Malware analysis IRC.application No threats detected | ANY.RUN

Add for printing

File name:	IRC.application
Full analysis:	https://app.any.run/tasks/a66b8fc9-97c9-4814-93b6-b9de5d53870d
Verdict:	No threats detected
Analysis date:	May 26, 2020, 10:38:31
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	text/xml
File info:	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5:	FBA736CCC7C8B7DB43144B52A7732BE8
SHA1:	EAEA44F650E2B4E3C5262FAEB5B28C683F3DD1A6
SHA256:	3A0703DE91F1DE1FB5D3149EEA0625FC17B8A618B46B580F313DDDAC804C2D1A
SSDEEP:	192:okPW+wVUC+2AsUdzEc1+pPDSRzcJAK3GrdsdHBavRuXkeRRngFLDB6GUlOfknTHb:7B/+p7SsAdsdCRwke7t3wknT8yhTBL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.17843 KB3058515
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
QGA (2.10.63)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2533623
KB2534111
KB2639308
KB2729094
KB2731771
KB2786081
KB2834140
KB2882822
KB2888049
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Reads Environment values
  - dfsvc.exe (PID: 2896)
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.application	\|	ClickOnce Deployment Manifest (96.1)
.xml	\|	Generic XML (UTF-8) (2.7)
.txt	\|	Text - UTF-8 encoded (1)

