Cuckoo Sandbox

Name	1394164e97d782a7_system restore.exe Download Submit file
Filepath	C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator\System Restore.exe
Size	89.5KB
Processes	2196 (14c7d7dc385f6ed9da39426876dea0912c41630b5a5622920beca6476d35ab53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d6b97a42e28f7980ce470a30d765ff2c`
SHA1	`9a715c25da29436dbb52d4f12f7a488675cf9dde`
SHA256	`1394164e97d782a7d4324a29b0f17ed1baca07979a950fdf15e7b9aa51a13219`
CRC32	`F970DC9E`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords
VirusTotal	Search for analysis

Name	abea0c9d1599961d_backup.exe Download Submit file
Filepath	C:\backup.exe
Size	89.5KB
Processes	1268 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`109652c2944c1eaa146e6e03c2f295c3`
SHA1	`b37b7098c77366c7c968623e5ae4d4000eea8ac7`
SHA256	`abea0c9d1599961d120e2fa8a15f8a7870d3bf913780e44a94072c75d42079eb`
CRC32	`E7720B56`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords
VirusTotal	Search for analysis

Dropped Files