General Info

File name

wordle_windows_0_2.exe

Full analysis
https://app.any.run/tasks/30d30256-c1f5-40f1-a552-37d655b29044
Verdict
Malicious activity
Analysis date
4/23/2019, 21:10:45
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

efeca44e62236affe49b5b66049e385a

SHA1

9ca715b5e3591bc04c582aca4bd27a1524f42132

SHA256

97e5770485780b365db1bf8b3a101c1d1d88154bf62ab6d96a83024ebd845a4b

SSDEEP

196608:kJotydtkPm9FHDG2kOYlB62INLRCa81COSzHeo3WS6:kJaPE02W9IKrsOSbeoM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Wordle.exe (PID: 2980)
Application was dropped or rewritten from another process
  • Wordle.exe (PID: 2980)
Creates a software uninstall entry
  • wordle_windows_0_2.exe (PID: 2596)
Creates files in the program directory
  • wordle_windows_0_2.exe (PID: 2596)
Application launched itself
  • wordle_windows_0_2.exe (PID: 3280)
Creates files in the user directory
  • wordle_windows_0_2.exe (PID: 3280)
Executable content was dropped or overwritten
  • wordle_windows_0_2.exe (PID: 2596)
Dropped object may contain Bitcoin addresses
  • wordle_windows_0_2.exe (PID: 2596)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   InstallShield setup (36.8%)
.exe
|   Win32 Executable MS Visual C++ (generic) (26.6%)
.exe
|   Win64 Executable (generic) (23.6%)
.dll
|   Win32 Dynamic Link Library (generic) (5.6%)
.exe
|   Win32 Executable (generic) (3.8%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:12:07 11:47:38+01:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
232448
InitializedDataSize:
216576
UninitializedDataSize:
null
EntryPoint:
0x25cc0
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
0.2.0.0
ProductVersionNumber:
0.2.0.0
FileFlagsMask:
0x0017
FileFlags:
Debug
FileOS:
Win32
ObjectFileType:
Unknown
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
CompanyName:
null
FileDescription:
Wordle
FileVersion:
0.2
LegalCopyright:
null
ProductName:
Wordle
ProductVersion:
0.2
OriginalFileName:
wordle_windows_0_2.exe
InternalName:
wordle
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Dec-2018 10:47:38
Detected languages
English - United States
CompanyName:
null
FileDescription:
Wordle
FileVersion:
0.2
LegalCopyright:
null
ProductName:
Wordle
ProductVersion:
0.2
OriginalFilename:
wordle_windows_0_2.exe
InternalName:
wordle
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
07-Dec-2018 10:47:38
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00038A85 0x00038C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.67683
.rdata 0x0003A000 0x00019386 0x00019400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.32397
.data 0x00054000 0x00012EE4 0x00001E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.10263
.rsrc 0x00067000 0x00004E00 0x00004E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.56041
.reloc 0x0006C000 0x00003BCC 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.6709
Resources
1

2

3

4

101

103

104

1001

Imports
    USER32.dll

    ADVAPI32.dll

    ole32.dll

    OLEAUT32.dll

    KERNEL32.dll

Exports

Screenshots

Processes

Total processes
41
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start wordle_windows_0_2.exe no specs java.exe no specs wordle_windows_0_2.exe wordle_windows_0_2.exe no specs wordle.exe no specs PhotoViewer.dll no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3280
CMD
"C:\Users\admin\AppData\Local\Temp\wordle_windows_0_2.exe"
Path
C:\Users\admin\AppData\Local\Temp\wordle_windows_0_2.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Wordle
Version
0.2
Modules
Image
c:\users\admin\appdata\local\temp\wordle_windows_0_2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\davhlpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\progra~1\java\jre18~1.0_9\bin\java.exe
c:\progra~1\java\jre18~1.0_9\bin\java.dll
c:\progra~1\java\jre18~1.0_9\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msvcr100.dll
c:\progra~1\java\jre18~1.0_9\bin\verify.dll
c:\progra~1\java\jre18~1.0_9\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\management.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\program files\java\jre1.8.0_92\bin\t2k.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\java\jre1.8.0_92\bin\dcpr.dll
c:\windows\system32\netutils.dll

PID
4088
CMD
c:\PROGRA~1\java\JRE18~1.0_9\bin\java.exe -version
Path
c:\PROGRA~1\java\JRE18~1.0_9\bin\java.exe
Indicators
No indicators
Parent process
wordle_windows_0_2.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\progra~1\java\jre18~1.0_9\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\progra~1\java\jre18~1.0_9\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\progra~1\java\jre18~1.0_9\bin\verify.dll
c:\progra~1\java\jre18~1.0_9\bin\java.dll
c:\progra~1\java\jre18~1.0_9\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll

PID
2596
CMD
"C:\Users\admin\AppData\Local\Temp\wordle_windows_0_2.exe" __i4j_lang_restart -J-Xmx128m -J-Dinstall4j.commIdentifier=\\.\pipe\i4jcomm0 -J-Dinstall4j.helperAppId=installer -J-Duser.language=en -J-Dinstall4j.language=en -J-Dinstall4j.systemLanguage=en -J-Dexe4j.unextractedPositionRestart=2597793 -J-Dinstall4j.commIdentifier=\\.\pipe\i4jcomm0 -J-Dinstall4j.helperLog=false -J-Dinstall4j.dontUninstallServices=false "-J-Dexe4j.semaphoreName=Local\c:_users_admin_appdata_local_temp_wordle_windows_0_2.exe"
Path
C:\Users\admin\AppData\Local\Temp\wordle_windows_0_2.exe
Indicators
Parent process
wordle_windows_0_2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Wordle
Version
0.2
Modules
Image
c:\users\admin\appdata\local\temp\wordle_windows_0_2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\davhlpr.dll
c:\progra~1\java\jre18~1.0_9\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msvcr100.dll
c:\progra~1\java\jre18~1.0_9\bin\verify.dll
c:\progra~1\java\jre18~1.0_9\bin\java.dll
c:\progra~1\java\jre18~1.0_9\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\management.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\wordle\wordle.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\netutils.dll

PID
4076
CMD
"C:\Users\admin\AppData\Local\Temp\wordle_windows_0_2.exe" __i4j_windel C:\Users\admin\AppData\Local\Temp\i4j7578698201214960744.tmp
Path
C:\Users\admin\AppData\Local\Temp\wordle_windows_0_2.exe
Indicators
No indicators
Parent process
wordle_windows_0_2.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Wordle
Version
0.2
Modules
Image
c:\users\admin\appdata\local\temp\wordle_windows_0_2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\davhlpr.dll

PID
2980
CMD
"C:\Program Files\wordle\Wordle.exe"
Path
C:\Program Files\wordle\Wordle.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\wordle\wordle.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\progra~1\java\jre18~1.0_9\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msvcr100.dll
c:\progra~1\java\jre18~1.0_9\bin\verify.dll
c:\progra~1\java\jre18~1.0_9\bin\java.dll
c:\progra~1\java\jre18~1.0_9\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\program files\wordle\.install4j\i4jinst.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\management.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\dcpr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\program files\java\jre1.8.0_92\bin\t2k.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll

PID
3984
CMD
C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\windows photo viewer\photoviewer.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\slc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\windows photo viewer\photobase.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll
c:\program files\windows photo viewer\imagingengine.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\icm32.dll

Registry activity

Total events
1049
Read events
999
Write events
49
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j\pids
c:\users\admin\appdata\local\temp\wordle_windows_0_2.exe
3280
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j
InstallStarted_3280
1
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j
InstallStarted
1
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/java/jre1.8.0_92/bin/java.exe
LastWriteTime
40942D4BC73ED401
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/java/jre1.8.0_92/bin/java.exe
Version
1.8.0_92
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j
InstallStarted_3280
0
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\exe4j
InstallStarted
0
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\install4j\installations
updateSchedule6068-4591-7093-1796
never
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\install4j\installations
allinstdirs6068-4591-7093-1796
C:\Program Files\wordle
3280
wordle_windows_0_2.exe
write
HKEY_CURRENT_USER\Software\ej-technologies\install4j\installations
instdir6068-4591-7093-1796
C:\Program Files\wordle
2596
wordle_windows_0_2.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
DisplayName
Wordle 0.2
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
DisplayIcon
C:\Program Files\wordle\.install4j\installer.ico
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
UninstallString
"C:\Program Files\wordle\uninstall.exe"
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
URLInfoAbout
http://wordle.net/
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
InstallLocation
C:\Program Files\wordle
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
DisplayVersion
0.2
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
VersionMajor
0
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6068-4591-7093-1796
VersionMinor
2
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations
updateSchedule6068-4591-7093-1796
never
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations
allinstdirs6068-4591-7093-1796
C:\Program Files\wordle
2596
wordle_windows_0_2.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations
instdir6068-4591-7093-1796
C:\Program Files\wordle
2980
Wordle.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
Wordle.exe
2980
Wordle.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Prefs\wordle
x
0
2980
Wordle.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Prefs\wordle
width
800
2980
Wordle.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Prefs\wordle
height
600
2980
Wordle.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Prefs\wordle
y
0
2980
Wordle.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2980
Wordle.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Prefs\wordle
lastdir
/C:///Users//admin///Desktop
3984
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DllHost.exe
3984
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
MainWndPos
6000000034000000A00400008002000000000000

