General Info

File name

personnel-2.2.0.exe

Full analysis
https://app.any.run/tasks/642ef800-38d3-4dcf-829f-0553051b48cb
Verdict
Malicious activity
Analysis date
4/14/2019, 17:45:05
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

fbe19a74c1f260a776d7752d27edb740

SHA1

b8a2804ec59ae52e3c88990a27d716eb7d43defb

SHA256

81ecb0e32abcc36d98b3be0ced6c9c1919dc18947cbb44728419d16c74ecf97c

SSDEEP

786432:OK6L8jdmwYIXlOM9itWkqWHzz7eSqrGK465M8j:OK6UApIXlOM0tpLh0Gq2m

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • vdjobman.dll (PID: 1708)
  • personnel.exe (PID: 2468)
Loads dropped or rewritten executable
  • svchost.exe (PID: 840)
  • personnel-2.2.0.exe (PID: 2180)
  • personnel.exe (PID: 2468)
Starts application with an unusual extension
  • personnel.exe (PID: 2468)
Starts Internet Explorer
  • personnel.exe (PID: 2468)
Creates a software uninstall entry
  • personnel-2.2.0.exe (PID: 2180)
Creates files in the program directory
  • personnel-2.2.0.exe (PID: 2180)
Executable content was dropped or overwritten
  • personnel-2.2.0.exe (PID: 2180)
Changes internet zones settings
  • iexplore.exe (PID: 2492)
Reads internet explorer settings
  • iexplore.exe (PID: 2672)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2492)
Dropped object may contain Bitcoin addresses
  • personnel-2.2.0.exe (PID: 2180)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   NSIS - Nullsoft Scriptable Install System (94.8%)
.exe
|   Win32 Executable MS Visual C++ (generic) (3.4%)
.dll
|   Win32 Dynamic Link Library (generic) (0.7%)
.exe
|   Win32 Executable (generic) (0.5%)
.exe
|   Generic Win/DOS Executable (0.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:12:05 23:50:46+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
23552
InitializedDataSize:
119808
UninitializedDataSize:
1024
EntryPoint:
0x323c
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Dec-2009 22:50:46
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
05-Dec-2009 22:50:46
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005A5A 0x00005C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.4177
.rdata 0x00007000 0x00001190 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.18163
.data 0x00009000 0x0001AF98 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.70903
.ndata 0x00024000 0x0000A000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0002E000 0x00007858 0x00007A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.91231
Resources
1

2

3

4

5

102

103

104

105

106

110

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
41
Monitored processes
7
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start personnel-2.2.0.exe no specs personnel-2.2.0.exe personnel.exe vdjobman.dll no specs svchost.exe iexplore.exe iexplore.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
840
CMD
C:\Windows\system32\svchost.exe -k netsvcs
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\themeservice.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\slc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sens.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\authz.dll
c:\windows\system32\ubpm.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netjoin.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\browser.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\sscore.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\nci.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\propsys.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\bitsigd.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\wer.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\es.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\windows\system32\appinfo.dll
c:\users\admin\appdata\local\temp\personnel-2.2.0.exe
c:\windows\system32\shdocvw.dll
c:\visualdata\personnel\local\personnel.exe
c:\visualdata\personnel\local\vdjobman.dll

PID
964
CMD
"C:\Users\admin\AppData\Local\Temp\personnel-2.2.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\personnel-2.2.0.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\systemroot\system32\ntdll.dll

PID
2180
CMD
"C:\Users\admin\AppData\Local\Temp\personnel-2.2.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\personnel-2.2.0.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\personnel-2.2.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsi9936.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\visualdata\personnel\local\personnel.exe
c:\windows\system32\netutils.dll

PID
2468
CMD
"C:\VisualData\personnel\Local\personnel.exe"
Path
C:\VisualData\personnel\Local\personnel.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
VisualData.ru
Description
Движок
Version
1.0.0.0
Modules
Image
c:\visualdata\personnel\local\personnel.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\visualdata\personnel\local\mm.dll
c:\visualdata\personnel\local\log.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\visualdata\personnel\local\padeg.dll
c:\windows\system32\d3d8.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\ksproxy.ax
c:\windows\system32\d3d9.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\visualdata\personnel\local\vdjobman.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\iexplore.exe

PID
1708
CMD
C:\VisualData\personnel\Local\vdjobman.dll 616 628 2468
Path
C:\VisualData\personnel\Local\vdjobman.dll
Indicators
No indicators
Parent process
personnel.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\visualdata\personnel\local\vdjobman.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll

PID
2492
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "file:///C:/VisualData/personnel/Local/../doc/personnel.html#DS100"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
personnel.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mssprxy.dll

PID
2672
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2492 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\winword.exe

Registry activity

Total events
723
Read events
645
Write events
78
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\personnel.exe
C:\VisualData\personnel\visualdata.exe
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
DisplayName
VisualData Îòäåë êàäðîâ 2.2.0
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
UninstallString
C:\VisualData\personnel\uninst.exe
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
DisplayIcon
C:\VisualData\personnel\vd-icon.ico
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
DisplayVersion
2.2.0
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
URLInfoAbout
http://www.visualdata.ru
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
HelpLink
http://www.visualdata.ru
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
Publisher
VisualData
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
Contact
òåë/ôàêñ.: 8 (863) 239-92-54
2180
personnel-2.2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Îòäåë êàäðîâ-2.2.0
InstallLocation
C:\VisualData\personnel
2468
personnel.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
personnel.exe
2468
personnel.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
personnel.exe
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{84C537CF-5ECC-11E9-B63D-5254004A04AF}
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040000000E000F002E0033001203
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040000000E000F002E0033001203
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
963FEF47D9F2D401
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040000000E000F002E0033008F03
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040000000E000F002E003300AF03
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
75
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040000000E000F002E003300DD03
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
40
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Enable
1
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Size
10
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
InitHits
100
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Factor
20
2672
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
0904
2672
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
2672
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041420190415
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CachePrefix
:2019041420190415:
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheLimit
8192
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheOptions
11
2672
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheRepair
0

Files activity

Executable files
8
Suspicious files
54
Text files
177
Unknown types
14

Dropped files

PID
Process
Filename
Type
2180
personnel-2.2.0.exe
C:\VisualData\personnel\uninst.exe
executable
MD5: 818f607874083820c9937fe485ccecc1
SHA256: 192f99f9ec6a5a977f9eb00278b25ea161547c91969a5cfb58b84d598193b525
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\mm.dll
executable
MD5: 7853519763364a97279c4a53a9ec03f3
SHA256: 51bd7a1ac9b2485342b89c56efc24eb92a393b532dd87108eab7fabefee6e87a
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\log.dll
executable
MD5: ec1e44616127cd10c9f8c4a5feb1b1fe
SHA256: 80e9a9a8e69d77332e98a0134c239d63ac77d1ef6aea205bf9e42d2d61344b40
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\reportview.exe
executable
MD5: 0e2fdd7988f950bedef042796508383f
SHA256: 5c4d0bbb99084e3bb8c29b75c22a0d20790038acf8b009f738173cd9c5991bda
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vdjobman.dll
executable
MD5: 7eba8ae3bbb962f358e778df5b323139
SHA256: f9841cba0f04ecce8917548c7f528aad712bd7d4e55cd32988486d8f4f22efdd
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\personnel.exe
executable
MD5: da8667efa2db5da71aae4013f2543c65
SHA256: 4d220bdd5ec0aa8acfb243edbb971ffc2f7b6a79e3308a23fcbc7c220bf21abe
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\InstallOptions.dll
executable
MD5: 325b008aec81e5aaa57096f05d4212b5
SHA256: c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\padeg.dll
executable
MD5: 2c55e4cbd98451d6305a0f6f9b48d81c
SHA256: 960006c3ece0672d5ac631a0446f01c681fc862bba4463dd59de0bbad992acae
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\key_enter.png
image
MD5: 13c404f3be6ea0728a4cc7ec8941c54d
SHA256: b0d4885d1879c65dd26687a2c9f504a3fe44a2e9c42d7d96194ff183b30cbee6
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: fbc871f1955eabe307b71b9d5148dcb9
SHA256: 81debd47d197702fd459a9f6ad986bfe4e6d28d779732d5a67baa2603cbae0c0
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: 91ae9379c21746adf716fe76595f59c0
SHA256: 0fa71cb34b340e2fbbb05eb4d41869d8948fa4ff92e6ca441c7ede055523c9bb
2468
personnel.exe
C:\VisualData\personnel\Local\vds\FullJournal\2019-04-14_000001\00002.vdo
binary
MD5: 3fd06223ab132b9e9cb4a25b102837df
SHA256: 9616dc589113c6bd56e37f0fac9f68495918411286cafae641a07cb124b745d6
2468
personnel.exe
C:\VisualData\personnel\Local\vds\FullJournal\2019-04-14_000001\00001.vdc
binary
MD5: b7a4bceffae3f4c459d4daa2d8fd7a38
SHA256: d2f2de9a2d0a8d7ce7e6923ebeae0263a1cd8d6f39d46b7f1f45bfe3c5640346
2468
personnel.exe
C:\VisualData\personnel\Local\vds\FullJournal\2019-04-14_000001\00001.vdl
binary
MD5: c17d0542e9c647f8f221e31b038b5f5e
SHA256: 13bc3e96e69c2655c1bfeb28c49e52b7ae3b149fe7287441336919657839cbe4
2468
personnel.exe
C:\VisualData\personnel\Local\vds\FullJournal\2019-04-14_000001\00001.vda
binary
MD5: 18f31ea5e378fcbe9bd4a5f48a9ed349
SHA256: c7be73b21c8c2196cce7e8241dc75b9fb326146a3a2b35a17907ef87923ee25d
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: a5e7b2574184ce16cf5755aa620fe914
SHA256: 0535126bce0c2d140b7f20795fd20733a296c5750beceba55e44f5415061879e
2468
personnel.exe
C:\VisualData\personnel\Local\vds\FullJournal\2019-04-14_000001\00001.vdo
––
MD5:  ––
SHA256:  ––
2468
personnel.exe
C:\VisualData\personnel\Local\vds\FullJournal\2019-04-14_000001\Info.ini
text
MD5: f56f8a955dbd324a10332fc80415a323
SHA256: 2212151f387e6506185e52fc5901fba4603be75d3220cc895e456205b5ae9aa1
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: b7a4bceffae3f4c459d4daa2d8fd7a38
SHA256: d2f2de9a2d0a8d7ce7e6923ebeae0263a1cd8d6f39d46b7f1f45bfe3c5640346
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\Info.ini
text
MD5: f56f8a955dbd324a10332fc80415a323
SHA256: 2212151f387e6506185e52fc5901fba4603be75d3220cc895e456205b5ae9aa1
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\00002.vdo
binary
MD5: 3fd06223ab132b9e9cb4a25b102837df
SHA256: 9616dc589113c6bd56e37f0fac9f68495918411286cafae641a07cb124b745d6
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: b3f483b2aafd062cff2ca70a02c64c1d
SHA256: 925d1f23eb0978c165b2cc54db3b169c6ce402f3af1456aa9c701dc56208ebdd
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\00001.vdo
––
MD5:  ––
SHA256:  ––
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: c17d0542e9c647f8f221e31b038b5f5e
SHA256: 13bc3e96e69c2655c1bfeb28c49e52b7ae3b149fe7287441336919657839cbe4
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\00001.vda
binary
MD5: 18f31ea5e378fcbe9bd4a5f48a9ed349
SHA256: c7be73b21c8c2196cce7e8241dc75b9fb326146a3a2b35a17907ef87923ee25d
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: b0862349efe85032a7be42cd4d16e343
SHA256: c489decee352283595033d935ce33afff6a8bdebb4238f3e467928b725e4c2df
2468
personnel.exe
C:\VisualData\personnel\Local\vds\RollBack\2019-04-14_000001\Info.ini
text
MD5: 2369dbd5b7a6be400f8f41630466b7b3
SHA256: 874574ae27c73f687a49a9fc27e06bb6abc6aad9478aa98295a293d8688e32f2
2468
personnel.exe
C:\VisualData\personnel\Local\vds\WorkArea\arc\00001.vdc
binary
MD5: b7a4bceffae3f4c459d4daa2d8fd7a38
SHA256: d2f2de9a2d0a8d7ce7e6923ebeae0263a1cd8d6f39d46b7f1f45bfe3c5640346
2468
personnel.exe
C:\VisualData\personnel\Local\vds\WorkArea\arc\00002.vdo
binary
MD5: 3fd06223ab132b9e9cb4a25b102837df
SHA256: 9616dc589113c6bd56e37f0fac9f68495918411286cafae641a07cb124b745d6
2468
personnel.exe
C:\VisualData\personnel\Local\vds\WorkArea\arc\00001.vdo
––
MD5:  ––
SHA256:  ––
2468
personnel.exe
C:\VisualData\personnel\Local\vds\WorkArea\arc\00001.vda
binary
MD5: 18f31ea5e378fcbe9bd4a5f48a9ed349
SHA256: c7be73b21c8c2196cce7e8241dc75b9fb326146a3a2b35a17907ef87923ee25d
2468
personnel.exe
C:\VisualData\personnel\Local\vds\WorkArea\arc\00001.vdl
binary
MD5: c17d0542e9c647f8f221e31b038b5f5e
SHA256: 13bc3e96e69c2655c1bfeb28c49e52b7ae3b149fe7287441336919657839cbe4
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: 496a617b1c37080fcce99f8e9e293a91
SHA256: 25ae51949453a2ffbc60d66da56e6808b13523d931e3639af88a4d746bf53c89
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\Info.ini
text
MD5: 4532be3eddc4514754c98482ef1ac7f2
SHA256: a6724607fa944305a5a278b88765ff503b11a9ffcf550a57e2a23c800a75329d
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: ce45c245dde15d719b6494542f4391e7
SHA256: cdc99a2027b5be9b446011099d299fb443c8f48ac01abe681b233bc9a8018ba6
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: 737822960de7a6f3369ccce49ab53d8f
SHA256: 801c088ea976f8ad7f7eceedde8bdc47751565a9a31780e6898a388622cfff87
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdo
binary
MD5: 60d5133e366cae46732d22556d931287
SHA256: 2fb395413c7104094166098b335dbffec4054880d3226ba0a14018e33148dbdb
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vda
binary
MD5: ffa9e32d49388ff4395f2d226068569e
SHA256: 4d71bd5c79b7652f0f3398c145216a67ba1403a88e8e878759e750f0382ebe28
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: ffa9e32d49388ff4395f2d226068569e
SHA256: 4d71bd5c79b7652f0f3398c145216a67ba1403a88e8e878759e750f0382ebe28
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\arc\00001.vdc
binary
MD5: ce45c245dde15d719b6494542f4391e7
SHA256: cdc99a2027b5be9b446011099d299fb443c8f48ac01abe681b233bc9a8018ba6
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: 2a7a4a3507f8dab37d1844edf9d86358
SHA256: 05d1ad4fe5cfdefa6a2cc66ded7b108e6bcdd88c52cf96ee77e347037b10d8c2
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\arc\00001.vdo
binary
MD5: 60d5133e366cae46732d22556d931287
SHA256: 2fb395413c7104094166098b335dbffec4054880d3226ba0a14018e33148dbdb
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\arc\00001.vda
binary
MD5: ffa9e32d49388ff4395f2d226068569e
SHA256: 4d71bd5c79b7652f0f3398c145216a67ba1403a88e8e878759e750f0382ebe28
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\arc\00001.vdl
binary
MD5: ffa9e32d49388ff4395f2d226068569e
SHA256: 4d71bd5c79b7652f0f3398c145216a67ba1403a88e8e878759e750f0382ebe28
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\00001.vdo
text
MD5: 8577f066d94b1e3fb25e60c78c9271d9
SHA256: 2335ceceaf254e7582a5e9f5e7439d245b4bb81cbf6a9d711d2ec24960a24d13
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\00001.vdl
text
MD5: 434d1230ebbe9e993184da847ff318b7
SHA256: 928ff7335a929577c32815157375a7a94b2883c0afb177f01986e1367fc44313
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: cde47ee099900e02efb93756911201b1
SHA256: ff6dfbfca484d8bbef04bde564dd5cb37f89ee11960d0eea2b4ab7bc7a538591
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\00001.vda
text
MD5: 434d1230ebbe9e993184da847ff318b7
SHA256: 928ff7335a929577c32815157375a7a94b2883c0afb177f01986e1367fc44313
2468
personnel.exe
C:\VisualData\personnel\Local\blobs\vdbdoc\00001.vdc
text
MD5: 9f37917fb975c4e103ae13c2e544c201
SHA256: 7bebd03a653935f8842e1625165858b5718b92a90d0b38400f0d82d474b5af49
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: 0b22eee74ae4f8498a1a7f8a977cfb81
SHA256: 0b48b8b2c1389daf5611202c03c600bafc9463fca7c74593ac443ffaad76705c
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: fc5eb3ff1d759f67073447bbd360cbc6
SHA256: d06e2e127a0f9094f16811b41e99b5b2c48a22d802c38758c799972ce77a9419
840
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: d33bd485976167034cc45e484184f548
SHA256: 8d0b2110f4a5770e9d8d5818745f2d9689807b7717e0e1aaad32b1af40ed1f02
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: c9336c09469698a72cecd7c569cf2ee5
SHA256: cd7a802e687ecfa7fd34134e2a90b126164fb6a38aba32efaca4c50767ceedd6
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\ioSpecial.ini
––
MD5:  ––
SHA256:  ––
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nst9926.tmp
––
MD5:  ––
SHA256:  ––
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\ioSpecial.ini
text
MD5: cf3acd003ea88f13450839576e865d51
SHA256: c8d66c2110e7a70b02d6cb7d6c2fb09f5372cfce3245ab41623f1b276640c939
2672
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041420190415\index.dat
dat
MD5: 8bd25dd6db52416f58c418910256f54c
SHA256: 4b2b4f7913ef3c0529cfd8e84087e0b494a85e19260a57dc0009ae5e19c5e8fd
2180
personnel-2.2.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Îòäåë êàäðîâ\×òî íîâîãî.lnk
lnk
MD5: 55c5f6690d8fb1aad69c7afe68616c1c
SHA256: f5fa45807c4257c54a69afb269a21207a1fb5987c0c320bac1be55be7816d1cd
2180
personnel-2.2.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Îòäåë êàäðîâ\Ëèöåíçèÿ.lnk
lnk
MD5: 04e8fec4aa9f984af01ea0a6f0297854
SHA256: 3146b79f933eb968fe20e7c04be9d553d0d2176b8424365ac0063123a71da90c
2180
personnel-2.2.0.exe
C:\VisualData\personnel\vd-icon.ico
image
MD5: 2d178382820a74e2034e878f91736b3c
SHA256: ba1819d071de7600b7ac06726ef4e13a6abcf301bad88d1bf0d5e2b9430c4a37
2180
personnel-2.2.0.exe
C:\VisualData\personnel\whatsnew.html
html
MD5: ae37738ff14aa89be58a35642c5edb18
SHA256: a41609bbb7abbb174b3f6244d8d2ec925e42d2586a47a7366fcb87d58da0bab8
2180
personnel-2.2.0.exe
C:\VisualData\personnel\license.rtf
text
MD5: 09c67fb585e292d8d8026b90017c8697
SHA256: 8644e60698bac2e4570d0a794452c053595237e91872d629fdfb34a6fc180209
2180
personnel-2.2.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Îòäåë êàäðîâ\Óäàëåíèå ïðîãðàììû.lnk
lnk
MD5: 80fd259e69395eda0cf712152338789f
SHA256: 74c1692a69897e77d68e6537aa08bd0969896aa75627912621cc43e014d93fdd
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\krest.png
image
MD5: 3ccc2da10a2145657bdacc836ec9e03b
SHA256: b7e922625bfb30a31549760728fdd786675f82ede6af8a23ff6ef8b072124ea9
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\lupa.png
image
MD5: e9c71bae344ab34a2e3d553c657728fc
SHA256: eeb76612d03e26d83c02920c6a46ae09e9b123eb8a4a834da84e9ddf4fbcb177
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\printer.png
image
MD5: 3016c15f831319b7a25b471525f4490c
SHA256: a88454d0dec7cdbc02b55c0961d740c62ef29215db48e451c218f28c6865ba56
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\key_up.png
image
MD5: 001416ea59b39cce7eb7b0eba40fe990
SHA256: 81430deb86edb7c2012b484484de7026d7b774f5fa0dbe1f5867577d263097e3
