef547f7cf4f764aea7b9d1f61c98116d6e Copy to Clipboard
SHA256 cb22a4e2fff951cbe96d88596ccf0a726c85f5f30ecb9bc25b5502589b284333 Copy to Clipboard
SSDeep 48:cjfpPaDyf+QSXxQ0QlQiQNQDQ7fGyrzTuWQnVGqLq:Yhr+TxPMdmuc1PuWAGkq Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 5dab54a4ab09ba4066b3530dbd92b85e Copy to Clipboard
SHA1 c693fb7585bf974f2eb29b8bdfd83f6e4962fbc9 Copy to Clipboard
SHA256 8c39893c3cb77243fe8a8e3b9c78a4284483996b68527d924e356e198bc1534a Copy to Clipboard
SSDeep 24:Q6zkdikbTUauNN2X01s0jSqSA6mHxI7uiQ6CklSk5yfT/gsStJrHfvAqD2O6v7Ml:e4a0jwA6LAas/gtJTHAqD2Ok73b4CNe1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml (Dropped File)
Mime Type text/xml
File Size 1.42 KB
MD5 36ae1e211b5a2b4f979d749769415fe7 Copy to Clipboard
SHA1 7e8cbd3f1f07d7fc2b93e31ccfd80c85f92ee576 Copy to Clipboard
SHA256 45ccedc9378fdfecd4b592663ec1edf21c968b8fc4655504065f05a286754be6 Copy to Clipboard
SSDeep 24:2djDY7+WrhSoJB/6EBhhCgfUBF0CdqXF0Cd0F0CaBF0CKBHzSxSF0CaZMYjxZMZj:cjDYKWrrv6E/hC+C7CzCa8CK5WhCaz1s Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 afab344b7f79ccb0209922afbb52483c Copy to Clipboard
SHA1 a7730206b9df4205813501627bdd9dc515867e8a Copy to Clipboard
SHA256 f304984d7de9d1f06b540a3cd371bf727962d7f4c5882ed339bdfa77f0c99097 Copy to Clipboard
SSDeep 48:e4ZBe+y/2lgW5ohFmy8k1uuokKLztcVLxb0l1:e4JUptF98SuuQzixxbM1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml (Dropped File)
Mime Type text/xml
File Size 1.57 KB
MD5 e8da0d4f8f489f3f1e66224b734817ff Copy to Clipboard
SHA1 be1039c6632051633253ac54758b05f1a8d12eb3 Copy to Clipboard
SHA256 f8c49787bf46de01f95e08f0d5a79cb0647bce51f01b4ffb2f3485a028e91add Copy to Clipboard
SSDeep 48:cj3qmfD0fQSXxQ0QxLQFrQ7YGJH0CYrOzeQuZf3Lq:Y3qYITxPA+lwYGeRf7q Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 50f432c291790a33a96de4e3463b6731 Copy to Clipboard
SHA1 3c3b8fb8aadb1c9745332f648ca097360b7b894b Copy to Clipboard
SHA256 0145d5251522b7530b19f30318763732ace39d849fc1b2434d671cd26f5186dd Copy to Clipboard
SSDeep 48:e4ALxJzUH91JzpFo0GuUudejqXvD5T6W4FQ1:e4AjC1N80GuNdemvxUFQ1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml (Dropped File)
Mime Type text/xml
File Size 3.11 KB
MD5 a05752beeae602e18857eb4627584a71 Copy to Clipboard
SHA1 fe35f6b15eda928246c11638678852bf3d283ae4 Copy to Clipboard
SHA256 4642fbf8a6873615125be5f57812e5d1248d5c54549ed631edbfdf993eae14da Copy to Clipboard
SSDeep 48:cjBEA+T1hXgXtWmGFGGmzTm1RYmh70mLtu5LQRagavm6im4hYmaqNdmCOuFYE/hP:YG/gg5nuwiqVCohzRSt5JbbJ+hDH Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 98d0960c2f69c955d701e26a360d6cbb Copy to Clipboard
SHA1 2c05fca36b99a7bc3158ee981a27557166d75e2f Copy to Clipboard
SHA256 f4623e88e526d5812d7ab04511bde126041a184dde4a0a56bbc9c1a2dfbbf1ca Copy to Clipboard
SSDeep 24:Q6zkdikbTUauNN2X01xptprtU2RftDFVZa6vlDEfQ7qoFK3S1Esv9KMZLbylrNwt:e4Tjpe2JtBba6vlDEfQ2YEOKMZL/3h1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml (Dropped File)
Mime Type text/xml
File Size 4.11 KB
