General Info

File name

ldapexplorertool.exe

Full analysis
https://app.any.run/tasks/c49a0c0e-b53f-4eb1-b4d3-5db17cad86b8
Verdict
Malicious activity
Analysis date
12/2/2019, 17:32:46
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

e76e7f4e7468718a24d1fb80f9853837

SHA1

c0c1c2b4dd6af6a067dc573ea99094e821a7d98a

SHA256

569e3f163f605514191dc147b38247e1ab900220fa577e1ca291ba97615b0d23

SSDEEP

98304:zmBOr9EhVCrkc/pkpsBkRIUF5lcPr1rHZsr1ulPatKEzuIUTL:i4r9EhIrcRI86rm1cEsf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • ldapexplorertool2.exe (PID: 1748)
  • ldapexplorertool2.exe (PID: 2364)
Application was dropped or rewritten from another process
  • ldapexplorertool2.exe (PID: 1748)
  • ldapexplorertool2.exe (PID: 2364)
Executable content was dropped or overwritten
  • ldapexplorertool.exe (PID: 2168)
  • is-KBEG5.tmp (PID: 3712)
Loads dropped or rewritten executable
  • is-KBEG5.tmp (PID: 3712)
Application was dropped or rewritten from another process
  • is-KBEG5.tmp (PID: 3712)
Manual execution by user
  • ldapexplorertool2.exe (PID: 2364)
  • opera.exe (PID: 3740)
  • mmc.exe (PID: 2436)
  • mmc.exe (PID: 2516)
  • control.exe (PID: 4080)
Creates files in the program directory
  • is-KBEG5.tmp (PID: 3712)
Creates a software uninstall entry
  • is-KBEG5.tmp (PID: 3712)
Creates files in the user directory
  • opera.exe (PID: 3740)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable PowerBASIC/Win 9.x (51.2%)
.exe
|   Inno Setup installer (37.9%)
.exe
|   Win32 Executable Delphi generic (4.9%)
.dll
|   Win32 Dynamic Link Library (generic) (2.2%)
.exe
|   Win32 Executable (generic) (1.5%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
36864
InitializedDataSize:
16896
UninitializedDataSize:
null
EntryPoint:
0x98d8
OSVersion:
1
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
Comments:
This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:
Laurent Ulrich
FileDescription:
LDAPExplorerTool 2 Setup
FileVersion:
LegalCopyright:
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:
Laurent Ulrich
FileDescription:
LDAPExplorerTool 2 Setup
FileVersion:
null
LegalCopyright:
null
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x00008FFC 0x00009000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.59246
DATA 0x0000A000 0x00000248 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.69893
BSS 0x0000B000 0x00000E34 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000C000 0x00000950 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.43127
.tls 0x0000D000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0000E000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.199108
.reloc 0x0000F000 0x000008A0 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00010000 0x00002800 0x00002800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 4.48025
Resources
1

2

3

4

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
50
Monitored processes
9
Malicious processes
2
Suspicious processes
1

Behavior graph

+
drop and start start drop and start ldapexplorertool.exe no specs ldapexplorertool.exe is-kbeg5.tmp ldapexplorertool2.exe no specs opera.exe ldapexplorertool2.exe no specs control.exe no specs mmc.exe no specs mmc.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1904
CMD
"C:\Users\admin\AppData\Local\Temp\ldapexplorertool.exe"
Path
C:\Users\admin\AppData\Local\Temp\ldapexplorertool.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Laurent Ulrich
Description
LDAPExplorerTool 2 Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\ldapexplorertool.exe

PID
2168
CMD
"C:\Users\admin\AppData\Local\Temp\ldapexplorertool.exe"
Path
C:\Users\admin\AppData\Local\Temp\ldapexplorertool.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Laurent Ulrich
Description
LDAPExplorerTool 2 Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\ldapexplorertool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-kj1hj.tmp\is-kbeg5.tmp

PID
3712
CMD
"C:\Users\admin\AppData\Local\Temp\is-KJ1HJ.tmp\is-KBEG5.tmp" /SL4 $40128 "C:\Users\admin\AppData\Local\Temp\ldapexplorertool.exe" 3754305 52224
Path
C:\Users\admin\AppData\Local\Temp\is-KJ1HJ.tmp\is-KBEG5.tmp
Indicators
Parent process
ldapexplorertool.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.44.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-kj1hj.tmp\is-kbeg5.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-i3lp0.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\ldapexplorertool 2\unins000.exe
c:\program files\ldapexplorertool 2\ldapexplorertool2.exe
c:\windows\system32\netutils.dll

PID
1748
CMD
"C:\Program Files\LDAPExplorerTool 2\ldapexplorertool2.exe"
Path
C:\Program Files\LDAPExplorerTool 2\ldapexplorertool2.exe
Indicators
No indicators
Parent process
is-KBEG5.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\ldapexplorertool 2\ldapexplorertool2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ldapexplorertool 2\mingwm10.dll
c:\windows\system32\msvcrt.dll
c:\program files\ldapexplorertool 2\liblber.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\program files\ldapexplorertool 2\libldap.dll
c:\program files\ldapexplorertool 2\libeay32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wsock32.dll
c:\program files\ldapexplorertool 2\libssl32.dll
c:\program files\ldapexplorertool 2\wxbase28u_gcc_custom.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\ldapexplorertool 2\wxmsw28u_core_gcc_custom.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\oleaut32.dll
c:\program files\ldapexplorertool 2\wxmsw28u_xrc_gcc_custom.dll
c:\program files\ldapexplorertool 2\wxbase28u_xml_gcc_custom.dll
c:\program files\ldapexplorertool 2\wxmsw28u_adv_gcc_custom.dll
c:\windows\system32\winmm.dll
c:\program files\ldapexplorertool 2\wxmsw28u_html_gcc_custom.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
3740
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.34.11\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll

PID
2364
CMD
"C:\Program Files\LDAPExplorerTool 2\ldapexplorertool2.exe"
Path
C:\Program Files\LDAPExplorerTool 2\ldapexplorertool2.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\program files\ldapexplorertool 2\ldapexplorertool2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ldapexplorertool 2\mingwm10.dll
c:\windows\system32\msvcrt.dll
c:\program files\ldapexplorertool 2\liblber.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\program files\ldapexplorertool 2\libldap.dll
c:\program files\ldapexplorertool 2\libeay32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wsock32.dll
c:\program files\ldapexplorertool 2\libssl32.dll
c:\program files\ldapexplorertool 2\wxbase28u_gcc_custom.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\ldapexplorertool 2\wxmsw28u_core_gcc_custom.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\oleaut32.dll
c:\program files\ldapexplorertool 2\wxmsw28u_xrc_gcc_custom.dll
c:\program files\ldapexplorertool 2\wxbase28u_xml_gcc_custom.dll
c:\program files\ldapexplorertool 2\wxmsw28u_adv_gcc_custom.dll
c:\windows\system32\winmm.dll
c:\program files\ldapexplorertool 2\wxmsw28u_html_gcc_custom.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
4080
CMD
"C:\Windows\System32\control.exe" SYSTEM
Path
C:\Windows\System32\control.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Control Panel
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\control.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\propsys.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wpccpl.dll
c:\windows\system32\slc.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\actxprxy.dll

PID
2436
CMD
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
Path
C:\Windows\system32\mmc.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
Microsoft Management Console
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\mmc.exe
c:\systemroot\system32\ntdll.dll

PID
2516
CMD
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
Path
C:\Windows\system32\mmc.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Management Console
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\mmc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mmcbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\duser.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\dui70.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmcndmgr.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\version.dll
c:\windows\system32\devmgr.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\newdev.dll
c:\windows\system32\dmocx.dll
c:\windows\system32\sxs.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mcxdriv.dll
c:\windows\system32\mmsys.cpl
c:\windows\system32\mdminst.dll
c:\windows\system32\sensorscpl.dll
c:\windows\system32\sysclass.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\sti_ci.dll
c:\windows\system32\batt.dll
c:\windows\system32\sccls.dll
c:\windows\system32\auxiliarydisplayclassinstaller.dll
c:\windows\system32\bthci.dll
c:\windows\system32\wpd_ci.dll
c:\windows\system32\wintrust.dll

Registry activity

Total events
694
Read events
612
Write events
81
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Inno Setup: Setup Version
5.1.9
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Inno Setup: App Path
C:\Program Files\LDAPExplorerTool 2
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
InstallLocation
C:\Program Files\LDAPExplorerTool 2\
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Inno Setup: Icon Group
LDAPExplorerTool 2
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Inno Setup: User
admin
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Inno Setup: Selected Tasks
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Inno Setup: Deselected Tasks
desktopicon,quicklaunchicon
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
DisplayName
LDAPExplorerTool 2
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
UninstallString
"C:\Program Files\LDAPExplorerTool 2\unins000.exe"
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
QuietUninstallString
"C:\Program Files\LDAPExplorerTool 2\unins000.exe" /SILENT
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
Publisher
Laurent Ulrich
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
URLInfoAbout
http://ldaptool.sourceforge.net
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
HelpLink
http://ldaptool.sourceforge.net
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
URLUpdateInfo
http://ldaptool.sourceforge.net
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
NoModify
1
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
NoRepair
1
3712
is-KBEG5.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LDAPExplorerTool 2_is1
InstallDate
20191202
3740
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
3740
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
4080
control.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
4080
control.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@C:\Windows\System32\wpccpl.dll,-100
Parental Controls
2516
mmc.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Microsoft Management Console\Recent File List
2516
mmc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Microsoft Management Console\Recent File List
File1
C:\Windows\system32\devmgmt.msc
2516
mmc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Microsoft Management Console\Recent File List
File2
C:\Windows\system32\compmgmt.msc
2516
mmc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Microsoft Management Console\Recent File List
File3
C:\Windows\system32\taskschd.msc

Files activity

Executable files
21
Suspicious files
15
Text files
13
Unknown types
9

Dropped files

PID
Process
Filename
Type
2168
ldapexplorertool.exe
C:\Users\admin\AppData\Local\Temp\is-KJ1HJ.tmp\is-KBEG5.tmp
executable
MD5: 4fa180886ff7c0fd86a65f760ede6318
SHA256: 1d9026c60374b056720cdfcfa598a641cc8fbc9932590d69b4cfbc32cd09871c
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\libldap_r.dll
executable
MD5: f428f047b037e89c5a98f7d392884588
SHA256: 324a56fc9fcc97588c3a871c7d8c634780cceb7178c3d7046e12264ac62c1331
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\libldap.dll
executable
MD5: 41a3115041c157d53131a10564aaed3a
SHA256: 38c5daab59fc8617d88a01eb76efc52b9af3d885e12f4884c18135d24f897ef2
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_qa_gcc_custom.dll
executable
MD5: b89d3143b2a028678afcb7896e3ff71b
SHA256: 99b3b288e0d61db8a8d258c05a2c1e95f2f8619dc02aa0514b4cbf084f23f27d
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\mingwm10.dll
executable
MD5: 47c8baa23a6fc02cb4bf25835f69c38a
SHA256: 6bc47908b474612ca1d6e1ed2a2518390acc6d2b97cf1d1794466cc65dff4125
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_richtext_gcc_custom.dll
executable
MD5: 3cfdafe5b0d5276bb4ee14f44f8a23bb
SHA256: 0f45e996e017801e9eb3fae0d6d94dac91fc9fcb437ea019e1262873179a31fd
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\ldapexplorertool2.exe
executable
MD5: 88b693cba3ab0dd5b8bc21fb20782ef7
SHA256: 589942e2f798de55a5937a6bef314e68d1c9aee1f8ee9804a5a78b00003fe139
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_xrc_gcc_custom.dll
executable
MD5: 644b1db1ee6fad17bb88e88b9de4531a
SHA256: baede0daa71d1c618161f8e9d5979b7d2861559fa0336bb41212e576a3de30c9
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\unins000.exe
executable
MD5: ca10558d059250bfb8707ed6929e5d15
SHA256: 616334daed0382389483ddbbe62293ecfadaa6c37bee760d4158f0af407f8423
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\libeay32.dll
executable
MD5: 7e2cd5d44122d7832cabffa7c28af7d4
SHA256: c9aea6cf9758f3ca1e4c2c101c0de8a8204c7bb03bef168bf0ed4f54ad778980
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxbase28u_gcc_custom.dll
executable
MD5: eb2dbb0d809e30a33e0a172ac8e0c995
SHA256: da85aca5e5331df69dbaba4bd57095c25d8ec686db10b944764de9a4cf41bac8
3712
is-KBEG5.tmp
C:\Users\admin\AppData\Local\Temp\is-I3LP0.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxbase28u_net_gcc_custom.dll
executable
MD5: 79c6314f0adefc5a8cd655cb69f9b20d
SHA256: dc7c18dc8525fcbac2f08e5fd85636fda6e0d5f31a00ac85e67c630d582aa9c3
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\libssl32.dll
executable
MD5: 177fd1d025c3c001883afad46194ace2
SHA256: 845c6d372432670935604a628f5a3d97852a59bb9e6975f97cd8e5166d3d31f5
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_html_gcc_custom.dll
executable
MD5: 6b41da466d43dd24568712868930c3bf
SHA256: 7f540579dce5bc0097458a2a8afb05adb62cfb1676f882e66b91c236dbfd5634
3712
is-KBEG5.tmp
C:\Users\admin\AppData\Local\Temp\is-I3LP0.tmp\_isetup\_RegDLL.tmp
executable
MD5: c594b792b9c556ea62a30de541d2fb03
SHA256: 5dcc1e0a197922907bca2c4369f778bd07ee4b1bbbdf633e987a028a314d548e
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_adv_gcc_custom.dll
executable
MD5: 1769bf8cae7fb97ce63a6d56e2a87f39
SHA256: e8d688c954a5eed0a4325be212b2bd4c6a01724b9b4fc396c8f3e230eaf41b6b
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxbase28u_xml_gcc_custom.dll
executable
MD5: 536b1fc852b69401b8c88c28abd89a4c
SHA256: 12bb65f17827f215b3f217f9b98486c321b7adf3e89af99ff00534ee19b14c55
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_aui_gcc_custom.dll
executable
MD5: c9fabe00d31cfa9fbdd8d8bc15b013c1
SHA256: e3a0a03236988f7fd91d855a5bc0f5002882dcb394f14759ab281ef69b20e025
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxmsw28u_core_gcc_custom.dll
executable
MD5: ece54b061f76de994a04b5cd4ce288cc
SHA256: a838c75aaba4af348b2316a108b740ece14ccd8938fa3bb89679e392308a15f9
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\liblber.dll
executable
MD5: f6195121845e25d4700d41e22213dda3
SHA256: 7a5aa8e975af16c4ad5155e8f60abc9be427778e8f9e2012b8fce8e581d75dd0
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\w.axx
abr
MD5: 04a1fb3bc2cdb697eec281ee1042d2aa
SHA256: dd9efd68d8bdb8cdabdee048202e38644ef8a9f7028d3e15643a3eca56f10b2b
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprA6AF.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
text
MD5: 378946a66814bed3e90d8b14e9d94180
SHA256: e3fabf8e0007a8a229c143f8ea11af31a52ee9a51297a692d8c3cb5217f76d85
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\mail\omailbase.dat
abr
MD5: f52d18b1988d60b85f3df3b422e67906
SHA256: e8c7c39ae1a30e455ceea25c20267ef6d3035cc2dbbaa80c62650ae6610710f8
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
xml
MD5: 8f9bc25082526679d20832e134280689
SHA256: 0fede19a884e68af700217770d350b22bfe9cee4cf87ba9438d50f2341a85b2c
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 70ecca11a9914d5a2b44a3a576799e76
SHA256: 003d5807603b7e8d4866e9c6df462ac559378c2da6b5dd729c470c7a42c9e242
3740
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF39a68b.TMP
binary
MD5: 623eef388615e3437b83ec5decf1881e
SHA256: cb0c1ced10b4458114e1735afe997e2bbe8b9a7df48025549ec213edfce551a1
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: 3f5281b948860e52fe0e440fa12be986
SHA256: dd343f8defafcf2e27b3ef50edb66a7821a4b219a0d326e1373355c02e5289af
3740
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 623eef388615e3437b83ec5decf1881e
SHA256: cb0c1ced10b4458114e1735afe997e2bbe8b9a7df48025549ec213edfce551a1
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprA68F.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprA68E.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprA68D.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GFH5PPVWTPEAG6V7AGE5.temp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: a4af1e0a6c31980559cdcaa7e7d6f10a
SHA256: f545e58b848ab6e1cb51ce4ae98993c52d6706db8271373d205dd003f689c765
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr9E10.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 6c38483db8f37550b7eaeaf622d264c0
SHA256: fc52199f4a443fd4b6e3e5e43d5444d67a1ad046d3b77b4f8204a819a827cb87
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr9DD1.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\CACHEDIR.TAG
text
MD5: e717f92fa29ae97dbe4f6f5c04b7a3d9
SHA256: 5bbd5dcbf87fd8cd7544c522badf22a2951cf010ad9f25c40f9726f09ea2b552
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\unins000.dat
dat
MD5: 2f4360db2bd4d61b11cf43e2823f48e0
SHA256: edb00db35a47e383df5ccbb3926257885b9599c57acc649eeb7a18e6aa14f386
3712
is-KBEG5.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LDAPExplorerTool 2\LDAPExplorerTool 2.lnk
lnk
MD5: f2b34ec3b47cf717cfdd2fcc174e3e51
SHA256: 596334b1ff45e0f9dcf5cd50e4554b21bfe591b3c14ca810f416274217454d08
3712
is-KBEG5.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LDAPExplorerTool 2\Uninstall LDAPExplorerTool 2.lnk
lnk
MD5: 3fd56aff0a8d3f57a0c57fc01086cb10
SHA256: 09ac8c3aa63a0739aba5ec771db01fb46ad18a0ca2e9b58044e4a3778bd245d7
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\let_userguide.pdf
pdf
MD5: 735f43650537494e8db17f44471dbdfa
SHA256: 2832138c63bdcfd920e31bdc275c736683f22d55aa25ecfbbb60f5308e437b69
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-K0EH7.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\wxwidgets-license.txt
text
MD5: 8b3f4d426b97ea335b053353f9f220b2
SHA256: 0ffb45ea0cfd404914c7188b2f56b329b02546a82d7feb520ea65e63d7d3a017
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\ldapexplorertool-license.txt
text
MD5: 6803718eb9ccaa9443c7c50e2849cfb9
SHA256: c56fbde0166f11cbde6a9f2cf47adf74be326600e3e41dd64a954113340423ec
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\openldap-license.txt
text
MD5: 0980de169c11fbb89f54e2cf443b9121
SHA256: 991ab2047da6497fd9a7843cd70ef5b57da1dc9440cd4bbd946db2be266be836
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-S7KGR.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-F7O3R.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-PL0LM.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-9GVPG.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\dcache4.url
