General Info

File name

OpenBulet.1.2.1.2.zip

Full analysis
https://app.any.run/tasks/c537241b-3e7c-4858-b651-349a37e42c29
Verdict
Malicious activity
Analysis date
4/14/2019, 21:49:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

36ff1d6baa5ce63072cb4d6d0679ac0b

SHA1

1179e45116b4575b5f78ad72b6ce5c7a269b4583

SHA256

26303176a4cc7b5f487d495ff3df540353047b701176a20921daf3284ef4d266

SSDEEP

393216:+4/3LKXuG8u258EnaHMsVGQOyMKV83HN+QJ9/XTxt:+4/3LKX+OEnaHMNQOplUe7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • OpenBullet.exe (PID: 2632)
Loads dropped or rewritten executable
  • OpenBullet.exe (PID: 2632)
Reads Environment values
  • OpenBullet.exe (PID: 2632)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2960)
Reads settings of System Certificates
  • OpenBullet.exe (PID: 2632)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2019:04:07 12:47:23
ZipCRC:
0x00000000
ZipCompressedSize:
null
ZipUncompressedSize:
null
ZipFileName:
OpenBulet 1.2.1.2/

Screenshots

Processes

Total processes
33
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start winrar.exe openbullet.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2960
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\program files\common files\microsoft shared\office14\msoxev.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\msxml3r.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\actxprxy.dll

PID
2632
CMD
"C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\OpenBullet.exe"
Path
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\OpenBullet.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
OpenBullet
Version
1.2.1.0
Modules
Image
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\openbullet.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\system.windows.controls.input.toolkit.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\system.windows.controls.layout.toolkit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\rurilib.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\newtonsoft.json.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\01bed42723486eb478a5b3e2557173db\presentationframework.classic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.csharp\dd1e55e4b87101888a94f28ce396f2ea\microsoft.csharp.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.dynamic\788fba784cfc29d8c324d66f6ee4c427\system.dynamic.ni.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\extreme.net.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\c56771a9cfb87e660d60453e232abe27\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.numerics\cd7ca8846a122a7e690e11c4611bc902\system.numerics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\032f5fa875be86b577722ddeeee2e51c\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\litedb.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\xceed.wpf.toolkit.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\33d15f16d20849f7c46d19b7bc7f4273\presentationframework-systemxml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\7e77d1835b49fa80598b5c47eaedccfc\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsform0b574481#\da612289faed8f139ce9c577e06762f1\windowsformsintegration.ni.dll
c:\users\admin\appdata\local\temp\openbulet.1.2.1.2\bin\wpftoolkit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio84a6349c#\f0a755350257889ec7e0559c4dbfc30a\presentationframework-systemcore.ni.dll
c:\windows\system32\msctfui.dll

Registry activity

Total events
527
Read events
470
Write events
57
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2960
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2.zip
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2960
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\msxml3r.dll,-1
XML Document
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
Overwrite
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
Update
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
Fresh
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
UnpToSubfolders
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
KeepBroken
1
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
ShowExplorer
1
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
mtime
4
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
ctime
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
atime
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
PathsRel
1
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
PathsFull
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
PathsNone
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
PathsAbsDrive
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
ClearArc
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
ProcessOwners
1
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
SetCompressedAttr
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
ExtrDelArc
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
Background
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
WaitForOther
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
AbsoluteLinks
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Extraction\Profile
AllowIncompatNames
0
2960
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
0
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2
2632
OpenBullet.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
OpenBullet.exe
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASAPI32
EnableFileTracing
0
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASAPI32
EnableConsoleTracing
0
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASAPI32
FileTracingMask
4294901760
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASAPI32
ConsoleTracingMask
4294901760
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASAPI32
MaxFileSize
1048576
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASAPI32
FileDirectory
%windir%\tracing
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASMANCS
EnableFileTracing
0
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASMANCS
EnableConsoleTracing
0
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASMANCS
FileTracingMask
4294901760
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASMANCS
ConsoleTracingMask
4294901760
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASMANCS
MaxFileSize
1048576
2632
OpenBullet.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OpenBullet_RASMANCS
FileDirectory
%windir%\tracing
2632
OpenBullet.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US