MD5 587570072f4307118d7bc1fac77b51d2 Copy to Clipboard
SHA1 92b327a60e3a576b7c8900cccf6cd534261481dd Copy to Clipboard
SHA256 2479db39aa2065e9bc0ab7559a20cd6081e754b90e987d871922eb9d2c4386ab Copy to Clipboard
SSDeep 96:YNdiTxPFH0LN1+M+U+N+0+/yZfxuRNoGNpgd/2LtkqJte2sCyNdq:cdKxtcdxNLe2sjNdq Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 c8a752525efbe9aa6a35217a3bfdd91f Copy to Clipboard
SHA1 4a5a7460f84a45937bfc6efb8c3d86dea3fff776 Copy to Clipboard
SHA256 63e7769567eb61562d9b12a8e6b2dcfcad2f68ae37fcc5e923bc47e148c5fc33 Copy to Clipboard
SSDeep 48:e4nUg3/OM/A2kCWFGV4IA3Xh/85MgMlCFGzM1:e4nUgPOMbR92F3x052CFGzM1 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted Dropped File Text
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml (Dropped File)
Mime Type text/xml
File Size 2.37 KB
MD5 eb88b9acfd97c6e28cd0cc9c404aaea0 Copy to Clipboard
SHA1 3027f96198feb8a9a5c85d2bb1d635b2117c793e Copy to Clipboard
SHA256 5bdc1cd5e12812f407db23cfc82d9300ee96c9f51acb04648dfcd40b02218b74 Copy to Clipboard
SSDeep 48:cjcZHRcWcQSXxQ0QakQtSQkfQ4nQ63Q1a4Ql/weaeQPU2KNGA9mIG2a3Dt2sgQz5:YcZxc/TxPbkmSBfTnL3KLtkqIJ/G7AU5 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.91 KB
MD5 7f1662e7a9caf3e8cae31b1a49e6a10d Copy to Clipboard
SHA1 d4c06725521d55a9a12b97392450616820223f31 Copy to Clipboard
SHA256 98b3d32d37b05dee52f6e4982816b74bfd7eb349e2ee4aa096a130875bc17ff7 Copy to Clipboard
SSDeep 48:e4JkPDz3AB9SAtF0paKaK71TrlnqpjUESdSbmj1:e4JkP/3EXtSp11opjUMmj1 Copy to Clipboard
ImpHash -
C:\Windows\TEMP\lck.log Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 33 Bytes
MD5 9e5a4ec70c937a9e35b5d15d3a0fce33 Copy to Clipboard
SHA1 62eaa9cc84e94352ab7c9c211517030218a6b79f Copy to Clipboard
SHA256 5b277cda904ec17cbefe703fba9fa0d84ca3429a94d07e09f606e0f2f59c9d6a Copy to Clipboard
SSDeep 3:jmvCHzYQH:jmx4 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.garminwasted_info Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 3a138c495b79d83cedaf4222d3a83df4 Copy to Clipboard
SHA1 701c91dc27397c579ac90f3752c855f0ded263b8 Copy to Clipboard
SHA256 03b6545bd1a54a9bc61148fc26df5ec54b7054118a7902b67692ffc6e200062f Copy to Clipboard
SSDeep 48:ZiUvgg6t6K+/ZJjaOxtTVu5rIoYCzIisszHrD5eF2WlBbwiBKGF7rYWxEd:UEFqsJVGDH9NBC5wiB3BJU Copy to Clipboard
ImpHash -
c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.00 KB
MD5 cec412c1c710800fc0c5bbebfc946d10 Copy to Clipboard
SHA1 963722d9d64c45f4115a9d2293dd52fac4f8ba5b Copy to Clipboard
SHA256 e57b8192e8c93cf59b9f2860a03964ca2c53b6a85a5f82cedf85cb8e449c0079 Copy to Clipboard
SSDeep 3:3lylz21vs/l/NEllX:3l1o Copy to Clipboard
ImpHash -
c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.00 KB
MD5 f4d5e53bcde04e416a3eba9b25021c29 Copy to Clipboard
SHA1 538615d61de7ce9460d6a51f2258d55e984ef29c Copy to Clipboard
SHA256 e248abb81d849cbab23ca6b4c762545953cfe673432252914bf7b0ea5cf3225f Copy to Clipboard
SSDeep 3:3lylwKFl/lE/l/NHHQl:3lf6/InQl Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image