General Info

File name

trick.exe

Full analysis
https://app.any.run/tasks/aca8ee74-71a6-4e05-81e0-945eec08f7af
Verdict
Malicious activity
Analysis date
4/23/2020, 09:47:54
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

57368ad513acec7a975065d321528896

SHA1

c2c1ce8ae5520aabab013d1a235298a15abd5c68

SHA256

871bb64c4f7b8933d10109e4d6975c401184b6203a75ed93c081577f2cd93bf8

SSDEEP

3072:2vs8zayuCp6gjS9MvtzVbYcMfOwAVA1Wszw6gzTzyGF6HTJZG5Ey2aKzSA:/8zaynp5jBb4Ov6WkYFYTJk5Kz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.17843 KB3058515
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2533623
  • KB2534111
  • KB2639308
  • KB2729094
  • KB2731771
  • KB2786081
  • KB2834140
  • KB2882822
  • KB2888049
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Known privilege escalation attack
  • DllHost.exe (PID: 3964)
Executed via COM
  • DllHost.exe (PID: 3964)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:09:10 17:15:07+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
9728
InitializedDataSize:
207360
UninitializedDataSize:
null
EntryPoint:
0x2f0f
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
1.4.0.680
ProductVersionNumber:
1.4.0.680
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
SHADOWDEFENDER.COM
FileDescription:
Shadow Defender Service Application
FileVersion:
1.4.0.680
InternalName:
Service
LegalCopyright:
Copyright (C) 2007-2017, SHADOWDEFENDER.COM. All rights reserved.
OriginalFileName:
Service.exe
ProductName:
Service Application
ProductVersion:
1.4.0.680
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
10-Sep-2019 15:15:07
Detected languages
English - Canada
English - United States
CompanyName:
SHADOWDEFENDER.COM
FileDescription:
Shadow Defender Service Application
FileVersion:
1.4.0.680
InternalName:
Service
LegalCopyright:
Copyright (C) 2007-2017, SHADOWDEFENDER.COM. All rights reserved.
OriginalFilename:
Service.exe
ProductName:
Service Application
ProductVersion:
1.4.0.680
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
10-Sep-2019 15:15:07
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00002573 0x00002600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.14981
.rdata 0x00004000 0x00001306 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.14874
.data 0x00006000 0x00000A50 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.63655
.rsrc 0x00007000 0x00031256 0x00031400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.9695
Resources
1

2

22008

WINFIRE

ABOUTBOX

Imports
Exports

    No exports.

Screenshots

Processes

Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start trick.exe no specs CMSTPLUA no specs trick.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1084
CMD
"C:\Users\admin\AppData\Local\Temp\trick.exe"
Path
C:\Users\admin\AppData\Local\Temp\trick.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
SHADOWDEFENDER.COM
Description
Shadow Defender Service Application
Version
1.4.0.680
Modules
Image
c:\windows\system32\ole32.dll
c:\users\admin\appdata\local\temp\trick.exe
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\crypt32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\atl.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\cmutil.dll
c:\windows\system32\cmlua.dll

PID
3964
CMD
C:\Windows\system32\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\dllhost.exe
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cmstplua.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cmutil.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\trick.exe
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\version.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cmlua.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll

PID
2932
CMD
"C:\Users\admin\AppData\Local\Temp\trick.exe"
Path
C:\Users\admin\AppData\Local\Temp\trick.exe
Indicators
No indicators
Parent process
DllHost.exe
User
admin
Integrity Level
HIGH
Version:
Company
SHADOWDEFENDER.COM
Description
Shadow Defender Service Application
Version
1.4.0.680
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\advapi32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\users\admin\appdata\local\temp\trick.exe
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\webio.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\activeds.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\atl.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc.dll

Registry activity

Total events
367
Read events
363
Write events
4
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3964
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3964
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0