Files activity

Executable files
34
Suspicious files
0
Text files
7
Unknown types
4

Dropped files

PID
Process
Filename
Type
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Extreme.Net.dll
executable
MD5: f647e9a36e0cd58f3f245c34a6953092
SHA256: 53719c10aa023927be99db87b200239a8093c9250655076c54a655738011b5f9
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\LiteDB.dll
executable
MD5: 25b242d00c6c32e1f437eb2064ea2e29
SHA256: e72acddf47586bc0999d598e3bd125a254bb6f4ae151c076993304f6e31fbbed
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Security.Cryptography.X509Certificates.dll
executable
MD5: 53c30ac4c567ac0a6dcfd9b2c5db2c7a
SHA256: 9e64e9d218a9bd93b4aa86d05abc05e4a13c42fc580396f44dd011f25a0cabb6
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Jint.dll
executable
MD5: 734c5ce8f9b104d8ad3c7b494e96f9b9
SHA256: ed618668ae9e7c02c7c2b7332dd09079168cca96432a051044683c996337001c
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Net.Http.dll
executable
MD5: e4b20eceadd0a1d030b407b02b913ebf
SHA256: f48e85c97f8e473240db925d00ee871be9e2e7b684b313b911d5c2c14c47078a
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\OpenBullet.exe
executable
MD5: 3b0a076e98bc2cf0e128d0f42b0bc627
SHA256: 4afb1cdc371b35d36544746e2c7eddc39acc344ab5d5ac8beb1a32f0a0714d3d
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Security.Cryptography.Encoding.dll
executable
MD5: 5f859d35ca74d84cce62533e086dc27f
SHA256: 91c7c02d46f754193b3988c28050135c804e47dc3456d0c3dde028ac0341fbe2
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\IronPython.SQLite.dll
executable
MD5: b7efbf654402c78226b8d69ad0011bbb
SHA256: 5a6e2eda86e863e155f67cebef095355b7ea7b1dcd97d87e4058f0a5ac60d798
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Security.Cryptography.Algorithms.dll
executable
MD5: 8325ff9791b4d7abf167ff1be9d3cc95
SHA256: 3944bdc2621e3c9e6ae08fc69f72e15428ecbfc0666a97139ee38e50896364de
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Xceed.Wpf.Toolkit.dll
executable
MD5: c3d181ab31e5bec15d266f50c8bfa4d8
SHA256: d78d3c61c4665c703976f5f697187669a5ef888ab1c00ebaabc0bcf409e833ae
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\geckodriver.exe
executable
MD5: 9ab2c9902d01e699be19989695b8fa54
SHA256: 3104a5ba26ff22962d0d75536506c081939bcd7580ba16503d4f3ce5507d06d2
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\ProxySocket.dll
executable
MD5: 13f842ac397885c4e647ec35f2ab79e5
SHA256: 851e924110ba3ff3dcd8c894d9c264a1aa3715aaed36e5ef4e320a73d3451a16
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Windows.Controls.Layout.Toolkit.dll
executable
MD5: 22d9d032858972b8ee628fa818ab04db
SHA256: e3d7f794442d9dbe99f5d578c0bc8d9e3198fe4055cf5581fc1de78085967c50
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\IronPython.Modules.dll
executable
MD5: 621192db357916f2261989a49fa2c6bd
SHA256: 87525121d7826dcfc76963ab8bd7996b9644bf4f148d1296757eb702a43da51f
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Leaf.xNet.dll
executable
MD5: 3f303b19bff2a4ad3aefa94c1a897f34
SHA256: b762310fbde4b23d9d353998ac8b11292f715659247674352b9411fac412d246
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\RuriLib.dll
executable
MD5: 69a74d374ac33e1dfcd954f7f3caa43d
SHA256: 0f8b85ac5147999058944ae1bcf14f78381e4e968391129de935dbdd3dcd6beb
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Microsoft.Dynamic.dll
executable
MD5: aba389a299beb16cc04337ec76c8a965
SHA256: 4f7425cb08cc9bca6fca4bfc08d22b6d9716c507f306f40ae7134b878d909a21
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\IronPython.dll
executable
MD5: 9a39a51e6dcb22b80db481fbfbcd7826
SHA256: 61b809b97dc878f42e85ee2c5d8471853527754e4f53b17c0507334c57e19e04
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\WPFToolkit.dll
executable
MD5: 195ed09e0b4f3b09ea4a3b67a0d3f396
SHA256: aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Newtonsoft.Json.dll
executable
MD5: d827dd8a8c4b2a2cfa23c7f90f3cce95
SHA256: b66749b81e1489fcd8d754b2ad39ebe0db681344e392a3f49dc9235643bdbd06
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\WebDriver.dll
executable
MD5: 9283cfa187616d4db0e41bdab6083d88
SHA256: 0ee619b1786cf5971c0f9c6ee1859497aecba93a4953cf92fea998e8eefadf3c
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\ICSharpCode.AvalonEdit.dll
executable
MD5: b4d5d46e50006e87b30e7d514e95173c
SHA256: 058f38f33f3f99f904ab9588447a234346c859718404b4e8a523673ed19cdbe7
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\WebDriver.Support.dll
executable
MD5: 10ea7d402172831486eb48deacf2924b
SHA256: b59ba7d0cffe43e722b13ad737cf596f030788b86b5b557cb479f0b6957cce8a
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Microsoft.Scripting.Metadata.dll
executable
MD5: 1bed5e618b922411cfae2eac84afef43
SHA256: a4ace184ddb98e81cfcc6c838299915d8c33b714594e3836de7c75b1f70e55eb
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Xceed.Wpf.AvalonDock.Themes.Metro.dll
executable
MD5: e0a761f5b3e2d670b2396f4ba5784c14
SHA256: 6f881c5da158bc8b3ed44172440a890a423475dad2fec3439ff25564ce23d2d2
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\AngleSharp.dll
executable
MD5: bf331ab2e9bb06d900929de29c659ae8
SHA256: 0b6d37c6113914decb8ae2142dee7cf476206036806821ac6dc63d69269f827b
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\chromedriver.exe
executable
MD5: 467838b0da3380609a468679b0639abc
SHA256: 282dd0a35f2336e409fc82ebc8649b0f9257c4016af75111ed709ee7c9132ef2
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Microsoft.Scripting.dll
executable
MD5: 0b75b3835bf11d3163eb0798f7c1a89d
SHA256: d8b3cab5c0f0e9c308c962fa894bc300c75f93537daef0e790069ca8cb1c7170
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Xceed.Wpf.AvalonDock.dll
executable
MD5: 8729bdc3399ae1c58c91c82b5f67355c
SHA256: df4e346f8be52a8d12442f9001cde413f05c1a59c1d182aaa808bdc3657db9b9
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Xceed.Wpf.AvalonDock.Themes.Aero.dll
executable
MD5: 82315bbb55a192cc7cdb1d9760b6310b
SHA256: 58e1d8cd70b06152158c30f33a75615e02dd5be6e04afb198a33bca9348e511c
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\Xceed.Wpf.AvalonDock.Themes.VS2010.dll
executable
MD5: 67a7850a35cc52b16d537bc76aa87f9b
SHA256: 3190c91b735bfe0f349272be32e8dd2acf1f1e3713c89ad37ae9362660b1d22e
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Windows.Controls.Input.Toolkit.dll
executable
MD5: 9722713e648f42b57299e9d2cf3d5c1a
SHA256: bc3a78eb4df2fd5b39244fa0586cc0a82fe3d0e185d151e6c340c53072a61872
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\System.Security.Cryptography.Primitives.dll
executable
MD5: ecac83e551b639409899919d47cd7588
SHA256: 5a6c8f69a8dea8a775331273aaae707eee2a2743fb1498c3cc4dbab679125d11
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\bin\IronPython.Wpf.dll
executable
MD5: f1e1a1058a95c27cc453f8559e4ab3ed
SHA256: 4061499b5e66c9309352a660a457ac95c8fa98229a8bbccc648deb85f5ff7cc7
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\LSDoc.xml
xml
MD5: 4aadf9c78f6430ac724a9fe727bba670
SHA256: 2315fc56a49039a881e4066942f9af385b08d1c8d3d736f63d6455e4f1a3c8d8
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\Settings\Environment.ini
text
MD5: cd3d82474688a9f62e60dd7660eafe5b
SHA256: 625c29073dce3f966acc5f37173be783863860d4e65432b949b1752464bf1c3d
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\LSHighlighting.xshd
text
MD5: b45672b46f4823c82fe7be32dee120da
SHA256: f4f8406df5161fac81e691a47904aa12a309c7c59f5ebc83fdb60a5515ca0e2a
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\OpenBullet.exe.config
xml
MD5: 96358039b209f3f4361f3079fef0b719
SHA256: 4b45f45ae23574baa9044044eaf1d71bf924df5dcd4fcac721253f9fa293b1f7
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\OpenBullet.pdb
pdb
MD5: 7bd84dfff6f8f715daee3eb7c2da7f4d
SHA256: acd890fb11cab3e80f7021ce92b39d8359d00f60133055a117f1f0fd536c13b7
2632
OpenBullet.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\Settings\OBSettings.json
text
MD5: 710b5e108340eb975e17b65cf009f194
SHA256: 1f29743dd0ece1fbd01377421b3f0e94d08f3ad0ddc0d771e47ba48d77ac4a6f
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\SyntaxHelper.xml
xml
MD5: 5c46c700b31a36fcd2c51493671a6061
SHA256: 429da78a083623f4778f40a4b7a2655b2db55cd851334d49a44ca653c385984f
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\Sounds\rifle_reload.wav
wav
MD5: b6b110dea7fae3d370f36fcc3a33266e
SHA256: cd607985d615af83fb2d7796ff05a57a03974f279292e84d768072e807fd6d9a
2960
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\Sounds\rifle_hit.wav
wav
MD5: 3f43bccf1a9938172fd5e53e5fb42472
SHA256: c2c1a457ff5c4e8590d78e2a5526d8e232a934bdb74b032eeb0015ad26580d69
2632
OpenBullet.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\Settings\RLSettings.json
text
MD5: 84ef9721d3e96040be9274df7224892b
SHA256: 251fb2b393606eb253e823f23d9b0e4b893e045ee57b53ed58e6dfa865b18718
2632
OpenBullet.exe
C:\Users\admin\AppData\Local\Temp\OpenBulet.1.2.1.2\DB\OpenBullet.db
db
MD5: 0ed578b5d42ac4b31417d062700e372f
SHA256: b2c3fa1ae8edfbe86281cc98f71392d56b86acf03fdf570ff6ca0197095667e1

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2632 OpenBullet.exe 151.101.0.133:443 Fastly US malicious

DNS requests

Domain IP Reputation
raw.githubusercontent.com 151.101.0.133
151.101.64.133
151.101.128.133
151.101.192.133
shared

Threats

No threats detected.

Debug output strings

No debug info.