popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WD10.exe

Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 12, 2021, 9:55 a.m. Oct. 12, 2021, 10:22 a.m.
Size 435.0KB
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 a5959a6624804559383ef7244c3f6d34
SHA256 6297e12930d76a5cfb6a06b365e417bea872a22160a6e4cfa34f0c37dc7e14ee
CRC32 65176D8A
ssdeep 12288:v0mwW6kqR9fz9zzQaiJBQ6w9UTecgU8PmLq:v0zbkqRJ9z8vJC6nTzT87
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
103.133.110.241 Active Moloch
195.133.18.117 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000005ea360
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000005ea360
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000005ea360
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001d4e3cb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001d4e3cb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001d4e3cb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000009e0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000a30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef196b000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002270000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000022f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef12d4000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b4a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91bfc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c26000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b5c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b6b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b4b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b5a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b9c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b6d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b42000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91b5d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c71000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c7c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c7d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c83000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c84000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c85000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c86000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91c8b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91d4f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe91d40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Roaming\WD10.exe
section {u'size_of_data': u'0x00069a00', u'virtual_address': u'0x00002000', u'entropy': 7.99854043255334, u'name': u'.text', u'virtual_size': u'0x000699f0'} entropy 7.99854043255 description A section with a high entropy has been found
entropy 0.972382048331 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
host 103.133.110.241
host 195.133.18.117
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WD10 reg_value "C:\Users\test22\AppData\Roaming\WD10.exe"
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x000000000000043c
regkey_r: Plugin
reg_type: 3 (REG_BINARY)
value: ‹̽|TÕ8|¶—lÊÍ&»id/} Å7ô4 jØDn’MؐdC+bÁ‚Š¨Xž½òìžEE;HUAD„ofnÉÝß{ÿÿû¾ßïƒß=sÎ̜9sæÌ)·dJōÌÀ3Âuîc/2éß8öŸÿ…àŠò¼Å6Ú>ìù¢®øÞ¥ -|Ss°¶Ylà«ÄÆÆ`+_éç›Ûù@#_0­„oVû‡DFÚûÈ2¦2V}¥ž èeúV‘{Œ á#ô錝‘SþñÍ0­ï,VÉÆé(ÿظ•*½Ú ¬°œð¼Žþ #üßþƒú'jÐ!­þ%­ðÛtZÖ Û®ïÆ2HsKs¤I7Б~6œnÜ×}ôo"Ucb¯®aì½jÆtrþŠSŒýæù¯[ÒÓMìñsB,êä0°B”¶€pöJK4cv'ˆ!éú$ vê° lÙАPÌúaۙ@­rXX!š}% sQNçòÆ Q.[ƒœŸ;w®Ÿð@Ž¹Z8,¶ R#}’Œeî'l†rÆÙ¤Šû•ÀžcNJI­³“T§ ®þX'ærvÎèâl’Iᗑïªö=¬Öè´éÞ[‰>©†ùHÙ­izÉ8¦Î*‚`5;¥¿ä˜†ÿ‘óšÆܕŸiø%Æ«‘±ã,ªÈYÓ 7w¨äVwÃÝÍtºNgÁü¾p¥@^®&ߙn`©œ£ÖŸ’k=ë`¬=q$\=}²¤Å…ptò(sÙõ¨É2Öû½f°£¤ãt4ÎËTò4Àøz´° ;Š±Š³6¨Â¦ƒK—ÐÄ4ÖoTiŒ;«ƒ%Q:¥2ïNšvʃÞçJƒ7`Ð FͼV ˆÖyA¨yԓìuC‰7Àƒˆ¦a;GËí$iÔF½7($uëÔ¾¨¥Ÿƒ¢dƒ°¾H#›™Ø zÙf¦n6³Èô”oæ×!¿µpÕèdJþ̒©÷ûyãUÏ̽h3)ãq5Ãíځ! m<r¼/! 3\?zj SÉ?ðÅ·CEo4qé‘ËŒýCÍ*Æ^X@½0 ¿ÿŠìÍ$zþ·>¿¤Öð;÷DîWP€`ï/[ú“€(`ë,àãk}+D~×úŇd1ìÙq·Öð¿¿Q§hoD16ÅO„ïÁMùï"‚à È\ýN=|=zä.‘çÞ^3^a5!« nÁW®ïá! 7ü•·øE¦g§”ós7‰{.3r‘ëàJ£^&û¬û‡yûsù™kƉüÆw¯-“e½Ó÷§~\ŸŸ)”jS,hÁÖÀF¸Š¢æ$Îiçç'Ìi—…<“8'ƒÿ3aN†Ü¬¶«–í¤š«øß,þK¢jþ&/Ä'» ½u`Ȏªú±ÕYEèÞÀS›;hC.ªfFÕîF‡]ýª†%\I?‘šñIãgÃÁFBҒÓlµçOˆåè¥ñi\R3xA›Þ §ÙɤοëІPÛX¹ @ø…XÅv˜³pm‡Kà ÃåÔK±áB4ÞVrQ|fžQÞá(ÞÀ[:ã]+DY; Rœ™¼c¡d:à)ðû («V¿óàw5ä_ùÍð ÎÉÞÖKã­Êã oà0 ÙhH¿—é%pm€ô)(; ¿zøí —ð BçL‰œ“KuŽ5rÙšs8ƒ'Áç‰ñIŠ›y´†0‹â<1^P܉8J8]Òüãæ㑨-C‡äb‚M/̎F^‡'O†Õ‰7P æÿ®åñJâ\1-³3çðæ{Ś&¼w¶S³Q²f&Éak±Ç§™aÀe8¹h.ÑSçã¸TW]¦óˆXã¥"ù«£ßZÉ7G½µRr4½×ƒm‰äQÞ=(oɛ °¢Š})çàCÈkãÌu>oú,ÎÈÂгd‡dxa6)AjRòæ¡<ÉÓ«­à¬>ŸÇË9+|\œËãõŽC‰¸t¾ù«³¥ >oOZ÷Cÿ(-³A±ÉUç <9C‡Jír©w ™Î¤†²iÄÐt»ò/¥A.§S2ß?Q½"A*!¹ ÃA¹¬p{ôËEÁò!Â;Š– · ýHŒ‘˜òªÂ9§Û·*pbͨƒƒ* 2¦‚O2œQðhºÎÆÅC×¹9÷ê€Ò{bÔ°!û¿Îœ;'€ a³,(‰œµ7ʱ ›ÑÄ.ÉnÑRœ¸X¼#Ñe¢x7ªô$ªÔq†—™¯+$ÓaÏ.{iʐ†w¡IgЉù«q>ÎGY‰ÂMh*éÌ Îä\€œÉ$#&otyúËf¡µÏý‰e'þTԇnPb²0øœ"1F–ˆó³ð‘DêâÜ.4Š·/ʋUÆÆãPêí‡Yo]ñËcüÇ1ÑSËùÞ-ß^$zs@†wʎŒh.›71ŽCmü¨Í"Ò¦à2«bcÏ`ËâìIZ`&¢©ÞÑ(!FZ¨EÈÁ©.ùž’ëÛy+ÊoEùÉ·® ëÌiHm“6ÊsH“÷L´ÝקU‡ÝɽÅ*¾ì•®á9¶Ërb›w<¶z‚²äÙ£’ïUÉöV0eIúŠLÀ*„(€ñДAðëí%†?ÿ€P.š‚~þ‰÷äôûØýÐiF*á0¦pÍéÝ>˜h.~ èö^E,Tó%£H–[L*³ï t²Óð‹1#NÞº,‚kä½W©&iZ OÐqzgº‘àŠp$ê8¸.¬hñâ:VŒpé.¯óÁ®åkZ”Ž×.ôy'© ÞÉ8[26†) UêØ4 ŽC,M;·jÊÒ° Ö­ñ×sn¦Ô4ÖuÙ{Öf„Ë—. \V¸lpÙYpp7p§MÒ  ¢¥'˜Fk<oÍ4tºÈëAôr»uió`ħ†Éòé.#Q+ã,OÃd0]^ãÇhÖ(1Ú5JF—ú†¡ \oÕ‘Ws4öÎFé”õ¶NZoƒ^츦ÈÎ_î(¿£HŒ`5“öÔÌ;#è;´*y•fø`&Yƒ€{oή*-Y½3qF¹ûœ:ún¦Í gX5¥Q4½üƒpDp3LÞiò.ÈìóÂ6ÈÜ* KêÜ=¤¹ ¾ãV‰3pÆ;aÚ6ªJeœSs¸vàLqæô^ØÛ[a@è‚C•ÝŠ¤›ŽëªKôz_pmÅi°Jt»hºý í÷Æ°³rÀX(·˜¦˜Ïþn#„²fȲ„\&o k Ú²m1(¼ê fã~ ìf)ºB]uZ÷MÜ=’Fïâò« ŸÈgF(.̑}(VãC±Z_ZøLƒ|àá Að2n‹EU°T ÁllôŒ»œC×whoęÁ‚Ö]¡x‚.¬"ä&žilA+…²©låö"Øs(ԇ.èLÂØ7Ò*!4HM ¦b+§QҀI˜îPÉMÄzF"máօ²¨¢!“¥¬*÷N°'ÁjmC OE‰£÷;O°7Á~3 ¦Tî´ ÌnöTjOßmyŠ‘hÛ†Zãòʾe¿½²[0º]¨‹¨Ñ™1›ÉWlìN<_ñĐÕíü&<9ZH­àч.*wš93%}RF¤m„™&&@"°Î–:§Ñ—ZçkpšM­«pÂhÛGúE¸œŠô΢ç,7­ã,0”Yû¸&n –,BH+ØùŸ,Çt*,•ú«©‘³Ö•ïàŒ©œµ<µÂ3v^5çuó>YÇYÝåN+guÆó *îáç8x]ïÂZ§¿æ±ÂTö˗×Âb·½43ÆépÁJc2ƭȔJg”Ë-àÐ0sÑ Õû,°zŒNôùöÝäI¨$$˜Êù„¹K•HÎ_ÏE'ùœÑ\´gtÁKlÎÎîä¸g,çp:cm¸å®n³ö^æXGY°\Ms ó<\¢œC,œ-ÑãJ’sd1I=’ÃÅ${)ábR<\p1=<®Ôp1©=<¶p9›Ç᱇KòØ=œ'"\–'Âãò8Â¥y=<‘]ÄE‚¸¨.â¢@\tqÑ .&\œ;ÙÙ½s4ÒR@»X9Kâœrž,ÌåMŸœ%ËJNöć˂FÙ<®.¢A˜;\XKæ±%{»H‹iIáÒ!39\X*Ké",2ÙÓ#\XÈJ —ÕdyÂeaã<|—f&yzš½id¥‚zÉY&‹ñô–óaÐnO9O±’§o¸°$`í.¬ÈêßE–dyÃey"“<…¹@XZ¸0Ø{† KYƒºÈ‚>. láÒ¥™Ñ í‚pi -=\š+œaöÎÕë Ȕ³:]6ړ%çɲÀ£<Cå,u¤x†… KaÙ]„¡jÃŹA˜.,5œ. ØìžáÂR sd¸,sñžQá’R<£»Ã0&\XÛE˜ „“ò€$ÆçDnÎçÄòXŸ‰œ>§ƒ‹„€ÉEZ=1s …M L$Òi läÆâÁçJÂÃ;gW2’äŒ%#UÎp(‡œóÔ£zƒ~²Á8ÏPcš7ße‰2î»Õ· Qfw9¤£LÞy¸®+M“iM󌦚ÿH»^’+šÄO¸éŒSÍüÿ@Èp¿âá åϼj½`å|Èl\†K—¸ òVã©!-e–áJ&-UZæÁzÚÌúÁÂΜiu é"; #’=D#aêrš\N³Ù5ר0â낹r/.ù¬¶‹ £¬IÐO6€gI”f3H%ÈS™§ašÇ “,xq>u‚(gµ¸ËÇáŒè“‡+5XÀ„îÚ#…Þ¸tÁ5gN­Äå ”ts‘¾rdVÂ<רB&­ß‰¦E‹IUÇÔ©ŽIUÇ$©âÄl„I6Šð©ùÅg£b_7ª}áÙ(XD÷~hŒp6*Žñ­#¢ËÎFÅÃÞÃÅǿïÎF¹ÿÁ†µÜuŸuijr9Î:€¸ þÍÃÓÂ…€%ÒQ§»ú¬#‘¹+ç#‹¨Ð¤T#ô$A6T†{T"ô$V¡ “ ;‰ñÑð„%KØ1ø7O)K!ɌdH!§”v¸ )G¥Ï:\t%TŠØ EB—ZÖC[ߥ¬ZSæVÊâYj%Ye‰X¨2µ×7øœ`^02uøt©Ã‹¤î2‹Îh—3FÀ-ãƒg¤0§Tâ°O…Qo…Xã㢹ˆyýÀÙa!ýÃŘÇâmA¡S‡Ä9¬×qûe€ÏK­¦Œʀ
regkey: HKEY_CURRENT_USER\Software\5DD90616627C6E39748B836164E7482B\Plugin
1 0 0
Lionic Trojan.MSIL.Zlugin.m!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.47139314
FireEye Generic.mg.a5959a6624804559
CAT-QuickHeal Backdoor.MSIL
McAfee Artemis!A5959A662480
Cylance Unsafe
Sangfor Backdoor.MSIL.Zlugin.gen
K7AntiVirus Trojan ( 00581c5a1 )
Alibaba Backdoor:MSIL/Zlugin.4d8e067a
K7GW Trojan ( 00581c5a1 )
Cybereason malicious.48e272
ESET-NOD32 a variant of MSIL/Kryptik.ACRC
APEX Malicious
Kaspersky HEUR:Backdoor.MSIL.Zlugin.gen
BitDefender Trojan.GenericKD.47139314
Avast Win64:Trojan-gen
Tencent Msil.Backdoor.Zlugin.Lmuf
Ad-Aware Trojan.GenericKD.47139314
Sophos Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
Emsisoft Trojan.GenericKD.47139314 (B)
Ikarus Trojan.MSIL.Crypt
Avira HEUR/AGEN.1144057
MAX malware (ai score=82)
Microsoft Trojan:Win32/AgentTesla!ml
Arcabit Trojan.Generic.D2CF49F2
GData Trojan.GenericKD.47139314
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4665762
TrendMicro-HouseCall TROJ_GEN.R002C0WJ921
SentinelOne Static AI - Malicious PE
Fortinet MSIL/Kryptik.ACRC!tr
AVG Win64:Trojan-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_70% (W)