General Info

File name

putty.exe

Full analysis
https://app.any.run/tasks/5301684b-883e-4063-b82f-3c9a07d2dea8
Verdict
Malicious activity
Analysis date
12/6/2018, 09:27:02
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

3f4f77365c6415b4c0bc92d93600c6ce

SHA1

fbaf29b284a59472d822560c6e11ddd96dcb4b0c

SHA256

f07d6a0cca74ddfb69dc09e111c4f5f40fb80e3b88d654f4f0d0149b9af0e75e

SSDEEP

98304:OxxxbR5aJOZO6jkKtusCCwykNiSb8tql9pV9u1O:wgGl9K+SHl9pVMo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • WerFault.exe (PID: 2976)
Executable content was dropped or overwritten
  • putty.exe (PID: 3172)
  • putty.tmp (PID: 2056)
Reads Windows owner or organization settings
  • putty.tmp (PID: 2056)
Reads the Windows organization settings
  • putty.tmp (PID: 2056)
Application was dropped or rewritten from another process
  • firefox.exe (PID: 3560)
  • putty.tmp (PID: 2056)
Loads dropped or rewritten executable
  • firefox.exe (PID: 3560)
Application was crashed
  • firefox.exe (PID: 3560)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable Delphi generic (45.2%)
.dll
|   Win32 Dynamic Link Library (generic) (20.9%)
.exe
|   Win32 Executable (generic) (14.3%)
.exe
|   Win16/32 Executable Delphi generic (6.6%)
.exe
|   Generic Win/DOS Executable (6.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:06:14 15:27:46+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
66560
InitializedDataSize:
53760
UninitializedDataSize:
null
EntryPoint:
0x1181c
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
cet_r.
FileDescription:
cet_r Setup
FileVersion:
LegalCopyright:
ProductName:
cet_r
ProductVersion:
cet_r
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
14-Jun-2018 13:27:46
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
cet_r.
FileDescription:
cet_r Setup
FileVersion:
null
LegalCopyright:
null
ProductName:
cet_r
ProductVersion:
cet_r
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
14-Jun-2018 13:27:46
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000F25C 0x0000F400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.37588
.itext 0x00011000 0x00000FA4 0x00001000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.77877
.data 0x00012000 0x00000C8C 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.30283
.bss 0x00013000 0x000056BC 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x00019000 0x00000E04 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.59781
.tls 0x0001A000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0001B000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.204488
.rsrc 0x0001C000 0x0000B200 0x0000B200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.1381
Resources
1

2

3

4

4091

4092

4093

4094

4095

4096

11111

CHARTABLE

DVCLAL

PACKAGEINFO

MAINICON

Imports
    oleaut32.dll

    advapi32.dll

    user32.dll

    kernel32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
34
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start start drop and start putty.exe putty.tmp firefox.exe werfault.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3172
CMD
"C:\Users\admin\AppData\Local\Temp\putty.exe"
Path
C:\Users\admin\AppData\Local\Temp\putty.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
cet_r.
Description
cet_r Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\putty.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-k4p6q.tmp\putty.tmp

PID
2056
CMD
"C:\Users\admin\AppData\Local\Temp\is-K4P6Q.tmp\putty.tmp" /SL5="$30190,4317284,121344,C:\Users\admin\AppData\Local\Temp\putty.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-K4P6Q.tmp\putty.tmp
Indicators
Parent process
putty.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-k4p6q.tmp\putty.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\firefox.exe

PID
3560
CMD
"C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\firefox.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\firefox.exe
Indicators
Parent process
putty.tmp
User
admin
Integrity Level
MEDIUM
Exit code
3221225477
Version:
Company
Mozilla Corporation
Description
Firefox
Version
56.0
Modules
Image
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\msvcp140.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\vcruntime140.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-runtime-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\ucrtbase.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-timezone-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-file-l2-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-localization-l1-2-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-synch-l1-2-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-processthreads-l1-1-1.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-file-l1-2-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-string-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-heap-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-stdio-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-convert-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-locale-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-math-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-multibyte-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-time-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-filesystem-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-environment-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-utility-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\sono_negro.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll

PID
2976
CMD
C:\Windows\system32\WerFault.exe -u -p 3560 -s 68
Path
C:\Windows\system32\WerFault.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Problem Reporting
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\werfault.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wer.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\firefox.exe
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\sono_negro.dll
c:\windows\system32\dbgeng.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\werui.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\riched20.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\mozglue.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\msvcp140.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\vcruntime140.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-runtime-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\ucrtbase.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-timezone-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-file-l2-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-localization-l1-2-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-synch-l1-2-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-processthreads-l1-1-1.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-core-file-l1-2-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-string-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-heap-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-stdio-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-convert-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-locale-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-math-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-multibyte-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-time-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-filesystem-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-environment-l1-1-0.dll
c:\users\admin\appdata\local\temp\is-k4p6r.tmp\api-ms-win-crt-utility-l1-1-0.dll

Registry activity

Total events
37
Read events
32
Write events
5
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2056
putty.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
080800000840437E3D8DD401
2056
putty.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
A548F013078A015B0CE8DA2DDDE1FCBAD1D548F4F3C8BC7A9BE456864470F3AF
2056
putty.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2056
putty.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-console-l1-1-0.dll
2056
putty.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
A99F347AD7290627C111E7898C3A232004577ED295174CA3210620D0CD616DB9

Files activity

Executable files
59
Suspicious files
1
Text files
3
Unknown types
1

Dropped files

PID
Process
Filename
Type
3172
putty.exe
C:\Users\admin\AppData\Local\Temp\is-K4P6Q.tmp\putty.tmp
executable
MD5: 34acc2bdb45a9c436181426828c4cb49
SHA256: 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\msvcp140.dll
executable
MD5: d25c3ff7a4cbbffc7c9fff4f659051ce
SHA256: 9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-utility-l1-1-0.dll
executable
MD5: f7af6bb63229721005c8ac85dc86f5c2
SHA256: fa10f7e2ab54c2ebcd4688e39bc4af1544fa21b73be7fd0562b3ff7cff041f7a
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-file-l1-2-0.dll
executable
MD5: ea4ae42721460002dc31515f295ad1c4
SHA256: 668f91e94e76db4457184909e6a1ab4655e81a8ef37dc37b4ecfe93146c29a88
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-stdio-l1-1-0.dll
executable
MD5: d67520bff673cab4b2ed1af12de37a1f
SHA256: 44bbb2aec747e1cbc63fc7c4d2e8c5ec1ca9f9d026835ac2ccb0d60971b6107a
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\msvcr110.dll
executable
MD5: 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA256: b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-string-l1-1-0.dll
executable
MD5: e65f76759251845fa1e6a3cf41b5f231
SHA256: 034a8abf2bf027ad950fdf8fbdf488188c8d02eba8e160aa95de376ff1f32fe6
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-handle-l1-1-0.dll
executable
MD5: 0a0084d4b3635e4d8ebab587dcfcc16c
SHA256: 5089484c8c56ac8e095cadc3dc971df71edeb52f856940632821fd37e81ae5ca
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-util-l1-1-0.dll
executable
MD5: 1b5a116daf8d01fdd0488666803db17f
SHA256: 48d491b08d395a8ac47cc22a70d1c3f5e84d716afe2678e825f24492e8ff2ed4
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\SONO_NEGRO.dll
executable
MD5: 7dde85b533f677f8f50ecd1406fa7ff0
SHA256: 7e6b6044d91365f9d5d84fb1ebd60094dc75da50672014461f7a21d101c1c73e
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-file-l2-1-0.dll
executable
MD5: ad895b2a99a3ec18f1690bbac1e2037a
SHA256: a11c772b2451b0c9c706b03381819e4a1def3e2fbbba8362509bbe57dbd5c666
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-sysinfo-l1-1-0.dll
executable
MD5: 1a16ab59d63a2d6a37d3abd032958631
SHA256: 81926c2b97a7b01061c5042da0005f0b64fe9e07852478b2a65e8a8eb5560b1f
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-synch-l1-1-0.dll
executable
MD5: a0dfbd2a68a979d1152e2b9153bb497b
SHA256: bff7ea28e198c7dbee45d35fd98ae03696e9e252d46bec9ff7b7823cba1681f1
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-debug-l1-1-0.dll
executable
MD5: 405bb6a7cd56cbf5276c3a8dc631963d
SHA256: f654e56c4299f507bc34271b6baa29290fd4919b853e17d7470596cad779f063
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\msvcp110.dll
executable
MD5: 3e29914113ec4b968ba5eb1f6d194a0a
SHA256: c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-environment-l1-1-0.dll
executable
MD5: 6bfbf95b7253f32a77bacdf119b678f3
SHA256: 9fc2486ed5d3fff78deb69a7386f4575451d43b67f759afb056ac66b82041e3d
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-timezone-l1-1-0.dll
executable
MD5: fd14fcd1550f17701fbf239645b606fa
SHA256: a5453cd2b5e98d40ca17dd20a8f5974f29de7236a076867a3bc3cbca441be928
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\ssleay32.dll
executable
MD5: 8ed681b5e737350b48b151968ce186ce
SHA256: 1bafbdf42dc31d3cc336bb39c47631dde9a5af5a6465cc45bb7ae2d0065526af
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-heap-l1-1-0.dll
executable
MD5: 0aeaf9ce58cbd0af1e30d03b45c21f81
SHA256: 9a5952c82cbcb1a8ece9c51c258667d9ab96d13ec6455873999ff0bf78c3cab0
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-conio-l1-1-0.dll
executable
MD5: 93fd7c2f4a8007521e2d1a73b6c21e6f
SHA256: 3737d7875668eb4812ab01fe82226d758d480128c76bc234806bfd40694cf048
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-string-l1-1-0.dll
executable
MD5: 4c745dc13735b4822ff160cb18b61e22
SHA256: 550d4fc902f25f2a0c09f475b5cecee43fb3a0a042126479560b0001db5c4891
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-datetime-l1-1-0.dll
executable
MD5: e205de17a85b0c3352a6857ef9b3c6dd
SHA256: 29b23370474be0c459cc47863603167cc7191f58318bd29877225fcbf2454215
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\mozglue.dll
executable
MD5: e2f7b050c6c83505611807e81db58e16
SHA256: 9019976df7d3423dcceff61397360bb300f693a1bf98e5bfd33ad3fbeadd24d8
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-convert-l1-1-0.dll
executable
MD5: bc0be695e63548171105c57d2e9b98e7
SHA256: d16c5b0e19870e86354b5e6cdc4c81e80777749f6bbe6b675f680cec0ffae35d
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-synch-l1-2-0.dll
executable
MD5: 2674310f6fc087862b215b26a5d6da5b
SHA256: e29eaa099be15958cb65d03d47959cae2dac342402856c5f0e4da672193c329d
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\tor.exe
executable
MD5: 092e1a9ba12be5b7e035bc9179c090bf
SHA256: c8b95d5b007add4d02eedea7c1c9d455020b5bd4e625cf74ccdaa33037812ac7
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-interlocked-l1-1-0.dll
executable
MD5: 13bbf7740afc464172b00f9638bc4f81
SHA256: ff482f69f2183b5fd3c1b45d9006156524b8f8a5f518e33d6e92ea079787e64d
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-private-l1-1-0.dll
executable
MD5: bf090f2290c18f96fd359a6596ea4233
SHA256: 5710e3ed5819ccaa9cf558ab57534bc880c610c06f2a44adfafbfab5bfc38c2b
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-processthreads-l1-1-0.dll
executable
MD5: 066874ff22e1c100dc56c4ae76d2e1c2
SHA256: 979ff0e25e7ea00b8714c9ef2dc8417e69afac137ea88f77f8f5a9ffeaa31923
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-file-l1-1-0.dll
executable
MD5: 6b937fe1eff0e440b124bbb9334df34d
SHA256: 71c87c14bc1bd0b20d9f68d4943e93c4c6ddc1b6cf252938bb15fe562552f93e
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libgmp-10.dll
executable
MD5: 36783b04f6458a2aca6f8a49b90a6442
SHA256: 13f8b0dfe37a19dd99b5e77e4a1fc5c6f747252450414714f5d4d3f5c548084e
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-multibyte-l1-1-0.dll
executable
MD5: 66f65b59dff2f8927dc3c8045d8c3a0a
SHA256: 414a2bd84b042e2ccf758270647bcfa02d78eb0125c0584dd53f7245481d66b9
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\firefox.exe
executable
MD5: 52ffaba4273678bae75442f2bc85b470
SHA256: 70225f14a28007815b0410b1f41f7ea6a16b6329fd69f7ec06386b05862cf5c4
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-errorhandling-l1-1-0.dll
executable
MD5: 9a4fc3727aaf02c3285b47df5ee56244
SHA256: 891ccfeb349116283326262c27b8894b43cdc89b8afd5ba7d21b891814a68075
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libssp-0.dll
executable
MD5: 762dd637e8cc3f5a36306ed48e88088a
SHA256: 8e09c794b8611e07a9a61b7d72d20947c42623e20838b02dce6edd8a0df85481
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-process-l1-1-0.dll
executable
MD5: e4d419a1897b507e01f75ef88457979f
SHA256: 3a2355a23874342777391b4a06c5cdcd990ded287cc4a27fdf0a071ac3b229ad
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-profile-l1-1-0.dll
executable
MD5: a616102234ec5ab394ff1c77da34f6c0
SHA256: 619e5120bfdd11461672ce8798da00166e57c528b9afd80404d2c9cbe87e2c07
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\vcruntime140.dll
executable
MD5: a2523ea6950e248cbdf18c9ea1a844f6
SHA256: 6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-namedpipe-l1-1-0.dll
executable
MD5: 87b1814412cdac3d08fad8dd3a79ebad
SHA256: 2f4690b3c2587c0bfb81ab701d50e497406994613151faf007423c59ca5e2281
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-runtime-l1-1-0.dll
executable
MD5: 11218c9f81404a51d1eb6b56ba60f9ab
SHA256: 882da90b6368056908e9cd21c4719a016e9a3ca597eca9183892a5806b4a8d4a
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-processthreads-l1-1-1.dll
executable
MD5: f43a8e9cd787b6d91bb29dbb8eb1a4e5
SHA256: 5bacbbe62e36ad0f6d7742e70361f26bc56a44dbd28cc0291f588420e0c218a6
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\ucrtbase.dll
executable
MD5: d2c5233317767ee9329f470c39b046b1
SHA256: f085b1b009ab89049ba95dd4ffde276d5b1f6fa0055f58dc3fc0d4b03ae8116d
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libeay32.dll
executable
MD5: 3c20802fa7f36c8839c4f942b8d86f0d
SHA256: 8a85673f24ae7a5cfe6faa03f786268b730326d95a254e86a7e84d3bf4d902bf
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-math-l1-1-0.dll
executable
MD5: 49a69484b524c6f9fd641e015dd15154
SHA256: 69c637c0be7ddfe0690d8c642ec6d0850085617c3c3dda9531cac818f06f66e8
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-rtlsupport-l1-1-0.dll
executable
MD5: 0ae94670fbd69ed5f8c923b75ce2c0bd
SHA256: 6d541b215cfa452e54dc6af9317a7fc24043fa465ef2b561e0f245a4870b2705
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-console-l1-1-0.dll
executable
MD5: f4604e259459f5a0d5be6914a6d4c5fb
SHA256: bce066193feb60b08edf4cbeb490aaaa5dffeb8a63a720cadf948748a9af4b8f
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libevent-2-0-5.dll
executable
MD5: ae522c45a309dfa8f51513724a0e92ae
SHA256: 1bfc7a5ec4deccad431e611cd91f561e6db1937a1261f1ba47f657b79ae062ab
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-heap-l1-1-0.dll
executable
MD5: cb4e401ce4fc657ccebb85f96840cc8b
SHA256: b90bffa9e03ffd4ecf1d0d709c60f61d13490e84c4550ef06586bc9b1024ed00
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-memory-l1-1-0.dll
executable
MD5: 536f07c04c316aac61ab64a492ed9191
SHA256: 50bf87da10ae3f442c457e42d6666993b0fca7c5d4df521e8cd0959995fbcddc
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\zlib1.dll
executable
MD5: 76615cf23161037c359407127b3ea95f
SHA256: daf91e9b6190b88c39fbc92d46cac32d05eba28d0a5d1fd38f2c66f1fce96be9
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-localization-l1-2-0.dll
executable
MD5: 41a0d67ba3833d230f1229ff058be057
SHA256: 4f11443a2fa6c714d3e33597f0d08de4e11a6a2fdb7de2e4a01addd5977665c5
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-locale-l1-1-0.dll
executable
MD5: b53d96644f5774fe29ba8bb12d6e5f66
SHA256: be19250a19ed49ce247999d6f0b953edc2ab7c66b46f1cfbd0c24be91b84b297
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-processenvironment-l1-1-0.dll
executable
MD5: 87e0ef2d5df6f6e18e6ea9171e3d77e7
SHA256: 9b5a5536aed84d45a00da1056af4762fec805eaba742c6bf2d2fca60993711bb
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libevent_core-2-0-5.dll
executable
MD5: 01df19d95e56f966261f07b850e70a4e
SHA256: 7df3df72dfe23196c3033482dc1676bcbbe24a0a338e2d308cdd3cbfd9d644d1
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libevent_extra-2-0-5.dll
executable
MD5: 25045a42ce1c1b8e5ccf3ec3ce4aa95f
SHA256: 22dfcccff2a50ce290e62444a2613ab34fea4b05e233a25cf817f481900d07ff
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-filesystem-l1-1-0.dll
executable
MD5: 07ba5f40c64134e5749df0e8cfee082e
SHA256: 136e5de4b535aabf6368c06f82339d2ef6c34165661f40433bcef4ebb90b30fe
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-core-libraryloader-l1-1-0.dll
executable
MD5: 8f239c629f09e1b49cf1f03304ab8e69
SHA256: d8d74fb87f94a587582d56934816362b992b712e47c39f13d957058f17724886
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\libgcc_s_sjlj-1.dll
executable
MD5: 1c67fdd5b95084be91bf6f17229c01aa