EXIF

XMP

AssemblySchemaLocation:	urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd
AssemblyManifestVersion:	1
AssemblyXmlns:	urn:schemas-microsoft-com:asm.v2
AssemblyAssemblyIdentityName:	IRC.application
AssemblyAssemblyIdentityVersion:	1.4.0.2092
AssemblyAssemblyIdentityPublicKeyToken:	81a64c72fbbf0350
AssemblyAssemblyIdentityLanguage:	neutral
AssemblyAssemblyIdentityProcessorArchitecture:	msil
AssemblyAssemblyIdentityXmlns:	urn:schemas-microsoft-com:asm.v1
AssemblyDescriptionPublisher:	Integrated Remote Console
AssemblyDescriptionProduct:	Integrated Remote Console
AssemblyDescriptionSupportUrl:	http://www.hpe.com/info/ilo
AssemblyDescriptionXmlns:	urn:schemas-microsoft-com:asm.v1
AssemblyDeploymentInstall:	-
AssemblyDeploymentTrustURLParameters:
AssemblyDependencyDependentAssemblyDependencyType:	install
AssemblyDependencyDependentAssemblyCodebase:	IRC.exe.manifest
AssemblyDependencyDependentAssemblySize:	18628
AssemblyDependencyDependentAssemblyAssemblyIdentityName:	IRC.exe
AssemblyDependencyDependentAssemblyAssemblyIdentityVersion:	1.4.0.2092
AssemblyDependencyDependentAssemblyAssemblyIdentityPublicKeyToken:	81a64c72fbbf0350
AssemblyDependencyDependentAssemblyAssemblyIdentityLanguage:	neutral
AssemblyDependencyDependentAssemblyAssemblyIdentityProcessorArchitecture:	msil
AssemblyDependencyDependentAssemblyAssemblyIdentityType:	win32
AssemblyDependencyDependentAssemblyHashTransformsTransformAlgorithm:	urn:schemas-microsoft-com:HashTransforms.Identity
AssemblyDependencyDependentAssemblyHashDigestMethodAlgorithm:	http://www.w3.org/2000/09/xmldsig#sha1
AssemblyDependencyDependentAssemblyHashDigestValue:	ylE8z3QnS6MbMNhnLvrMjFtidUg=
AssemblyCompatibleFrameworksXmlns:	urn:schemas-microsoft-com:clickonce.v2
AssemblyCompatibleFrameworksFrameworkTargetVersion:	4
AssemblyCompatibleFrameworksFrameworkProfile:	Full
AssemblyCompatibleFrameworksFrameworkSupportedRuntime:	4.0.30319
AssemblyPublisherIdentityName:	CN=Hewlett Packard Enterprise Company, OU=HP Cyber Security, O=Hewlett Packard Enterprise Company, STREET=3000 Hanover Street, L=Palo Alto, S=CA, PostalCode=94304, C=US
AssemblyPublisherIdentityIssuerKeyHash:	299160ff8a4dfaebf9a66ab8cff9e64bbd49ce12
AssemblySignatureId:	StrongNameSignature
AssemblySignatureXmlns:	http://www.w3.org/2000/09/xmldsig#
AssemblySignatureSignedInfoCanonicalizationMethodAlgorithm:	http://www.w3.org/2001/10/xml-exc-c14n#
AssemblySignatureSignedInfoSignatureMethodAlgorithm:	http://www.w3.org/2000/09/xmldsig#rsa-sha256
AssemblySignatureSignedInfoReferenceUri:	-
AssemblySignatureSignedInfoReferenceTransformsTransformAlgorithm:	http://www.w3.org/2000/09/xmldsig#enveloped-signature
AssemblySignatureSignedInfoReferenceDigestMethodAlgorithm:	http://www.w3.org/2000/09/xmldsig#sha256
AssemblySignatureSignedInfoReferenceDigestValue:	Yhzq8NIEKGPZXeOrZrKGg4tvSqy0qn9yUBCycxoX080=
AssemblySignatureSignatureValue:	cHf3R5+lFbTkXQ9pkfZHwb+P4/tBMhdCFrcEZhpD/bYKmtASm0BSQ7vsgT+QHp4PMJCcKsaJnnUa48bo7Jm5WAosslU6Uow0U70v3M8S81Mg+muKFQmtFpv4TjX7fZ+Ls3JF4t7sxN7wTALXT0wAQCLngz6/IM9AaocpKGsCY1YM20cLXvsqKw0q16zYixDjBuj3OiGTRPlIWVDZjIbnoLJSmx4Varx6vxiWP5eWrf7qytgK5lADKReW/9P6TR67sxpZFXS9wPNLX/9ZadaJ3skGFosyQZIJYusKlOo4egFMVljydVS8h84KL/87E9Z8ivb+uEYZxR7M0oFRTB25bQ==
