General Info

File name

DraftableCompare.exe

Full analysis
https://app.any.run/tasks/50613c66-f7ff-4ec8-aefd-cd98feb95c37
Verdict
Malicious activity
Analysis date
5/15/2019, 01:27:13
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

4dd1bbdc08b9c120af5cc34a592cf917

SHA1

f575f63888977250399f9513e82d8c11288b7223

SHA256

e1283a9491e435d6acfe54871e6be8b036b713a14e2a1c244d908f0b6e4ddb12

SSDEEP

12288:bDPdsil5fCMggBIiMVO26kk+FGzeMb01JQntLOCVkoSrUf:bD1s2ts96kTMemVuc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • dfsvc.exe (PID: 3656)
Changes settings of System certificates
  • dfsvc.exe (PID: 3656)
Reads Environment values
  • dfsvc.exe (PID: 3656)
Reads Internet Cache Settings
  • dfsvc.exe (PID: 3656)
Reads internet explorer settings
  • dfsvc.exe (PID: 3656)
Executable content was dropped or overwritten
  • dfsvc.exe (PID: 3656)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable (generic) (52.9%)
.exe
|   Generic Win/DOS Executable (23.5%)
.exe
|   DOS Executable Generic (23.5%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2015:07:07 08:26:33+02:00
PEType:
PE32
LinkerVersion:
14
CodeSize:
364544
InitializedDataSize:
481792
UninitializedDataSize:
null
EntryPoint:
0x330c2
OSVersion:
5.1
ImageVersion:
10
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
14.0.23107.0
ProductVersionNumber:
14.0.23107.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
null
FileDescription:
Setup
FileVersion:
14.0.23107.0 built by: D14REL
InternalName:
setup.exe
LegalCopyright:
© Microsoft Corporation. All rights reserved.
OriginalFileName:
setup.exe
ProductName:
null
ProductVersion:
14.0.23107.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Jul-2015 06:26:33
Detected languages
English - United States
Debug artifacts
setup.pdb
CompanyName:
null
FileDescription:
Setup
FileVersion:
14.0.23107.0 built by: D14REL
InternalName:
setup.exe
LegalCopyright:
© Microsoft Corporation. All rights reserved.
OriginalFilename:
setup.exe
ProductName:
null
ProductVersion:
14.0.23107.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000118
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
07-Jul-2015 06:26:33
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00058E58 0x00059000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.39733
.data 0x0005A000 0x00003D2C 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.69795
.idata 0x0005E000 0x0000152A 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.45654
.rsrc 0x00060000 0x0006EF64 0x0006F000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.27334
.reloc 0x000CF000 0x00003B4C 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.60243
Resources
1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

107

108

119

120

1000

1001

1002

1003

1004

1005

1006

1008

1009

1010

1011

1012

1013

1016

1017

1018

1019

1020

1021

1023

1025

1026

1028

1029

1030

1031

1032

1033

1034

1035

1036

1037

1038

1039

1041

1042

1043

1044

1045

1046

1047

1048

1049

1050

1051

1052

1053

1054

1055

1057

1058

1101

1200

1201

1202

1203

1204

1205

1206

1207

1208

1209

1210

1211

1212

1213

1400

1401

1402

1405

1416

1420

1423

1424

1425

1426

1427

1429

1430

1432

1433

1435

1436

1437

1438

1442

1443

1444

1446

1447

1448

1449

BASEURL

HOMESITE

SUPPORTURL

SETUPCFG

CULTURE

COUNT

EULA0

EULA1

CODEPAGE

SETUPRES

Imports
    KERNEL32.dll

    GDI32.dll

    ole32.dll

    Secur32.dll

    SHELL32.dll

    USER32.dll

    CRYPT32.dll

    WININET.dll

    msi.dll

    ADVAPI32.dll (delay-loaded)

Exports

Screenshots

Processes

Total processes
33
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start draftablecompare.exe dfsvc.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2232
CMD
"C:\Users\admin\AppData\Local\Temp\DraftableCompare.exe"
Path
C:\Users\admin\AppData\Local\Temp\DraftableCompare.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup
Version
14.0.23107.0 built by: D14REL
Modules
Image
c:\users\admin\appdata\local\temp\draftablecompare.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dfshim.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfdll.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe

PID
3656
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
Indicators
Parent process
DraftableCompare.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
ClickOnce
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\dfsvc\80701deef4188b417e2cd7c6417e7c7e\dfsvc.ni.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.deployment\b3731330e134999c1943e5876497d295\system.deployment.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.security\11689060f7aa189e220cf9df9a97254e\system.security.ni.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\dsrole.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.pdfium.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\nunit.framework.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\system.windows.interactivity.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\zh-hant\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.diff.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.pdf.ui.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.updater.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\es\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.collections.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\postsharp.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.settings.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.licensing.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.sais.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.annotations.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\servicestack.text.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\en\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\zh-hans\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\de\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\ko\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.pdfconversion.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\ru\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.cdiff.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.comparetool.exe
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\fr\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.com.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\bouncycastle.crypto.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.utils.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.prelude.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.comparerunner.exe
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\ja\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.office.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\it\system.windows.interactivity.resources.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.pdf.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\hardcodet.wpf.taskbarnotification.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\fsharp.core.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.aspects.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\log4net.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\icsharpcode.sharpziplib.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.exceptions.dll
c:\users\admin\appdata\local\temp\deployment\6w5m0ehz.tb8\qmy1otn3.kwc\draftable.types.dll

Registry activity

Total events
235
Read events
170
Write events
64
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASAPI32
EnableFileTracing
0
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASAPI32
EnableConsoleTracing
0
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASAPI32
FileTracingMask
4294901760
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASAPI32
ConsoleTracingMask
4294901760
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASAPI32
MaxFileSize
1048576
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASAPI32
FileDirectory
%windir%\tracing
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASMANCS
EnableFileTracing
0
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASMANCS
EnableConsoleTracing
0
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASMANCS
FileTracingMask
4294901760
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASMANCS
ConsoleTracingMask
4294901760
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASMANCS
MaxFileSize
1048576
2232
DraftableCompare.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DraftableCompare_RASMANCS
FileDirectory
%windir%\tracing
2232
DraftableCompare.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2232
DraftableCompare.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2232
DraftableCompare.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2232
DraftableCompare.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2232
DraftableCompare.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3656
dfsvc.exe
delete key
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
W3820G7YZNLDD6YC27QP5KGG
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
GYV5CXPO2R1VDON6TMK9OCJ0
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
RPKRWPYEDX10AV9N6YX0XP3Y
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
0
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
0
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
4294901760
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
4294901760
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
1048576
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
%windir%\tracing
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
0
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
0
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
4294901760
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
4294901760
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
1048576
3656
dfsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
%windir%\tracing
3656
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3656
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3656
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3656
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3656
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\92C1588E85AF2201CE7915E8538B492F605B80C6
Blob
03000000010000001400000092C1588E85AF2201CE7915E8538B492F605B80C61400000001000000140000005AC4B97B2A0AA3A5EA7103C060F92DF665750E58040000000100000010000000B656376C3D2ACEBBA18849D604361BD50F0000000100000020000000E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65190000000100000010000000021DFB9B16B1303A97B0BF78CDA68E46180000000100000010000000749966CECC95C1874194CA7203F9B6202000000001000000340500003082053030820418A00302010202100409181B5FD5BB66755343B56F955008300D06092A864886F70D01010B05003065310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312430220603550403131B4469676943657274204173737572656420494420526F6F74204341301E170D3133313032323132303030305A170D3238313032323132303030305A3072310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3131302F0603550403132844696769436572742053484132204173737572656420494420436F6465205369676E696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100F8D3B31C7F0E11AF677707D30B314919CFD0FB4599B13ADB44F57FE5A89DDB32D771EA769D052EB78FFA9243C0A5F989D43719D7B6AAF09C86A5D825AC0E79283A7EE9D167D3C6FB2927C7D37B2394E4912396907782F9A18423661254335074B12826BB2469C2C252F214678A8945D42DA1A3E9882C2095AE1C4A8708DF0CF5E24D6018BEAAC4B2AE70316633713EAC70A2ABCE7FE97CCB92A1E53B311CCFEAF20AE457BB4AB5E974E62BFE6CCB7E7439360D90EFE4B54EA4A9EA6A0AAB84F3AC674EB5C4F78CD1202523EB08643E5296C1F20F12F4C58E0FC1A2E82C51F773BCBD85B1628373418207E4388B6A7320D00F64733C9E9FA633A9FD19DF2593D10203010001A38201CD308201C930120603551D130101FF040830060101FF020100300E0603551D0F0101FF04040302018630130603551D25040C300A06082B06010505070303307906082B06010505070101046D306B302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304306082B060105050730028637687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274417373757265644944526F6F7443412E6372743081810603551D1F047A3078303AA038A0368634687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274417373757265644944526F6F7443412E63726C303AA038A0368634687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274417373757265644944526F6F7443412E63726C304F0603551D20044830463038060A6086480186FD6C000204302A302806082B06010505070201161C68747470733A2F2F7777772E64696769636572742E636F6D2F435053300A06086086480186FD6C03301D0603551D0E041604145AC4B97B2A0AA3A5EA7103C060F92DF665750E58301F0603551D2304183016801445EBA2AFF492CB82312D518BA7A7219DF36DC80F300D06092A864886F70D01010B050003820101003EEC0D5A24B3F322D115C82C7C252976A81D5D1C2D3A1AC4EF3061D77E0B60FDC33D0FC4AF8BFDEF2ADF205537B0E1F6D192750F51B46EA58E5AE25E24814E10A4EE3F718E630E134BADD75F4479F33614068AF79C464E5CFF90B11B070E9115FBBAAFB551C28D24AE24C6C7272AA129281A3A7128023C2E91A3C02511E29C1447A17A6868AF9BA75C205CD971B10C8FBBA8F8C512689FCF40CB4044A513F0E6640C25084232B2368A2402FE2F727E1CD7494596E8591DE9FA74646BB2EB6643DAB3B08CD5E90DDDF60120CE9931633D081A18B3819B4FC6931006FC0781FA8BDAF98249F7626EA153FA129418852E9291EA686C4432B266A1E718A49A6451EF
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\draf..tion_ed18b5d23647a6f3_0001.0001_aec4c29c5c7dbd22
appid
68747470733A2F2F647261667461626C652D636F6D706172652E73332E616D617A6F6E6177732E636F6D2F6C6976652F447261667461626C652E436F6D70617265546F6F6C2E6170706C69636174696F6E23447261667461626C652E436F6D70617265546F6F6C2E6170706C69636174696F6E2C2056657273696F6E3D312E312E332E322C2043756C747572653D6E65757472616C2C205075626C69634B6579546F6B656E3D656431386235643233363437613666332C2070726F636573736F724172636869746563747572653D6D73696C
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\draf...exe_ed18b5d23647a6f3_0001.0001_none_38b7bd33a599801d
identity
447261667461626C652E436F6D70617265546F6F6C2E6578652C2056657273696F6E3D312E312E332E322C2043756C747572653D6E65757472616C2C205075626C69634B6579546F6B656E3D656431386235643233363437613666332C2070726F636573736F724172636869746563747572653D6D73696C2C20747970653D77696E3332
3656
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\draf...exe_ed18b5d23647a6f3_0001.0001_none_38b7bd33a599801d
lock!01000000de211400480e0000e40d0000000000000000000090346abbac0ad501
30303030306534382C30316435306161633939353431356438

Files activity

Executable files
56
Suspicious files
4
Text files
47
Unknown types
1

Dropped files

PID
Process
Filename
Type
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Office.dll
executable
MD5: 57307b1628c7056c60fa151cddd34acc
SHA256: b74f9910486b6e7ea2d3354ddb3300d547a4f0035a24aa2a6a81b4420a08c4af
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.COM.dll
executable
MD5: 865582fecc109668bebc129a9a7e3789
SHA256: ce980db0c4f293fffa83130e624fd248c6274b217ac90366a698999a1b96791c
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\pdfium.dll
executable
MD5: f303241faadcad44c9ff6d44f42a7d9a
SHA256: 40f1b2c58a3152d7d7a8fbdd435350c9200fd0df97c05739eec60cba024a32ba
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\BouncyCastle.Crypto.dll
executable
MD5: 3cf6bf0e0a27f3665edd6362d137e4cc
SHA256: 1985b85bb44be6c6eaf35e02ef11e23a890e809b8ec2e53210a4ad5a85b26c70
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\dscrt40.dll
executable
MD5: 9536d612373feef8af33778d78a69948
SHA256: 1875e9f0f381c2aa5487f03f92213fae11df4520f8164b04651a27a08a6b72f0
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Utils.dll
executable
MD5: bef5107b69a65e4a20d040024f1c5e7a
SHA256: a7a2e4b41dec5fb5bed6bccf1022b56c96a3ad1517050353bad1cc0fe149eb32
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\pxclib40.dll
executable
MD5: e32d8a26df9de7fde9b5874b514cc899
SHA256: 5ec982cd1bb82f466eb445bf65f6a7dd3f7d08be7fa8dd160f9e8cb171142532
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Prelude.dll
executable
MD5: 4157a611703ab08581dcf4c987d0a25f
SHA256: 2930d9d13deb17749ded92457985e959b0e3002f147be62904ce106907e7d83e
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\dscrt40.dll
executable
MD5: c42dd103b61a9c43383e2f3ae204fc32
SHA256: 0a25a514d03c364a78321049683bd7577e5c6ecc9de024197ad0e9ed6d8a7903
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CompareRunner.exe
executable
MD5: b704dbd3097057e1cae277aaa9aa53e5
SHA256: 5498b21f646aa8094fdb710b37a3e6ea6bea2f252a2736212ef4f6e737de4903
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\fr\System.Windows.Interactivity.resources.dll
executable
MD5: 9a9cf430d53af3a653e2915304bcc687
SHA256: e181984d844aa7030623f602b636ef75299b59d750c88d8006da015de3502266
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\pxclib40.dll
executable
MD5: 8e19e4d78e8f0230dbca1cc7efb5c062
SHA256: 03132b54014f26154785d1c4f0b8f9cfdc8188ba326095f2acc18cb381d27c09
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDFium.dll
executable
MD5: 83cdf71e305ad1fc104dc92a2dec219b
SHA256: 6a97dca1970e0c7cd605ea122ee1abb34016ce7cbdca44583c0cdb22ca250260
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ja\System.Windows.Interactivity.resources.dll
executable
MD5: 5a52209cd852e35297087f64a633fa3c
SHA256: 83cc1b9613ca357b99d8a20d205c2176e1de29ddd1218e8165cd7c3b6cb00843
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CompareTool.exe
executable
MD5: 5487b303701c5265f5a3331d0d5cf822
SHA256: 9ee3949cd4a6e2f158f3ed83ca62f18935a51288420c4a3babc45ac1f51e532f
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\ixclib40.dll
executable
MD5: b3e29aa23e676a202c8428bf9bca5051
SHA256: bf03f3950bdea7d0374593d611fb39447388dbc26fce3eb50deb7f011828fb0a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\nunit.framework.dll
executable
MD5: 75ea00e505577574c551b3474c12366c
SHA256: 694006dbc50d5bfc124dca5a06a2757b1d8d8fcef540c0d7ef8ee33276de8b3d
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\it\System.Windows.Interactivity.resources.dll
executable
MD5: 375bad10e55dadc34ba03d102cd2bea6
SHA256: 6fcd674338990f2964659b9318e0e7c15d69b7412e18fb1aa8ab38e9e94d318f
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CDiff.dll
executable
MD5: 760bd63e9b8ef1a3bcecac3e70f636b2
SHA256: 9b78f1bfb1e7ef544938986cb1611d806a05c8d65ae6a057e06829d6efa0c2a2
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\pdfium.dll
executable
MD5: 2a3f9078d6cd6998a865bb10d3ae68d4
SHA256: a44ba72ea56bdfcd3d3af429d97816159ed13a96bb5caca7d4d694c8a4ddafde
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\System.Windows.Interactivity.dll
executable
MD5: 580244bc805220253a87196913eb3e5e
SHA256: 93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDF.dll
executable
MD5: d10b99848cb38a2312100f103d683da4
SHA256: 771a08c59230de260396dc8935bd96fe1375248fa39dc71be56a09e6190591ac
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ru\System.Windows.Interactivity.resources.dll
executable
MD5: 53841065bf88b424ba18b3c5f581b484
SHA256: 5abf4c385e916c03d6bfe73b67c0deb6f86d093cb4e876a13d3a2dc3e18327b3
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\ixclib40.dll
executable
MD5: 3304c1806d79726ddd8c7374f5c734d3
SHA256: 3b0d6ce0f01c6bcc9445c5ee14f9fa1fb94e34184bafb619c14ee6ddd26c8652
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\zh-Hant\System.Windows.Interactivity.resources.dll
executable
MD5: a5acd823bc0449030a0af5e3d513d12a
SHA256: 3c2c9193db37c3368cd9cbaefeb4797d6fa4c05ba30aa107d64ab004f5bf12bc
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Hardcodet.Wpf.TaskbarNotification.dll
executable
MD5: 810105219d96749674c5bf31c82a3b09
SHA256: 4a2438ecfcad3e6e7bb942acf2c40fbe2c0d72e4982df303ab5828af26ca753e
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDFConversion.dll
executable
MD5: b7d8ddcb8fd18ec2061ede69a2541709
SHA256: d9574f6bc6472fe35950b0382b64052b9045e7e4d7d9cdb31bdf970205367bec
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\netlib40.dll
executable
MD5: 3e8830a03a8d57b2e4256825a51f1908
SHA256: 5e6fee67f82dd622e258e189b2a977f96994b511f9c3aa60d5d1406598408e4f
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Diff.dll
executable
MD5: 2ca1729e6e5b412c6d130e2edfd0bacd
SHA256: 6ce6d518e29c54ce0a13e6097cc166afd6dd8d3491b75b9f9106be70e51dad5c
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\FSharp.Core.dll
executable
MD5: 80e2c87c64da3f2554a54f48a2beb0bf
SHA256: e62f87d6125241eb346902287b47e24ac64fce7d922d9059b9b5992af5f0a19d
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ko\System.Windows.Interactivity.resources.dll
executable
MD5: 22379ac3e626271a09e4343cd1ff63c6
SHA256: 119dc1592b7f89ced297c1b07797887c5da922dd50e96309d910d20f8a460507
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\xccdx40.dll
executable
MD5: fb004bf4d57437441b4b1184ee9cd68e
SHA256: a2298903155e9d4d81146496eb22dd71b004e09c3777f45519a72e5d9e76a49a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDF.UI.dll
executable
MD5: ede3e0c05f45508cb8da42d20f3ff800
SHA256: 1cbb730b92e0bb1d77939f3f9f15016b53a0c3fb0c5735dd5237df517d95f2f5
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Aspects.dll
executable
MD5: 726b1f63d8a93437f3f412a466af2db1
SHA256: bc95a37cd008b18c13863c3a973aef95fadbfd049faeae9886302d9c952ac8ae
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\de\System.Windows.Interactivity.resources.dll
executable
MD5: 4234aa752c711ff00b92d9e4eca6e799
SHA256: 4bdd7ce53b51867efd63d8e240b38beb6dd903a8d086d48fe59c8eb87ca95b3e
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\xcpro40.dll
executable
MD5: 612cc5ba2466db7d871bd2e3bc4c79fb
SHA256: b27d56202d369bd1f4e5ba32890626edc01a3b620bf329e461fcf63ceee1ec81
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Updater.dll
executable
MD5: 125b55a24fb29f3b094fd912197d815c
SHA256: 3e4098434fb65e7727ad33153d9bf56d359d981bc8c3df542d0a9fda2a57e176
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\log4net.dll
executable
MD5: 06b1ec5e2dfe9ff607a5845c9d69292f
SHA256: f7b220d6614e6cdb14a72c28ea4c21d210402317a9b255e4af555116cb978d8a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\es\System.Windows.Interactivity.resources.dll
executable
MD5: 4d4c029e96eeaadf0ba9a759b8b7aaa5
SHA256: c9970100ed48564f4779bc03b65b69adf55b679f3132adb7a7caa3d7aa401137
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\netlib40.dll
executable
MD5: c17a925588d8a56f9ad5766e166c9fea
SHA256: 2d3ea99a938c238d5e92227ddb7f7922f288ab48865600806cac542dc9ebdaff
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Collections.dll
executable
MD5: 58def1aa448c4e27759d9ca9227a650e
SHA256: 8ac10cd0f9b3f4cb70070614208c0ac4603c86fb9735d43b94a3849c1ec855a7
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ICSharpCode.SharpZipLib.dll
executable
MD5: c8164876b6f66616d68387443621510c
SHA256: 40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\PostSharp.dll
executable
MD5: 9fc7d7084c4c3efdd5d849f5066d0255
SHA256: 2dcb6b68540e192fb723d3802bf240ec3fe7a35cc2f9468f05231822d2b7471b
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\xccdx40.dll
executable
MD5: 39886f4270e543400fb275f04454364b
SHA256: a1ffb2d409b06d6ad5d73abe66d150efff31aec3630f1e1e943b552451ee2bc8
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Settings.dll
executable
MD5: 09b78918e92ee5c7b7e72e9040aafc3c
SHA256: 864736ec160459bdef488f117b4b95179689a2c0b26bd5830ef7aa207f7b8477
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Exceptions.dll
executable
MD5: 6f2454c46d38136341b213fa0bc5e124
SHA256: 566295731380a6c8cf78fc5a9f41b68f41ea72884de83c5091988258a67472cf
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\zh-Hans\System.Windows.Interactivity.resources.dll
executable
MD5: f6ef6eec5431b544019c5089a3607f1f
SHA256: 321c3c5b944527ba03e1534587eb46f9cf54b36cff9efe2b628cfae768c23994
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\xcpro40.dll
executable
MD5: 367eaf4a33fcee47e0ab43c9a3545df5
SHA256: 135700489d2e31d66f27e2ca7c15e2c6e12f8fa540779d93cf6475b554b54c09
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Sais.dll
executable
MD5: 9f6500deb132fae0effcba0b2af82420
SHA256: 8472da9bbccdad64aa9cd870722f57e9a9c281dc7f7f044a4836d10f66e1129a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Types.dll
executable
MD5: cfb2de3c397b85b4cd8d8e55d1db2643
SHA256: 8d044587ff2b02d4d109cd138ed6067726c655db54534ce36abfb4ecc630419a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Annotations.dll
executable
MD5: bd564a4e18e242e249d5935ec53b45a2
SHA256: 3255675e8b64b9d728a03d6b5d2f653989bb6dc1100c05671012af074fb6aa7f
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\en\System.Windows.Interactivity.resources.dll
executable
MD5: 6cde849bb44a195c9eebc82fc227b14b
SHA256: 19b1c6309bafd678cabc21fa24f907e0c8049287ed9b12f86a3b3ad045d73b35
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ServiceStack.Text.dll
executable
MD5: 3adc71c0fcd79724e4d285d5c45383be
SHA256: 92034d89d753da973c276f8cea86d077a2fc284ef26a168e3f94ef2f8bb61dfc
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Licensing.dll
executable
MD5: cea21305510332960dcc99d4683fe772
SHA256: 1086d1ce2d9947ee1639319e4f3eb477cc571f2c057f8948dca06f104f845b54
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x64\pxcview.dll
executable
MD5: cf28189061e51ecd9afbe859c7c70e28
SHA256: 9ebc4e6824809f6b58f6429280f3b7f0b134c67f3191b76371c2eda611eea5c9
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\x86\pxcview.dll
executable
MD5: 0e09affece4077462291c9dd28f835bc
SHA256: fb3d0d3d6690627163f64c97c730f8484f3aa104b86bc97487171003c7a94aa4
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\es\System.Windows.Interactivity.resources.dll.genman
xml
MD5: d5a330df881d58ebca7f94d263ec20b1
SHA256: cf8fffd56157be4793a6042ed5dc3c319d73936756c3e19680714dd331d1df77
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Hardcodet.Wpf.TaskbarNotification.dll.genman
xml
MD5: 408aedce26b5513b20b9218c40557c57
SHA256: 70765000d9014dbe9e25ea97698ff5663eb110e2d57ae9a7096ca92dd3d252e8
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ja\System.Windows.Interactivity.resources.dll.genman
xml
MD5: 197e1cbc481751cecde99d47ebc55a49
SHA256: 89530fc1bb06188ccd9181a462e7a1687411f08b0f010a08a62542a59acf463b
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\it\System.Windows.Interactivity.resources.dll.genman
xml
MD5: de746bc5a4198a4afd92a85ead277835
SHA256: 65ad66c58c7d14613ee49ac2167e702f5980475a3065d077252d5ebc4f430a62
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Office.dll.genman
xml
MD5: 19f4becd6aef4f5e019854667ad4f628
SHA256: 084b0fe729a4426c2ae1e320d989ce85705948f62b8c6c09675aecce921e3c8b
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CompareRunner.exe.genman
xml
MD5: 6b733408be2b1da43c4889ff34c9e7d0
SHA256: 4d3b8b10a3797a0cf3df38af7e97870c89d3bb705479881d2c5e824c78f078cb
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\BouncyCastle.Crypto.dll.genman
xml
MD5: a0964c09d60b07b3c43e559bf2209c63
SHA256: 82b0bc793287cd17243cbc0eef4df9762af0461101d183d9450130729bc1eef5
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Prelude.dll.genman
xml
MD5: 6087173facb17602d038d6395a423d7a
SHA256: 8fbb6351b673afea69a0e9c007cdc522563ad6cebcf2fec5a0db18603a627a31
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Utils.dll.genman
xml
MD5: 1c0b2a3967652485658e0a78931f8dab
SHA256: bb11ed4ee5ea9f47d80307405761f972b66c47f49427810c773b0b38e93915dd
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CompareTool.exe.genman
xml
MD5: e4a278619107fb47e80e37eacc911697
SHA256: 5bdaecf8bfefe8539085c35fe2f8a6621810540544dc2313425f0bf25600f9e7
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\fr\System.Windows.Interactivity.resources.dll.genman
xml
MD5: 1acb770e5bac832bbcbf94546f43752f
SHA256: 7921bea4c4b5639ae3eea619dc25da9241a5ef1037b8a561f6dd8bc156223927
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.COM.dll.genman
xml
MD5: 1bc25b1bb6eb8b9db3c202e0cc611d55
SHA256: 91873ff11287adb82e79b023963dbf01a78ddcb68c6a89f0f3e406e032ea3f52
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CDiff.dll.genman
xml
MD5: 543c3aaa8b46603470e384110a242f56
SHA256: c4ec735c8870768b08c3bafd783c86ee5bde099631aa2ca27a95b24170c8bf42
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ru\System.Windows.Interactivity.resources.dll.genman
xml
MD5: e8139f6996f9db64bde7460e43e595a3
SHA256: ea5b192bda456b16fb671d4acadfc4a4d68a56ee61f35c0f18c2f99d8429d571
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\de\System.Windows.Interactivity.resources.dll.genman
xml
MD5: fdea2efad9eac9a06effe061935d454c
SHA256: e8d47c5e0b00495b84fc6147c8b7dd4fe16153ab02515fced39d9f75cb01a44e
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDFConversion.dll.genman
xml
MD5: ce1e7e8cef233100b5f1b0927c993184
SHA256: a5912bbfa290b7142fdb1eb82260858eb94088164147c551cea79cbcd1175ae0
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ko\System.Windows.Interactivity.resources.dll.genman
xml
MD5: 4565c6bafd2979e706870b09174eb878
SHA256: 198a85f03a2d2a1c050679ae1e742a1924beba03ab74ad33af740ea0ce66cc40
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\en\System.Windows.Interactivity.resources.dll.genman
xml
MD5: 85e37e14721ac7651d4bd7a86802c65a
SHA256: 0bae721ae9cbac7dafacda480989abd141307c5d62c9253efb5f30b6d1b95124
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ServiceStack.Text.dll.genman
xml
MD5: 5f1b0d3ffcaebf2f1177706cd1a866e9
SHA256: 9df3f0faae2f69cc0b6544281858041ab792e936ef1df935775876cb32a1d4d4
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\zh-Hans\System.Windows.Interactivity.resources.dll.genman
xml
MD5: 6d13ad9b562e682bbc206af5fe0fa95a
SHA256: eb1038e638da219da55d4183cabd34adcf7633d79b8d71ffe99c2a6c8fcd5df1
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Annotations.dll.genman
xml
MD5: 32b47c3218c48138eabd1bd5822790fd
SHA256: 1e563498b2a08a0ed428627e0e68601179a68f320d20fbf08dfeeb6c31e73270
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Sais.dll.genman
xml
MD5: b82f83e4806034f0895bc804e1b0ab66
SHA256: 616d5db10daf2a1e53cd360198377747afbc83ca1ffb0f628ea6ebb83af00025
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Licensing.dll.genman
xml
MD5: 1026cd8d25ed3c38861d0fc9c3dd7374
SHA256: 1a9f629684e70a0eea35331702a2e29d48246b79c7ee4b93f1ee9cccc06be2fb
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\PostSharp.dll.genman
xml
MD5: f44825c00358db772b551fe0ec9013ed
SHA256: 2fd3e3adfe7d83e7bf0effb284726e8f09336fd1fe8db5021880852b2af159ce
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Settings.dll.genman
xml
MD5: b2d9f4eedda3fa0f5661a771eb194cfb
SHA256: f1edfc5e5899d4555cef820373edb610f52b57c3caa5d39719aad7c55c77cb91
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Updater.dll.genman
xml
MD5: 9348b0c4cb69e73446fc64456c1f174d
SHA256: a0fc19f97cec42de128b2f68fd09b9b5cc66bb8e5fb2459e173e149ef7fe9fad
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDF.dll.genman
xml
MD5: 4f95be52b49a7c79ea5a4c1427442638
SHA256: 609b4ccf8d64fca2af271b34a1789937c93d7d9c2dfef19a5d8c46ccc27ad8da
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Collections.dll.genman
xml
MD5: 3593827bc569b20fa08f19b8c09b5efc
SHA256: 2721dfa6cccd674f0380ab110f032f7658ce37037b5819e78efe18917a164896
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDF.UI.dll.genman
xml
MD5: 087f4b5e594fcc78a940d3ce963eb2c4
SHA256: b9c2d2738f54eb4b9da33adc1981c13f93b0c8eceee49d2c5da5474ce17f1c5c
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Diff.dll.genman
xml
MD5: 8baf96c2a7d393308819d33cd39893ae
SHA256: a0ab55ab81e70c811329270c414bcd00023be6ed0e3ed55c6306ea72bd125311
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\zh-Hant\System.Windows.Interactivity.resources.dll.genman
xml
MD5: be54bf71500fc670772a90c360c9562e
SHA256: a726db8113109305ada46d5535a52af035141b27ea83d6a1c793d35fe1c8ef3c
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\System.Windows.Interactivity.dll.genman
xml
MD5: 68772808b79200db14057ada8a03c0c7
SHA256: fff0ddbde5642f9d91a1c383e67835bb161b6d2d69badf190db93ccd8bc1b054
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\nunit.framework.dll.genman
xml
MD5: ee263b39d7e97d150ae34cdd12c85ac2
SHA256: e3106dd41622eba4e6e1d95c0d598436280e763b36c9c4ec3e451ba6a834f283
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.PDFium.dll.genman
xml
MD5: 1bb9887e56b058e50ba6cacc7834b4bc
SHA256: 64905ce794340d682d51592b405d208ada1e579ed3c7cea1119fc1a31ff405f6
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Apps\2.0\GYV5CXPO.2R1\VDON6TMK.9OC\manifests\draf...exe_ed18b5d23647a6f3_0001.0001_none_38b7bd33a599801d.cdf-ms
binary
MD5: eda33cbe1ba9f482056a8cd69de7dfb7
SHA256: c1b8b4516e8f08402147ebc7e50c8ff89a189d979a6da30d647500bd4d6b620f
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Apps\2.0\GYV5CXPO.2R1\VDON6TMK.9OC\manifests\draf...exe_ed18b5d23647a6f3_0001.0001_none_38b7bd33a599801d.manifest
xml
MD5: 755770e2a5c75c9271c2aaadd7eb31c2
SHA256: 775afc4e689d524803900fae20d3d4ab2d0f87833882b93e52343673e186610d
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Apps\2.0\GYV5CXPO.2R1\VDON6TMK.9OC\manifests\draf..tion_ed18b5d23647a6f3_0001.0001_none_be2a52895bb7b874.manifest
xml
MD5: ede9ef4ac78c47252e3210ec4b633281
SHA256: 8814d166fc41920e55c9c044b330e3e74469bb968868731ec0c0daaae128ba7c
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CompareTool.exe.config
xml
MD5: f88174f5ac9e81e96d55d3ced7b98eac
SHA256: b916ab3f2816a4153b552333e7e72528dd036080bf04f5a8e5fa40540b87089a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Apps\2.0\GYV5CXPO.2R1\VDON6TMK.9OC\manifests\draf..tion_ed18b5d23647a6f3_0001.0001_none_be2a52895bb7b874.cdf-ms
binary
MD5: 882166da42df383d6fe33505b66b5f38
SHA256: 713e31a7118042feb5d96d85c442f4e323d07d7a5862441d86e69148e473354a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Types.dll.genman
xml
MD5: 095791737d2f4badd7165c14d2a0cc1c
SHA256: 10d813c64c406f00de2557085cff652e1957b4affe5a8adcf7669b9050d9799e
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\ICSharpCode.SharpZipLib.dll.genman
xml
MD5: 5976bc1acd7a86cca13480efcac94548
SHA256: 6074f025ec7b09f8ed6fdb535b2c2fec870ef59becc7702e50be49eb042d6e0e
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Exceptions.dll.genman
xml
MD5: 0f5cc274d579b19f6a646ccd969b3f04
SHA256: 64e13da78ee802f042df9f1f624a580ff36ff3a110c82e59f351827c7e07a0a4
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.Aspects.dll.genman
xml
MD5: 622567689ef6bf0d8b686f3ea2a01e77
SHA256: 33db83c0fe5d89f48bdcc0e065b180a8823f002087bec20c998dfb3e2dc7a78d
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\log4net.dll.genman
xml
MD5: dbc10cb8d6c87dff624b99dab9cc0d82
SHA256: 750178a09f96e9dcc510523e1d307cb7193acf1d47d11347dd51106e0f863f22
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Apps\2.0\GYV5CXPO.2R1\VDON6TMK.9OC\draf...exe_ed18b5d23647a6f3_0001.0001_none_38b7bd33a599801d\x64\xcpro40.dll
––
MD5:  ––
SHA256:  ––
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\FSharp.Core.dll.genman
xml
MD5: 9fc22ea46869e03165a083f2d3a0ee6e
SHA256: 8b1f979b72f900fd18a19a4dac5a7ffcfa4125dbad9886fdfe2de9b93d25140b
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Resources\draftable.ico
image
MD5: 02aa92cbb2de4c732edeb72a8f7b6b81
SHA256: 9732ae5d3775a8380461b3ce2079f2fb2f6fb4c4ffedee993f186750c249d462
3656
dfsvc.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2989C0A878FE45C610C8177194428257
der
MD5: b656376c3d2acebba18849d604361bd5
SHA256: 51044706bd237b91b89b781337e6d62656c69f0fcffbe8e43741367948127862
3656
dfsvc.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2989C0A878FE45C610C8177194428257
binary
MD5: e70d15a6e54efc438bab9538fe5a333b
SHA256: 13591250cdb827d41fafecaece51c6258cd736629a47fdc25209249c1387ec7a
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\6W5M0EHZ.TB8\QMY1OTN3.KWC\Draftable.CompareTool.exe.manifest
xml
MD5: 755770e2a5c75c9271c2aaadd7eb31c2
SHA256: 775afc4e689d524803900fae20d3d4ab2d0f87833882b93e52343673e186610d
3656
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\5LX3VG0V.P09\BLDAYOJZ.LPK.application
xml
MD5: ede9ef4ac78c47252e3210ec4b633281
SHA256: 8814d166fc41920e55c9c044b330e3e74469bb968868731ec0c0daaae128ba7c
2232
DraftableCompare.exe
C:\Users\admin\AppData\Local\Temp\VSD3EC2.tmp\install.log
binary
MD5: 95f029f6b8c00aeaff181ad5098a103f
SHA256: 13fd579f0438c5e72851b5cde8bbea098b704d8fe98c7f359bf70a46920e4efa
2232
DraftableCompare.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Draftable.CompareTool[1].application
xml
MD5: ede9ef4ac78c47252e3210ec4b633281
SHA256: 8814d166fc41920e55c9c044b330e3e74469bb968868731ec0c0daaae128ba7c

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3656 dfsvc.exe GET 200 104.18.10.39:80 http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2232 DraftableCompare.exe 52.216.100.123:443 Amazon.com, Inc. US unknown
3656 dfsvc.exe 52.216.100.123:443 Amazon.com, Inc. US unknown
3656 dfsvc.exe 104.18.11.39:80 Cloudflare Inc US unknown
–– –– 104.18.10.39:80 Cloudflare Inc US unknown

DNS requests

Domain IP Reputation
draftable-compare.s3.amazonaws.com 52.216.100.123
unknown
cacerts.digicert.com 104.18.11.39
104.18.10.39
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
dfsvc.exe *** Status originated: -1073741811 *** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
dfsvc.exe *** Status originated: -1073741811 *** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
dfsvc.exe *** Status originated: -1073741811 *** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
dfsvc.exe *** Status originated: -1073741811 *** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230