60a10c66c1b2

Remarks

Maximum Dump Total Size Reached (0x0200005D): 986 additional dumps with the reason "Content Changed" and a total of 2306 MB were skipped because the respective maximum limit was reached.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\OqXZRaykm\Desktop\defOff.exe

Sample File

Binary

Also Known As	defOff.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	2.58 MB
MD5	6b250d3527d2946de16a9b46ec93d9da
SHA1	c45d245e1be62def9981e7657bf226d53c19ce80
SHA256	60a10c66c1b2af4c38ca4f1c8aa496733f571ddace185d9185e3cbdb93880e81
SSDeep	49152:53GwcsI0vqktNAEmv+3SSHI/Msjz0DX36CeIOfM3Ybc:53GsIc1bApmCSo/MsPiaC3OfM3Yb
ImpHash	2eabe9054cad5152567f0699947a2c5b

PE Information

Image Base	0x00400000
Entry Point	0x0069E000
Size Of Code	0x00002400
Size Of Initialized Data	0x00000800
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2023-10-15 17:58 (UTC)

Version Information (11)

Comments	-
CompanyName	-
FileDescription	defOff
FileVersion	1.0.0.0
InternalName	defOff.exe
LegalCopyright	Copyright © 2023
LegalTrademarks	-
OriginalFilename	defOff.exe
ProductName	defOff
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (6)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
	0x00402000	0x00004000	0x00001200	0x00002000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.78
.rsrc	0x00406000	0x0000059C	0x00000600	0x00003200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.04
.idata	0x00408000	0x00002000	0x00000200	0x00003800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.93
fstwwbmp	0x0040A000	0x00292000	0x00290200	0x00003A00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	6.54
ximdardy	0x0069C000	0x00002000	0x00000400	0x00293C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	6.15
.taggant	0x0069E000	0x00004000	0x00002200	0x00294000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.78

Imports (1)

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
lstrcpy	-	0x00408034	0x0000802C	0x0000382C	0x00000000

Memory Dumps (48)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
defoff.exe	1	0x00750000	0x009F1FFF	First Execution	32-bit	0x009EE000	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0075D15B	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0075E68B	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x007604ED	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x007D3628	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0083C3C7	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008C8425	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0075DE0F	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008CB000	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008D2DDA	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008D7BBC	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0075E000	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008D3684	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008D2E42	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008DC7EE	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0075DE0F	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008E4003	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x007EC450	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x007CCBEA	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x007A360F	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x00776AA1	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0079D000	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008ED28C	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008C3000	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008F5167	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008ED292	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x007EADFB	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x0075F08B	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008FC83F	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x008FDB6A	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x00909199	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x009152CD	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Content Changed	32-bit	0x00915000	... Actions Go to Process Download Dump
user32.dll	1	0x764E0000	0x76673FFF	First Execution	32-bit	0x765058D0	... Actions Go to Process Download Dump
advapi32.dll	1	0x767D0000	0x76848FFF	First Execution	32-bit	0x767EF320	... Actions Go to Process Download Dump
ntdll.dll	1	0x77590000	0x77731FFF	First Execution	32-bit	0x775D52C0	... Actions Go to Process Download Dump
shlwapi.dll	1	0x76E80000	0x76EC4FFF	First Execution	32-bit	0x76E9A0A0	... Actions Go to Process Download Dump
mscoree.dll	1	0x700F0000	0x70141FFF	First Execution	32-bit	0x7011F100	... Actions Go to Process Download Dump
mscoreei.dll	1	0x6FB70000	0x6FBFCFFF	First Execution	32-bit	0x6FB7FA20	... Actions Go to Process Download Dump
kernel.appcore.dll	1	0x75140000	0x7514EFFF	First Execution	32-bit	0x75143A50	... Actions Go to Process Download Dump
version.dll	1	0x74AE0000	0x74AE7FFF	First Execution	32-bit	0x74AE15C0	... Actions Go to Process Download Dump
clr.dll	1	0x6F3C0000	0x6FB6FFFF	First Execution	32-bit	0x6F5317C0	... Actions Go to Process Download Dump
rpcrt4.dll	1	0x76420000	0x764D9FFF	First Execution	32-bit	0x76449507	... Actions Go to Process Download Dump
combase.dll	1	0x757C0000	0x75A3FFFF	First Execution	32-bit	0x7583CD05	... Actions Go to Process Download Dump
clrjit.dll	1	0x6DE70000	0x6DEF8FFF	First Execution	32-bit	0x6DE751D0	... Actions Go to Process Download Dump
sechost.dll	1	0x76180000	0x761F4FFF	First Execution	32-bit	0x76197ABD	... Actions Go to Process Download Dump
buffer	1	0x045F0000	0x045F0FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
defoff.exe	1	0x00750000	0x009F1FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump

C:\Users\OqXZRaykm\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\defOff.exe.log

Dropped File

Unknown

MIME Type	application/csv
File Size	226 Bytes
MD5	cc70991fb12e3e77e295063f27958932
SHA1	6750b1c1704d922608cebcef4b171f99fa26e224
SHA256	19f230576e8680f451e9e4aee6ec67c16a49c01cdebde0979bc26c9361253281
SSDeep	6:Q3La/xw5DLIP12MUAvvR+uTL285MbQQPFv:Q3La/KDLI4MWuPgbQWv
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information