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k1140.png
image
MD5: 4f53799beae43d9f4a1c889ac0b568de
SHA256: 6a623ef0147eff3e4b156985b513eea9ba40d7aa0b838f7b4d68a3d7b973208d
840
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 27bffd90e081dee316abe45afdd62629
SHA256: ad9a31db4a3c7d160b4770098dc531f65ac55b101bd5c987fc132a09bce51c7f
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\key_right.png
image
MD5: 06867e1fc92cb46c61262bbf85cb95ff
SHA256: 3bae8aea8e382e32b90a96f89a02db981c08d896e96da041870ef89948edafc9
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\key_left.png
image
MD5: 789506241cd5e35d7b86d3076d3e5e18
SHA256: 562a26100532ce23b0aac60aa2337f3a3da11d4991b5d47d3f478eb6b6c34870
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\key_down.png
image
MD5: 2a2bbb8cf8862cc5847d568731cd72ac
SHA256: 57ff1239ebedf0a40509379d72b617d0803fc9488e12cb30b930f08b7520b197
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0920.png
image
MD5: 37225cdd2a4767f24e2405ce0fdbb234
SHA256: 7ecd8e8f730fbe600d73041db5f908060950bf469a54b6d29d7f70f340aacac5
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0940.png
image
MD5: e35596be2624703a560723b0b8a3e7d7
SHA256: c1611bed4a3b9fd476a1460501b71dfbaea52241da9511a512fb65b6101238a3
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k1000.png
image
MD5: f2f9aad8bcd7097554f9778f2ecc3258
SHA256: e619ecfb5733ab8d5b00787f8b7956caed32fce76297891bd81c45417ea4c3a2
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0950.png
image
MD5: 1d96c3fb639536b5bf47e5dd8cc66c1c
SHA256: f9db23d342946a23e00a547f0ed99aab52446275754713f16713ece626efa169
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0930.png
image
MD5: 3508e31644dbd8938f0aff65519504f9
SHA256: 3dc3981d6508339c4756856cbb06a5245b059ed8219ea927eb704f0936467d02
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k1110.png
image
MD5: 7f36bd1f8b9d323dc8857f79183ffc4e
SHA256: ae479321f672b684225e9f8f5d9581eea94e29ece54f5a8743a58b7deb694114
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k1130.png
image
MD5: 7b9f19a342cc3077ed9cb57be0873191
SHA256: c38d7a7757aae169f3c9ac533e29d47bf4dc3331a645c58360f5199a96bbc373
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0960.png
image
MD5: 3554d5ae5e97fd15655252183170fb1a
SHA256: cf66526f569ef19987e20d3ace498c345115a8c61ffd3d066eba2068fee8530c
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0600.png
image
MD5: d5c4233392caa223053ecf88c6d2d466
SHA256: 859cdeb6f24f1bc05880f9b4d298f3c962b6ceca20e0ba9ec013b5b5c980219a
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0900.png
image
MD5: 77c7db69512b49299a3cb407e757cdb2
SHA256: 034282a86874ce66437375b5657cb66b8e4a52a9ea0c072511dffc315378fbd0
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0500.png
image
MD5: 27a17a06be05a7060b09c0de709e3259
SHA256: 1807f60385284cd2119d8775ed29cb469773699ff37b295a7569dadbc97412ce
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0610.png
image
MD5: 95b78fb32ae84167f14b1c194c6808ee
SHA256: 62412f01fbb048d0b741b71dc43f161183d74a155e0a613eb10c9834b8efce9d
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0700.png
image
MD5: dc46421aebc4183cb0bf8d1a77b7118f
SHA256: ee5c1e54f9ba17e33aec209d25485260ac841fc99d3b9158075ca831720b1396
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0810.png
image
MD5: 953ec635051ec6d576621bbf406f5866
SHA256: 4adb84f9bee0db66e417d341825cb93f5416db067b21a8d6d55863fc2f5b6e79
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0800.png
image
MD5: 5a7aad0806b5e8a3ac844d28978aa269
SHA256: ff479fbbf0c5db9f5cec028df64e29232395d2fb9627118d453839e68f498052
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0510.png
image
MD5: be7975590646c5a1474f8a92aa7a7384
SHA256: b08917e294f307fbc2a1bf9d568202f8a4ec2b16a51acbb57374a52ced239fbe
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0910.png
image
MD5: c69ea879092620af9ccfa3cd6628b054
SHA256: 35d85d8a1ed72a9379430d5b8b77f7496ec4ec8448bdbcea4f99870a58241c3e
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0320.png
image
MD5: f345c27667a3fe9f519d7057001de2a8
SHA256: 4202e4887e02b3c6a93ccdad4e85cfb58f41e3e8d1bc3a57290c2c7064fa8076
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0330.png
image
MD5: d714194762578cbab95154afb8bd659e
SHA256: 18a67be1523482372c9127222d93762ee42fa308af91c2cbd1ccd7877b90181b
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0311.png
image
MD5: 5efd21c5c95b653df75939f27b202666
SHA256: 17cfc392f890e0c4c12de3ac59d75443112a9c0ea5b76ae30f14a8af2757a1e4
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0400.png
image
MD5: 084f63dc66db03c81a8fd2e5fa137746
SHA256: 34b1b4181b902cba16cd9c4a8e0741baf787467b9a67a132d60bb22796d80226
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0310.png
image
MD5: 4a2dce6d52953dc77579feac0001c5f2
SHA256: 5ce6867f6ca2457ad0afe03b0fb6520306b57c4dc208b18ecca8ffa411f70d22
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0410.png
image
MD5: 1efa616e6d29a168f76c9f4d121765e6
SHA256: d59ed5767630eb3ea8b64684dce03fbdd9234202c61ea605d29f96ac5d0e3f00
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0211.png
image
MD5: b8f35751c8b29e1d1ebd6a92bd6e1f10
SHA256: 4cb67e3ec5edee6c7c1e8da204a49c56720df6279d685c50f8bda37a96f9d4b9
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0212.png
image
MD5: a6f9e6d6774dd6c04c0fdc0ee265b357
SHA256: b5f42a25b141c702fbbd429475628b26b973699668480aea5242085d2af330b6
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0300.png
image
MD5: 5f476d4952d8a8ae549194e1da2b5b4d
SHA256: 88a81d81a0a137c547fbb6ebe1fcfdc772246275d6c27e6dfd3dbc72910fe338
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0210.png
image
MD5: 56e51111602c0328ea9c1caae2f629fc
SHA256: 2951843d306e0a6ef46ea29bfb85aec361cd25d7fb8549f8a9bf0d6841b8bb9b
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0200.png
image
MD5: 7854bf8e2b54bdd23c7d6dd1f246341c
SHA256: 9932961d0e0866d87361a0386db07a819526c55eead0017a493683513282bbac
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0110.png
image
MD5: cdcb532389fff4df7748b905a951d377
SHA256: dda21f2eae8b966196edeff445f9f19bd15fe9d059e4b7c404fab17dbadb5ef8
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0132.png
image
MD5: d40f665eaa6a789fad4f07d51dcf3558
SHA256: a7e55316e1e308ff049972a9853060b54e7c724859d2ecfe584a87ed8a04abf2
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0150.png
image
MD5: a4051c2f37c06108891a412506ffcc69
SHA256: cb80ab9f73d4b64a02e7d9779614dcd428b4e443caca9fbfbc5b6df037a25dfc
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0131.png
image
MD5: 0dac16cd6ec1ca035f047ab6c5af3096
SHA256: 1f192186c86ab4fbb762d33cff45948d595632f48a5e78ab1067d79cd8a23eaf
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0170.png
image
MD5: 9abcaf0417529098f00d89c49e449629
SHA256: 9d0b13b9fbe7d6f0e78bd2079bde9d2551b0659fc6f4297ae167f509f2ff8f88
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0120.png
image
MD5: f12146d2e0500537acb458657b373245
SHA256: c70078624728b033dfe440a7bd0c5be60d67d07b35fe054d673a9052abde6fee
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0160.png
image
MD5: dbca55f6ce283603c748c6b2de189bda
SHA256: 58cedfa235c9db77bdc2af769411fd762e9b6d15e2a307f1a6e4020df6be7594
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0140.png
image
MD5: e397169a6e7df37a85afffcf85a09721
SHA256: 32cc16cf418b8fc4cb52d2660e802e04b80302e6f6105735b3b59570435e9051
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\personnel.html
html
MD5: 3f1211af16c36370d296428205fb179f
SHA256: db8eae97de68c7a34d7ebbefc414e01839120d1e09fd9c1dc2c242e64872a732
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vds\WorkArea\00002.vdo
binary
MD5: 560c70e07438bc19f7cc9a6158275af2
SHA256: b1d044ef69a5b6219ad362ffa5574ec252aad2ca12e8d24dbeeef838020dd2ac
2180
personnel-2.2.0.exe
C:\VisualData\personnel\doc\img\k0100.png
image
MD5: 8b53128ed9e2598184448c93bac1425d
SHA256: 51b7450d4c64f2e79d61dfee475d0360f504d42d308f9a31beb53fa9a5026264