Files activity

Executable files
5
Suspicious files
6
Text files
201
Unknown types
35

Dropped files

PID
Process
Filename
Type
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\uninstall.exe
executable
MD5: 99096eee38b22b2c0a13848d2e64bca4
SHA256: 7fd788042d7c5754d6169c0a920220da168c83df0e0f61911e82b27ab59f2c43
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4jinst.dll
executable
MD5: ab5a02591b128fc15da957292aee07da
SHA256: 4e4bce4de94662769de268b589938ee2829030a32264ea3b74b441526865737c
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\automaticUpdater.exe
executable
MD5: b8127eca7609770e852f78333fb2b7ef
SHA256: ed83f63d8933eb743c2f2dc0d279494c3e3b14721655a3ee520e034741f3b04f
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4jdel.exe
executable
MD5: f3541c34a88f52c13d709af62f000055
SHA256: 1c822b3773da680b2575fe810e7880d4a6bf81a501e9100bbf951553a70b738f
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\Wordle.exe
executable
MD5: 0d3f93820a7d99d891b55b43ac1d1c5f
SHA256: eb6ab53eb75432d435064b707b7e8ccc539fc7447c189054868e8d0dfb923d35
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_1_1xg8ule.txt
text
MD5: 0ef864944f65c4306f19b34181537383
SHA256: b30064c6a59123cb52a3ec5400b5220e17b86208ac6b8f54216f631a9d8093d1
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF6539553905500794442.tmp
ttf
MD5: 17e07747c43837d45067d2a865dec340
SHA256: 71a5675cba4375696953aff6dd64c3dbe7d4573c64160bee4263384ba8cb2285
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF2884955617312940595.tmp
odttf
MD5: 31c93db202a46deb61b28b124ac62c29
SHA256: 95ed3627e47bd4020a3a002ce69cbc6a7beb1e6445a028dc6be9168c118f95c4
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF8260477407298435717.tmp
ttf
MD5: b086adfdbd570ea36eed8fcf947fd4e1
SHA256: 9be51fcae31f750485fcfb2cf82b81636787ddeca1a05d5011e6ace43f691bc8
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF8127889352682474656.tmp
ttf
MD5: 9a1b1d221d72136665706cf3bc98a4eb
SHA256: 8517b3baed0ed24366146da2efbe1a893739b4557c9a34e1349a48be44c1f312
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF9168505683368801554.tmp
ttf
MD5: 4425c8338f4a2a7a7d7169ff5df9a3fc
SHA256: 6b955a08df7066c5c98ac3349d9990668835652c72eb3d95fa7e3f153c14bb25
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF1611604735788111435.tmp
ttf
MD5: b6801deea5e7aa0e16c8699846fd66e2
SHA256: 7a0d979a89e914750bd46661f4ee7354c65c05aa09ddd5fcd118f52e799b4661
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF220310909930459521.tmp
ttf
MD5: da21d9b871da134bc0b7143f61fbbdf4
SHA256: 2052e44d9ea0041d6b628a53dc555e15eeae063e587e5e7d53c03cf028a944d4
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF3700313117452215046.tmp
ttf
MD5: 36aaa3b6293d49763f04c58a99ab1136
SHA256: 807330b9b7ea942af2ed31d42777b8b17fb1992218c1591879651b2daad7afd5
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF467319773833662211.tmp
ttf
MD5: ff16e61e62020437df24aba20e671836
SHA256: 123e8029cda0b1b611ba6ad27927700dfb24964f66e3bc6c3b4106c10086075d
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF791076162075495582.tmp
ttf
MD5: decc482051eab5df00f79910aa8a6a51
SHA256: 0dfb22c067641df1bd1caafe50097823e5ccbf90d42e3c67b664c79faabf94a0
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF658749198205221062.tmp
ttf
MD5: a0521ea00df74a25e9e6ea4fdf05a127
SHA256: 7c79439987892f3d4519f9bd6a2e844d0c779dde55d67d691463277881135654
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF3195911402662881141.tmp
ttf
MD5: ef0fd1abdac0dd6d40efce3e67f49db1
SHA256: 3ea626192aca04f74306c2619f6d0a3aac09a42361640d5c04ec000b54673f7e
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF7407194340730078654.tmp
ttf
MD5: 72bf08556b8f819cd6e004122416dd3e
SHA256: 584da1b04112213529b9bc1647711059d9042d90f984bada71d601b80998f415
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF8992269310249185137.tmp
ttf
MD5: 32aa37d2a858abd72caf181450c17eed
SHA256: c63e233782b9d72f374f5d12a2ec3ea71469298052dabd01789dc32ab11dfa8a
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF6003386407844740461.tmp
ttf
MD5: 2d79712ba0a4c2f68c6abc7193060afb
