846339b3d65d

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\libGLESv2.dll.exe

Sample File

Binary

Also Known As	C:\Boot\pt-BR\gmailnotifierpro.exe (Accessed File, Dropped File) C:\Boot\zh-TW\explorer.exe (Accessed File, Dropped File) C:\MSOCache\All Users\{90160000-0018-0409-1000-0000000FF1CE}-C\omnipos.exe (Accessed File, Dropped File) C:\MSOCache\All Users\{90160000-001A-0409-1000-0000000FF1CE}-C\accupos.exe (Accessed File, Dropped File) C:\Program Files (x86)\Windows NT\TableTextService\draw face.exe (Accessed File, Dropped File) C:\Program Files\Microsoft SQL Server\110\Shared\dwm.exe (Accessed File, Dropped File) C:\Recovery\WindowsRE\SearchUI.exe (Accessed File, Dropped File) C:\Users\All Users\Application Data\System.exe (Accessed File) C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\ad57480fc18d55031cc7c956bc8beabb89eebdeb.exe (Accessed File, Dropped File) C:\Windows\L2Schemas\pidgin.exe (Accessed File, Dropped File) c:\programdata\system.exe (Dropped File, VM File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	1.94 MB
MD5	6f1a5f3b606715660011a3a4b45885b1
SHA1	e270b4c5b461feccef6105b244078665d7614fae
SHA256	846339b3d65d8c1cdaf5c697e38088b1f7fbdc882e4c903f0152edb00bb8b853
SSDeep	49152:1KRH21yhYNXa1YZJue5Gg4pSeuMb5/kYLH0:1KRH4y6pxgqRvMtRLU
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Information

Image Base	0x00400000
Entry Point	0x005F131E
Size Of Code	0x001EF400
Size Of Initialized Data	0x00003600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2022-05-04 16:03 (UTC)

Version Information (4)

FileVersion	5.15.2.0
OriginalFilename	libGLESv2.dll
ProductName	libGLESv2
ProductVersion	5.15.2.0

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x001EF324	0x001EF400	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.52
.sdata	0x005F2000	0x00002FDF	0x00003000	0x001EF800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.24
.rsrc	0x005F6000	0x00000218	0x00000400	0x001F2800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.84
.reloc	0x005F8000	0x0000000C	0x00000200	0x001F2C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x001F12F8	0x001EF6F8	0x00000000

Memory Dumps (103)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
libglesv2.dll.exe	1	0x00B00000	0x00CF9FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00530000	0x00537FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00540000	0x00540FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00550000	0x00564FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00570000	0x00570FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00580000	0x00589FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00790000	0x007A0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007B0000	0x007B0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007E0000	0x007E4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007C0000	0x007C5FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007D0000	0x007D1FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007C0000	0x007C5FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007F0000	0x007FBFFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007D0000	0x007D1FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x007C0000	0x007C5FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00820000	0x00825FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00830000	0x00834FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x009E0000	0x009E6FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x009F0000	0x009F6FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A50000	0x00A51FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A00000	0x00A05FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A10000	0x00A14FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A20000	0x00A28FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A30000	0x00A30FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A60000	0x00A61FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A00000	0x00A05FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A70000	0x00A75FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A80000	0x00A81FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A90000	0x00A95FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A80000	0x00A81FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
libglesv2.dll.exe	1	0x00B00000	0x00CF9FFF	Final Dump	64-bit	-	... Actions Go to Process Download Dump
libglesv2.dll.exe	1	0x00B00000	0x00CF9FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
explorer.exe	43	0x006B0000	0x008A9FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00640000	0x00647FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00650000	0x00650FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00660000	0x00674FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00650000	0x00650FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00690000	0x00690FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x006A0000	0x006A9FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00690000	0x00690FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x021D0000	0x021E0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x006A0000	0x006A9FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00690000	0x00690FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x021F0000	0x021F0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x021D0000	0x021E0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x006A0000	0x006A9FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00690000	0x00690FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02220000	0x02224FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02200000	0x02205FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02220000	0x02224FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02210000	0x02211FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02200000	0x02205FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02220000	0x02224FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02230000	0x0223BFFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02210000	0x02211FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02200000	0x02205FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02220000	0x02224FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02260000	0x02265FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02390000	0x02394FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023A0000	0x023A6FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02390000	0x02394FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023B0000	0x023B6FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023A0000	0x023A6FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02390000	0x02394FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02410000	0x02411FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023C0000	0x023C5FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023D0000	0x023D4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023E0000	0x023E8FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023D0000	0x023D4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023F0000	0x023F0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023E0000	0x023E8FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023D0000	0x023D4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02400000	0x02401FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023F0000	0x023F0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023E0000	0x023E8FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023D0000	0x023D4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1ACF0000	0x1ACF5FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02400000	0x02401FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023F0000	0x023F0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023E0000	0x023E8FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023D0000	0x023D4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1AD00000	0x1AD01FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1ACF0000	0x1ACF5FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x02400000	0x02401FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023F0000	0x023F0FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023E0000	0x023E8FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x023D0000	0x023D4FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1AD10000	0x1AD15FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1B8BA000	0x1B8BFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1B7BA000	0x1B7BFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1B1B7000	0x1B1BFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1B0B5000	0x1B0BFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x1A89D000	0x1A89FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	43	0x00146000	0x0014FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
explorer.exe	43	0x006B0000	0x008A9FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
dwm.exe	19	0x00F80000	0x01179FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
pidgin.exe	27	0x002C0000	0x004B9FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
gmailnotifierpro.exe	22	0x00FB0000	0x011A9FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
omnipos.exe	31	0x00310000	0x00509FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
draw face.exe	38	0x00320000	0x00519FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
explorer.exe	36	0x00CA0000	0x00E99FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
accupos.exe	41	0x000F0000	0x002E9FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
searchui.exe	42	0x003A0000	0x00599FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump

c:\programdata\27d1bcfc3c54e0

Dropped File

Text

MIME Type	text/plain
File Size	877 Bytes
MD5	7b2faa61b618f08368a256bd58d25c73
SHA1	fd7ac450f15c84e4305bc9fa413bbda3a4580b83
SHA256	dbfee1ee9404d1145eb0a438eeae4c0f1a0761a2ca212a6000652bc212bd37f2
SSDeep	24:G1Ql0eyPcCwNVmAibaPG1tg6aXW/StXFbTZjw:yNENJOLgJG/6Jw
ImpHash	-

C:\MSOCache\All Users\{90160000-001A-0409-1000-0000000FF1CE}-C\910ec55cf4df7d

Dropped File

Text

MIME Type	text/plain
File Size	824 Bytes
MD5	37eedf20ba24b33b6c54d762e58ae89c
SHA1	535529e6bc8ed520993484db8210a6b8bf122ba8
SHA256	a0b7e1675814af3fe3a1669faa625e91570a40249e6d5760da4dbc07d325fec9
SSDeep	24:URkh3P3+b+tPN9cvaAuXiY+c8L9RVwhm2ehy:J3P32xKyY+nJPwkTy
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\d4294808-742c-4d98-9537-1e79e4c62434.vbs

Dropped File

Text

MIME Type	text/plain
File Size	702 Bytes
MD5	28efbea8896efe02b61359ff81e5dadd
SHA1	7c4249c22ed1761b8da5d71fe51e9d3545cf3c13
SHA256	088d2fb4bda38c3d4162c9feb792a7db2c3d34dd7d7daff9763f2cc25a0dd2bb
SSDeep	12:9vWdTzyMsRfhMA6KCSQRjMp60ouurv3vAGThYsTaHozv/K/ynMaSxqjdxWg9VbNV:9AnyHfCATC5RjtTpD/AEmHob/uhEjdxt
ImpHash	-

C:\Program Files (x86)\Windows NT\TableTextService\c529457537ee3f

Dropped File

Text

MIME Type	text/plain
File Size	684 Bytes
MD5	f7ffe4c859a6dbaf7e2690e117fb2ac0
SHA1	7defabfedb9aaff9d30c9929c9b3801ca3a754c9
SHA256	d188b8b0c0ffadfaf552c548be37f8fcd4889739772d9ea258b4e7fee9eb618a
SSDeep	12:g78r9sKDt46kkHC7d2He/MdjW/gQJE84zWTqu7/Gxg1Cejvf6Pjy38bM:28r9Hxk4oR/YjW/gHjG5qHeD6bs8A
ImpHash	-

C:\Boot\zh-TW\7a0fd90576e088

Dropped File

Text

MIME Type	text/plain
File Size	599 Bytes
MD5	990fa880fcfc01a8cc497a025616cd47
SHA1	eed8d1e49bfb91426ed88b9545db605461d51d90
SHA256	fe943e9400c531763edc56c9a1ca75adc2bd02bfa5abd8ca339febe2b170a051
SSDeep	12:ZkShSkFCQqPdxn04XWpVbqybRZk4lHxzvVHA+TCMPEOnp55nft:dSkFCQ4dt0aeVWysWhvVg+TC50nft
ImpHash	-

C:\Windows\L2Schemas\67d46660f06ffa

Dropped File

Text

MIME Type	text/plain
File Size	487 Bytes
MD5	e66349a4dc18653c5305c0f6fd894fcb
SHA1	5066e93d68894945b92199ac30d236f2296c6776
SHA256	2b0d26d1dbe35e79289483a9fb487fb0afe5192e104ecbf9a53b6fd0151bb67c
SSDeep	12:FWHayQLQLIW5qj1+0Wkm4nU7+5U7XLW3hAn70SFv:FWHa7LQLIWqJNd5UnWG
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\68366bda-2e55-443c-927d-1ffb87bfb9fd.vbs

Dropped File

Text

MIME Type	text/plain
File Size	485 Bytes
MD5	cab9d21731f82e644688603d37bf050f
SHA1	18833e1b7408bf2d892847c8245d57ee4466c1e9
SHA256	f9a91f5d15b8dba3c5fe733f5cad989b686db4886c4810a8cc73dbfe5bd89402
SSDeep	12:9vWdDIyRfhMAyjMp6PT+g4GUxo0BMhFiXAp4QCk3:9A3fCAyjtN4GFcMDYAp4QCw
ImpHash	-

C:\Recovery\WindowsRE\dab4d89cac03ec

Dropped File

Text

MIME Type	text/plain
File Size	387 Bytes
MD5	1e92e974c021e30857a0eb758ebff5d5
SHA1	a5099ad670f12d1659f069118081e7b21793ee0a
SHA256	823b50b8dea96e48893316e2f0bc0433271c526ebb4e9e67928a10eec58e3065
SSDeep	6:WtCI5bCpZHUMhHZtfOVy28ispkGO0SYUUK8SlSOZc6f1Pfx3Po/Fk5GZOMa65WWm:6gHUMzfOfBse0VKtSUzfZx3Kgj65WOEb
ImpHash	-

C:\Program Files\Microsoft SQL Server\110\Shared\6cb0b6c459d5d3

Dropped File

Text

MIME Type	text/plain
File Size	380 Bytes
MD5	eab505b16da24c563810bb96b1ab2fa6
SHA1	597ae51fea678375b99600eaca1a279f59aa89a3
SHA256	5ae5871decf30c3fdfa37b1ff90aeba5e4304c7a57a02cfe41271608f8ede7bd
SSDeep	6:RVEvXcTsuWce+pBjJVt9uZ9sJsxM3mUaWkZFKDEy0l8KmJ0zfWn8Lx+iqBYCTHKo:RekTsur11zM9sJYUaHZlfr4/Ojewg
ImpHash	-

C:\Boot\pt-BR\833776ee4e6397

Dropped File

Text

MIME Type	text/plain
File Size	241 Bytes
MD5	4f0e3d6746ca3e38f37061c786d67d41
SHA1	8a34e3f7510d29a404565934bca3ea20dc12bece
SHA256	073c8a2e6ffd8f2bced411c50468a12aaa821a029746de917c56823e75b94496
SSDeep	6:uueH9zGDnIpIqVxg4YO4VLSjVuJfiI2Uyy/LC3:uDdCDnIpq4YOYepgaTUygLC
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\PBAoSMgkVL.bat

Dropped File

Text

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\\PBAoSMgkVL.bat (Accessed File) \??\C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\PBAoSMgkVL.bat (Accessed File)
MIME Type	text/x-msdos-batch
File Size	198 Bytes
MD5	e36100faf6e69995d7b0a0a43112347c
SHA1	50e9730d63c162e5f84ff0c681dde748ce58ab16
SHA256	42a740c9d5ff9f4c96c345467f3d131eccf2854e6d1e33884dd4d9ac7e92ad83
SSDeep	6:hITg3Nou11r+DE1+cbKOZG1Oc9+N23fbCX:OTg9YDEk1+gK
ImpHash	-

C:\MSOCache\All Users\{90160000-0018-0409-1000-0000000FF1CE}-C\9a9ef8f6a80f81

Dropped File

Text

MIME Type	text/plain
File Size	37 Bytes
MD5	b37f8f42c0b6fed2020ef66125c135a5
SHA1	c656a115cb8052f5273579af9341c181bad5f21c
SHA256	400bd3cdc339bb4e6b3ee9276565ad871e1563698b5e09cb4e91adee4d6c2e2c
SSDeep	3:DdKTcuKZkE:DdKouGN
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\aIXcL1n5fg

Dropped File

Text

MIME Type	text/plain
File Size	25 Bytes
MD5	1223c80388b4c1a82d314e707117c922
SHA1	595e03377159e7a9b35fb6cb12d4cb1dd0835a94
SHA256	b9e73d2397859da404f8b7301e50a3363d3e94e2e32ce860a0bc4f7cdbafd6f6
SSDeep	3:0XWA95:Gj
ImpHash	-

ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775

Downloaded File

ZIP

MIME Type	application/zip
File Size	133.15 KB
MD5	f3bd02064f8a25b782fad14a77045358
SHA1	0e86c120af4da7001b9c4b0698726153e73f96bd
SHA256	84bc5a3e1b7fe2ce6d3354283356d6dfa38242f8d56a124fec34ab12e7286a99
SSDeep	3072:ZWobRr8vt1vC0Ft26ASiJPyzNk2+je40Dw6d/s0OzvwqV:pR0t1vCcJSxufM0V/3Evw6
ImpHash	-

Archive Information

Number of Files	7
Number of Folders	2
Size of Packed Archive Contents	131.70 KB
Size of Unpacked Archive Contents	136.67 KB
File Format	zip

Contents (7)

File Name	Packed Size	Unpacked Size	Compression	Is Encrypted	Modify Time	Verdict	Recursively Submitted	Actions
~Work.log	375 Bytes	837 Bytes	Deflate	False	2023-09-19 15:17 (UTC)	Clean	-	... Actions Show File Submit File Download File
Other/Steam#Information.txt	20 Bytes	20 Bytes	Store	False	2023-09-19 15:17 (UTC)	Clean	-	... Actions Show File Submit File Download File
Other/Telegram#Information.txt	23 Bytes	23 Bytes	Store	False	2023-09-19 15:17 (UTC)	Clean	-	... Actions Show File Submit File Download File
Information [DE, Ingolstadt].txt	605 Bytes	1.09 KB	Deflate	False	2023-09-19 15:16 (UTC)	Clean	-	... Actions Show File Submit File Download File
Clipboard [Text].txt	32 Bytes	32 Bytes	Store	False	2023-09-19 15:17 (UTC)	Clean	-	... Actions Show File Submit File Download File
Other/Discord Tokens [0].txt	22 Bytes	22 Bytes	Store	False	2023-09-19 15:17 (UTC)	Clean	-	... Actions Show File Submit File Download File
Screenshots/Screenshot#DISPLAY1.jpg	130.65 KB	134.67 KB	Deflate	False	2023-09-19 15:17 (UTC)	Clean	-	... Actions Show File Submit File Download File

778a3a03ae2eeabce1598b2b807ffd7ed72e1455f4031d970d3520212189b1b9

Downloaded File

Text

MIME Type	text/plain
File Size	2.07 KB
MD5	63c0fd1565fd0ca3fadae63bb40156d7
SHA1	4131eacde61a2f6e46340d834a86397bceaf910f
SHA256	778a3a03ae2eeabce1598b2b807ffd7ed72e1455f4031d970d3520212189b1b9
SSDeep	24:BIzqGjZRE8AujMkNu5V0aTmG+u0Diy79KH+7E/T9wjmcoqzzaEJlDW9SCT2Je:BIzBdCVb5VjTmXvDJ9KH+IDO4b2I
ImpHash	-

190ec79840e3a7e9b3d0746f0a09f6aa92fac9b4a88970473af2bbe8749849f8

Downloaded File

Text

MIME Type	text/plain
File Size	108 Bytes
MD5	8bec3985f4c8a67262a01f0abbdf5466
SHA1	12aab9c7eb8a5851d91eb20a75f964fd40ffe6e8
SHA256	190ec79840e3a7e9b3d0746f0a09f6aa92fac9b4a88970473af2bbe8749849f8
SSDeep	3:ffrwucuWAGvxIx/FPpV0eG1O9B83wxrSUR0frUL8:3rwHu9GvxIx/XV0eG1xCSNUL8
ImpHash	-

e667b3c79f382ff0a07913cafa14fe54812008ea0d0f370ca50f65813feb6027

Downloaded File

Text

MIME Type	text/plain
File Size	104 Bytes
MD5	0104699c202c30e8cc241320fc430273
SHA1	b59d636f780c0da0391386e5ff1551bbbdea47ac
SHA256	e667b3c79f382ff0a07913cafa14fe54812008ea0d0f370ca50f65813feb6027
SSDeep	3:10AvM/m/Q+oXYrSssUxGPG/e4GxbqaOPaZ8zxh5lmx:96mYXoGsviJ4GxG148zxhs
ImpHash	-

Screenshots/Screenshot#DISPLAY1.jpg

Archive File

Image

Also Known As	Screenshot#DISPLAY1.jpg (Miscellaneous File)
Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	image/jpeg
File Size	134.67 KB
MD5	4cbf67856e618337117d6d45208265de
SHA1	d609ef08a78c1f3df4af59b5d218d0482929ce28
SHA256	eab80528cc077b44f05ea6607b50f288320dca5031b439b0ddb550b07777ec8a
SSDeep	3072:am+FbXfwkqpTojhsoehy+MIrU5kmf2koe5j4hTvg2KpD:ajckHNh+4eIk+2De5jOIDR
ImpHash	-

Information [DE, Ingolstadt].txt

Archive File

Text

Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	text/plain
File Size	1.09 KB
MD5	8a4115b2282133d8f5fbfe7ae88aaf64
SHA1	40142e0dfe55f1acc8cc2d9b80ab8edf5473355e
SHA256	7d93cf2841fd4df49decb608577eb9d63a24bb3972dc9bfd9e96b5c62677a37e
SSDeep	24:yhxC5cbE2h/UmUw69IIiIF3LQPUMUHpClanW3G8ZaNv0GZ:RKh/BVwIgMUMUHEl2aG8MNvp
ImpHash	-

~Work.log

Archive File

Text

Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	text/plain
File Size	837 Bytes
MD5	60dafa40262683caabe64159776744e0
SHA1	44e1e9e81fba81c6b9c538c2cf25867a73a42077
SHA256	172201882ed304553bb138e32b18164ad1bbb84f5553ec392dec5f4dd33f199c
SSDeep	24:WL44JcZI4J/L44jQH2XOFriL44mCKLWPdwnn:WX+ZbhXjQWXOFGXmMmn
ImpHash	-

Clipboard [Text].txt

Archive File

Text

Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	text/plain
File Size	32 Bytes
MD5	041dacdad07e3e586bb5b49424edf95c
SHA1	c21b553365db13e37db9c7b3ab9215445fdc57a5
SHA256	845d1fd2530b5d894cd1f32bb71cc38eef198f8703892e29ec109629d755e72d
SSDeep	3:AMaYE7Bg:AK0Bg
ImpHash	-

Other/Telegram#Information.txt

Archive File

Text

Also Known As	Telegram#Information.txt (Miscellaneous File)
Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	text/plain
File Size	23 Bytes
MD5	2bb4eff197d1b278eb026ac91abf34e3
SHA1	b5519de9d1735ae8206da367b609f49f1141d996
SHA256	5dbfa3e6d719b9e789e6c55e3136477ed21492a9d8ded63fdaeadbc53e2c7e41
SSDeep	3:eXqhgOBLn:eXVOBLn
ImpHash	-

Other/Discord Tokens [0].txt

Archive File

Text

Also Known As	Discord Tokens [0].txt (Miscellaneous File)
Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	text/plain
File Size	22 Bytes
MD5	e4292d83d69f625d1a451319d7d20818
SHA1	180f0699271008a5aaeb84835e15a79ffee5b10e
SHA256	c89f5743f15de75c19a9c663d7c29ade99cc19525c3b9f39a141407f5947fdf5
SSDeep	3:/ygOBLn:hOBLn
ImpHash	-

Other/Steam#Information.txt

Archive File

Text

Also Known As	Steam#Information.txt (Miscellaneous File)
Parent File	ad57480fc18d55031cc7c956bc8beabb89eebdeb-b609687e132b072de1c4d480bfccd0dc8a4c7775
MIME Type	text/plain
File Size	20 Bytes
MD5	943526963500814593c08db56417fbff
SHA1	d2978be735156f63d19bbdf908036c9ba91465ed
SHA256	5a8a8a7ff1b8235a089db5448393a80f08baeb55679ad27dc8bd5735ce466edf
SSDeep	3:nhggOBLn:nVOBLn
ImpHash	-

Remarks (2/2)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information