General Info

File name

3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C.zip

Full analysis
https://app.any.run/tasks/1f386db8-9f77-494c-8b69-5e39f9562fb8
Verdict
Malicious activity
Analysis date
12/2/2019, 18:30:08
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

e157a53f006d70e6e80e4fad75bd150e

SHA1

e96210b19be3a77aa0e430c2426f4e12cdd30a65

SHA256

9556872f594f32f07ea1a045c7c303f33666c0d144b1451a122fa95883c061b1

SSDEEP

196608:z99dwPPvn8RlkLiy8spcuMFzPSXh99VAexciLnHxuRWB9u:zpwP3ulJiM9KXh9VucB8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
on
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • a.exe (PID: 1504)
  • Pago Haberes y Recaudaciones Suc.exe (PID: 3836)
Loads dropped or rewritten executable
  • Pago Haberes y Recaudaciones Suc.exe (PID: 3836)
  • a.exe (PID: 1504)
Executable content was dropped or overwritten
  • a.exe (PID: 1504)
Creates files in the user directory
  • a.exe (PID: 1504)
  • Pago Haberes y Recaudaciones Suc.exe (PID: 3836)
Manual execution by user
  • a.exe (PID: 1504)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
0x0009
ZipCompression:
Deflated
ZipModifyDate:
2019:12:02 16:55:00
ZipCRC:
0xdaab3608
ZipCompressedSize:
8745137
ZipUncompressedSize:
12341332
ZipFileName:
3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C

Screenshots

Processes

Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

+
start drop and start winrar.exe no specs a.exe pago haberes y recaudaciones suc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
436
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
1504
CMD
"C:\Users\admin\Desktop\a.exe"
Path
C:\Users\admin\Desktop\a.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Cameyo (cameyo.com)
Description
Version
2, 6, 1209, 0
Modules
Image
c:\users\admin\desktop\a.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\clbcatq.dll
c:\users\admin\appdata\roaming\vos\pago haberes y recaudaciones suc\appvirtdll_pago haberes y recaudaciones suc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\roaming\vos\pago haberes y recaudaciones suc\pago haberes y recaudaciones suc.exe

PID
3836
CMD
"C:\Program Files\Pago Haberes por Empresas (Suc.)\BPSSucursal.exe"
Path
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\Pago Haberes y Recaudaciones Suc.exe
Indicators
No indicators
Parent process
a.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\roaming\vos\pago haberes y recaudaciones suc\pago haberes y recaudaciones suc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\vos\pago haberes y recaudaciones suc\appvirtdll_pago haberes y recaudaciones suc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\version.dll
c:\program files\common files\system\ado\msado15.dll
c:\windows\system32\msdart.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\bcrypt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\atl.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msjetoledb40.dll
c:\windows\system32\msjet40.dll
c:\windows\system32\mswstr10.dll
c:\windows\system32\msjter40.dll
c:\windows\system32\msjint40.dll
c:\windows\system32\msrd3x40.dll
c:\windows\system32\msjtes40.dll
c:\windows\system32\vbajet32.dll
c:\windows\system32\expsrv.dll
c:\program files\common files\system\msadc\msadce.dll
c:\program files\common files\system\msadc\msadcer.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll

Registry activity

Total events
534
Read events
500
Write events
32
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
436
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
436
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@C:\Windows\system32\NetworkExplorer.dll,-1
Network
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C.zip
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C8000000000000000000000000003A0102000000000039000000B40200000000000001000000
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000003801020000000000160000002A0000000000000002000000
436
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C8000000000000000000000000002C0103000000000016000000640000000000000003000000
1504
a.exe
delete key
\REGISTRY\A\{A9AF5A0D-342A-483E-844A-8FE55DA9EA3F}\MyTest.3817875
1504
a.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
BaseDirName
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc
1504
a.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
CarrierExeName
C:\Users\admin\Desktop\a.exe
3836
Pago Haberes y Recaudaciones Suc.exe
delete key
\REGISTRY\A\{A9AF5A0D-342A-483E-844A-8FE55DA9EA3F}\MyTest.3818093
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>X%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Local AppData%\Temp\JET4423.tmp>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.ldb>+8224|0|0||%Local AppData%\Temp\~DFF9288F8C63271F11.TMP>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>X%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>X%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>X%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Local AppData%\Temp\JET4423.tmp>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>X%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Local AppData%\Temp\JET4423.tmp>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.ldb>
3836
Pago Haberes y Recaudaciones Suc.exe
write
HKEY_CURRENT_USER\Software\VOS\Pago Haberes y Recaudaciones Suc
DataIntegrity
+8208|0|0||c_\BPSArchivos>+8480|0|0||%Local AppData%\Temp\JET43A6.tmp>X%Program Files%\Pago Haberes por Empresas (Suc.)>X%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb>+8224|0|0||%Local AppData%\Temp\JET4423.tmp>+8224|0|0||%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.ldb>+8224|0|0||%Local AppData%\Temp\~DFF9288F8C63271F11.TMP>-%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.ldb>

Files activity

Executable files
4
Suspicious files
10
Text files
0
Unknown types
5

Dropped files

PID
Process
Filename
Type
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\Pago Haberes y Recaudaciones Suc.exe
executable
MD5: 48ab17ba2376cacb65f7605e1a6d6dbd
SHA256: 3c8494fa94388bf94cf4a7f5da05728ec507680ed30127e561474d441893c05a
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\Pago Haberes y Recaudaciones Suc64.exe
executable
MD5: 9d62ac69db3ce3de39072b95f5756df1
SHA256: cf6833b7f0364c9c44ef5f6995201c9469dc958105980c30f277c12971d4f687
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\AppVirtDll_Pago Haberes y Recaudaciones Suc.dll
executable
MD5: b3cf339813c5d1b4c9e5b5f514bfa1d0
SHA256: 5534b2a92bdabfaa2f13522a6361f199b4c8790ce9a26493d8582b54b998e2d5
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\AppVirtDll64_Pago Haberes y Recaudaciones Suc.dll
executable
MD5: 93cb87cac5eb94f7184a8cadb46dfd0a
SHA256: be2cdcbf5978f04e7fe70b9e979f669d223a7c4c5fdbe41e9cdea760573e0abf
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\VirtFiles.Prog.db
binary
MD5: 9de85c85f46ef9303d5d843590c15600
SHA256: 2336db5fdc811eb21b01bdc7d84fb02ac1fa8d0279f409720c8e359c6b3b57e0
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\SandboxCfg.db.2792.tmp
––
MD5:  ––
SHA256:  ––
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtFiles.db
binary
MD5: 9de85c85f46ef9303d5d843590c15600
SHA256: 2336db5fdc811eb21b01bdc7d84fb02ac1fa8d0279f409720c8e359c6b3b57e0
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtFiles.db.2792.tmp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\SandboxCfg.db.1768.tmp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtFiles.db.1768.tmp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\SandboxCfg.db
binary
MD5: 83de5d8641711be6ff4947ef61ceee3a
SHA256: 8add5134f17e9e0ee2031a7326297c27e4bb971ec3301f9cf9630c0193af72ae
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtFiles.db
binary
MD5: 9de85c85f46ef9303d5d843590c15600
SHA256: 2336db5fdc811eb21b01bdc7d84fb02ac1fa8d0279f409720c8e359c6b3b57e0
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\ZipCache.20140625-182934.674.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\ZipCache
––
MD5:  ––
SHA256:  ––
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\%Local AppData%\Temp\~DFF9288F8C63271F11.TMP
binary
MD5: a495635aca2b46503b56bfd4c2365ef5
SHA256: 03a125226d0c2ee24d14d3dd56c8c01769137842a6637885b4c87d5cab429f50
436
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb436.34421\3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\VirtReg.Prog.dat
hiv
MD5: 6ad12db8577be1c16d3ed6f2f2a32193
SHA256: acd18e088a1fdcc397cf3ab2369afc52c6615394fa342d3fdbd0c4536b3e7edf
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb
mdb
MD5: 2e963a261baa2deea6f819ccea1e5c58
SHA256: 16d4456d2b6542159084c81c389e72922716aa9d7bffcda5306ec609aeba2ff2
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtReg.Base.dat
hiv
MD5: 6ad12db8577be1c16d3ed6f2f2a32193
SHA256: acd18e088a1fdcc397cf3ab2369afc52c6615394fa342d3fdbd0c4536b3e7edf
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\PROG\%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.mdb
mdb
MD5: 2e963a261baa2deea6f819ccea1e5c58
SHA256: 16d4456d2b6542159084c81c389e72922716aa9d7bffcda5306ec609aeba2ff2
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\SandboxCfg.db
binary
MD5: 83de5d8641711be6ff4947ef61ceee3a
SHA256: 8add5134f17e9e0ee2031a7326297c27e4bb971ec3301f9cf9630c0193af72ae
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtReg.dat
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\VirtReg.Prog.dat.20140630-174023.847.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\SandboxCfg.db.20140625-182934.644.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\VirtFiles.Prog.db.20140630-174023.811.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\Pago Haberes y Recaudaciones Suc64.exe.20140625-182934.634.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\Pago Haberes y Recaudaciones Suc.exe.20140625-182934.634.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\AppVirtDll64_Pago Haberes y Recaudaciones Suc.dll.20140625-182934.424.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\AppVirtDll_Pago Haberes y Recaudaciones Suc.dll.20140625-182934.274.stamp
––
MD5:  ––
SHA256:  ––
1504
a.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\VirtApp.ini
binary
MD5: 4b06baed60e297bfc63074b4c29f06cc
SHA256: 7e311fe96e9c214e2668ec85dd9f32aab25c33c6dfac0d9a340559d95b53dbb2
3836
Pago Haberes y Recaudaciones Suc.exe
C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\%Program Files%\Pago Haberes por Empresas (Suc.)\BPSSucursal.ldb
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.