Files activity

Executable files
0
Suspicious files
4
Text files
171
Unknown types
0

Dropped files

PID
Process
Filename
Type
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 7a18a6b461b72ea5fc41b4b759138f83
SHA256: bd4b44e0abdbed24d79aea3c94cad54b405463679e03b7be9968ee40401a7e0b
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a932313b9ffbc873410d585bab4a256e
SHA256: 55d5ec53a0adc864c48c9d52dadd036319121a53676e2cecde9f1890457e32a3
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 569e9cd1a927dcebd15f6ab49730ff92
SHA256: 92851cd9ebfeeaabb022c59b792c5c1c4d49080e9227919303748bb02a071644
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: d6bd05f418c14e8e6335d19a68be5e03
SHA256: 93bb84c9fbb4eecc9dfe6420fed698d1be83fd874286427c6339520561263474
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: abe28c272ac4b5315dcb3c18daa81cc7
SHA256: 540d7aa90451f2929988aeb43020051718bdbcdb0860dbf1117ad42b8d231e4f
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 49f215f45ad05f9c8e838f606e713b49
SHA256: 43201b0c370b010879e14c49e59bd277f653f6e731ac86f079285e88c8eec03d
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a61296205a9e12416b911b2b327d054e
SHA256: a71075cf9c8c333f38eb1190596eba0667a7825f5b33b91b53319812795a339c
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: e154621af93c0b22ccb4f1d7ca1275da
SHA256: 2d00d7b4d58104356da41424022d43d21404c6a6226bd12083bb756ee77f5aab
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a96019372ec62a405c668c62e561d973
SHA256: f3a0897b5e92fb5d934d3f55af770459e23add8ead285544efd37e08d308bc09
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: d67496fac6595805d02b2176e38ef56a
SHA256: 3467944912fce547268cce96acbffa84aae6ad3e68d4d80ca99a7228ee1d879f
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 8735ccf7e6c4712f2e0c2fe40206541c
SHA256: 171cc7e24e538965a35ec6a297b48e3f797d2d580048d426c6cf17000d926a9c
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 5e6b1c47aabb23a0503620f48276e844
SHA256: 689adca40617ef9781ff637d6d2432148ad8c0f34d5d2c8655faf1a5415abe10
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: ebdb32ad0dd7f6e39783f9718593e0aa
SHA256: a68037b1ae80efaac0f9d62c2362c7362778ee9f89f6456fea1ee932b8188945
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 7720f55fbd2970a7b3a9112977569ccb
SHA256: 40268c97e5328810a4beadacd1820972113e60994fe4d920b90c20c86fe19dd0
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 3542da7eaa56337c270c7f8e5efce988
SHA256: 727202c7f7a271743f42c28f62811ac5404caf37519c66c594b1d1edc1be33ef
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: f244f33e7849ce5f9a6bc1efbdf39834
SHA256: 7ca27fa3b1188b2fac51df75d79e4d73ce9cab51e3024b4b40f28c78f42de8c4
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: e6634f445ce569d75b5137df980629ab
SHA256: 715d5b474d24eaffc053009c4f8fb13d38214608db41ffe6100daea22db676dc
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 06bf7caa00e3a1db86f3b1142f3c8003
SHA256: 0259d7124baeeb6e8572fe1c088aed9b698868a815543cf325737aa565c588cb
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: c192bde8e9b2c0f0bb554627c501b0be
SHA256: 0483fe0df8eacba79ee97cf74b9b51259b2a17873141dc8823ca8f57c2dfa8f9
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: be110940e1dd6eebca78e344c37614dd
SHA256: d744717188768d427c9856c8c588bec12f396328ec632fe0bdb808eb34213a64
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: f6e4af3241a33c0ecdc079fbcf9f0296
SHA256: fe5b21b00c83b9bddedd7a1f73bc517c8dec3c9e578bdf68ee80cb2a72e5fbff
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 47e5bcc68bfaac383be71d711fd495bf
SHA256: de2406a974f0b69083554be20e9ff6f54b1d70c22e7cf50a1fbfa8508428c910
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 9021f236563090e7811ec27140921505
SHA256: ae966afea33c2e31748e7769b0e8459100deeca286d3569731164d3be43903a4
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 09002fc6cd74633152fa9c84c8d1faa1
SHA256: 5937d45969760a4798eebe2f9d03c479fdaa3c384611e793923469e0ba17fe83
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: f65b4292ce66615052c752a2a575f07d
SHA256: 615aff58c0cfaebe15dbc64c0944059b92bf699d9d0a7d156d1aa0d403d0887d
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: c22b861c7548ef1308a0c252245536ee
SHA256: 560aca396c0015ae2d227ab6efc66f965ebda133039db689c74111740c783c70
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 7bb49d53a23f67dc8f089c1562707c30
SHA256: ddd5a8793ff2c081949f5b78c589a75693b73894f7d082d75829b958ceeda889
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a3975aabf6c1f5d5429e769f6fbc39a4
SHA256: 7b4cc49d6d5c29f06e3502be9a6c25c2b927947b6ef6987ca1a2341faef543f0
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: ebc52724cd47e1a78e33267cbda1471d
SHA256: f25a37bf0c962f78f81cbdfbdd2c6a3b1e03c787cbaae8530fda1c5b79a5777c
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 0b92f9634e234af338a7743b7937e07d
SHA256: 17a82dfc8de1d9a066ae03d81a1bebb7f8e6173f02a3b56e75e5ea53f93f9a99
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 97d8c07f14660eeb6f778390257eb112
SHA256: 1530f96936c8b80b0ef68904fe05fae962bf9b5cbb0beec05b04b8fab4ec2490
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 30acc067c9f9c705987461eb7c58c536
SHA256: 64d6209360ed729d622868d974be93a187fb44cb67dc76394456b199877ab3c1
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: f0decfc8c59de2a3d1546bbd0260162a
SHA256: 9139c3744463b457f57161569177a9e1b29b48cf5252cf46b7c23001d2c27d99
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 236cc952f2bf1b54b6039364f8077c82
SHA256: 1f2f311f58b6f3316fe02454a94a94199e8b4fa67879c3ab6c22bdbb481dc3e9
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: f6c55b414782fb08771c1ee27546e89f
SHA256: cbc984ea85ef99f2d7cb7163214917c5e1f3dfae5b0fd52d90cd1cb881960f99
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 0c95ccbf9bbc6bc616c9e644d9192e61
SHA256: d88c8a4e5f6ce2b98f892cb7c7e33c257cd3ce5eeadfa111d17a0a92ea64bdd8
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: e8b9d9202535f192c2a79029526fab37
SHA256: 652e9b1ba9c31ddc7bfe46f36da2e32a10a4268b9ac39eb60c9df1527b987c0b
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 5fbb4eaa8b9c103258096648bfd4591d
SHA256: bbdb7d73e0f0c0a53ebb5659e7b7c1dde1234d699fdcb91d2f8db0bbda2320c5
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a95655337904f9d95f3752cb3638e7dd
SHA256: 86a6b35a415dca70ca7a1fb4c7331fdcd80122e12ab6072f9c3dbea0cdae39ab
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 3c463556876e0010df79a656e444c6d2
SHA256: 9b8f55c153de170ac2df5f17697c7e06555c4e32c1474776f059163310fc27b2
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a2388faf38c9ab737664d8d218683a59
SHA256: dca1e3c1847a6ba1ec2ea890e363e8f6012867f48391a7607e994f97a48f7602
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: c189315d41f3951fee894f7617dda394
SHA256: aac3b57cbc63f90e50b12c7737fc6904024bcd65d735184f4a065ce54c3f75de
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 32f49b78274bccfa0dc7dc91546bff42
SHA256: 541fce10c9dd12d13067893d3ee04f5118046d04a62c3a4d70a90a7801ad85fc
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 3caa848e09581a420c55983b8345c5be
SHA256: f9264be61a57ce125f046156c6ff457310d22e12e214b16f93c4834bae0e370b
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: dee6b1e0f7bc39cfe2b381f8676418d1
SHA256: 477971ef1fb9c375a672fcb444359cf30f8b10bec906b800bb00cef2db02049f
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 9861868cf770af4831d295e3ec41cee1
SHA256: 8ce5a3cb48cff047c93b558b864429a5409749c2b66785e72b3348e4506ddfa9
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 361b79d43cc122b0a4df6efde222deae
SHA256: ea4854373310da9604b3cea1d4b05a0901bf481b76bc555691fb8f3fae0fa640
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 0f469075097c380d653fcba8e443b150
SHA256: 3191a71f4a0ea0809023a0b79af188bf7877e206bb05a5c12aa86c102d789e7c
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 9917b18535aa2fffe0c2cd7b4282aa29
SHA256: 72b3ee3902fb4d3713ff66b2b9238db809e8281ed8a99a82f4ad2ceb6dd0d8ac
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
––
MD5:  ––
SHA256:  ––
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: ff77bb4ae7c2283f8667b5aec6557494
SHA256: 3da80e7ac953ce7d3747bf5b42eb1394b4770b7e1e00aa00fd900a7831757ecd
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 192b4345b36ec92d5ac5120bae706e3e
SHA256: c0b9df4df511cca78f29a56fddb82c5df9b6d97ec17c3706343398d54d4a5073
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 998ab2dac10bbfcf7171135cdd6ddd36
SHA256: 5cab9adb56c7c765e0c922a8a8f25ca1293e5843ff481031b4a264367938825d
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: bcc3da7fe7d553b6eb9df6d0f68695f5
SHA256: 1464345e539bcafacf8d29dcd8592c9a79df58ea17efa88155422976a5a57897
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 6886f2c0c438fdac4e52149ad27b2690
SHA256: 7142f50b0cf2fc08f797633ff53da1d4a1857343aed60870b4fb4a3ea7bdfb36
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 03e6ed7937c693828225315f86f7788c
SHA256: 6b59e50b188f59121fbe2962f9de14db7eb56bae4df5f903baa157a1d2e21921
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 8af13407616635adde81c6a88c9d3727
SHA256: 12d966853dba8f8365cf339da6de6de4784774ed8a447b557b35ff858ad8b923
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: cca5454ad6124ca705ffb334faa9f340
SHA256: 441f80c6774b033b614cabba4c80bbe83a18e6683c40e34d7de4a4f918513cd0
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 9417693dccbed482b74cf183fbd6c3f5
SHA256: 69a60065e2b050c3947a28217e797f51ec7b9f9d699d0afb8b9682274bfd64c4
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 94eb9522baab503a24a0f6b1ea4588bf
SHA256: 617345660de96ba45f220490acdbb883d422b03cc9a0a9549bac8929f5d4cfb1
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 7230660f79912c3dbcbf2709a0c02d4b
SHA256: 04c030bb7e2bae2ea5f87ff05515b8a03d2f8c7155dc972ca948ec8325762ebb
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a92d489200e9c5a687ce50aa2bafde01
SHA256: cf55fd8d0857772f16ef49270208fad60f8ec6afc56a290e7fd61e81dd6b2719
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 188b002d706575d6f27feffa55177fdb
SHA256: 0f3fe169bb7b0a6c28b72849872dbbf5dba698746ee1e55f5d803363a2345523
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 9af349227fc8f298bc64f77e6b49ec09
SHA256: a7fd8ea6892839872e7886990a8a2e96dcc742b138fa5bb1212efc7caed45bf6
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: a08d1fcbdbbf5e1ec27348421139fb41
SHA256: 9489dadb6f23b90bcc192daea7c935fb922b7e24bc77edc25d811955b47e9dbd
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: cc66972b0bf5b7d7f1984d8687438e6e
SHA256: 6b9124111ad00d808d697452e3e4d990de4dcbae5422bdb3ce68436d012aa3f9
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: c7c2aaf6df4a2f0c57fbf79ac27bdb88
SHA256: 0975db4905a7b07e25b8ed9bd277eb08a11404b9341619d8b0e973006ebedf51
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 0a31812a1a4b016333248aee6fcef666
SHA256: 541c63e9b8d7d5a3c757970a61473625ca0079050babf410f4605ad366b5e41b
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 868c270ae695b319fe7c920eed19b95b
SHA256: 1e6b310107a51042441d57867788c20d2910d71fdaff78c31102823ed0fa7c40
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: cc9280cb412966bfb7c23471eb1ae3b5
SHA256: 0f85f7bb5af1eef94d624facec8da2031aa0f1e76e026a0932980cc9fb77dbe9
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: c4db44ec0b3ade8c3a3a3e78c2246e24
SHA256: c5b4c2ed79143ef8c8967f1a4dc4644c3bf03a0705733fec2203fc983491344b
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: b2e428c0dd771270c8a01e0ac7122759
SHA256: dfcf5a7031d38ebeb6a516f8aecbd965a36f6c3026e9f2b0a05a75aa9f78ade9
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 779fbcac91996d399d4ea35063f7a875
SHA256: ddfa239048e926d927186656653679a540ef15f6276f518945f0bcd3c669b5b7
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: eb456cb265e88099d4ea05548dd9b487
SHA256: 964d7c1b4695a67418379e8a610e922fe87b3c450ea7db3e7006046d5cb4df90
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 3069341a8f4d124080048609ae3c99a0
SHA256: 36b63163b89f5785313666504cb0550049c0ecb8d13a51721b1de0dfa69c24e5
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 0721901f318e0b581b2c6123363bab22
SHA256: ac156ab4cd7d914ea236468ac886c4034d176741331ce22c5842fec01ae5b19b
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 98b0617b109dfdaf7b02930d67a78695
SHA256: 4ecfea9f8b02d05a2ba2c6aa59f33c21cc29ebbf15f95e5fef0f496ea6d37a34
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: e7832e058d639634ad11ac9f2dc65f95
SHA256: b2466994a2bc032ffbba93b88deb51ad07d111175674e3d1afd2b39ffb8f8933
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 6e60701df4f406df0cc1614f4dab28a4
SHA256: 94d7006053e10fa4e4635b414166f8be9ea9e4b8541271291f635fae3c321e79
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: c5ffdf15f7ff49ba9700b84a8c0adb51
SHA256: b9a9f46a6c6cc1434179cfe5d015280fe37cbbda315124449d5e349593176451
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: bc0c6b51f80a31698d68cf418f28885c
SHA256: cadd35b0ef26eb00c742aff368ef57d0331f36412b3f037eb873fa1d98dac935
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 02d355d520584a4259fe22619a08ea8c
SHA256: a5f0f5413beb45c7ea57d0b6ceea4327a11ef7033c521b8c8456ce4cda247e3e
2932
trick.exe
C:\Users\admin\AppData\Local\Temp\logCD4.tmp
text
MD5: 009fb4b33df914fba9dbd5d15d18c8ff
SHA256: eed97b2e3da170b913124d6a24a923ab7cb9a0e5b5d17ddc2146a7ebeaa03e53
2932
trick.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
binary
MD5: e51e26663c083238f8902b85448711d5
SHA256: 24e413bf8284b860a8a630ebf4e3b12997912729605e7b92d79b7a0c102edc90
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: 10e33638be69f2b015d1b97a391ffbc1
SHA256: cc77f44a5e1585fb790353846b62fe0daf1e910800f59d6221c269a784c6bf64
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: a871114f7fd912fe74fe3e5f0f608053
SHA256: bcc70c3e71c6d630fc8e9808f3cdc8703a68ecec033c7f7f01bd5008677301dd
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: d5234b19378f39a99d9b39c31afabd1a
SHA256: 6214de9ad5646c75d4a1c1060cfee04cabe57b8251d9065ed8d4936a598ce734
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: 9aa59bdb7bed7c7dca8084212e676cd2
SHA256: c0b614013bf32ab586a9acc332e46d668972a237e92fb8b56d1fd6cfeef01126
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: b28327731481a6d676b2accdd9a2c0b7
SHA256: f2e996e4574ae96e3ff25fc28f3083d4da1c96509df3144006cf7371e74f68e3
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: dde21d9895e92dd94f87c00b69546d9b
SHA256: f41b114df19dabe42bba7f2774eeee21a00acab24a16f6215b3e7487a3c00724
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: d72b8c4cb603c1e0e691949ca51430f4
SHA256: 13827493488e536681d497452dc9b5256aa1ec7e8ada556dcef7e0c05c1a8bdd
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: fb2963bc7a2f330fe2f8ebe0c87a43ba
SHA256: 2a15334795337182b3b380893312fdd5148627ecb24d01d773a05221e1106062
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: c42ebbe74d0001c03498b65cc2598cc3
SHA256: e42af2f30b1aaa87ab3acd0019c386ccf5397cd3396f8c2e251a1c15b248f965
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: 4b82c23214ef5ae3d3717c36fa155449
SHA256: 584b36d6bf085df15a78a5f39b5c1ae7d41737011df0996547083152b058587c
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: 48150f9849796865c493dcd8e27c6a6f
SHA256: 90d66de17b7f3dee53125db240c782567a1d9ee4c67c5956c0928147f1867a11
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: f4ebb2c1a613d5ae5d7241b17a6027c5
SHA256: d95171e7a3ad6bff63fead4c373c289025468bf3ac98d9d49d2af37e24f45249
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: 95b51a41247c0fe2c3ac51d00f97da9a
SHA256: b09d4950c19dcef3d832dc6a7ce3d528ec5cefdbd567b0d123501d737cdcabba
1084
trick.exe
C:\Users\admin\AppData\Local\Temp\logE1BD.tmp
text
MD5: f848a782768d7e1767ef3e07f8a4843d
SHA256: f8eb665ca15d25c6be315d8d4c4ab975dd45359d4ea980974b5799bcbd88c0c9
1084
trick.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
binary
MD5: 753b5f9736a84aa1590d59320021b83e
SHA256: fc67280a969cd74fed6902e40ca8304f61c22b4b211113222a663b84146f41ce

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.