Malware analysis http://dexadine.com/oehler/download/setupS85v1262.exe Malicious activity

Add for printing

URL:	http://dexadine.com/oehler/download/setupS85v1262.exe
Full analysis:	https://app.any.run/tasks/b240fef1-3c28-4c37-8b90-207a22880d2b
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	August 01, 2023, 12:43:51
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	loader
Indicators:
MD5:	FFEADBA599E9BB86D8B381B1B0FA19F3
SHA1:	D8876782B5076DD270D593D8373A9DA7EBB6C993
SHA256:	2963A771D996AB81DBAD90CDD6760513FAAF50CE6FF0DFF3812AC1BC6B38161D
SSDEEP:	3:N1KaAdoKuGKIKKAbAKK4JkxQcdDDXJ:CaPKuGdZR4WRDF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.29 (8.29)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - setupS85v1262.exe (PID: 3124)
  - setupS85v1262.exe (PID: 2880)
  - Launcher.exe (PID: 1204)
  - setupS85Wise.exe (PID: 3584)
  - CDM20600.exe (PID: 1432)
  - OS_Detect.exe (PID: 3388)
  - OS_Detect.exe (PID: 1880)
  - DPInst_Monx86.exe (PID: 3392)
  - DPInstx86.exe (PID: 1856)
  - Launcher.exe (PID: 3780)
  - CDM20600.exe (PID: 2120)
  - OS_Detect.exe (PID: 664)
  - OS_Detect.exe (PID: 3668)
  - DPInst_Monx86.exe (PID: 2056)
  - DPInstx86.exe (PID: 1528)
  - Launcher.exe (PID: 1896)
  - CDM20600.exe (PID: 3324)
  - OS_Detect.exe (PID: 3968)
  - OS_Detect.exe (PID: 3448)
  - DPInstx86.exe (PID: 3292)
  - DPInst_Monx86.exe (PID: 3304)
- Creates a writable file the system directory
  - setupS85Wise.exe (PID: 3584)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
- Loads dropped or rewritten executable
  - setupS85Wise.exe (PID: 3584)
SUSPICIOUS
- Executable content was dropped or overwritten
  - setupS85v1262.exe (PID: 2880)
  - setupS85Wise.exe (PID: 3584)
  - CDM20600.exe (PID: 1432)
  - DPInstx86.exe (PID: 1856)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
  - CDM20600.exe (PID: 2120)
  - CDM20600.exe (PID: 3324)
- Reads the Internet Settings
  - Launcher.exe (PID: 1204)
  - CDM20600.exe (PID: 1432)
  - OS_Detect.exe (PID: 3388)
  - DPInst_Monx86.exe (PID: 3392)
  - Launcher.exe (PID: 3780)
  - CDM20600.exe (PID: 2120)
  - OS_Detect.exe (PID: 3668)
  - DPInst_Monx86.exe (PID: 2056)
  - Launcher.exe (PID: 1896)
  - CDM20600.exe (PID: 3324)
  - DPInst_Monx86.exe (PID: 3304)
  - OS_Detect.exe (PID: 3968)
- Drops a system driver (possible attempt to evade defenses)
  - CDM20600.exe (PID: 1432)
  - DPInstx86.exe (PID: 1856)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
  - CDM20600.exe (PID: 2120)
  - CDM20600.exe (PID: 3324)
- Creates files in the driver directory
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
- Checks Windows Trust Settings
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
INFO
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 1660)
  - iexplore.exe (PID: 3868)
- Application launched itself
  - iexplore.exe (PID: 3868)
- Create files in a temporary directory
  - setupS85v1262.exe (PID: 2880)
  - setupS85Wise.exe (PID: 3584)
  - CDM20600.exe (PID: 1432)
  - DPInstx86.exe (PID: 1856)
  - CDM20600.exe (PID: 2120)
  - CDM20600.exe (PID: 3324)
- The process uses the downloaded file
  - iexplore.exe (PID: 3868)
- Checks supported languages
  - setupS85v1262.exe (PID: 2880)
  - setupS85Wise.exe (PID: 3584)
  - Launcher.exe (PID: 1204)
  - CDM20600.exe (PID: 1432)
  - OS_Detect.exe (PID: 3388)
  - DPInst_Monx86.exe (PID: 3392)
  - DPInstx86.exe (PID: 1856)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
  - Launcher.exe (PID: 3780)
  - CDM20600.exe (PID: 2120)
  - OS_Detect.exe (PID: 3668)
  - DPInst_Monx86.exe (PID: 2056)
  - DPInstx86.exe (PID: 1528)
  - CDM20600.exe (PID: 3324)
  - Launcher.exe (PID: 1896)
  - OS_Detect.exe (PID: 3968)
  - DPInstx86.exe (PID: 3292)
  - DPInst_Monx86.exe (PID: 3304)
- Reads the computer name
  - setupS85Wise.exe (PID: 3584)
  - Launcher.exe (PID: 1204)
  - CDM20600.exe (PID: 1432)
  - OS_Detect.exe (PID: 3388)
  - DPInst_Monx86.exe (PID: 3392)
  - DPInstx86.exe (PID: 1856)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
  - Launcher.exe (PID: 3780)
  - CDM20600.exe (PID: 2120)
  - OS_Detect.exe (PID: 3668)
  - DPInst_Monx86.exe (PID: 2056)
  - DPInstx86.exe (PID: 1528)
  - Launcher.exe (PID: 1896)
  - CDM20600.exe (PID: 3324)
  - DPInst_Monx86.exe (PID: 3304)
  - DPInstx86.exe (PID: 3292)
  - OS_Detect.exe (PID: 3968)
- Creates files in the program directory
  - setupS85Wise.exe (PID: 3584)
- The process checks LSA protection
  - setupS85Wise.exe (PID: 3584)
  - Launcher.exe (PID: 1204)
  - CDM20600.exe (PID: 1432)
  - OS_Detect.exe (PID: 3388)
  - DPInst_Monx86.exe (PID: 3392)
  - DPInstx86.exe (PID: 1856)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
  - Launcher.exe (PID: 3780)
  - CDM20600.exe (PID: 2120)
  - DPInstx86.exe (PID: 1528)
  - OS_Detect.exe (PID: 3668)
  - DPInst_Monx86.exe (PID: 2056)
  - CDM20600.exe (PID: 3324)
  - Launcher.exe (PID: 1896)
  - OS_Detect.exe (PID: 3968)
  - DPInst_Monx86.exe (PID: 3304)
  - DPInstx86.exe (PID: 3292)
- Manual execution by a user
  - Launcher.exe (PID: 1204)
  - Launcher.exe (PID: 3780)
  - Launcher.exe (PID: 1896)
- Reads the machine GUID from the registry
  - DPInstx86.exe (PID: 1856)
  - drvinst.exe (PID: 2692)
  - drvinst.exe (PID: 2876)
  - DPInstx86.exe (PID: 1528)
  - DPInstx86.exe (PID: 3292)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