AssemblySignatureKeyInfoId:	StrongNameKeyInfo
AssemblySignatureKeyInfoKeyValueRSAKeyValueModulus:	03/bnM0/h2L46zFlIhp9sXs6sqYMKTiIVduJ/yhMR564DNmlgvcnQZpwCk6S6gT++EWPabETNf+IIaGN2WqI5nBff8nVhp9QnEptuLVvDjaAh/3aPKa2A5s9UxRqcbpbOJ83K8QwlekAIvDeNIJIhta8QcKJ+6EPkiDrsqIqTxiqllZ0KArQP/R3X2mwnXr+iGltkS4AvgqTjuxRss07F3viM6+s9Dd0NYLgeCsD+lhwluM4boHpGtyDsyzSK9QcBpBT9TQtGjbc1ioI6RK8yCaBxVDT3OLCWpi9W5zItX/RRoyyLrtv3Yz5chVqKWPmqEgYjPATn8vtLFRlzaOn+Q==
AssemblySignatureKeyInfoKeyValueRSAKeyValueExponent:	AQAB
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationHash:	cdd3171a73b21050727faab4ac4a6f8b8386b266abe35dd9632804d2f0ea1c62
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationDescription:	-
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationUrl:	-
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationAssemblyIdentityName:	IRC.application
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationAssemblyIdentityVersion:	1.4.0.2092
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationAssemblyIdentityPublicKeyToken:	81a64c72fbbf0350
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationAssemblyIdentityLanguage:	neutral
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationAssemblyIdentityProcessorArchitecture:	msil
AssemblySignatureKeyInfoRelDataLicenseGrantManifestInformationAssemblyIdentityXmlns:	urn:schemas-microsoft-com:asm.v1
AssemblySignatureKeyInfoRelDataLicenseGrantSignedBy:	-
AssemblySignatureKeyInfoRelDataLicenseGrantAuthenticodePublisherX509SubjectName:	CN=Hewlett Packard Enterprise Company, OU=HP Cyber Security, O=Hewlett Packard Enterprise Company, STREET=3000 Hanover Street, L=Palo Alto, S=CA, PostalCode=94304, C=US
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureId:	AuthenticodeSignature
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureXmlns:	http://www.w3.org/2000/09/xmldsig#
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignedInfoCanonicalizationMethodAlgorithm:	http://www.w3.org/2001/10/xml-exc-c14n#
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignedInfoSignatureMethodAlgorithm:	http://www.w3.org/2000/09/xmldsig#rsa-sha256
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignedInfoReferenceUri:	-
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignedInfoReferenceTransformsTransformAlgorithm:	http://www.w3.org/2000/09/xmldsig#enveloped-signature
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignedInfoReferenceDigestMethodAlgorithm:	http://www.w3.org/2000/09/xmldsig#sha256
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignedInfoReferenceDigestValue:	+tvfZzeT9mKLDzJ7XI/eRNK7zTB6BrJXGfewkDbTDGc=
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureSignatureValue:	YKHhiTTVY9atTR7d2EJo3o7Uhwl8sDUuYCYtsD2rNd4Xkb+a0LwZ2Jxjr81cxlG/rUHW1Ywmd7LcdYyATQIaVtHnMnmqOTfFBmW2KWTdxFF9ekgjB/ktmfg2KWzqpJ6KacKmx7z8YTdkRAaEmRS1fGngwIERUgJZcHz7ayRvrYwheWoG1x6YqqJo8tfa5PJ98KPpWr+Sno80yVFScihyn1DfP8Zoxb0iRX3Y08SvUQggVKUVcy6M/t2wXBbT0zvVrzoy56N1btDDn6umZkObM2uEq/inUpeTa7m/dzFLZYLUpJPDdpVyg2SEQRtxHUfUDZ0sRurRIwl5DJH73uGj1g==
