General Info

File name

retailmarket-5.59.0.exe

Full analysis
https://app.any.run/tasks/cfd4b323-f60c-42d7-89f2-969ddf06e571
Verdict
Malicious activity
Analysis date
4/14/2019, 17:42:16
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

4cf151beef79df33c0e0d1bd6e7579ce

SHA1

3e2eae5c3a3e2fb0dc1112bda088b9bf3191c075

SHA256

ca61c8bc818fdf5b86b94c445bd7c7658a139488378129f82f38ff16c2a3ad10

SSDEEP

393216:xqffNkO8vfn+sFVMTVgjtBYNqG7A04JoHVP6+EnZpxenURJ:EOvfn+sjMTQOJ4JyVP6+EZrJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • vdjobman.dll (PID: 3484)
  • retailmarket.exe (PID: 2832)
Loads dropped or rewritten executable
  • svchost.exe (PID: 840)
  • retailmarket.exe (PID: 2832)
  • retailmarket-5.59.0.exe (PID: 3872)
Starts application with an unusual extension
  • retailmarket.exe (PID: 2832)
Creates files in the user directory
  • retailmarket-5.59.0.exe (PID: 3872)
Executable content was dropped or overwritten
  • retailmarket-5.59.0.exe (PID: 3872)
Creates a software uninstall entry
  • retailmarket-5.59.0.exe (PID: 3872)
Dropped object may contain Bitcoin addresses
  • retailmarket-5.59.0.exe (PID: 3872)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2016:12:11 22:50:45+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
24576
InitializedDataSize:
118784
UninitializedDataSize:
1024
EntryPoint:
0x32bf
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
11-Dec-2016 21:50:45
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
11-Dec-2016 21:50:45
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005E59 0x00006000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.42419
.rdata 0x00007000 0x00001246 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.0004
.data 0x00009000 0x0001A818 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.21193
.ndata 0x00024000 0x0000A000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0002E000 0x00007A70 0x00007C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.98455
Resources
1

2

3

4

5

102

103

104

105

106

110

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start retailmarket-5.59.0.exe no specs retailmarket-5.59.0.exe retailmarket.exe vdjobman.dll no specs svchost.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
840
CMD
C:\Windows\system32\svchost.exe -k netsvcs
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\themeservice.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\slc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sens.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\authz.dll
c:\windows\system32\ubpm.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netjoin.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\browser.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\sscore.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\nci.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\propsys.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\bitsigd.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\wer.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\es.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\windows\system32\appinfo.dll
c:\users\admin\appdata\local\temp\retailmarket-5.59.0.exe
c:\visualdata\retailmarket\local\retailmarket.exe
c:\visualdata\retailmarket\local\vdjobman.dll

PID
2364
CMD
"C:\Users\admin\AppData\Local\Temp\retailmarket-5.59.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\retailmarket-5.59.0.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\retailmarket-5.59.0.exe
c:\systemroot\system32\ntdll.dll

PID
3872
CMD
"C:\Users\admin\AppData\Local\Temp\retailmarket-5.59.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\retailmarket-5.59.0.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\retailmarket-5.59.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsu8282.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\visualdata\retailmarket\local\retailmarket.exe
c:\windows\system32\netutils.dll

PID
2832
CMD
"C:\VisualData\retailmarket\Local\retailmarket.exe"
Path
C:\VisualData\retailmarket\Local\retailmarket.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
VisualData.ru
Description
Движок
Version
1.0.0.0
Modules
Image
c:\visualdata\retailmarket\local\retailmarket.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\visualdata\retailmarket\local\mm.dll
c:\visualdata\retailmarket\local\log.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\visualdata\retailmarket\local\padeg.dll
c:\windows\system32\d3d8.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\ksproxy.ax
c:\windows\system32\d3d9.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\visualdata\retailmarket\local\vdjobman.dll

PID
3484
CMD
C:\VisualData\retailmarket\Local\vdjobman.dll 624 636 2832
Path
C:\VisualData\retailmarket\Local\vdjobman.dll
Indicators
No indicators
Parent process
retailmarket.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\visualdata\retailmarket\local\vdjobman.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll

Registry activity

Total events
388
Read events
377
Write events
11
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\retailmarket.exe
C:\VisualData\retailmarket\visualdata.exe
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
DisplayName
VisualData Ðîçíè÷íûé ðûíîê 5.59.0
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
UninstallString
C:\VisualData\retailmarket\uninst.exe
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
DisplayVersion
5.59.0
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
URLInfoAbout
http://www.visualdata.ru
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
HelpLink
http://www.visualdata.ru
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
Publisher
VisualData
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
Contact
òåë/ôàêñ.: 8 (863) 239-92-54
3872
retailmarket-5.59.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualData Ðîçíè÷íûé ðûíîê-5.59.0
InstallLocation
C:\VisualData\retailmarket
2832
retailmarket.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
retailmarket.exe
2832
retailmarket.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
retailmarket.exe

Files activity

Executable files
8
Suspicious files
64
Text files
111
Unknown types
15

Dropped files

PID
Process
Filename
Type
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\uninst.exe
executable
MD5: 356c4f6e9137d7cfa9721fdf029126aa
SHA256: 3bf26cb365caf36bf44aa46699f8871aba3dfd2965e9a632866c1c313449ddfd
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\log.dll
executable
MD5: ec1e44616127cd10c9f8c4a5feb1b1fe
SHA256: 80e9a9a8e69d77332e98a0134c239d63ac77d1ef6aea205bf9e42d2d61344b40
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\mm.dll
executable
MD5: 7853519763364a97279c4a53a9ec03f3
SHA256: 51bd7a1ac9b2485342b89c56efc24eb92a393b532dd87108eab7fabefee6e87a
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\reportview.exe
executable
MD5: 90e8c0081e38c9deb7f413d33e0b5d50
SHA256: 584984aba4a8fcbf6e891e72681206208fd464b96ec44d485eb3940ca3a842cd
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vdjobman.dll
executable
MD5: 7eba8ae3bbb962f358e778df5b323139
SHA256: f9841cba0f04ecce8917548c7f528aad712bd7d4e55cd32988486d8f4f22efdd
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\retailmarket.exe
executable
MD5: 3a6ec71f31e8fa1110a12b5de3c338e3
SHA256: dc18ecdefa891fa69d9f291c93655dc25807f2c069ac39cf706c710c3aa4311b
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\InstallOptions.dll
executable
MD5: 3e277798b9d8f48806fbb5ebfd4990db
SHA256: fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\padeg.dll
executable
MD5: 2c55e4cbd98451d6305a0f6f9b48d81c
SHA256: 960006c3ece0672d5ac631a0446f01c681fc862bba4463dd59de0bbad992acae
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VisualData Ðîçíè÷íûé ðûíîê\×òî íîâîãî.lnk
lnk
MD5: 24b4ed572276caac56cf18bd245cf448
SHA256: ec8e172914c0ca86b67197978a0f190317ee4cc95c79888dafe2590ac9a0d140
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\RollBack\2019-04-14_000001\00002.vdo
binary
MD5: 4ebcced09c4cf10295f5eebfdfd0c60d
SHA256: a0a5c4e4f1be99ee1af1a4ef5e24003f6d1d6fc4a5c4221cdfcf7bf0547585cf
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\retailmarket.log
text
MD5: 1b7fb1336cbc89d03ea29795acc2caef
SHA256: 961112c1009268fea33df837796a08e71ea04753326e7f552f5089d0b4703131
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\RollBack\2019-04-14_000001\00001.vda
binary
MD5: 71f8385a3a79ff8afe594e2e81dd1c41
SHA256: 82c48a3e4b69b7f96df6a6004d11bb55481ddba537fbf7dcc3b27f681b3cb6b9
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\RollBack\2019-04-14_000001\Info.ini
text
MD5: 88c52e687e5c310d8d249a0c342725c2
SHA256: eca4aaec2c4f003a7764048361b675bab1771f468e14558b42c989931705cf95
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: 0d2f4dd27ed64d6608394f0445fa2013
SHA256: 54e325d46b575e6d19e6de3be07a1cf5c0f547c714740b5ff98e65aec450c300
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\arc\00001.vdc
binary
MD5: 8e63b0354b29aaa8635dbc29f956e532
SHA256: 93b02a934930fd89402c2040e2f40224f769621e9ba2d09efccef33084d35b30
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\arc\00002.vdo
binary
MD5: 4ebcced09c4cf10295f5eebfdfd0c60d
SHA256: a0a5c4e4f1be99ee1af1a4ef5e24003f6d1d6fc4a5c4221cdfcf7bf0547585cf
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\arc\00002.vdo
––
MD5:  ––
SHA256:  ––
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\arc\00001.vda
binary
MD5: 71f8385a3a79ff8afe594e2e81dd1c41
SHA256: 82c48a3e4b69b7f96df6a6004d11bb55481ddba537fbf7dcc3b27f681b3cb6b9
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\arc\00001.vdo
binary
MD5: 88f0e835cb9ebef222323c48e1c3ba95
SHA256: 61b6a641f69cc937203f6269228639261e333b46667442913078e91666b1813c
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\arc\00001.vdl
binary
MD5: 0d2f4dd27ed64d6608394f0445fa2013
SHA256: 54e325d46b575e6d19e6de3be07a1cf5c0f547c714740b5ff98e65aec450c300
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\retailmarket.log
text
MD5: 310361d938c295f90772d3bf4933a3c3
SHA256: ae6bb1542780fd710c0df16e709e8ce5ad55bdfbf07ce38650b5e24da74a2882
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\retailmarket.log
text
MD5: aa8f9eb723e30885e4a5d901e9361a68
SHA256: 48c192fe5b937b14a58c17f10cb80b66ab7d4fac9854f817be38b4036b2b9a71
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\Info.ini
text
MD5: a81b34e5b380b0131a2a939f855493f1
SHA256: f0a470892dee377c1c3e4b487eb4a0f1646d5581906789f6634fc22a9790f9b6
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: 943959697cb3346780b10a4f4bc076fc
SHA256: 46d6dd73846ede6604955ded860f81555ae99a51a498a85d75024b51dc8fd7d7
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdl
binary
MD5: 1ba4a22cf78da714897aa615210a9162
SHA256: b4e0eae9c1e42732f91b14068838e30c0e1bbab62a81e1c3c0006a2e03a97a5a
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vdo
binary
MD5: 32cb3190aebdab9c64233e335a3c4020
SHA256: 6a499dad0fae0f3d068bc44d77fe90a8aad6d4566076e3930c67f97103d52c34
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\RollBack\2019-04-14_000001\00001.vda
binary
MD5: 1ba4a22cf78da714897aa615210a9162
SHA256: b4e0eae9c1e42732f91b14068838e30c0e1bbab62a81e1c3c0006a2e03a97a5a
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\arc\00001.vdc
binary
MD5: 943959697cb3346780b10a4f4bc076fc
SHA256: 46d6dd73846ede6604955ded860f81555ae99a51a498a85d75024b51dc8fd7d7
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\arc\00001.vdo
binary
MD5: 32cb3190aebdab9c64233e335a3c4020
SHA256: 6a499dad0fae0f3d068bc44d77fe90a8aad6d4566076e3930c67f97103d52c34
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\arc\00001.vda
binary
MD5: 1ba4a22cf78da714897aa615210a9162
SHA256: b4e0eae9c1e42732f91b14068838e30c0e1bbab62a81e1c3c0006a2e03a97a5a
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\arc\00001.vdl
binary
MD5: 1ba4a22cf78da714897aa615210a9162
SHA256: b4e0eae9c1e42732f91b14068838e30c0e1bbab62a81e1c3c0006a2e03a97a5a
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\00001.vda
text
MD5: 469df94a6d6ce097feb8e541176cad86
SHA256: e1393160ebfb9111815c47f4d5e153eef9aa253166677a29d10fd032a3382046
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\00001.vdl
text
MD5: 469df94a6d6ce097feb8e541176cad86
SHA256: e1393160ebfb9111815c47f4d5e153eef9aa253166677a29d10fd032a3382046
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\00001.vdo
text
MD5: c3958fe95f7ffe72fcedae263497c64e
SHA256: 039da8ecd81ef63324631cfa773529db755cf324c7695aa5f6de7773cdf48f4a
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\blobs\vdbdoc\00001.vdc
text
MD5: 058dcc1f52f6bcb8af7d4359314e40c1
SHA256: 8ca45cec662a853c7cfac0f7384872a27a8ba15f17ff7953a9188be042cfa8a4
840
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: ef6f6ed4dce1742da1e08558f1bb44db
SHA256: e7319546457a337a54fef187363983d797f38ae6f07f7988a44db540498f1316
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\retailmarket.log
text
MD5: 545e133175c41392621623e9da8ee9a9
SHA256: f2db29c677e6e9397a5cdd123bc6fb7b33b331c10c2054464cc2a4b97a26d2d6
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\ioSpecial.ini
––
MD5:  ––
SHA256:  ––
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8281.tmp
––
MD5:  ––
SHA256:  ––
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\ioSpecial.ini
text
MD5: 925d862ea9fb763e85900faff8764132
SHA256: 26aea4274956abff6bb4f07a20f31b5117798a500190cfef4fe1d5373702f5b8
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\whatsnew.html
html
MD5: ed8ff6f22636482c9c812225bf3dd67e
SHA256: 6a51d55682b5328cff8913750c9ca0b6681239c9a477defccafae461c451dc89
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\retailmarket.log
text
MD5: 9211bf39f9da50a94968b9720e28a037
SHA256: 8f1548c523630a8e00678c54a8bf23c1583b0a9db3e891b9b713ee7a2d97365f
840
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 27bffd90e081dee316abe45afdd62629
SHA256: ad9a31db4a3c7d160b4770098dc531f65ac55b101bd5c987fc132a09bce51c7f
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VisualData Ðîçíè÷íûé ðûíîê\Ëèöåíçèÿ.lnk
lnk
MD5: 911b8a6f5a95559544edab3c02bea42c
SHA256: ecec11f0a29c92eac7fd260bf3f406e37c6bb447234a08e34a9d936be41033af
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\license.rtf
text
MD5: d897d5bc0b809068682709e3ee8a7296
SHA256: 8e86a5a9d880332db7aa2f342b1ce4669811525f338385ff5658cc842c2ef99a
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VisualData Ðîçíè÷íûé ðûíîê\Óäàëåíèå ïðîãðàììû.lnk
lnk
MD5: 540755cb888bc62dee2bf07edf8cfd19
SHA256: 240e821fcf802d5e17bd99937d411f225feb21392c0b380a315d34471b14da45
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\õîðîøèå øàáëîíû\OOO Zapadnoe.zip
compressed
MD5: 9af1f435e9ae1abecb61c2746658ab6b
SHA256: 0db8597f93dd09e676a6dd50b82dc33850dfc0f28967665fe4ad6a8addeaae38
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\ðóêîâîäñòâî îò Ëàðèñû.doc
document
MD5: 27af49c1fabae11c0e59fb07e31b2aea
SHA256: 5b31485a0ce97d449cd57eb668696468d09bbded7f638cc84885ce561d3bdba3
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\êîìåíòû ê äîêóìåíòàöèè 2.odt
odt
MD5: fd0a9626eff56694839da33183cac2ee
SHA256: 7bfd8492a508788f9b09246149d14b54e33be0b90d4d5a253c6efcb714e93063
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\êîìåíòû ê äîêóìåíòàöèè.odt
odt
MD5: 1109ac591e82acd7353ca8a20ce25130
SHA256: dc97f84d5bb478c811ee1e12165578d02df30175091579a26f80a2cc3267a692
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\Îò÷åò â ñòàòèñòèêó (ôîðìà 3 ðûíîê).doc
document
MD5: c05edc2520494c6731cd743b023961a2
SHA256: 125281a0df62ad64b6a8269d4d9225ecc7373e40e0e12762e6d00c3d0959434f
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\Îò÷åò â ñòàòèñòèêó (ôîðìà 3 ðûíîê).odt
odt
MD5: e6b7e4e3d0e3202b4f449f5f1c3b7865
SHA256: 9d6d7519114ab71bfa120e671a008ee46b54d3894e117222449b742c661f9196
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\ÎÊÂÝÄ2.csv
text
MD5: ea3ac15a0aac966209834bbbb8319343
SHA256: 01991c7199a35b7e3e316ae65484b36307e416c8376fd286bfa11e47ffcee86b
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\ÎÊÂÝÄ2.ods
ods
MD5: 50e0915a4e0381ff2bb2ec8262c05737
SHA256: f678863fb44135b6be519b25e799c110dd5262ed6c352acb58dd0318e4a5e80e
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\Äèàãðàììà ïðîöåññîâ.odg
odg
MD5: 59bdd9b3d326024dce12fa4a42c33a68
SHA256: 50d20b338441dcae18ecc280930bb7aa4ce55d6b0fb3a4ee6ea70c9d0bd1ddbd
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\retailmarket_doc.zip
compressed
MD5: 478d1b43d0bb13bcef6e8e3176c310d1
SHA256: 77e53891c54ca8b13d114be0b9d53e8a45bd5b5b2089c4de053ef9c35373211f
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\doc\retailmarket.doc
document
MD5: 1d0f36121857e13a84d6624f29e5a8bb
SHA256: c1ef7de83d7b4523556e03cd6c589b25f267449afc610152f7a72db4f83982cd
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\Blobs\Blobs\0000000001\0000000006\0000000006\Caption.ini
text
MD5: 067a8ef873168eb2b405a6c9b58b64be
SHA256: a7d32fbdfcab3053d7197f72ec1c528c33faf57b6f20ba62f00ec26484c54982
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\Blobs\Blobs\0000000001\0000000006\0000000006\002
html
MD5: d6be2d49f99b3c708e1b75eab8b59ada
SHA256: 36f5a330f0ae2262eb4dd12eea8ec96badbced6816fdb70482ccfade83b3cbc3
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\00002.vdo
binary
MD5: 05c4a753addbaa49e4d0bbf198174ba1
SHA256: ecd49abdca429a8f247f1af90aec21dd1245c3dd93954e91ae1d6632a0b526b5
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\00001.vdo
––
MD5:  ––
SHA256:  ––
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\00001.vdc
binary
MD5: fba38bc89c8b8dca749dd66803b6734a
SHA256: 6e5f574be457215210eadaf8fd4d3353af5e5522cc144313a7615254feffb51c
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\00001.vda
binary
MD5: b81bd12540b769d6dcf85da2712294d5
SHA256: 2582c852fe733d20be7a1e325d7058441845cd4a7d8d040fba3f44ebbe44a16c
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vds\WorkArea\00001.vdl
binary
MD5: 602f4f61dd220dc50458db8ae70dc17e
SHA256: 9b8b70e0cc5df81439648464bcf327bd738baa463ce4a4cb1de1bb093e150ab1
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\Meta\MetaAuto.xml
binary
MD5: 7f344ac117004833c390f0563cdf7504
SHA256: 98394bf8cc452261c4c3ef36d8fc3187e9feaf268985bf1f1d374c459d4fa621
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\scenario.stg
––
MD5:  ––
SHA256:  ––
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VisualData Ðîçíè÷íûé ðûíîê\VisualData Ðîçíè÷íûé ðûíîê.lnk
lnk
MD5: 82270eec01b1c626cf7cfb2bfa9dd70d
SHA256: 9f9ab4dbf9df302be1715d0290cc718df2e01026bcf940a97d5b0b77c2ec37b4
3872
retailmarket-5.59.0.exe
C:\Users\admin\Desktop\VisualData Ðîçíè÷íûé ðûíîê.lnk
lnk
MD5: 7a219ed890b91696bb9d70e4f0a74861
SHA256: 7d0c36cb5ad3e90ce9d45a286e2fd40e17c7f3dd1d2f5d683638ef64125da826
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\config.vdr
dbf
MD5: 8a2d95b2903f7ec11e829d0486d02d51
SHA256: 8c0f5982da226754fbc92899cb1f2dff7d672a764e40af9af3bd279d6aea22be
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\config.ini
text
MD5: 91a34995fbf1bb5e4c111992a692ea25
SHA256: d84ac9078aa10ce9e13f5b876401a948dfeecdf6f7a9729ad56c8f850611846a
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\FullJournal\2019-04-14_000001\00002.vdo
binary
MD5: 4ebcced09c4cf10295f5eebfdfd0c60d
SHA256: a0a5c4e4f1be99ee1af1a4ef5e24003f6d1d6fc4a5c4221cdfcf7bf0547585cf
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\FullJournal\2019-04-14_000001\00001.vdo
binary
MD5: 88f0e835cb9ebef222323c48e1c3ba95
SHA256: 61b6a641f69cc937203f6269228639261e333b46667442913078e91666b1813c
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\FullJournal\2019-04-14_000001\00001.vdl
binary
MD5: 0d2f4dd27ed64d6608394f0445fa2013
SHA256: 54e325d46b575e6d19e6de3be07a1cf5c0f547c714740b5ff98e65aec450c300
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\vd.vdr
dbf
MD5: aec924d24ec238fd2c1100b68b007b08
SHA256: 6e9b1ec159344cec23d4aafe1f5cc249826c742f2af8ea4fa4b851ad63e37187
3872
retailmarket-5.59.0.exe
C:\VisualData\retailmarket\Local\extimg.vdr
dbf
MD5: bb1dcc096493c6ca464f54f944b2ecc0
SHA256: a10d90de31ba094ca58d7d40eb19a30981cd6994e779a7f514c58340dd80d60b
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\FullJournal\2019-04-14_000001\00001.vda
binary
MD5: 71f8385a3a79ff8afe594e2e81dd1c41
SHA256: 82c48a3e4b69b7f96df6a6004d11bb55481ddba537fbf7dcc3b27f681b3cb6b9
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\FullJournal\2019-04-14_000001\Info.ini
text
MD5: 88c52e687e5c310d8d249a0c342725c2
SHA256: eca4aaec2c4f003a7764048361b675bab1771f468e14558b42c989931705cf95
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\RollBack\2019-04-14_000001\00001.vdc
binary
MD5: 8e63b0354b29aaa8635dbc29f956e532
SHA256: 93b02a934930fd89402c2040e2f40224f769621e9ba2d09efccef33084d35b30
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\ioSpecial.ini
text
MD5: 3b431729a0cab1d644552b2cdef47550
SHA256: 3ff35a19cab16474b1f8957e2791e83ee78911bcc6af60329203c5225c839284
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\ioSpecial.ini
text
MD5: c1d464504eb33f2f44c7a6f9c2fe0da9
SHA256: b1f006b98c38bbb2d56a3aa4d0ff48bdf4ed652d6a6faffc5ea895cfc831598f
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\modern-wizard.bmp
image
MD5: 755ee551622f820d4adca2fa92b5d9ab
SHA256: 8ede27442b843ee84bb733227ee7b2ffec45f6b5d1cfde7eb36348203c7428b4
3872
retailmarket-5.59.0.exe
C:\Users\admin\AppData\Local\Temp\nsu8282.tmp\modern-header.bmp
image
MD5: 8c4fbf57882b49af15a5956503298f5a
SHA256: 08a64efd306d643859ba3e48b78d0c8348c0f939c259531641ae9109dcc63465
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\RollBack\2019-04-14_000001\00001.vdo
binary
MD5: 88f0e835cb9ebef222323c48e1c3ba95
SHA256: 61b6a641f69cc937203f6269228639261e333b46667442913078e91666b1813c
2832
retailmarket.exe
C:\VisualData\retailmarket\Local\vds\FullJournal\2019-04-14_000001\00001.vdc
binary
MD5: 8e63b0354b29aaa8635dbc29f956e532
SHA256: 93b02a934930fd89402c2040e2f40224f769621e9ba2d09efccef33084d35b30

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.