664

"C:\Users\admin\AppData\Local\Temp\ckz_E6F4\OS_Detect.exe"

C:\Users\admin\AppData\Local\Temp\ckz_E6F4\OS_Detect.exe

—

CDM20600.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

3221226540

Modules

Images
c:\users\admin\appdata\local\temp\ckz_e6f4\os_detect.exe
c:\windows\system32\ntdll.dll

1204

"C:\win_s85\Launcher.exe"

C:\win_s85\Launcher.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll

1432

"C:\win_s85\CDM20600.exe"

C:\win_s85\CDM20600.exe

Launcher.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\win_s85\cdm20600.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll

1528

"C:\Users\admin\AppData\Local\Temp\ckz_E6F4\DPInstx86.exe"

C:\Users\admin\AppData\Local\Temp\ckz_E6F4\DPInstx86.exe

—

DPInst_Monx86.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Driver Package Installer

Exit code:

512

Version:

2.1

Modules

Images
c:\users\admin\appdata\local\temp\ckz_e6f4\dpinstx86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1660

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3868 CREDAT:267521 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Internet Explorer

Exit code:

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll

1856

"C:\Users\admin\AppData\Local\Temp\ckz_FCY2\DPInstx86.exe"

C:\Users\admin\AppData\Local\Temp\ckz_FCY2\DPInstx86.exe

DPInst_Monx86.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Driver Package Installer

Exit code:

512

Version:

2.1

Modules

Images
c:\users\admin\appdata\local\temp\ckz_fcy2\dpinstx86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1880

"C:\Users\admin\AppData\Local\Temp\ckz_FCY2\OS_Detect.exe"

C:\Users\admin\AppData\Local\Temp\ckz_FCY2\OS_Detect.exe

—

CDM20600.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

3221226540

Modules

Images
c:\users\admin\appdata\local\temp\ckz_fcy2\os_detect.exe
c:\windows\system32\ntdll.dll

1896

"C:\win_s85\Launcher.exe"

C:\win_s85\Launcher.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\win_s85\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2056

"C:\Users\admin\AppData\Local\Temp\ckz_E6F4\DPInst_Monx86.exe"

C:\Users\admin\AppData\Local\Temp\ckz_E6F4\DPInst_Monx86.exe

—

OS_Detect.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\ckz_e6f4\dpinst_monx86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll

2120

"C:\win_s85\CDM20600.exe"

C:\win_s85\CDM20600.exe

Launcher.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\win_s85\cdm20600.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll

Add for printing

Total events

20 517

Read events

20 286

Write events

229

Delete events

Modification events


(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000004E010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3868) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1

Add for printing

Executable files

104

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3584	setupS85Wise.exe	C:\Users\admin\AppData\Local\Temp\GLFB489.tmp		executable
		MD5:0CE392CDCF8714D0B32CB619D8EB5FB1	SHA256:5F1957ED9D0632EF3225709584EA44D001D579CBCB5EA7BA87384C16FDD18604
3868	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DAF1A231E66DA88458F6F9DA03F0934C		binary
		MD5:1DFA6CC444E8F65427643F45D238069F	SHA256:CD931E9AA57710DE7103EEEBB6BF33FDBF43F0B6DFE0AD11E637A8A1FFECF0AA
2880	setupS85v1262.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\setupS85Wise.exe		executable
		MD5:643E2DAA5A0A349226180D38E01D730A	SHA256:8C9E3263FA7FF4EB7F03EB427F2A24EA864FA9996A28396937AD12A37F928CC1
3868	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{167DF29D-3069-11EE-9150-12A9866C77DE}.dat		binary
		MD5:3F3FB8961AAB1DA2E84BC6260862CAA7	SHA256:796128A872B14643720213F4752DC8289452560C5642DFA89E5FFEA84410A769
1660	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\setupS85v1262.exe.d8beawk.partial		executable
		MD5:0CF83EED702D395BD5A374AF37B7F2C0	SHA256:6E2A633EFA936BD6CC409E658DB6301947B387F3650529B22987AF71418D5C57
3584	setupS85Wise.exe	C:\Users\admin\AppData\Local\Temp\GLCA8AF.tmp		executable
		MD5:9432368D5CF6924B972EFC7AA0CA95B9	SHA256:9EAA686B43116710E69C136EAF9FD1023291763F094CB8C442FFCAA9B52D1017
3868	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\setupS85v1262.exe.d8beawk.partial:Zone.Identifier		text
		MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B	SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
3584	setupS85Wise.exe	C:\win_s85\~GLH0001.TMP		executable
		MD5:110CB61C9ECA5F72D410CA178AC49493	SHA256:D0A0FE014733FACC7744B075157BF578F1E3B59601563C9E5E159031F3C212FC
3868	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DAF1A231E66DA88458F6F9DA03F0934C		binary
		MD5:2AE0F3CA4D291B478B75A04C4C1E1042	SHA256:5051BD69E19D6CD036147949AC5BBCF99834561F119F60DC7938248D61C77BBD
3584	setupS85Wise.exe	C:\win_s85\~GLH0003.TMP		executable
		MD5:814DE3792A284A90A829A4F9214AD351	SHA256:1F3763EFF94F6A8DB73F0BE3EC0892107A82595E83BDD21298571BC0C67B7A18

