General Info

File name

postsending-1.25.0.exe

Full analysis
https://app.any.run/tasks/1154b50b-589a-431b-b8a5-5c2036e4f8e8
Verdict
Malicious activity
Analysis date
4/14/2019, 17:40:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

51f42f7a5556de606b8a13df4e6aeb4c

SHA1

1dfd7e84bc0228d9ba9d76aa85473dcf3680b6f4

SHA256

ca0627a2bd764ba9af680d0d1f2a66b61bb580e9888056835d195172c259f34d

SSDEEP

196608:3Wr71tcAVB5vG5p1g4H/JAkmy+oUoffzgz225yLQsO9:3Wlt9Ip19/JAvQf8ayyLM9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • postsending.exe (PID: 2888)
  • svchost.exe (PID: 848)
  • postsending-1.25.0.exe (PID: 3740)
Application was dropped or rewritten from another process
  • vdjobman.dll (PID: 2612)
  • postsending.exe (PID: 2888)
Starts application with an unusual extension
  • postsending.exe (PID: 2888)
Creates a software uninstall entry
  • postsending-1.25.0.exe (PID: 3740)
Creates files in the program directory
  • postsending-1.25.0.exe (PID: 3740)
Executable content was dropped or overwritten
  • postsending-1.25.0.exe (PID: 3740)
Dropped object may contain Bitcoin addresses
  • postsending.exe (PID: 2888)
  • postsending-1.25.0.exe (PID: 3740)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   NSIS - Nullsoft Scriptable Install System (94.8%)
.exe
|   Win32 Executable MS Visual C++ (generic) (3.4%)
.dll
|   Win32 Dynamic Link Library (generic) (0.7%)
.exe
|   Win32 Executable (generic) (0.5%)
.exe
|   Generic Win/DOS Executable (0.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:12:05 23:50:46+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
23552
InitializedDataSize:
119808
UninitializedDataSize:
1024
EntryPoint:
0x323c
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Dec-2009 22:50:46
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
05-Dec-2009 22:50:46
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005A5A 0x00005C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.4177
.rdata 0x00007000 0x00001190 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.18163
.data 0x00009000 0x0001AF98 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.70903
.ndata 0x00024000 0x0000A000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0002E000 0x00007858 0x00007A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.91231
Resources
1

2

3

4

5

102

103

104

105

106

110

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start postsending-1.25.0.exe no specs postsending-1.25.0.exe postsending.exe vdjobman.dll no specs svchost.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
848
CMD
C:\Windows\system32\svchost.exe -k netsvcs
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\themeservice.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\slc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sens.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\authz.dll
c:\windows\system32\ubpm.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\credssp.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netjoin.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\browser.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\sscore.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\nci.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\wer.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\es.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\windows\system32\appinfo.dll
c:\users\admin\appdata\local\temp\postsending-1.25.0.exe
c:\windows\system32\shdocvw.dll
c:\visualdata\postsending\local\postsending.exe
c:\visualdata\postsending\local\vdjobman.dll

PID
3232
CMD
"C:\Users\admin\AppData\Local\Temp\postsending-1.25.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\postsending-1.25.0.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\postsending-1.25.0.exe
c:\systemroot\system32\ntdll.dll

PID
3740
CMD
"C:\Users\admin\AppData\Local\Temp\postsending-1.25.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\postsending-1.25.0.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\postsending-1.25.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nse1514.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\visualdata\postsending\local\postsending.exe
c:\windows\system32\netutils.dll

PID
2888
CMD
"C:\VisualData\postsending\Local\postsending.exe"
Path
C:\VisualData\postsending\Local\postsending.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
VisualData.ru
Description
Движок
Version
1.0.0.0
Modules
Image
c:\visualdata\postsending\local\postsending.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\visualdata\postsending\local\mm.dll
c:\visualdata\postsending\local\log.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\visualdata\postsending\local\padeg.dll
c:\windows\system32\d3d8.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\ksproxy.ax
c:\windows\system32\d3d9.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\visualdata\postsending\local\vdjobman.dll
c:\windows\system32\sspicli.dll

PID
2612
CMD
C:\VisualData\postsending\Local\vdjobman.dll 616 628 2888
Path
C:\VisualData\postsending\Local\vdjobman.dll
Indicators
No indicators
Parent process
postsending.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\visualdata\postsending\local\vdjobman.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
406
Read events
394
Write events
12
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\postsending.exe
C:\VisualData\postsending\visualdata.exe
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
DisplayName
VisualData Ïî÷òîâàÿ ðàññûëêà 1.25.0
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
UninstallString
C:\VisualData\postsending\uninst.exe
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
DisplayIcon
C:\VisualData\postsending\post-icon.ico
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
DisplayVersion
1.25.0
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
URLInfoAbout
http://www.visualdata.ru
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
HelpLink
http://www.visualdata.ru
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
Publisher
VisualData
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
Contact
òåë/ôàêñ.: 8 (863) 239-92-54
3740
postsending-1.25.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ïî÷òîâàÿ ðàññûëêà-1.25.0
InstallLocation
C:\VisualData\postsending
2888
postsending.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
postsending.exe
2888
postsending.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
postsending.exe

Files activity

Executable files
8
Suspicious files
64
Text files
83
Unknown types
13

Dropped files

PID
Process
Filename
Type
3740
postsending-1.25.0.exe
C:\VisualData\postsending\uninst.exe
executable
MD5: 824189212179de0b881a42c3e73d6b9e
SHA256: 3127a838f558c823492e3ffdcdc7cb11d9929ba1202e0d47f70df11f45fe5642
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\log.dll
executable
MD5: ec1e44616127cd10c9f8c4a5feb1b1fe
SHA256: 80e9a9a8e69d77332e98a0134c239d63ac77d1ef6aea205bf9e42d2d61344b40
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\mm.dll
executable
MD5: 7853519763364a97279c4a53a9ec03f3
SHA256: 51bd7a1ac9b2485342b89c56efc24eb92a393b532dd87108eab7fabefee6e87a
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\reportview.exe
executable
MD5: 0e2fdd7988f950bedef042796508383f
SHA256: 5c4d0bbb99084e3bb8c29b75c22a0d20790038acf8b009f738173cd9c5991bda
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vdjobman.dll
executable
MD5: 7eba8ae3bbb962f358e778df5b323139
SHA256: f9841cba0f04ecce8917548c7f528aad712bd7d4e55cd32988486d8f4f22efdd
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\postsending.exe
executable
MD5: 00e7e438a5d1b0ed792615a46f6c9c65
SHA256: 7c8a3bedd5ceb0c110219c55e25ec9dafef1e86ff6ef349331ef68e963750a9e
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\InstallOptions.dll
executable
MD5: 325b008aec81e5aaa57096f05d4212b5
SHA256: c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\padeg.dll
executable
MD5: 2c55e4cbd98451d6305a0f6f9b48d81c
SHA256: 960006c3ece0672d5ac631a0446f01c681fc862bba4463dd59de0bbad992acae
3740
postsending-1.25.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïî÷òîâàÿ ðàññûëêà\Ëèöåíçèÿ.lnk
lnk
MD5: 22c22110cd7d84d8a6a6c4ca1f15d184
SHA256: 5074c1847e966af2832a9ff439572dffb7e6abbff57210d7bee98a76700aeab2
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack\2019-04-14_000001\00001.vdo
binary
MD5: 40578856887efdda5cfb5f7b621dab7f
SHA256: c13d37a34529f2db627844eea19d1e793f0e898830e7e6b64fdb79d88a921bdc
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack\2019-04-14_000001\00002.vdo
binary
MD5: db7876c626b7512cfbb0ca71ddbb981b
SHA256: 187d089c623e02b6e8bc019cf1253cd6fc810ae45ab69ec7ed9542f96832bec9
2888
postsending.exe
C:\VisualData\postsending\Local\postsending.log
text
MD5: 5e1bdd045741965c802cd7abfc50751f
SHA256: 6aabe69a35ac93f3d08df234eb6ed01571abc802b282655578e23f312a2c2fe7
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack\2019-04-14_000001\Info.ini
text
MD5: 492aa0de1bbd98c646bcc96299c9e4ad
SHA256: 0057d9a6703f20b1469fc909146fc6aba94ac4f1da991f138409927e864e70c3
2888
postsending.exe
C:\VisualData\postsending\Local\vds\WorkArea\arc\00001.vdc
binary
MD5: ebdaa8ed6713056c86fd8a08a95fd292
SHA256: 31e5bdb89eff78beab9cf4ea1e8915c901f97482afb3f7fd886c9d06794a99e7
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: 3d4a12b28281a44786b2bb5e5a2f1925
SHA256: 5959d6080cadbd43ee9c603f7f9b1814f1a53ba6873bb6f902c68d0ec1e84240
2888
postsending.exe
C:\VisualData\postsending\Local\vds\WorkArea\arc\00002.vdo
binary
MD5: db7876c626b7512cfbb0ca71ddbb981b
SHA256: 187d089c623e02b6e8bc019cf1253cd6fc810ae45ab69ec7ed9542f96832bec9
2888
postsending.exe
C:\VisualData\postsending\Local\vds\WorkArea\arc\00001.vdo
binary
MD5: 40578856887efdda5cfb5f7b621dab7f
SHA256: c13d37a34529f2db627844eea19d1e793f0e898830e7e6b64fdb79d88a921bdc
2888
postsending.exe
C:\VisualData\postsending\Local\vds\WorkArea\arc\00001.vda
binary
MD5: a0c1ab9fd8ad3ad962b17101aba70840
SHA256: 8d55f9c4a08ea60e8d0a7cc0967fae3bf742263ba5446caab887b29adbf1b5c8
2888
postsending.exe
C:\VisualData\postsending\Local\vds\WorkArea\arc\00001.vdo
––
MD5:  ––
SHA256:  ––
2888
postsending.exe
C:\VisualData\postsending\Local\vds\WorkArea\arc\00001.vdl
binary
MD5: 3d4a12b28281a44786b2bb5e5a2f1925
SHA256: 5959d6080cadbd43ee9c603f7f9b1814f1a53ba6873bb6f902c68d0ec1e84240
2888
postsending.exe
C:\VisualData\postsending\Local\postsending.log
text
MD5: 36acab0a00ffd5d2fbffda1e5131a6cb
SHA256: ac387ba0cacd90029c9e446916d6c4487460406cd59ff68d5a4d499321134dea
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\Info.ini
text
MD5: 492aa0de1bbd98c646bcc96299c9e4ad
SHA256: 0057d9a6703f20b1469fc909146fc6aba94ac4f1da991f138409927e864e70c3
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: 912d31ff7d0c24ae46588b6d20cb5a9d
SHA256: fe278a5ca3152a1cf19f2c562ce3f33644e0d29c320a195ffb58af54f22ee224
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vda
binary
MD5: 047156bb7d12ae54a7e8c8526e7cf220
SHA256: 2d50e8943d64b725acc629de761453a1653d9fff9bb76bcaf4656fc841ba1435
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdo
binary
MD5: 0e1d4ae497c0d52f3174df468c15ad8a
SHA256: 062df1150d0baf82781c9eb28b7c0ddd53269ad8f0d2b0ee145199848b92e64b
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\arc\00001.vdc
binary
MD5: 912d31ff7d0c24ae46588b6d20cb5a9d
SHA256: fe278a5ca3152a1cf19f2c562ce3f33644e0d29c320a195ffb58af54f22ee224
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: a02b106a93b8957cda09e7344df25132
SHA256: 2763b050cfdac81ea923994f50693278fd98661a0973d73ba9808de923c83cdf
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\arc\00001.vdo
binary
MD5: 0e1d4ae497c0d52f3174df468c15ad8a
SHA256: 062df1150d0baf82781c9eb28b7c0ddd53269ad8f0d2b0ee145199848b92e64b
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\arc\00001.vda
binary
MD5: 047156bb7d12ae54a7e8c8526e7cf220
SHA256: 2d50e8943d64b725acc629de761453a1653d9fff9bb76bcaf4656fc841ba1435
2888
postsending.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\arc\00001.vdl
binary
MD5: a02b106a93b8957cda09e7344df25132
SHA256: 2763b050cfdac81ea923994f50693278fd98661a0973d73ba9808de923c83cdf
848
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 9f1fe68cfd9f0282ba3bbc73eccda69a
SHA256: 1fd737710993e26ac288d2e90f2568279939dce67c1937782cac375eaa40f399
2888
postsending.exe
C:\VisualData\postsending\Local\postsending.log
text
MD5: e295c8c4aec9b93d4229957cd1a08822
SHA256: 9b4feb033cb3321aeb7b7abff364ac2485d88c8503412089181a6b91027475a4
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\ioSpecial.ini
text
MD5: 50b167ac176bc718ee8930c2deca94b2
SHA256: de1eb659fa143637342054335b0b3484bc066da8422cb76f4c243de1d022620d
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nso1503.tmp
––
MD5:  ––
SHA256:  ––
2888
postsending.exe
C:\VisualData\postsending\Local\Scenario.stg
bs
MD5: c552b7b56c45a83d9c2396a9664870eb
SHA256: b68e69413c5ab11fe0d853947dba288b3f63c8b3eb257d394fafaa843dbdba6e
3740
postsending-1.25.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïî÷òîâàÿ ðàññûëêà\×òî íîâîãî.lnk
lnk
MD5: 27edf1a38a2d0c95e34bdab97bf4410e
SHA256: d0aa6bb0c3d48269b0ce3d13de2d1f9c95e63b0b4cdd19f38a616e6ab2a4c75c
848
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 27bffd90e081dee316abe45afdd62629
SHA256: ad9a31db4a3c7d160b4770098dc531f65ac55b101bd5c987fc132a09bce51c7f
3740
postsending-1.25.0.exe
C:\VisualData\postsending\whatsnew.html
html
MD5: 51694bea1ace51a23184872cb6f4262d
SHA256: 160b32db8a558ed30fbba27d9c6a34b21f8bd84039ae780f6a7fa8759ca06dcc
3740
postsending-1.25.0.exe
C:\VisualData\postsending\post-icon.ico
image
MD5: c8572e60d876a03d98ecafc9d873ca43
SHA256: 523a0edd8e7f79c2d6371540236ef734f20aad311570eaa3519f01dbcb288c07
3740
postsending-1.25.0.exe
C:\VisualData\postsending\license.rtf
text
MD5: 400a7a31952f5d95823c9e1d0e8095c2
SHA256: 153b12348f5396b9a32beed2cbcffa414ab405ce02a767be4f240e567d2d6849
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\00001.vdc
text
MD5: 50ac7d7cc7b9ff494d95ef6792fa265b
SHA256: 087b2b4670f3e8f5fa923093b3743e7dce95cf8afaa27b68d241b0a71929c698
3740
postsending-1.25.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïî÷òîâàÿ ðàññûëêà\Óäàëåíèå ïðîãðàììû.lnk
lnk
MD5: 2fdae4677b2bda127a2f94503af3eb6d
SHA256: 59d725df3d716c967ee66a64973840122f54fe3975fe10c132356d0e9f8c8170
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\00001.vdl
binary
MD5: ba465996437ffb8421178e461aacfeb2
SHA256: 7006cba894b23f546487321792d88eb320e86d20994a547bc9152508e51341b3
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\00001.vda
binary
MD5: d55690c92b9d33d9d28462657b21cefe
SHA256: 7eab0f1223e6002ff3c3c52a830bef13b0b2110280236a413a95f31bbbdfae84
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\blobs\vdbdoc\00001.vdo
binary
MD5: 650c8f6443059526e851ed3cee1b8a8e
SHA256: e8fc074a29ae0234cfbcef74067e7bd091f91aefb8a65141e0053e3eb6213049
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vds\WorkArea\00001.vdl
binary
MD5: 2fc721000853a6b2e917af038a459d2b
SHA256: 588fd44b5fd55e2661fb1d2b843e42ea3afcbedbc35e738ddec075dd69dab524
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vds\WorkArea\00001.vda
binary
MD5: ccc42289fe5ef4f96e54ddeaf9cb2992
SHA256: ee18c703294c237a993ff9ffac08d2cf4b29d89453205542631dfb484138c418
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vds\WorkArea\00001.vdo
binary
MD5: a4735962bb7a131a62179a80adb79ae5
SHA256: ce232192c67bcccd1e0c73ab67426312f20c55d08b017e2de02e51e5796be6ad
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vds\WorkArea\00002.vdo
binary
MD5: 2fb6ed58c29a546880dc228875e7d206
SHA256: 815110a22fdf8cef8ca801451b855dff139c6e0f3b4d276b99d5808bbcba1936
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vds\WorkArea\00001.vdc
binary
MD5: 186243516a263e2d3909331dbc7e909c
SHA256: 68b4e04137c4aff56a5595a5fd2f3cc9ae5f61ef17ddd68c1051ea1fff85638a
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\Meta\MetaAuto.xml
binary
MD5: 73f0bc72f43c3498710d64ef6b48216d
SHA256: 3a99f3f422867d9c4d24af798bc5d7c143b974fbc959958eaf2844c7d9385f2f
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\scenario.stg
bs
MD5: c552b7b56c45a83d9c2396a9664870eb
SHA256: b68e69413c5ab11fe0d853947dba288b3f63c8b3eb257d394fafaa843dbdba6e
3740
postsending-1.25.0.exe
C:\Users\admin\Desktop\VisualData Ïî÷òîâàÿ ðàññûëêà.lnk
lnk
MD5: 0cfaa661b8bcc2eb8d9d9ddda03b21ff
SHA256: 3f7e424b5133eb684a221a824a3dba846e13d870ab2f032ddb9bdbe13f94d474
3740
postsending-1.25.0.exe
C:\Users\Administrator\Desktop\VisualData Ïî÷òîâàÿ ðàññûëêà.lnk
lnk
MD5: 0cfaa661b8bcc2eb8d9d9ddda03b21ff
SHA256: 3f7e424b5133eb684a221a824a3dba846e13d870ab2f032ddb9bdbe13f94d474
3740
postsending-1.25.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualData Ïî÷òîâàÿ ðàññûëêà\VisualData Ïî÷òîâàÿ ðàññûëêà.lnk
lnk
MD5: 49a50525979ba3fed9edc9a5f8601721
SHA256: 3691b5cf3f8c8113f3e07223968a79009fde553f473eac291cb366d2062f5ff6
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\config.vdr
dbf
MD5: 66614b7db4d606ced2bdae1fded37e58
SHA256: 02c04718f103f2bdaf8d876a357ba4f175010a19b2d1798420d317db2ce7fc65
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\post-icon.ico
image
MD5: c8572e60d876a03d98ecafc9d873ca43
SHA256: 523a0edd8e7f79c2d6371540236ef734f20aad311570eaa3519f01dbcb288c07
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\config.ini
text
MD5: 8be4a22b50a4e62da9a66ffa24e9cb64
SHA256: 5a23582f334ffa6223d8dd170144e011225aff1405206f452b687e3f0388fc7c
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack2\2019-04-14_000001\00001.vdc
binary
MD5: ebdaa8ed6713056c86fd8a08a95fd292
SHA256: 31e5bdb89eff78beab9cf4ea1e8915c901f97482afb3f7fd886c9d06794a99e7
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack2\2019-04-14_000001\00001.vdo
binary
MD5: 40578856887efdda5cfb5f7b621dab7f
SHA256: c13d37a34529f2db627844eea19d1e793f0e898830e7e6b64fdb79d88a921bdc
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack2\2019-04-14_000001\00001.vda
binary
MD5: a0c1ab9fd8ad3ad962b17101aba70840
SHA256: 8d55f9c4a08ea60e8d0a7cc0967fae3bf742263ba5446caab887b29adbf1b5c8
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\extimg.vdr
dbf
MD5: cc807057298b84d7815960ab607a7e05
SHA256: d0569cbe9289576a3df92952c0fc0a3cdb402c778ae9a63416096bce8a688cc1
3740
postsending-1.25.0.exe
C:\VisualData\postsending\Local\vd.vdr
dbf
MD5: aec924d24ec238fd2c1100b68b007b08
SHA256: 6e9b1ec159344cec23d4aafe1f5cc249826c742f2af8ea4fa4b851ad63e37187
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack2\2019-04-14_000001\00001.vdl
binary
MD5: 3d4a12b28281a44786b2bb5e5a2f1925
SHA256: 5959d6080cadbd43ee9c603f7f9b1814f1a53ba6873bb6f902c68d0ec1e84240
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack2\2019-04-14_000001\Info.ini
text
MD5: 492aa0de1bbd98c646bcc96299c9e4ad
SHA256: 0057d9a6703f20b1469fc909146fc6aba94ac4f1da991f138409927e864e70c3
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: ebdaa8ed6713056c86fd8a08a95fd292
SHA256: 31e5bdb89eff78beab9cf4ea1e8915c901f97482afb3f7fd886c9d06794a99e7
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\ioSpecial.ini
text
MD5: 15e22beb0da2321f8553cde064b1d2fb
SHA256: c7fe95ba93e43ad039fa74f2b513d2b71f8779821f010686d72209ea583b404c
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\ioSpecial.ini
text
MD5: 78b6f1651c26231f7591d980284ad1fc
SHA256: 252e43794085f52b2d72f4d52d0f3c03ef64972071ee7b1cea041ac76ff7050e
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\ioSpecial.ini
text
MD5: 70bf88a1e1a6a818bb86ba0092ad328d
SHA256: 6ecdf355aa8a443af22c6cec7d4b5b81f06f59c68295ef6a0b9f1b25140c8c6a
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\modern-header.bmp
image
MD5: 8c4fbf57882b49af15a5956503298f5a
SHA256: 08a64efd306d643859ba3e48b78d0c8348c0f939c259531641ae9109dcc63465
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack\2019-04-14_000001\00001.vda
binary
MD5: a0c1ab9fd8ad3ad962b17101aba70840
SHA256: 8d55f9c4a08ea60e8d0a7cc0967fae3bf742263ba5446caab887b29adbf1b5c8
3740
postsending-1.25.0.exe
C:\Users\admin\AppData\Local\Temp\nse1514.tmp\modern-wizard.bmp
image
MD5: 755ee551622f820d4adca2fa92b5d9ab
SHA256: 8ede27442b843ee84bb733227ee7b2ffec45f6b5d1cfde7eb36348203c7428b4
2888
postsending.exe
C:\VisualData\postsending\Local\vds\RollBack2\2019-04-14_000001\00002.vdo
binary
MD5: db7876c626b7512cfbb0ca71ddbb981b
SHA256: 187d089c623e02b6e8bc019cf1253cd6fc810ae45ab69ec7ed9542f96832bec9

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.