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureKeyInfoKeyValueRSAKeyValueModulus:	03/bnM0/h2L46zFlIhp9sXs6sqYMKTiIVduJ/yhMR564DNmlgvcnQZpwCk6S6gT++EWPabETNf+IIaGN2WqI5nBff8nVhp9QnEptuLVvDjaAh/3aPKa2A5s9UxRqcbpbOJ83K8QwlekAIvDeNIJIhta8QcKJ+6EPkiDrsqIqTxiqllZ0KArQP/R3X2mwnXr+iGltkS4AvgqTjuxRss07F3viM6+s9Dd0NYLgeCsD+lhwluM4boHpGtyDsyzSK9QcBpBT9TQtGjbc1ioI6RK8yCaBxVDT3OLCWpi9W5zItX/RRoyyLrtv3Yz5chVqKWPmqEgYjPATn8vtLFRlzaOn+Q==
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureKeyInfoKeyValueRSAKeyValueExponent:	AQAB
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureKeyInfoX509DataX509Certificate:	MIIFaTCCBFGgAwIBAgIQO5GRDEXErriH1EohfEHdvjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEjMCEGA1UEAxMaQ09NT0RPIFJTQSBDb2RlIFNpZ25pbmcgQ0EwHhcNMTcxMTA5MDAwMDAwWhcNMTgxMTA5MjM1OTU5WjCB0jELMAkGA1UEBhMCVVMxDjAMBgNVBBEMBTk0MzA0MQswCQYDVQQIDAJDQTESMBAGA1UEBwwJUGFsbyBBbHRvMRwwGgYDVQQJDBMzMDAwIEhhbm92ZXIgU3RyZWV0MSswKQYDVQQKDCJIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBDb21wYW55MRowGAYDVQQLDBFIUCBDeWJlciBTZWN1cml0eTErMCkGA1UEAwwiSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgQ29tcGFueTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANN/25zNP4di+OsxZSIafbF7OrKmDCk4iFXbif8oTEeeuAzZpYL3J0GacApOkuoE/vhFj2mxEzX/iCGhjdlqiOZwX3/J1YafUJxKbbi1bw42gIf92jymtgObPVMUanG6WzifNyvEMJXpACLw3jSCSIbWvEHCifuhD5Ig67KiKk8YqpZWdCgK0D/0d19psJ16/ohpbZEuAL4Kk47sUbLNOxd74jOvrPQ3dDWC4HgrA/pYcJbjOG6B6Rrcg7Ms0ivUHAaQU/U0LRo23NYqCOkSvMgmgcVQ09ziwlqYvVucyLV/0UaMsi67b92M+XIVailj5qhIGIzwE5/L7SxUZc2jp/kCAwEAAaOCAY0wggGJMB8GA1UdIwQYMBaAFCmRYP+KTfrr+aZquM/55ku9Sc4SMB0GA1UdDgQWBBQdBjR2juPtlJw7IHtiW2M8AUeYijAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglghkgBhvhCAQEEBAMCBBAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwIwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ29kZVNpZ25pbmdDQS5jcmwwdAYIKwYBBQUHAQEEaDBmMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDb2RlU2lnbmluZ0NBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAyvXjBorhDi5qpKMYIWs1vqHUQkPZ8w2kNBoOnCZUFjqgE+yIdBFHMEBvJJIq38gbKBfpOS8Q7NCVCF5+G5IY1CFJP9QFgjpy22Q845aD0syrTea4HFiE1vNxp3wxSSxK4y2wqoDKj9Fn56AAzJr3pD7YssSUErKmtLSqLXRo+xkev1ZteUGfB+T/S15zKHZZeAmVCI8KmGZB5Du6fp1YhwkbDu/prhNwPSGiRMAaU2VxjltUX8fx1oYuqYEzX8N/lOlYPFBz092bD9rQopu21jW8+yMUn5PcO2cyvzCJnlGq8xaBrWVO5mOw9md3EbQUuKHG11Hy2Ybk1ss6lnugC
AssemblySignatureKeyInfoRelDataLicenseIssuerSignatureObjectTimestamp:	MIIL0wYJKoZIhvcNAQcCoIILxDCCC8ACAQExCzAJBgUrDgMCGgUAMIIBEwYJKoZI hvcNAQcBoIIBBASCAQBgoeGJNNVj1q1NHt3YQmjejtSHCXywNS5gJi2wPas13heR v5rQvBnYnGOvzVzGUb+tQdbVjCZ3stx1jIBNAhpW0ecyeao5N8UGZbYpZN3EUX16 SCMH+S2Z+DYpbOqknoppwqbHvPxhN2REBoSZFLV8aeDAgRFSAllwfPtrJG+tjCF5 agbXHpiqomjy19rk8n3wo+lav5KejzTJUVJyKHKfUN8/xmjFvSJFfdjTxK9RCCBU pRVzLoz+3bBcFtPTO9WvOjLno3Vu0MOfq6ZmQ5sza4Sr+KdSl5Nrub93MUtlgtSk k8N2lXKDZIRBG3EdR9QNnSxG6tEjCXkMkfve4aPWoIIImTCCA+4wggNXoAMCAQIC EH6T6/t8xk5Z6kuad9QG/DswDQYJKoZIhvcNAQEFBQAwgYsxCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8w DQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMR8w HQYDVQQDExZUaGF3dGUgVGltZXN0YW1waW5nIENBMB4XDTEyMTIyMTAwMDAwMFoX DTIwMTIzMDIzNTk1OVowXjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVj IENvcnBvcmF0aW9uMTAwLgYDVQQDEydTeW1hbnRlYyBUaW1lIFN0YW1waW5nIFNl cnZpY2VzIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx rLNJVEuXHBIK2CV5kSJXKm/cuCbEQ3Nrwr8uUFr7FMJ2jkMBJUO0oeJF9Oi3e8N0 zCLXtJQAAvdN7b+0t0Qka81fRTvRRM5DEnMXgotptCvLmR6schsmTXEfsTHd+1Fh