binary
MD5: e452c0391908b546eca0dd1a4019d50a
SHA256: fa560e81f1f74db3b88e030c8267e3490f9d544e2e7ec488579fc2f9d6643185
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-IH2JT.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-50QG8.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-718NV.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\dcache4.url
binary
MD5: 269abfcdb8eb1886306172aad82c919b
SHA256: 6e5005153bf4250978bd0f260f94b47abfa8b8676b36d7e8b8b1703c36c47f59
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-P3FNB.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
binary
MD5: f6d7c18ff23d4148c6ce71711510dafc
SHA256: c3d6bba573992cc617ce5043436c210f173d3a4633660de51fc931ef5a8a4b32
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-919UF.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\oprA6C2.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-LK71B.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\oprA6C1.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-891UC.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprA6C0.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-LNK61.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\opcache\dcache4.url
binary
MD5: e452c0391908b546eca0dd1a4019d50a
SHA256: fa560e81f1f74db3b88e030c8267e3490f9d544e2e7ec488579fc2f9d6643185
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-RVQ2Q.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-EF5KE.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\cache_groups.xml
xml
MD5: 0c3d13ca7a1b93960f71a49613f4aa5c
SHA256: eb9eaf372a1df1d4d3f389bb09f05b0cd8a1dbd838ae1247f34b36fa7566bb5a
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-L4IL6.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
binary
MD5: f8f1abb5a51912ef13a3f4e944f5ee01
SHA256: 6275ead00a733e30583c20dc9233553407fa8a0fb9b42a9a11008a5dfffa405c
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\adoc.bx
abr
MD5: ad973d69060c288cf7c70e9ada4b4b81
SHA256: 998c3980d784c306a7b833e7fb914c731d3935d4b94894ba809bd90b11d7f496
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-10PKQ.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-A40N6.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: 6286a2c55929c2e27fb385ef25f54c01
SHA256: 68dcab9d4e5e7a0cdedef92fa4e9df8d7ce1dfaef7668b18ca6992303c1b4371
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-6ATQM.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-FDKCL.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\xrc\ldapexplorertool2.xrc
xml
MD5: cb524bbe362b17c6f4315405fe61f33c
SHA256: 5884b5179d97e3ac71bf6a4f7cb607056c2dd08da98cb1df579fcd06cd23be20
3740
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: fce6a093a5af54a47ed465295e9c373b
SHA256: 2d60c9a416da348a79027cd2a38cac11f2c208681ffad4d40e918d834ffc70f1
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\xrc\is-41T6T.tmp
––
MD5:  ––
SHA256:  ––
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-2QRLP.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\url.axx
abr
MD5: 04a1fb3bc2cdb697eec281ee1042d2aa
SHA256: dd9efd68d8bdb8cdabdee048202e38644ef8a9f7028d3e15643a3eca56f10b2b
3712
is-KBEG5.tmp
C:\Program Files\LDAPExplorerTool 2\is-B10PD.tmp
––
MD5:  ––
SHA256:  ––
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\md.dat
abr
MD5: 4ccacb766afadcd2ae4c65e5eceaaec6
SHA256: b1c5eb9953002e3716807485e54ff249f2b7f4884083447eff8f38de1694f9a5
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\wb.vx
abr
MD5: 92e9c1cacdf89ee367f1defbe237750c
SHA256: de74d00b0be06c30ca17e1ff973617de8bf1571a24045b02fd505f614b6f3bee
3740
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\dcache4.url
binary
MD5: e452c0391908b546eca0dd1a4019d50a
SHA256: fa560e81f1f74db3b88e030c8267e3490f9d544e2e7ec488579fc2f9d6643185

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
3740 opera.exe 185.26.182.94:443 Opera Software AS –– malicious

DNS requests

Domain IP Reputation
certs.opera.com 185.26.182.94
185.26.182.93
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.