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vds\WorkArea\00001.vdo
––
MD5:  ––
SHA256:  ––
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vds\WorkArea\00001.vda
binary
MD5: 9f0f03f7dc062c6e429dfab15e4ee824
SHA256: 8ca13a99bf36a85dddad1c84c94cc15ab406bbf59f85be6281b6c3357720ced6
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vds\WorkArea\00001.vdl
binary
MD5: a0dfef7bceff3323d1df090e36cb3e2a
SHA256: 0873d1ecb4412a8dacb4ad2609b4c0e81550e875b2267b746b008c8555c83575
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\Meta\MetaAuto.xml
bs
MD5: c7357a5eb9e7ad4d6ddebdf279f08448
SHA256: fafc0d0aa8ff5a3797b5f00d1cb35c436433080f92cda2f30c2cbb38763cd859
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vds\WorkArea\00001.vdc
binary
MD5: c16b791c2283213723eee3a2c8094a6e
SHA256: 4f939d981fd91825e9ddd7e297e16cc1cd48b40256bf7249b89b44f639241118
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\Forms\personnel.stg
––
MD5:  ––
SHA256:  ––
2180
personnel-2.2.0.exe
C:\Users\Administrator\Desktop\VisualData Îòäåë êàäðîâ.lnk
lnk
MD5: df62dd58bd3e55c4b38602c2d018aeab
SHA256: 2a599d3d924e8a248b9dc2bbeeab7a6eaa4f66d2dd10758962626ee14efe9e6b
2180
personnel-2.2.0.exe
C:\Users\admin\Desktop\VisualData Îòäåë êàäðîâ.lnk
lnk
MD5: df62dd58bd3e55c4b38602c2d018aeab
SHA256: 2a599d3d924e8a248b9dc2bbeeab7a6eaa4f66d2dd10758962626ee14efe9e6b
2180
personnel-2.2.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Îòäåë êàäðîâ\VisualData Îòäåë êàäðîâ.lnk
lnk
MD5: 28f0468c150b56653f6a7d9f0140a05a
SHA256: bdd0bbc9fce96843bf71362eef2b5d7c77277fa909d5d88525c631fafd07fc10
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vd-icon.ico
image
MD5: 2d178382820a74e2034e878f91736b3c
SHA256: ba1819d071de7600b7ac06726ef4e13a6abcf301bad88d1bf0d5e2b9430c4a37
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\config.vdr
dbf
MD5: 9e032d8ed571c0094e74faf1e5ff6d81
SHA256: 9c68ef23f47241d002e6d1dba84424f0d7a416c21469f843c081cd04508fb7bc
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\config.ini
text
MD5: f242495c16d08114c16e0a84f952adcb
SHA256: 9b727e05a1fc6703f27a3708524cc53901671a243a984ba71167fe81bce0c77b
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\extimg.vdr
dbf
MD5: 50d0b3ccb681321d37d4b26c4f1c5bcc
SHA256: 5fd18c857fbe62fc0e4a129a8806d7ef0e38b8b717a4059e60c6823c2c397238
2180
personnel-2.2.0.exe
C:\VisualData\personnel\Local\vd.vdr
dbf
MD5: aec924d24ec238fd2c1100b68b007b08
SHA256: 6e9b1ec159344cec23d4aafe1f5cc249826c742f2af8ea4fa4b851ad63e37187
2468
personnel.exe
C:\VisualData\personnel\Local\Scenario.stg
bs
MD5: c3bf412089ec17e6b40aede3a08bdc53
SHA256: a65fff63160e451ca3266deffb62a1679fe04e002ed8d144f16a3e0f9a970670
2468
personnel.exe
C:\VisualData\personnel\Local\Forms\personnel.stg
––
MD5:  ––
SHA256:  ––
2468
personnel.exe
C:\Users\admin\AppData\Local\Temp\gss28E2.tmp
––
MD5:  ––
SHA256:  ––
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\ioSpecial.ini
text
MD5: 96d01c82f9d2625d107a6bf65eb28d0e
SHA256: 5359fb3440b02fc85a4bbc04ea617451d3e5e0d38b58b8e934e6746b892df54a
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\ioSpecial.ini
text
MD5: dcbb259afa385149f4d34091b1b364e0
SHA256: 61cc462a9897c40cab4bd32e9a485cf60af14eb636eec7c95e753dbf42cade95
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\modern-header.bmp
image
MD5: 8c4fbf57882b49af15a5956503298f5a
SHA256: 08a64efd306d643859ba3e48b78d0c8348c0f939c259531641ae9109dcc63465
2468
personnel.exe
C:\VisualData\personnel\Local\personnel.log
text
MD5: c5a6c2d09640776e38470f598c13d638
SHA256: e6f65a132d071609f20d58aaac5085c07d4e5e63970b6dd4a37c5f43f7d89b7c
2180
personnel-2.2.0.exe
C:\Users\admin\AppData\Local\Temp\nsi9936.tmp\modern-wizard.bmp
image
MD5: 755ee551622f820d4adca2fa92b5d9ab
SHA256: 8ede27442b843ee84bb733227ee7b2ffec45f6b5d1cfde7eb36348203c7428b4
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2492 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2492 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.