AlOmqvVJLAV4RaUvic7nmef+jOJXPz3GktxK+Hsz5HkK+/B1iEGc/8UDUZmq12yf k2mHZSmDhcJgFMTIyTsU2sCB8B8NdN6SIqvK9/t0fCfm90obf6fDni2uiuqm5qon Fn1h95hxEbziUKFL5V365Q6nLJ+qZSDT2JboyHylTkhE/xniRAeSC9dohIBdanhk Rc1gRn5UwRN8xXnxycFxAgMBAAGjgfowgfcwHQYDVR0OBBYEFF+a9W5czMx0mtTd fe8/2+xMgC7dMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j c3AudGhhd3RlLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMD8GA1UdHwQ4MDYwNKAy oDCGLmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVUaW1lc3RhbXBpbmdDQS5j cmwwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQDAgEGMCgGA1UdEQQh MB+kHTAbMRkwFwYDVQQDExBUaW1lU3RhbXAtMjA0OC0xMA0GCSqGSIb3DQEBBQUA A4GBAAMJm495739ZMKrvaLX64wkdu0+CBl03X6ZSnxaN6hySCURu9W3rWHww6Plp jSNzCxJvR6muORH4KrGbsBrDjutZlgCtzgxNstAxpghcKnr84nodV0yoZRjpeUBi JZZux8c3aoMhCI5B6t3ZVz8dd0mHKhYGXqY4aiISo1EZg362MIIEozCCA4ugAwIB AgIQDs/0OMj+vzVuBNhqmBsaUDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJV UzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xMDAuBgNVBAMTJ1N5bWFu dGVjIFRpbWUgU3RhbXBpbmcgU2VydmljZXMgQ0EgLSBHMjAeFw0xMjEwMTgwMDAw MDBaFw0yMDEyMjkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1h bnRlYyBDb3Jwb3JhdGlvbjE0MDIGA1UEAxMrU3ltYW50ZWMgVGltZSBTdGFtcGlu ZyBTZXJ2aWNlcyBTaWduZXIgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAKJjCzlEuLsjp0RJuw7/ofBhClOTsJjbrSwPSsVu/4Y8U1UPFc4EPyv9 qZaW2b5heQtbyUyGduXgQ0sile7CK0PBn9hotI5AT+6FOLkRxSPyZFjwFTJvTleh roikAtcqHs1L4d1j1ReJMluwXplaqJ0oUA4X7pbbYTtFUR3PElYLkkf8q672Zj1H rHBy55LnX80QucSDZJQZvSWA4ejSIqXQugJ6oXeTW2XD7hd0vEGGKtwITIySjJEt nndEH2jWqHR32w5bMotWizO92WPISZ06xcXqMwvS8aMb9Iu+2bNXizveBKd6IrIk ri7HcMW+ToMmCPsLvalPmQjhEChyqs0CAwEAAaOCAVcwggFTMAwGA1UdEwEB/wQC MAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQDAgeAMHMGCCsG AQUFBwEBBGcwZTAqBggrBgEFBQcwAYYeaHR0cDovL3RzLW9jc3Aud3Muc3ltYW50 ZWMuY29tMDcGCCsGAQUFBzAChitodHRwOi8vdHMtYWlhLndzLnN5bWFudGVjLmNv bS90c3MtY2EtZzIuY2VyMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly90cy1jcmwu d3Muc3ltYW50ZWMuY29tL3Rzcy1jYS1nMi5jcmwwKAYDVR0RBCEwH6QdMBsxGTAX BgNVBAMTEFRpbWVTdGFtcC0yMDQ4LTIwHQYDVR0OBBYEFEbGaaMOShQe1UzaUmMX P142vA3mMB8GA1UdIwQYMBaAFF+a9W5czMx0mtTdfe8/2+xMgC7dMA0GCSqGSIb3 DQEBBQUAA4IBAQB4O7SRKgBM8I9iMDd4o4QnB28Yst4l3KDUlAOqhk4ln5pAAxzd zuN5yyFoBtq2MrRtv/QsJmMz5ElkbQ3mw2cO9wWkNWx8iRbG6bLfsundIMZxD82V dNy2XN69Nx9DeOZ4tc0oBCCjqvFLxIgpkQ6A0RH83Vx2bk9eDkVGQW4NsOo4mrE6 2glxEPwcebSAe6xp9P2ctgwWK/F/Wwk9m1viFsoTgW0ALjgNqCmPLOGy9FqpAa8V nCwvSRvbIrvD/niUUcOGsYKIXfA9tFGheTMrLnu53CAJE3Hrahlbz+ilMFcsiUk/ uc9/yb8+ImhjU5q9aXSsxR08f5Lgw7wc2AR1MYIB+DCCAfQCAQEwcjBeMQswCQYD VQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xMDAuBgNVBAMT J1N5bWFudGVjIFRpbWUgU3RhbXBpbmcgU2VydmljZXMgQ0EgLSBHMgIQDs/0OMj+ vzVuBNhqmBsaUDAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH ATAcBgkqhkiG9w0BCQUxDxcNMTgwNzA2MTgwMzE1WjAjBgkqhkiG9w0BCQQxFgQU khSzN+AQYceU2lecFxvTGHbxC+0wDQYJKoZIhvcNAQEBBQAEggEAlyWUTLB3SrnY U+NiQnDihzvFcQmi2dUif7rLpkJGYu+vkmenBgOF92p9UGzZIFLmx8JtPVxhWYQV xxYnn8XxLPnNhMtCBR9dh7q8mHpBjRoYq2ij5197aC1lqUTvQ7l6XJd27ai9ADRZ ue0Ej03Xecgeiqwz+DSpUN7LUmOgcdZFMZAoKzAqhayPLqSOHgWM5dIkFGufmZ6C IgFBhoD67zUlMGM/ItNNrZfr0hXflWxsD1x8ggxHP70rCGi1qVj2Uzt2C/REjY3Q SqVNuEOJxlbG/SPmMBcylpX/hfVwNSZJQ264apUclBFfAFd4qg37pYDFvCkGMk3G R35DCZa8Cw==

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

308

"C:\Windows\System32\rundll32.exe" dfshim.dll,ShOpenVerbApplication C:\Users\admin\AppData\Local\Temp\IRC.application

C:\Windows\System32\rundll32.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows host process (Rundll32)

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll

2896

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe

rundll32.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

ClickOnce

Exit code:

Version:

4.7.3062.0 built by: NET472REL1

Modules

Images
c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

Add for printing

Total events

Read events

Write events

Delete events

Modification events


(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
Operation:	write	Name:	ComponentStore_RandomString
Value: A6K2KKR4C00NJK1C9RJTGPE9
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
Operation:	delete value	Name:	ComponentStore_RandomString
Value: A6K2KKR4C00NJK1C9RJTGPE9
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
Operation:	delete key	Name:
Value:
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
Operation:	write	Name:	ComponentStore_RandomString
Value: AXA81K1Y9K0RQ4ADW43CAQ0E
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
Operation:	write	Name:	StateStore_RandomString
Value: 0QREQ0BWLHDM596WHM84D1RM
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 0
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 1
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(2896) dfsvc.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2896	dfsvc.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\WW7YPETC.log		text
		MD5:—	SHA256:—
2896	dfsvc.exe	C:\Users\admin\AppData\Local\Temp\Deployment\D3H4V1DC.CY1\PG5C4KNO.E77.application		xml
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected

Add for printing

Process	Message
dfsvc.exe	* Status originated: -1073741811 * Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
dfsvc.exe	* Status originated: -1073741811 * Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230

General Info

IRC.application

FBA736CCC7C8B7DB43144B52A7732BE8

EAEA44F650E2B4E3C5262FAEB5B28C683F3DD1A6

3A0703DE91F1DE1FB5D3149EEA0625FC17B8A618B46B580F313DDDAC804C2D1A

192:okPW+wVUC+2AsUdzEc1+pPDSRzcJAK3GrdsdHBavRuXkeRRngFLDB6GUlOfknTHb:7B/+p7SsAdsdCRwke7t3wknT8yhTBL

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads Environment values

INFO

Malware configuration

Static information

TRiD

EXIF

XMP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings