General Info

File name

vd_ppr-2.4.1.exe

Full analysis
https://app.any.run/tasks/87d2a2fd-7914-4427-b12f-4e89ecf179c4
Verdict
Malicious activity
Analysis date
4/14/2019, 17:48:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

2303d57c88f6ce11849c61644ed0f72a

SHA1

53093b8a3b7c5268c6b21d338479796ba94f310a

SHA256

9f67b61f1642f36db68b47e7e58ce71a61215bc4b32dadca759718ae48b6850d

SSDEEP

393216:9+dtnshGZ4n+JZsJVYkkJ5FNMym7DLzAT:9Xqzvs8kkJ5rMysf8T

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • svchost.exe (PID: 840)
  • vd_ppr.exe (PID: 2104)
  • vd_ppr-2.4.1.exe (PID: 3584)
Application was dropped or rewritten from another process
  • vdjobman.dll (PID: 1080)
  • vd_ppr.exe (PID: 2104)
Starts application with an unusual extension
  • vd_ppr.exe (PID: 2104)
Creates a software uninstall entry
  • vd_ppr-2.4.1.exe (PID: 3584)
Creates files in the program directory
  • vd_ppr-2.4.1.exe (PID: 3584)
Executable content was dropped or overwritten
  • vd_ppr-2.4.1.exe (PID: 3584)
Dropped object may contain Bitcoin addresses
  • vd_ppr-2.4.1.exe (PID: 3584)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   NSIS - Nullsoft Scriptable Install System (94.8%)
.exe
|   Win32 Executable MS Visual C++ (generic) (3.4%)
.dll
|   Win32 Dynamic Link Library (generic) (0.7%)
.exe
|   Win32 Executable (generic) (0.5%)
.exe
|   Generic Win/DOS Executable (0.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:12:05 23:50:46+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
23552
InitializedDataSize:
119808
UninitializedDataSize:
1024
EntryPoint:
0x323c
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Dec-2009 22:50:46
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
05-Dec-2009 22:50:46
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005A5A 0x00005C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.4177
.rdata 0x00007000 0x00001190 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.18163
.data 0x00009000 0x0001AF98 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.70903
.ndata 0x00024000 0x0000A000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0002E000 0x00007858 0x00007A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.91231
Resources
1

2

3

4

5

102

103

104

105

106

110

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start vd_ppr-2.4.1.exe no specs vd_ppr-2.4.1.exe vd_ppr.exe vdjobman.dll no specs svchost.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
840
CMD
C:\Windows\system32\svchost.exe -k netsvcs
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\themeservice.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\slc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sens.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\authz.dll
c:\windows\system32\ubpm.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netjoin.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\browser.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\sscore.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\nci.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\propsys.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\bitsigd.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\wer.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\es.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\users\admin\appdata\local\temp\vd_ppr-2.4.1.exe
c:\windows\system32\appinfo.dll
c:\windows\system32\shdocvw.dll
c:\visualdata\vd_ppr\local\vd_ppr.exe
c:\visualdata\vd_ppr\local\vdjobman.dll

PID
1096
CMD
"C:\Users\admin\AppData\Local\Temp\vd_ppr-2.4.1.exe"
Path
C:\Users\admin\AppData\Local\Temp\vd_ppr-2.4.1.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\vd_ppr-2.4.1.exe
c:\systemroot\system32\ntdll.dll

PID
3584
CMD
"C:\Users\admin\AppData\Local\Temp\vd_ppr-2.4.1.exe"
Path
C:\Users\admin\AppData\Local\Temp\vd_ppr-2.4.1.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\vd_ppr-2.4.1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsn8c07.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\visualdata\vd_ppr\local\vd_ppr.exe
c:\windows\system32\netutils.dll

PID
2104
CMD
"C:\VisualData\vd_ppr\Local\vd_ppr.exe"
Path
C:\VisualData\vd_ppr\Local\vd_ppr.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
VisualData.ru
Description
Движок
Version
1.0.0.0
Modules
Image
c:\visualdata\vd_ppr\local\vd_ppr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\visualdata\vd_ppr\local\mm.dll
c:\visualdata\vd_ppr\local\log.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\visualdata\vd_ppr\local\padeg.dll
c:\windows\system32\d3d8.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\ksproxy.ax
c:\windows\system32\d3d9.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\visualdata\vd_ppr\local\vdjobman.dll
c:\windows\system32\sspicli.dll

PID
1080
CMD
C:\VisualData\vd_ppr\Local\vdjobman.dll 620 632 2104
Path
C:\VisualData\vd_ppr\Local\vdjobman.dll
Indicators
No indicators
Parent process
vd_ppr.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\visualdata\vd_ppr\local\vdjobman.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
408
Read events
396
Write events
12
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vd_ppr.exe
C:\VisualData\vd_ppr\visualdata.exe
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
DisplayName
VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò 2.4.1
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
UninstallString
C:\VisualData\vd_ppr\uninst.exe
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
DisplayIcon
C:\VisualData\vd_ppr\ppr-icon.ico
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
DisplayVersion
2.4.1
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
URLInfoAbout
http://www.visualdata.ru
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
HelpLink
http://www.visualdata.ru
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
Publisher
VisualData
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
Contact
òåë/ôàêñ.: 8 (863) 239-92-54
3584
vd_ppr-2.4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò-2.4.1
InstallLocation
C:\VisualData\vd_ppr
2104
vd_ppr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
vd_ppr.exe
2104
vd_ppr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
vd_ppr.exe

Files activity

Executable files
8
Suspicious files
26
Text files
128
Unknown types
12

Dropped files

PID
Process
Filename
Type
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\uninst.exe
executable
MD5: 3799d95231016efd656fce1aa44820af
SHA256: 413da196b93ca52d96eeceb17e8c60d13531fe8c7f9ed2e34d38be993ff3910c
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\padeg.dll
executable
MD5: 2c55e4cbd98451d6305a0f6f9b48d81c
SHA256: 960006c3ece0672d5ac631a0446f01c681fc862bba4463dd59de0bbad992acae
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\log.dll
executable
MD5: ec1e44616127cd10c9f8c4a5feb1b1fe
SHA256: 80e9a9a8e69d77332e98a0134c239d63ac77d1ef6aea205bf9e42d2d61344b40
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\reportview.exe
executable
MD5: 0e2fdd7988f950bedef042796508383f
SHA256: 5c4d0bbb99084e3bb8c29b75c22a0d20790038acf8b009f738173cd9c5991bda
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vdjobman.dll
executable
MD5: 7eba8ae3bbb962f358e778df5b323139
SHA256: f9841cba0f04ecce8917548c7f528aad712bd7d4e55cd32988486d8f4f22efdd
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vd_ppr.exe
executable
MD5: 1253d86fffd38e010a32c66ac710e120
SHA256: de59ea2b31efa160f8eff089a6c77c8921af3f9377563f1a7f44952c2b7c7db0
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\InstallOptions.dll
executable
MD5: 325b008aec81e5aaa57096f05d4212b5
SHA256: c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\mm.dll
executable
MD5: 7853519763364a97279c4a53a9ec03f3
SHA256: 51bd7a1ac9b2485342b89c56efc24eb92a393b532dd87108eab7fabefee6e87a
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01502.png
image
MD5: 2af63090652f0524a56dfcfdcc76c05c
SHA256: bcbbc3422b768a72ef86911f22fafb8fead12e891aa2f9f0a168dbe873eeb6fe
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\arc\00001.vdc
binary
MD5: 61520ac9d07c761af2e79736ba3f7a47
SHA256: a8408fece45135031e35147cff187905c020434be367b47b81ac027337315fd0
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\arc\00001.vdo
binary
MD5: 86520ebdf0bd82f1c90dc88e9d7887c9
SHA256: e3fd6b324d301a5e01452783017022336e755d2df6e9a4800751ec5310a829f1
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\arc\00001.vda
binary
MD5: 480f2a1e8d6209585319fd133924c2bd
SHA256: f1e1b5b32841250889c46389f1f2f01d5a23a485c483aa4cdc5608d973de0256
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\arc\00001.vdl
binary
MD5: fcb5a80d16e965850fb684dd39bbcbc5
SHA256: 3002e8314ea9ba5152f0c6816f410376589acbc183ca2330de786accc75d1565
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vd_ppr.log
text
MD5: ce75794b672d09e8c71b38d25df35760
SHA256: 081562d0d5c6ebe2620aaacc01a8db7fd1ecd264443244f57a21e61d7ffab691
840
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: ec870864dd5f24f02940595746372499
SHA256: f78fc4154d6f34ae71d6c83dd527841f98fb16d9d7f16a71e6510bdc1b141935
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vd_ppr.log
text
MD5: b2c46a05a8d8be035c3ccc698fd09d72
SHA256: 4714dd9590ac22c2464d56e4e804e529a75f3c564bd3642c1ca28f1a67759620
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsy8BF7.tmp
––
MD5:  ––
SHA256:  ––
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\ioSpecial.ini
––
MD5:  ––
SHA256:  ––
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\ioSpecial.ini
text
MD5: d7d324a24cfb534486f2b1c845975e03
SHA256: c2eb0d0c1c7d10958879b6e2ed4fb879c271f5caed78890165dac54b8fb5ec0c
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vd_ppr.log
text
MD5: 63ad35764ce102bb161ef664eae116ec
SHA256: dedc7e578ea22dd5a0b44913628f25fe7b045266dcc6a600e55313621b9fee6c
3584
vd_ppr-2.4.1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò\×òî íîâîãî.lnk
lnk
MD5: 9b1255292c8a572a69ec8aa55933c91e
SHA256: b41d6a9ed9dcd8987add795b611c549328a318b8154d9a9c2264d542b0df6fe4
3584
vd_ppr-2.4.1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò\Ëèöåíçèÿ.lnk
lnk
MD5: 0bb06962ebb476ed02610d78607d0e50
SHA256: d8f0092ab0066270ac1465ff33093eb6c3a349e0aca72f26739d26ec92b744f8
3584
vd_ppr-2.4.1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò\Äîêóìåíòàöèÿ.lnk
lnk
MD5: 68240c2b3513af177e4d5885392137c3
SHA256: 0db0ad9f071f73eaa5b3f8fb21ff50b29734ee62b32b8ccf40346b7591d10472
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02702.png
image
MD5: 1922eed0fc7995fec1883950ae438ba0
SHA256: f84a5e70b7ba6c2dfd3353e301829f73fe7b9c401818a89fe9ce27bea32e89c1
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02703.png
image
MD5: 4a2fb01a4d1c8f4af947be73f3bd0978
SHA256: b9e7c177663a2d2a319922b576bbb88819d6216611b816b8df5c981a14e0c066
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\03101.png
image
MD5: e94f8adffc65be3afa6d6cc786215acb
SHA256: b09ff99031ec9860dd4f52aa3bfe3849a70081c7b6f79c3dfe20877135bc22e2
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02602.png
image
MD5: 7b84b9c66a2e9e7941a66556b2f3a00b
SHA256: 254983a06aee1401e069e7df4f9c46ba4b7730428faeb6779bdac6e510757c0d
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02701.png
image
MD5: 186308faf0d28c1fffec1e51c5d713dd
SHA256: 06346167788cc7ceb9c738fad4ba71156a1c1694b0634e6dde7c6efe698a0375
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02531.png
image
MD5: b75f8d22d1427647dfbcc217cbd4d0ff
SHA256: 150413395cef076b0bf993f99cac32d6ac7027c0952e64227e417eafdd516040
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02524.png
image
MD5: 18da7515d92300638a777c6dff4e841d
SHA256: f8913c5101427b383575728e8066bd5d34b0db8a365567836809e4939038b4bc
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02601.png
image
MD5: 3d2329c5969ac16a8ecc03d553ec57ae
SHA256: 78e6690b758dde087e86171ba48575279c017963761562642ce6dfb98b390ac5
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02526.png
image
MD5: 6fcb5a7f67f42bae670615d69fef9e1a
SHA256: c6c68208659b7fd438291999ae59ee0face5b28462d16f7966e5cc6f8e71c0c2
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02525.png
image
MD5: ffe7dd551dc9ad23344cea428016bed5
SHA256: d472f16915cb718482470c55e9850a98eaa9da67694bb468fb40fe956327f55a
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02523.png
image
MD5: 2d671f0fa98bf4333f6eb5ff87282790
SHA256: 41170cd1958b7efe6b9c599ddba9938eb04ff399e84f9c638fbb42970a1bc7ae
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02522.png
image
MD5: 8cc23af83cfd2893d4a4ec20d28696bb
SHA256: fe79bbd44d53e33e134d5d136ea41b4ffe18211b54dd7258d5ae9b7d71c47052
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02521.png
image
MD5: dcd917e436e32902cccf2423c384ca7d
SHA256: f5fa079c84f23169675eedf874f401087f114dc5aed775c963aac5b88ec81ae5
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02501.png
image
MD5: 001405000c767bb26693525e955dc71e
SHA256: 6e5f7a106deb711c592f165b64017b4b5e358915b86e65e28e0b71041c5d2345
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02433.png
image
MD5: 21b525b6d783326e4522b09b47587f40
SHA256: 7df178675f247a287ac7a8c919ae48da71e9dedb2dc9817af8511c8e1d08d761
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02432.png
image
MD5: 738fc0b7c08c77cd86c47a0022193cbc
SHA256: 0256c68ce24a8427aeb5b6c3e852c20a346d2dd7b58c99efbe877eeb7be179aa
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02431.png
image
MD5: 6775b3832e6f5d39891282e472b8c34d
SHA256: 1b9a424f5eacecce825d6c6765c5114d9fb8bf1cf088879bec0db1afbb396266
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02312.png
image
MD5: 408a38d48a202881143f2c50bd63046e
SHA256: 5de303b3be43a06fc642671db012f9c592e8cedede2f7b2549c72004e7f2fb62
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02313.png
image
MD5: f66fdb0696907f6c9735ac1c2165b9ed
SHA256: e8b1a09bdb83e6ed4d2b177ed6d944894070860be5d2647fdd1145bf65be0bdd
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02311.png
image
MD5: 2c360c89aa739ab0005b2353bb319552
SHA256: 7dbd5145020939f06e7506e3371d83b2122fe8e37bc442edb13a0316f43332f3
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02401.png
image
MD5: 56fab6a7ab08f2bef0757d2ec0a33ee3
SHA256: 3cf11e3e6c817bb23b62837ad39d1a41f1e9bcfec55d8d86f13cc84e11de8b56
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02201.png
image
MD5: e3fe0a2868432ae4e1dcb39cefcdb1f3
SHA256: 7d60cb0d993be210082d2f5da6a92ac04cf7028122752ff547e6856ade130c98
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02031.png
image
MD5: 6496720096c2f403e0ad9c821acbdf6b
SHA256: fa374bde532a07c031da70163afaa49be77804af1d23e26c72acce8fc5aa387d
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\02301.png
image
MD5: ee78a16cdfa55ed63c0818a7875c6559
SHA256: 2da457eaee53e36d6696d8459888e4341dcf08c14a51ddb27f2587f19f638cb6
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01803.png
image
MD5: 656c14df62e4d0ae12ea06c1a05e2a1f
SHA256: 9412dbf8015d9d068f44b58d8d988d245fcda9a5abf570bfc2a5e6b53b307ec1
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01805.png
image
MD5: d03456ae858d3a4f315fdbc2f18decc8
SHA256: ffabd16eece290e9fd182df80325122b41eece6a245fb560e1e8e29d85c9b87c
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01804.png
image
MD5: 5ffd8121ff90eb598d1764aff3ccf496
SHA256: ebd87a3fe8a4daa84eb751250e550928a1c89edd202b4ac702315fc66c69b814
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01602.png
image
MD5: 01467485dba666a2de857889f6ccd228
SHA256: ff533968d030a353dba7dfec9b72e15b3ae793f214739b3e0375a21cffca9847
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01801.png
image
MD5: addbc008b04a19093b3db35ca3ba34f6
SHA256: ec6df55910f3905dfaea6c26b1b697b3086fe6517ef3e3544941e7e9d25d5556
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01802.png
image
MD5: 9def676b0668333a81ba18def32bd5cc
SHA256: 560f00df0bcd88eb95f8fd61b6b1f34444bf0066d5a6566bd691cd4d99f18cf0
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01701.png
image
MD5: f7db61b482c8e2400a78128cf2e4dc5f
SHA256: 675ff345f4f8fa0b2b15d5de9f2424c04fd70f3f6c1038e19db59e27d6e7bf2a
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01511.png
image
MD5: 1b3daeb92af779182a0daa6040e58988
SHA256: 1a26fb500c13da4663ddea9e8f82158b97bb777f421dd53d8349ef4fb1d32078
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01601.png
image
MD5: c6c51c64f113c290b615805587cd31f6
SHA256: 9076181b22bd4d7470f8a1c49c56e5e3d29ac4e4c4ee8709d6d873d05c231857
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01503.png
image
MD5: 1e51752224137b1693b0314b1f54899c
SHA256: 48d008236be6e016edfc89b5596b7de9867227a7a1afd5a5cf37ff5e8526d373
840
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 27bffd90e081dee316abe45afdd62629
SHA256: ad9a31db4a3c7d160b4770098dc531f65ac55b101bd5c987fc132a09bce51c7f
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01501.png
image
MD5: 38403211b46758339c864d8ee0282624
SHA256: 2cfbc57e8ab8e2f5e4325dbec92aea0a5618352bf624e1cdbffa16c8114fcd51
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01441.png
image
MD5: bed7af20118051722913deb49211c6d7
SHA256: fdf49be1811ed2a5ee25d180bf8f1da1318e4afd8f9b70652b38799dd3273d8f
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01435.png
image
MD5: 277f00af03b6f499d68d844dadeb705e
SHA256: b83718a7b7475eeca25fc974bf10f53928897d20c309d012a2c3f4e8f14e8db6
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01436.png
image
MD5: adf5589412f6ec382ca32d83eac49d7f
SHA256: 7c2a4c9f5653be1209a930f8376246ee9ac78c4b594dcdae0597dac19b7e99bb
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01433.png
image
MD5: 43b889ade14353c58cbf28192ef38843
SHA256: 4d2c760c88fbdab4f5ffed2c2ede1fd264e6ae25b39b1871893c4a9efcba9153
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01434.png
image
MD5: 49ca0dbb6eddd8e69755bdb8f47e1290
SHA256: 46b0689eaa7d3248436c1792e9fb1102fa0d591dcb251cdf470af879798816b8
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01432.png
image
MD5: 647cde5038e98910426d2200e7818a39
SHA256: d8a228e952a069bfe4f805c992e25058b35f84faccbb0427f8ce72da50e3e59a
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01431.png
image
MD5: fece611c46be9c647797abf85b250ed2
SHA256: aa281cf5f21045c1eda3ce5aacfb01990b462d6324340881ff2b6127f3ec93d8
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01421.png
image
MD5: fcb9fb6dd61004b494f9fbf88f6b5a36
SHA256: a8083e2a619a198bd55e28030487df99bb2d444d6818d96a662cbc5f1bddd539
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01411.png
image
MD5: 87694b70cdad85cbecb3afd4cb357dde
SHA256: 8305b9ebedf839324f037e3de482bb2b3b08858cdcc8bef028b00286f09f16ae
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01402.png
image
MD5: 86721691be2b5d62365e74b0422a9721
SHA256: c24cc1ae4daff9e853eadb3f1d2e4949bf182b6c73cbcd6dcf673426ffd1e4ce
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01401.png
image
MD5: 477e8899a7a037cb2a9d4eaef0c76cd6
SHA256: 4f9327bd5c23a0d19a615a788f5e7766ceb84a8effbd5c67cfd2d40d3205a305
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01324.png
image
MD5: 2b1b5567712cb00c25a314b2b982aed5
SHA256: a8dce21b443ffe9b973605b6aa50b78d4dd95a4f59804389c591263d1f1ed1f0
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01331.png
image
MD5: ed57a1e721d2327be7ca741eb13703ae
SHA256: dff0b49821abfafe8a555d31aef3b441fb4da7b558f13d148a3eca94e8178de5
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01323.png
image
MD5: c9108d0e2a4fbd9956e6657a0cb654e3
SHA256: 04e4dc84e51571528027fa599528690d6047f8dcae197f41fd541996bae62a8d
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01301.png
image
MD5: afb68e5338f29a053dd8cb2970b49b50
SHA256: 40b9b858ca6b99742cdd2e0f0f5fe3c1a15dfb4fd8cb68a591f1a867ee28e8e4
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01321.png
image
MD5: b58fbb083048edd634b491becc17ae63
SHA256: 0283eca01bad05a94dc38c121d219350c2edc7f357fad5c16d8fcfbf9a76d554
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01322.png
image
MD5: 4daca3266552fcc457e4177dbbaa35f0
SHA256: cf7b63638c4bec8af780419e9d0e55cf973cd8e9e7c98c21387e7b5050114904
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01311.png
image
MD5: ddab5c195d69d43bea89b8c646731944
SHA256: 2fdff143fa4da63d0249a5247feac0861c35b5dbf7b8711cb644f3fe37cc6e70
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01202.png
image
MD5: 21dce80f1b529488ea6f7d077149b7ce
SHA256: a9a2bdedbf9d14c7fa40d52579f9552c4ca618737114c6ce8305a1adc07ccc42
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01203.png
image
MD5: cf01f02d3595941da44129eb6e2762af
SHA256: 55a065459c3fdf545351e7574ccbd2e037fcb77a70e2d8bafe599e1830a0733b
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01201.png
image
MD5: b4bfb4f7e3c46eaa44f163477e1da8ac
SHA256: ad931824109c2e8361a21c3bb55e40f884399af8096e8fcb73d406e74e0982fa
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01101.png
image
MD5: 8710c17b9d0ffb31f443525803a67d98
SHA256: 0cdd6de8822bf5898f8ea18058095d05a5c08cae3986cf69a77df9c722fa08e3
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\01102.png
image
MD5: a32886d8a70d5a64bfcd7c893fa386e8
SHA256: 5dc4a3050d9cda109e80bc3b19b22aa9c9db4d073d22b37b8f25c1a10969557d
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\img\00001.png
image
MD5: 9c740ff1d859d94fffc58f280972a923
SHA256: a0e00916ec851d5d1ed9702ec8852365e96f9413076754c04a1cbea7fae2251e
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\doc\index.html
html
MD5: 2d06ffd20e2d2f9ccf24ea5894c5d4e1
SHA256: 5123ed3e48413e876315ba653be970c66eed311f3a0101c56c758ca77bf79f80
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\whatsnew.html
html
MD5: 5d2fb83760e4cb8302d1c425b04923b3
SHA256: 435d81e4e930695569de4feb1b61a2490c2c611173d3a6b247f3642316e7a44c
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\license.rtf
text
MD5: 6c817e3dfe9869f743115368bc11dee1
SHA256: 458c90727b0b3767bc3d43c582472d989c52719688916a68c7f8ac4c0488e84a
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\ppr-icon.ico
image
MD5: 8f615dd716b29cba8899b0f47cfc6460
SHA256: 0f5831bd35ac9877c9774d14c6c8f8ed5eed14f356d8d8f7517d6144b84240cb
3584
vd_ppr-2.4.1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò\Óäàëåíèå ïðîãðàììû.lnk
lnk
MD5: ad7c432b278ecc1eb7093fab3fc83b79
SHA256: 8aa722c17d4ee129d74e6c63cebbca01b271e71e9b2795eb08b6521c08cb55ba
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\00001.vdo
binary
MD5: a62f3763e11fc727191208551ad9e05a
SHA256: 3b8c75e4d6c70d677f971b8dbdeedfb0c3b43ff53707b9dd3c2922c87343d63a
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\00001.vdc
text
MD5: 632e67d9b58d8520b7bc8c0324d97d6d
SHA256: 868acffd750f3d82a24ec447cba6d8bf366d4c8bc8cb451fa570af61ff11f3f7
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\00001.vdl
binary
MD5: 2034a8d435a2371a08bb53ea09997304
SHA256: fc77863e20c6e3a3b774285965cada7d54909df889045aeffd80aa5a016038f0
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vds\WorkArea\00001.vda
binary
MD5: 8d12c4fd1590548a74a7a65c36baa420
SHA256: 208b3c43fda326a342ef2d6d93bd6d1f4ad07a3cc4003b5540a475025bcbd3ff
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\Meta\MetaAuto.xml
binary
MD5: 7968d0fe9bee8464143f2b4d777fed82
SHA256: 8e2fa8888fc658f26d786d4941f3be76be4ca1dea986980a632d8864518e4db9
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\scenario.stg
––
MD5:  ––
SHA256:  ––
3584
vd_ppr-2.4.1.exe
C:\Users\Administrator\Desktop\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò.lnk
lnk
MD5: 9bd953882edb6c19607585f5d8ad0a9f
SHA256: 1b007a48244a9c3c47160a2de4943ff639f3cdd70cafe2b84a0a017a0e45f4cb
3584
vd_ppr-2.4.1.exe
C:\Users\admin\Desktop\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò.lnk
lnk
MD5: 9bd953882edb6c19607585f5d8ad0a9f
SHA256: 1b007a48244a9c3c47160a2de4943ff639f3cdd70cafe2b84a0a017a0e45f4cb
3584
vd_ppr-2.4.1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò\VisualData Ïëàíèðîâàíèå ïðîèçâîäñòâà ðàáîò.lnk
lnk
MD5: 0e24faf71fa608695cdf637e896ca170
SHA256: 38373bca6a03d88b923cc6eda0cbb08cdc059d3fb2a226063dae039b84ce6664
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\config.ini
text
MD5: 3d2d8e6b0b63fbe0610ce1f2f8a0aac3
SHA256: affa983aacd60673305fb507e60794489c82b059a7c1ec4ab3f7982c9d73f048
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\ppr-icon.ico
image
MD5: 8f615dd716b29cba8899b0f47cfc6460
SHA256: 0f5831bd35ac9877c9774d14c6c8f8ed5eed14f356d8d8f7517d6144b84240cb
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\config.vdr
dbf
MD5: d94609ce23df575ec147499c841623f2
SHA256: 166d7eeb1743d3aa3b997f2998eabe6ba2f1711c52e4e9f711b2d5016f3755d9
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vd_ppr.log
text
MD5: 1ae2c3e90db85853cef0021d459e728d
SHA256: d11876abe595be8085a6853f44f4ab56e7ee3a1e76d72ccd5782aec85de6cca2
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\RollBack\2019-04-14_000001\00001.vdo
binary
MD5: 86520ebdf0bd82f1c90dc88e9d7887c9
SHA256: e3fd6b324d301a5e01452783017022336e755d2df6e9a4800751ec5310a829f1
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: 61520ac9d07c761af2e79736ba3f7a47
SHA256: a8408fece45135031e35147cff187905c020434be367b47b81ac027337315fd0
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\extimg.vdr
dbf
MD5: 3ff8aeb958c50b4fb66098fe43dcf166
SHA256: 2b7904765936f1be73ac1bc310e2ca977669e54bd2fc188a638d19ef439179bc
3584
vd_ppr-2.4.1.exe
C:\VisualData\vd_ppr\Local\vd.vdr
dbf
MD5: aec924d24ec238fd2c1100b68b007b08
SHA256: 6e9b1ec159344cec23d4aafe1f5cc249826c742f2af8ea4fa4b851ad63e37187
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vd_ppr.log
text
MD5: d5c53ceda8a5f0ff31a96390226d76b1
SHA256: 53ad1c4abe9e1b42f70df503cd7bf64035a0d6ac44862da30f15c623e205ad3a
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: fcb5a80d16e965850fb684dd39bbcbc5
SHA256: 3002e8314ea9ba5152f0c6816f410376589acbc183ca2330de786accc75d1565
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\RollBack\2019-04-14_000001\Info.ini
text
MD5: 06b56a8a9c5a6c9822741dd50c94b378
SHA256: ab42953f10fa0df69267f4dcf0501b30ec5dda64b57899654ed992c70f090049
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\ioSpecial.ini
text
MD5: f586b421fee743ce43fc15ce9ac5a555
SHA256: 84ce57826e080254d72cbe8d0c1376d8824ecb6079d42485b6ed037fb42a3a43
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\ioSpecial.ini
text
MD5: 1496c77d85003ce93c97c8fcc449f4a2
SHA256: cb4fd676451456859e4b8276ce22dbbf6cef48b5c5f7a84e995fb4a752218928
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\modern-wizard.bmp
image
MD5: 755ee551622f820d4adca2fa92b5d9ab
SHA256: 8ede27442b843ee84bb733227ee7b2ffec45f6b5d1cfde7eb36348203c7428b4
3584
vd_ppr-2.4.1.exe
C:\Users\admin\AppData\Local\Temp\nsn8C07.tmp\modern-header.bmp
image
MD5: 8c4fbf57882b49af15a5956503298f5a
SHA256: 08a64efd306d643859ba3e48b78d0c8348c0f939c259531641ae9109dcc63465
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\vds\RollBack\2019-04-14_000001\00001.vda
binary
MD5: 480f2a1e8d6209585319fd133924c2bd
SHA256: f1e1b5b32841250889c46389f1f2f01d5a23a485c483aa4cdc5608d973de0256
2104
vd_ppr.exe
C:\VisualData\vd_ppr\Local\Scenario.stg
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.