SHA256: 71c40173b6a0cbe8ae194dee8bec4d710aa6007e69bc7c4ef6bb99b1f3a5f025
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF5970819437253416029.tmp
ttf
MD5: 2e5f4b8f1a574401f45a72e109db4efe
SHA256: d290d48d0dc686d1cc2aed12dfa541aff03e9c8670463d90a6265265cb1beebc
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF5544687074628516161.tmp
ttf
MD5: ec738a8ec56fe5043fad60f15189ff4a
SHA256: 13e28cf9a2372931c8d04383f12b908780387e0b4f38e1bf614fd6a525a65156
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF6272403945323398584.tmp
ttf
MD5: e04d883ac449243b4955c4c54232e85c
SHA256: 9199a6f5449e8bb195f87d972664f8a671c744d314e1a7402a98f9befec4e185
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF2549871209864713293.tmp
ttf
MD5: 2ceedb2b4812b2445b7514c6ab2b9e52
SHA256: 08a0e5532d6ea2e829c9661862293e4e04d929b06f51850ceb2a9b036e2c60c1
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF7900008981638006966.tmp
ttf
MD5: e49e53b7db55c6ad01fb656f95f52f54
SHA256: 4663ad74a279409a64781d8d199bae15757364d647a3d6340c946f261401b685
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF6921976118640557547.tmp
ttf
MD5: 9eb110a3ed9f1fe4c10c92d9593758e4
SHA256: 9640e404477eb38ffc4c55bf1095f2214bc335da7bf7fe9f666f18d67fe9a800
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF8999054276846303713.tmp
ttf
MD5: 64bcc66f1d23959605b66ef52ec9da66
SHA256: 241ccdadbb6e06a2d32ec53439e1a4b8ddf05f4c792aa17086ca8eb61dcef858
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF1363814208152404516.tmp
ttf
MD5: 56449c45223ec0f480f3f0ccb4a05711
SHA256: 06d18903b0253eb3c2ab11ccdaa2cae270ac8a9a871acf8a9537cdcffe45a0ad
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF4314706878928019776.tmp
ttf
MD5: c50a2eced37ad14878a209709dafa248
SHA256: ea7de31e9563603a853ae2e822228d05aecd66e9425d62734f8538ed55bbe6b5
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF8785157710064533152.tmp
ttf
MD5: eea7dda9feb9d9821d9c63df82e288db
SHA256: 08b29a7bbaa084c7883be33227bbad3d43fc890c78f769bf3a473792d1178675
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF5561371730454551731.tmp
ttf
MD5: def0d9ac0390cf668b7874beabcdc7bd
SHA256: 7ae1269cc130dc07a1e0e1e92597b3439dae50487f4a0c71a75f3347b314ec67
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF423431067314046969.tmp
ttf
MD5: fb3340a74fd2cfdaa2eb0f2571d62367
SHA256: 8e851868757f307621364ec8b5f3b0c8f34efa8ee94366d629e803217de603c8
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF8617948550366436991.tmp
ttf
MD5: 279256bee06068c59d7d343abbf3c93a
SHA256: 02ae9d9417fb65b0ab48e0846dc5c5fb7e14b61c54f1d82777a09a38595cf017
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF4900839599900147074.tmp
ttf
MD5: 721ab724419c4f7b4b9b313f7f6b9243
SHA256: 984677f1107fb05a8686c7d350a2262810c798c976e266ef8571ed8ea6e8c5a0
2980
Wordle.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 2702eaa875912b689f675fb59a7972e9
SHA256: b8539c952e5c789cc3b81db736f54a41096c989192b4111006ba34ad73e3aff7
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j7578698201214960744.tmp
binary
MD5: 1a3e5a4dacee274b3e8fc505e79d967a
SHA256: d30172a1d7456b8e370de69d001aa34e48583455e7a81d437f1bf4b4f2684d5c
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\installation.log
text
MD5: 37eabe7a453df8eb1aed0836fbaa043e
SHA256: 4ed171dda74dc97744b5ea68cb66c92ce3b4db4fbdb992e9a6f589068b351816
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j_log_wordle_681892568466248165.log
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\files.log
xml
MD5: 9c5f7c1d35175ecf93f811c2489dfe90
SHA256: cf3f95052baa2aa854ec527982d5eb49f5e0090cfcf56183ab7f8f3c7493b531
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4jf4775877120841945792.log
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\response.varfile
text
MD5: 2b67755dd6222229983900835138a7d9
SHA256: 4e12c3c5f2ac2c88a9189de1e27729698e58fb0b753bfb2e48c369174c649832
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\install.prop
text
MD5: fcbf2555450ea08dc4bae1428d8fcda5
SHA256: a4f56b5ece844b1704c95e0db301e7be77b6b6ddee46382c4796198d8c89f0f2
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\autoUninstall.1
xml
MD5: eaf4d3310c0d56369f9bc9bc33f5ae2a
SHA256: 18a6c4e16904a8b2d1f054439577d4f244f9b5a5db76dea7888f278c09a82a45
2596
wordle_windows_0_2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wordle\Wordle.lnk
lnk
MD5: d48a49d2eb2318e76711bda99bf319af
SHA256: 86d2549eccbee163e6993a507e5c106513a97e3e275fda2aa70bac20491d7c51
2596
wordle_windows_0_2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wordle\i4j8274079544945642697.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j6673362747169728388.lnk
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\response.varfile
text
MD5: 6bc8ead42fd33e1079e34de62bde0121
SHA256: b2846d0d6050219412964b501d77c986eff6f2f003c9c223391f81c079c06752
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\installer.ico
image
MD5: 942198610143ba95a198c7ed48b066b8
SHA256: 1b2599e82a1d56dca1ad5aae4cc9143528091d8630c5274c496641fad95a5d3c
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\[email protected]
image
MD5: 5e164b13ac0b85b81d2c2156bfdfcfa1
SHA256: 85fcf9f08cc62c915213901db70833f9f27c43ddae1cb300f86e7d95008ceffa
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j255110955936467918.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j4118650940991393989.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_7_1xg8ule_18gg8kx.png
image
MD5: 05658e9be759d303893d0af89025fd05
SHA256: cb52aebf64334395c1eff412def789ec55a18630953a1f69015b501e0dbf87ca
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j1870757235851156846.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_5_1xg8ule_1xth8wx.png
image
MD5: 262f0c8bd3d376b56692f7dca8f4ab9a
SHA256: 213a468914c699ac60f85432b38478bd1db7c07b7d5d69b6aa52f90fa4094752
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_6_1xg8ule_259ij1.png
image
MD5: 3df21a5c9e9ed0749f00ba1a4ebc2b21
SHA256: cb78eb088384fa5b98f08879d914ab5388e54707ed267a569e5fdea16588913a
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j8835476097692801411.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j1803572195425950062.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_3_1xg8ule_vd2dea.png
image
MD5: 5601e8e5929bf07f629ebb1810c53718
SHA256: 954d66d6a6fc037ab3c16009b479a233006023fc5d4a3cf073b241f75213d895
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_4_1xg8ule_un9apv.png
image
MD5: cb38f4b80a9af329236d14ac8d613033
SHA256: a8a3f5a384556d488ef854676879e8eda3d1d357c8c733bbc692523d80fd702c
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j5402427659022005112.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j7270071361136868913.tmp
––
MD5:  ––
SHA256:  ––
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_2_1xg8ule_x7nby6.png
image
MD5: f6dfe7474b27f1d3eadf2e2fbc22c255
SHA256: ad32f1717727377b4bb48bc8320e8e1bf87ff493faac1d17c554299a7d128c08
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_2_1xg8ule_x7nby6.png
image
MD5: f6dfe7474b27f1d3eadf2e2fbc22c255
SHA256: ad32f1717727377b4bb48bc8320e8e1bf87ff493faac1d17c554299a7d128c08
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j6617681877587103893.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j4434784243907525196.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j_extf_0_1xg8ule.utf8
text
MD5: cdb52f89ade5948798b33719d364a2cd
SHA256: aad8c2109686adf1d15c13ec307ffb4a1fdef6971ec2ec1ec4419a59feb967c5
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j2786219859983421905.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\launchers.xml
xml
MD5: 9885c8accf27ddeb44c4cde2bc8f4bc8
SHA256: 96c12b5b38ea0b31fe3502cb6da49ca7b80e6618cda89cd6f819fa52fbe6911a
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\user.jar
compressed
MD5: 226d845a757304fa37ca7a3a5b2e9b40
SHA256: cfaea39e0ab3a2f0d932eea9b805b7e37422907b9f797c16c8bd8c3d4b4ebe44
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j6225963294551338875.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j9130680344058089391.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\stats.properties
text
MD5: efd532407cdbd986509bb9f3447a4493
SHA256: 7079216db15ee41a10c0f62028272aea323e2d97f707a9a788b308dbffaf81bb
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4jparams.conf
xml
MD5: 2fdb5b176363cac7c3fdfabc6057ac01
SHA256: 230fb5a544762eae93b5c328cef58cc7eadff7f6d3575b17b9f0584ac645997c
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j5401612317053223080.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j856398814258802477.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\MessagesDefault
text
MD5: cdb52f89ade5948798b33719d364a2cd
SHA256: aad8c2109686adf1d15c13ec307ffb4a1fdef6971ec2ec1ec4419a59feb967c5
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4jruntime.jar
compressed
MD5: bfbc7dd645e3ce681b6dc75c7e75437b
SHA256: 3de34b00bb36b8cd8cbbbc17e065ef8b9215006bc5aec9888ddb0389bba77325
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j5018517907295630302.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j8064521101408802867.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\inst_jre.cfg
text
MD5: f19cc9cc9118ffa6294b0da6d58b0f4b
SHA256: 6cf5b09ef33873e429353de3de55373c4900d0bb02868f0924e22e73a4c92139
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j6426123975451312754.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j758963196524256742.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\wordle.jar
compressed
MD5: 4f128856cbd9f853a5441f37dd686e73
SHA256: 03539490472e05d72f1ee3ce9827e4605040406b77ad711dc622bcf73318a0a9
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\i4j8242184870594713236.tmp
––
MD5:  ––
SHA256:  ––
2980
Wordle.exe
C:\Users\admin\Desktop\wordle.png
image
MD5: 45df41e0bbeec3aecb11a77085f2f28e
SHA256: add90109f1b5daf73ad4658c3d67efe20022701fef0596c1984cad97d5c030b7
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\i4j6627638714397205030.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\Wordle.vmoptions
text
MD5: 489246a122e9a13c4377b75b0d5f3b12
SHA256: 38c01bc4d7e0237d75a7d072aaa8079e8a1337cba331b2989c408f16a833756e
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\i4j8558013124229459789.tmp
––
MD5:  ––
SHA256:  ––
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF5883639492311522145.tmp
ttf
MD5: 8f8fe5737f62cb2ad314ca8c317fc49b
SHA256: ccf52be5a5950696f435d61a6727d6e745eef62e0c1d0741332bfe4a98ded6f1
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\i4j8287155213651117944.tmp
––
MD5:  ––
SHA256:  ––
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF2507276034418646986.tmp
ttf
MD5: 50145685042b4df07a1fd19957275b81
SHA256: 5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j5684931958602656639.tmp
––
MD5:  ––
SHA256:  ––
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF4555501767558700159.tmp
ttf
MD5: 03f5f9f3201836df16184b0bc85ce07e
SHA256: bc7dbfa2db9b80fd440fc1ccde71112d53c3082c78dbb17fd2c73a52e04d1437
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\+~JF3682890634358143724.tmp
ttf
MD5: b85277a18b8b6427390fcaf820e360ec
SHA256: 50012514c36a24a1634f1e366dfef3562954761e1ced57ddec4f35f36c69b804
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j7324584763275257253.tmp
––
MD5:  ––
SHA256:  ––
2596
wordle_windows_0_2.exe
C:\Program Files\wordle\.install4j\i4j7336490618812767264.tmp
––
MD5:  ––
SHA256:  ––
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j_nlog_1.log
text
MD5: a4fa7980a12fe2f012694a69bbc8b185
SHA256: bfae630f1af94a5418281966592a1695bde407074a38681191355c54ea92bc44
2596
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j_nlog_2.log
text
MD5: 9815def8ebc272dc4aa7cfa14de92cf7
SHA256: b4fa8a49c6fc4738af58e14efa66c472bb29df9309b141b430c4c36540a83c57
2596
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j_nlog_2.log
text
MD5: 54d7568d2345553cc213c8d1d6929dc2
SHA256: dc996db3bdf37449ab06b5eaf39df2ec08d178fa8b56717bbbc3492bf80c75a2
2596
wordle_windows_0_2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 8ea5fdf7ee68fcf133ce3e7338ead366
SHA256: a5ba97c3e46afbc4e19c8707b9501038f059b684eede23e9b8c42b955563fbbd
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\inst_jre.cfg
text
MD5: f19cc9cc9118ffa6294b0da6d58b0f4b
SHA256: 6cf5b09ef33873e429353de3de55373c4900d0bb02868f0924e22e73a4c92139
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: c8366ae350e7019aefc9d1e6e6a498c6
SHA256: 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j_nlog_1.log
text
MD5: acf348ee3a7b02485cf37fe452bb2c2b
SHA256: 3d55e9cd74f02c3f9ea581313714e0837ebe63b956f1b35ddd5ea26de0ae13f0
3280
wordle_windows_0_2.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: fc77c465367330e9bdb6990d91bfe2f4
SHA256: b64894da7ceb0085ac762edcf68b31ad2be3a2872552b5ca1e93b84454368604
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDCF.tmp
text
MD5: 89a08db5afa51bb95fed31cb601eaf70
SHA256: 0e8af3af3573b1ce971fa9d225b2b1492557e13b23f765621e8b20f82f7abadb
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\i4j_nlog_1.log
text
MD5: b063145f4c71862191b2a40fee7eb879
SHA256: 477d7d20073d70aca92fa0a72dddf83bc5ac7d3d27f1693d124b7c9ffb9239b8
4088
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: efc933491c4b00ac3f71611e25c0d2b3
SHA256: 49534f079bccd151f091fbf5be1224a373e903e55d2ffd18e13f27065bbb0bb3
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\launchers.xml
xml
MD5: 9885c8accf27ddeb44c4cde2bc8f4bc8
SHA256: 96c12b5b38ea0b31fe3502cb6da49ca7b80e6618cda89cd6f819fa52fbe6911a
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\stats.properties
text
MD5: efd532407cdbd986509bb9f3447a4493
SHA256: 7079216db15ee41a10c0f62028272aea323e2d97f707a9a788b308dbffaf81bb
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\[email protected]
image
MD5: 5e164b13ac0b85b81d2c2156bfdfcfa1
SHA256: 85fcf9f08cc62c915213901db70833f9f27c43ddae1cb300f86e7d95008ceffa
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\installer.ico
image
MD5: 942198610143ba95a198c7ed48b066b8
SHA256: 1b2599e82a1d56dca1ad5aae4cc9143528091d8630c5274c496641fad95a5d3c
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_3_1xg8ule_vd2dea.png
image
MD5: 5601e8e5929bf07f629ebb1810c53718
SHA256: 954d66d6a6fc037ab3c16009b479a233006023fc5d4a3cf073b241f75213d895
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_5_1xg8ule_1xth8wx.png
image
MD5: 262f0c8bd3d376b56692f7dca8f4ab9a
SHA256: 213a468914c699ac60f85432b38478bd1db7c07b7d5d69b6aa52f90fa4094752
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_4_1xg8ule_un9apv.png
image
MD5: cb38f4b80a9af329236d14ac8d613033
SHA256: a8a3f5a384556d488ef854676879e8eda3d1d357c8c733bbc692523d80fd702c
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\user.jar
compressed
MD5: 226d845a757304fa37ca7a3a5b2e9b40
SHA256: cfaea39e0ab3a2f0d932eea9b805b7e37422907b9f797c16c8bd8c3d4b4ebe44
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_6_1xg8ule_259ij1.png
image
MD5: 3df21a5c9e9ed0749f00ba1a4ebc2b21
SHA256: cb78eb088384fa5b98f08879d914ab5388e54707ed267a569e5fdea16588913a
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4jruntime.jar
compressed
MD5: bfbc7dd645e3ce681b6dc75c7e75437b
SHA256: 3de34b00bb36b8cd8cbbbc17e065ef8b9215006bc5aec9888ddb0389bba77325
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4jparams.conf
xml
MD5: 2fdb5b176363cac7c3fdfabc6057ac01
SHA256: 230fb5a544762eae93b5c328cef58cc7eadff7f6d3575b17b9f0584ac645997c
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_0_1xg8ule.utf8
text
MD5: cdb52f89ade5948798b33719d364a2cd
SHA256: aad8c2109686adf1d15c13ec307ffb4a1fdef6971ec2ec1ec4419a59feb967c5
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_1_1xg8ule.txt
text
MD5: 0ef864944f65c4306f19b34181537383
SHA256: b30064c6a59123cb52a3ec5400b5220e17b86208ac6b8f54216f631a9d8093d1
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\MessagesDefault
text
MD5: cdb52f89ade5948798b33719d364a2cd
SHA256: aad8c2109686adf1d15c13ec307ffb4a1fdef6971ec2ec1ec4419a59feb967c5
3280
wordle_windows_0_2.exe
C:\Users\admin\AppData\Local\Temp\e4jDBF.tmp_dir1556046671\i4j_extf_7_1xg8ule_18gg8kx.png
image
MD5: 05658e9be759d303893d0af89025fd05
SHA256: cb52aebf64334395c1eff412def789ec55a18630953a1f69015b501e0dbf87ca
2980
Wordle.exe
C:\Users\admin\AppData\Local\Temp\imageio2057795809948896505.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.