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3868	iexplore.exe	GET	—	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f4bfa7be38ea345c	US	—	—	whitelisted
3868	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D	US	binary	471 b	whitelisted
3868	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	US	binary	471 b	whitelisted
1660	iexplore.exe	GET	200	66.96.146.129:80	http://dexadine.com/oehler/download/setupS85v1262.exe	US	executable	5.02 Mb	suspicious
3868	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D	US	binary	1.47 Kb	whitelisted
3868	iexplore.exe	GET	200	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d2c7a550e0164151	US	compressed	4.70 Kb	whitelisted
1088	svchost.exe	GET	200	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?cd12e3244afd6d9b	US	compressed	62.3 Kb	whitelisted
3868	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D	US	binary	471 b	whitelisted
3868	iexplore.exe	GET	200	104.18.15.101:80	http://crt.sectigo.com/SectigoRSACodeSigningCA.crt	unknown	binary	1.49 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2640	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
1660	iexplore.exe	66.96.146.129:80	dexadine.com	BIZLAND-SD	US	malicious
3868	iexplore.exe	104.18.15.101:80	crt.sectigo.com	CLOUDFLARENET	—	whitelisted
3868	iexplore.exe	152.199.19.161:443	iecvlist.microsoft.com	EDGECAST	US	whitelisted
3868	iexplore.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted
1088	svchost.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted
3868	iexplore.exe	204.79.197.203:443	www.msn.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	malicious
3868	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
3868	iexplore.exe	204.79.197.200:443	ieonline.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
3868	iexplore.exe	23.197.144.209:443	go.microsoft.com	AKAMAI-AS	US	malicious

DNS requests

Domain	IP	Reputation
dexadine.com	66.96.146.129	suspicious
api.bing.com	13.107.5.80	whitelisted
www.bing.com	2.23.209.181 2.23.209.150 2.23.209.179 2.23.209.160 2.23.209.148 2.23.209.158 2.23.209.176 2.23.209.161 2.23.209.177	whitelisted
crt.sectigo.com	104.18.15.101 104.18.14.101	whitelisted
iecvlist.microsoft.com	152.199.19.161	whitelisted
r20swj13mr.microsoft.com	152.199.19.161	whitelisted
ctldl.windowsupdate.com	93.184.221.240	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
ieonline.microsoft.com	204.79.197.200	whitelisted
go.microsoft.com	23.197.144.209	whitelisted

Threats

PID	Process	Class	Message
1660	iexplore.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP

Add for printing

No debug info

General Info

http://dexadine.com/oehler/download/setupS85v1262.exe

FFEADBA599E9BB86D8B381B1B0FA19F3

D8876782B5076DD270D593D8373A9DA7EBB6C993

2963A771D996AB81DBAD90CDD6760513FAAF50CE6FF0DFF3812AC1BC6B38161D

3:N1KaAdoKuGKIKKAbAKK4JkxQcdDDXJ:CaPKuGdZR4WRDF

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Creates a writable file the system directory

Loads dropped or rewritten executable

SUSPICIOUS

Executable content was dropped or overwritten

Reads the Internet Settings

Drops a system driver (possible attempt to evade defenses)

Creates files in the driver directory

Checks Windows Trust Settings

INFO

Executable content was dropped or overwritten

Application launched itself

Create files in a temporary directory

The process uses the downloaded file

Checks supported languages

Reads the computer name

Creates files in the program directory

The process checks LSA protection

Manual execution by a user

Reads the machine GUID from the registry

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings