| File name: | CW.eXe |
| Full analysis: | https://app.any.run/tasks/dfbf41c6-29d8-4ab9-99cb-c5acb2fc187a |
| Verdict: | Malicious activity |
| Analysis date: | December 09, 2018, 11:33:45 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 6738D790FC0F3928A8A5F19D829CAE4D |
| SHA1: | DB0A727520178061506C7EC07A99BAC581610329 |
| SHA256: | 60CA507EF4BA7DBBB7EF6EA4B975B9B09A24D7D0C91D38D0876331203F962D98 |
| SSDEEP: | 196608:9O1vl2I4a7SdzRDymXLa4mnb0DtUog3jCUE2nKNfMILF9UBDHLSwxT1aQhS:Wt2O7Sd1ymX+4mnOU9+UCZM6kzWu12 |
MALICIOUS
Application was dropped or rewritten from another process
- autorun.exe (PID: 2196)
- hosts.exe (PID: 3160)
- touch.exe (PID: 2780)
- banish.exe (PID: 2268)
- touch.exe (PID: 3736)
- touch.exe (PID: 2648)
- touch.exe (PID: 2880)
- banish.exe (PID: 2504)
- touch.exe (PID: 3524)
- touch.exe (PID: 1620)
- touch.exe (PID: 2888)
- touch.exe (PID: 2524)
- banish.exe (PID: 636)
- touch.exe (PID: 2780)
- touch.exe (PID: 2936)
- touch.exe (PID: 3048)
- touch.exe (PID: 2424)
- touch.exe (PID: 920)
- touch.exe (PID: 2968)
- touch.exe (PID: 3012)
- banish.exe (PID: 3796)
- touch.exe (PID: 2896)
- touch.exe (PID: 2516)
- touch.exe (PID: 3340)
- touch.exe (PID: 2592)
- banish.exe (PID: 3096)
- touch.exe (PID: 4032)
Loads dropped or rewritten executable
- conhost.exe (PID: 3740)
- conhost.exe (PID: 3028)
- touch.exe (PID: 2424)
- cmd.exe (PID: 3656)
- cmd.exe (PID: 3592)
- conhost.exe (PID: 3784)
- cmd.exe (PID: 920)
- conhost.exe (PID: 2664)
- find.exe (PID: 3520)
- CW.eXe (PID: 2984)
- takeown.exe (PID: 3920)
- cmd.exe (PID: 2236)
- cmd.exe (PID: 3764)
- conhost.exe (PID: 3644)
- autorun.exe (PID: 2196)
- conhost.exe (PID: 3928)
- cmd.exe (PID: 3008)
- conhost.exe (PID: 2244)
- conhost.exe (PID: 3512)
- cmd.exe (PID: 2740)
- conhost.exe (PID: 2172)
- find.exe (PID: 3056)
- cmd.exe (PID: 2628)
- find.exe (PID: 3848)
- cmd.exe (PID: 3592)
- conhost.exe (PID: 3048)
- conhost.exe (PID: 2504)
- conhost.exe (PID: 2752)
- cmd.exe (PID: 3424)
- touch.exe (PID: 920)
- hosts.exe (PID: 3160)
- cmd.exe (PID: 2384)
- cmd.exe (PID: 2636)
- touch.exe (PID: 2780)
- takeown.exe (PID: 3780)
- cmd.exe (PID: 3832)
- conhost.exe (PID: 2420)
- cmd.exe (PID: 3968)
- cmd.exe (PID: 2256)
- touch.exe (PID: 2780)
- conhost.exe (PID: 1612)
- cmd.exe (PID: 3596)
- cmd.exe (PID: 4072)
- cmd.exe (PID: 3028)
- conhost.exe (PID: 2216)
- cmd.exe (PID: 3192)
- cmd.exe (PID: 3792)
- conhost.exe (PID: 3952)
- conhost.exe (PID: 384)
- cmd.exe (PID: 3424)
- conhost.exe (PID: 3036)
- conhost.exe (PID: 3148)
- conhost.exe (PID: 3756)
- touch.exe (PID: 2936)
- cmd.exe (PID: 3252)
- takeown.exe (PID: 3164)
- conhost.exe (PID: 2828)
- cmd.exe (PID: 768)
- cmd.exe (PID: 2280)
- conhost.exe (PID: 2752)
- touch.exe (PID: 3736)
- cmd.exe (PID: 2580)
- conhost.exe (PID: 2276)
- conhost.exe (PID: 2460)
- conhost.exe (PID: 2260)
- cmd.exe (PID: 2220)
- cmd.exe (PID: 2360)
- conhost.exe (PID: 2548)
- cmd.exe (PID: 3352)
- cmd.exe (PID: 3476)
- banish.exe (PID: 636)
- conhost.exe (PID: 3584)
- banish.exe (PID: 2268)
- conhost.exe (PID: 3700)
- cmd.exe (PID: 2664)
- conhost.exe (PID: 3932)
- touch.exe (PID: 2880)
- touch.exe (PID: 2888)
- cmd.exe (PID: 3008)
- cmd.exe (PID: 2680)
- cmd.exe (PID: 2992)
- cmd.exe (PID: 3844)
- cmd.exe (PID: 2268)
- cmd.exe (PID: 1620)
- cmd.exe (PID: 912)
- touch.exe (PID: 2648)
- takeown.exe (PID: 2320)
- cmd.exe (PID: 3848)
- cmd.exe (PID: 2936)
- cmd.exe (PID: 3100)
- conhost.exe (PID: 3784)
- conhost.exe (PID: 384)
- conhost.exe (PID: 3476)
- cmd.exe (PID: 3120)
- cmd.exe (PID: 2372)
- cmd.exe (PID: 3408)
- touch.exe (PID: 2592)
- banish.exe (PID: 3096)
- conhost.exe (PID: 3576)
- conhost.exe (PID: 3124)
- cmd.exe (PID: 2940)
- conhost.exe (PID: 2256)
- cmd.exe (PID: 3108)
- cmd.exe (PID: 4068)
- touch.exe (PID: 2524)
- conhost.exe (PID: 4020)
- touch.exe (PID: 3048)
- touch.exe (PID: 2968)
- takeown.exe (PID: 2360)
- takeown.exe (PID: 3116)
- banish.exe (PID: 2504)
- cmd.exe (PID: 3092)
- conhost.exe (PID: 3904)
- conhost.exe (PID: 3952)
- conhost.exe (PID: 3728)
- takeown.exe (PID: 2276)
- touch.exe (PID: 4032)
- cmd.exe (PID: 2236)
- conhost.exe (PID: 3552)
- cmd.exe (PID: 2448)
- cmd.exe (PID: 2712)
- touch.exe (PID: 1620)
- conhost.exe (PID: 3148)
- conhost.exe (PID: 2840)
- conhost.exe (PID: 3692)
- conhost.exe (PID: 2948)
- cmd.exe (PID: 3628)
- cmd.exe (PID: 2888)
- touch.exe (PID: 3012)
- banish.exe (PID: 3796)
- cmd.exe (PID: 2788)
- touch.exe (PID: 3524)
- cmd.exe (PID: 1952)
- conhost.exe (PID: 3860)
- touch.exe (PID: 2516)
- touch.exe (PID: 2896)
- cmd.exe (PID: 1560)
- cmd.exe (PID: 2484)
- takeown.exe (PID: 3036)
- conhost.exe (PID: 3224)
- cmd.exe (PID: 3776)
- conhost.exe (PID: 2948)
- conhost.exe (PID: 2736)
- touch.exe (PID: 3340)
- takeown.exe (PID: 3016)
- conhost.exe (PID: 2864)
- cmd.exe (PID: 1828)
- conhost.exe (PID: 2520)
- cmd.exe (PID: 3512)
- cmd.exe (PID: 3840)
- DllHost.exe (PID: 2764)
- cmd.exe (PID: 2588)
- takeown.exe (PID: 3808)
- conhost.exe (PID: 2396)
- conhost.exe (PID: 3100)
- NOTEPAD.EXE (PID: 1036)
SUSPICIOUS
Executable content was dropped or overwritten
- autorun.exe (PID: 2196)
- CW.eXe (PID: 2984)
- cmd.exe (PID: 3120)
- cmd.exe (PID: 3408)
- cmd.exe (PID: 1620)
- cmd.exe (PID: 2992)
- cmd.exe (PID: 1952)
- cmd.exe (PID: 3352)
Application launched itself
- cmd.exe (PID: 3656)
Starts CMD.EXE for commands execution
- hosts.exe (PID: 3160)
- autorun.exe (PID: 2196)
- cmd.exe (PID: 3656)
- banish.exe (PID: 2268)
- banish.exe (PID: 2504)
- banish.exe (PID: 636)
- banish.exe (PID: 3096)
- banish.exe (PID: 3796)
Uses ICACLS.EXE to modify access control list
- cmd.exe (PID: 768)
- cmd.exe (PID: 3008)
- cmd.exe (PID: 2268)
- cmd.exe (PID: 3108)
- cmd.exe (PID: 3424)
- cmd.exe (PID: 2236)
- cmd.exe (PID: 2740)
- cmd.exe (PID: 3844)
- cmd.exe (PID: 2680)
- cmd.exe (PID: 2580)
- cmd.exe (PID: 920)
- cmd.exe (PID: 2788)
- cmd.exe (PID: 1560)
- cmd.exe (PID: 2588)
- cmd.exe (PID: 3840)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (35.8) |
|---|---|---|
| .exe | | | Win64 Executable (generic) (31.7) |
| .scr | | | Windows screen saver (15) |
| .dll | | | Win32 Dynamic Link Library (generic) (7.5) |
| .exe | | | Win32 Executable (generic) (5.1) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2009:06:23 19:57:07+02:00 |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 192512 |
| InitializedDataSize: | 458752 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x173a6 |
| OSVersion: | 4 |
| ImageVersion: | - |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 0.9.0.0 |
| ProductVersionNumber: | 0.9.0.0 |
| FileFlagsMask: | 0x0000 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | ASCII |
| Comments: | Created with AutoPlay Media Studio (www.indigorose.com) |
| CompanyName: | Anemeros Software |
| FileDescription: | The Perpetuation Endeavor |
| FileVersion: | 0.9.0.0 |
| InternalName: | ams60_launch |
| LegalCopyright: | Copyright (c) 2009 - Anemeros Software |
| LegalTrademarks: | Chew-WGA |
| OriginalFileName: | cw.exe |
| ProductName: | Chew-WGA v0.9 |
| ProductVersion: | 0.9.0.0 |
Summary
| Architecture: | IMAGE_FILE_MACHINE_I386 |
|---|---|
| Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Compilation Date: | 23-Jun-2009 17:57:07 |
| Detected languages: |
|
| Comments: | Created with AutoPlay Media Studio (www.indigorose.com) |
| CompanyName: | Anemeros Software |
| FileDescription: | The Perpetuation Endeavor |
| FileVersion: | 0.9.0.0 |
| InternalName: | ams60_launch |
| LegalCopyright: | Copyright (c) 2009 - Anemeros Software |
| LegalTrademarks: | Chew-WGA |
| OriginalFilename: | cw.exe |
| ProductName: | Chew-WGA v0.9 |
| ProductVersion: | 0.9.0.0 |
DOS Header
| Magic number: | MZ |
|---|---|
| Bytes on last page of file: | 0x0090 |
| Pages in file: | 0x0003 |
| Relocations: | 0x0000 |
| Size of header: | 0x0004 |
| Min extra paragraphs: | 0x0000 |
| Max extra paragraphs: | 0xFFFF |
| Initial SS value: | 0x0000 |
| Initial SP value: | 0x00B8 |
| Checksum: | 0x0000 |
| Initial IP value: | 0x0000 |
| Initial CS value: | 0x0000 |
| Overlay number: | 0x0000 |
| OEM identifier: | 0x0000 |
| OEM information: | 0x0000 |
| Address of NE header: | 0x000000F0 |
PE Headers
| Signature: | PE |
|---|---|
| Machine: | IMAGE_FILE_MACHINE_I386 |
| Number of sections: | 4 |
| Time date stamp: | 23-Jun-2009 17:57:07 |
| Pointer to Symbol Table: | 0x00000000 |
| Number of symbols: | 0 |
| Size of Optional Header: | 0x00E0 |
| Characteristics: |
|
Sections
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
|---|---|---|---|---|---|
.text | 0x00001000 | 0x0002E906 | 0x0002F000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.60114 |
.rdata | 0x00030000 | 0x0000842E | 0x00009000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.57824 |
.data | 0x00039000 | 0x00009D08 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.67512 |
.rsrc | 0x00043000 | 0x000609FC | 0x00061000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.60247 |
Resources
Title | Entropy | Size | Codepage | Language | Type |
|---|---|---|---|---|---|
1 | 5.02016 | 901 | Latin 1 / Western European | English - United States | RT_MANIFEST |
2 | 5.77242 | 4264 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 5.67191 | 9640 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 5.61132 | 16936 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 5.54801 | 67624 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 5.5135 | 270376 | Latin 1 / Western European | English - United States | RT_ICON |
7 | 5.44696 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
8 | 4.26041 | 9640 | Latin 1 / Western European | English - United States | RT_ICON |
9 | 3.02695 | 308 | Latin 1 / Western European | English - United States | RT_CURSOR |
10 | 2.74274 | 180 | Latin 1 / Western European | English - United States | RT_CURSOR |
Imports
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
WINSPOOL.DRV |
comdlg32.dll |
Total processes
206
Monitored processes
172
Malicious processes
31
Suspicious processes
16
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 384 | \??\C:\Windows\system32\conhost.exe | C:\Windows\system32\conhost.exe | — | csrss.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 384 | \??\C:\Windows\system32\conhost.exe | C:\Windows\system32\conhost.exe | — | csrss.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 636 | banish.exe "C:\Windows\System32\systemcpl.dll" | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\banish.exe | — | cmd.exe | |||||||||||
User: admin Company: Anemeros Integrity Level: HIGH Exit code: 1 Version: 1. 0. 0. 0 Modules
| |||||||||||||||
| 768 | cmd /c ""C:\Users\admin\AppData\Local\Temp\banish.cmd" "C:\Windows\System32\slmgr.vbs"" | C:\Windows\system32\cmd.exe | — | banish.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 912 | "C:\Windows\system32\cmd.exe" /C touch.exe /h /q /c /m /a /r C:\Windows\SysWOW64\slmgr.vbs t2b.txt | C:\Windows\system32\cmd.exe | — | autorun.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 920 | touch.exe /h /q /c /m /a /r C:\Windows\Sysnative\user32.dll t2a.txt | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\touch.exe | — | cmd.exe | |||||||||||
User: admin Integrity Level: HIGH Exit code: 2 Modules
| |||||||||||||||
| 920 | "C:\Windows\system32\cmd.exe" /C icacls "C:\Windows\System32\user32.dll" /grant "admin":RX | C:\Windows\system32\cmd.exe | — | autorun.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 1036 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\chew-wga.log | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1560 | "C:\Windows\system32\cmd.exe" /C icacls "C:\Windows\System32\winver.exe" /grant "admin":RX | C:\Windows\system32\cmd.exe | — | autorun.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 1612 | \??\C:\Windows\system32\conhost.exe | C:\Windows\system32\conhost.exe | — | csrss.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
441
Read events
431
Write events
10
Delete events
0
Modification events
| (PID) Process: | (2196) autorun.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration |
| Operation: | write | Name: | Speaker Configuration |
Value: 4 | |||
| (PID) Process: | (2196) autorun.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (2196) autorun.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
| (PID) Process: | (1036) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
| Operation: | write | Name: | iWindowPosX |
Value: 22 | |||
| (PID) Process: | (1036) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
| Operation: | write | Name: | iWindowPosY |
Value: 22 | |||
| (PID) Process: | (1036) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
| Operation: | write | Name: | iWindowPosDX |
Value: 960 | |||
| (PID) Process: | (1036) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
| Operation: | write | Name: | iWindowPosDY |
Value: 501 | |||
Executable files
33
Suspicious files
15
Text files
179
Unknown types
6
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Click1.ogg | ogg | |
MD5:93270C4FA492E4E4EDEE872A2B961DDE | SHA256:25D49CBBD65D48AD462455F1143F73EE997DF8F747E7D2213DAAB18E321C028B | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Cik-2.Btn | compressed | |
MD5:2553A95A1D503C6C445DF761BF668E00 | SHA256:8311159D24F50560BAB4491918D0684E66AB80ECABC158118B9AE4063B2473AA | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\High1.ogg | ogg | |
MD5:FC2A595F574B1EAD82A6DCF06492C985 | SHA256:EE9A4903A8DF90EFF4C5B65A8073E564A3581CF73772A72EB82396E69932E769 | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\button.btn | compressed | |
MD5:9ECB9FCFDCB46A87EC244CFE23659E0E | SHA256:3FF2C5E7C1B7471D41D64BD39B2D8E2DF3761408C0B235CE8CCBB3D39417466F | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Cik11.Btn | compressed | |
MD5:EB199B1CB2087CADF5DD4D7B06DB4F62 | SHA256:B99136B165304979E84E98930EA5FEE03508B8967ACF6B82844B96863D916B15 | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Baslat.Btn | compressed | |
MD5:DB33064E86D7E634CB842DD2918A3E05 | SHA256:05FFCFCA2AAD8509C6A16FFBCC727F290449956E9884495D86045A129331B0A4 | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Shekere.ogg | ogg | |
MD5:2B1395C376D645D076CE7E2171EF9C7F | SHA256:F8D1022DEE83BF00C33AD160F4085464CA5818CA186C909030FDA3F6D9C71A79 | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd | compressed | |
MD5:1C42C49A03F8416736F243907B1C8C0A | SHA256:6F9A4A22186AFB4EFD48689FE9DAD4A1CF1CFD6F2706D3411C8F5D83607E0BA9 | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\done-uninstall.jpg | image | |
MD5:106FE981FD196C92AE2FF5CB4ABEF95B | SHA256:F85F3427B268DA26269D4F17BABA8989F6479F6FAF6622F36D8F89F5206C4768 | |||
| 2984 | CW.eXe | C:\Users\admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\done-install.jpg | image | |
MD5:B6479C2EC0E8353D8BA175D6D783612B | SHA256:457B13621CC0B8C07B048CAD8761DF175C3FEBC8B8E457789FDD88FEEDE20A83 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report