SHA256: cc7293ab50e2b1d267d0dff676bbf8e54395ec199c76b03d6d14624cfb33004f
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\api-ms-win-crt-time-l1-1-0.dll
executable
MD5: 1622347a34eba068916713cf28f46b67
SHA256: 9766c4200b3f51630097fce8d4f10b33383e663601802ada72660604876c99e9
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-HITFN.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-I2NP8.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-4E83M.tmp
––
MD5:  ––
SHA256:  ––
2976
WerFault.exe
C:\Users\admin\AppData\Local\CrashDumps\firefox.exe.3560.dmp
dmp
MD5: d7ec4af85faed8f7618f411f67cdf14b
SHA256: a16fa8f00ed787b16659b37cda0634fce80dabbe888701900f709d12d8b4356f
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-4RVP0.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-I2V18.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-KUMAC.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-96HIA.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-PGLS7.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-FSF80.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-1D6EM.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-EQVJB.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-GSCHR.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-5HBVC.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-SEI5G.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-RDUQT.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-VBAI1.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\dependentlibs.list
text
MD5: 22951717a3fb6ff65de2079bef44d2ce
SHA256: 1e6b6df350f2904886500fc4d132444f8361afda6fcfab66c105ea783f0d2372
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\ayyy.txt.txt
text
MD5: 8f0d73882229b1f472cf172ee2f66ad8
SHA256: 0e4d7b102c8c65f58954a831729dcf5dc8194de23a3c67af407302e26f8886a8
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-0FQRQ.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-BAK1Q.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-UBFL4.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-RE414.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-37BN0.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-DEH9Q.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-SRO1E.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-PT0S0.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\John_Gotti.jpg
image
MD5: d17dfd92f2b20ade6458b44a2aa781f4
SHA256: c88f7f1af8ad178a53c14b1d3a32e7a43edbc91fd838681036ca283840f613b3
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-J7D97.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-JPR8G.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-RJS0D.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-BF6CJ.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-BSCHO.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-BHTE2.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-G1EN9.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-1JON7.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-B49S0.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-U4SS5.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-NTM66.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-LO06K.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-HBCLP.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-7RG1F.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-60IST.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-CU776.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-VGIFB.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-P9JG2.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-FN23F.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-DHPPQ.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-VA1JQ.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-6I78U.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-8U1VG.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-P4AM3.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-QPQT6.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-5DGLK.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-OSU3S.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-P14IU.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-1I465.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-BGBCG.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-D45BE.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-AQV3E.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-I0GCD.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-C161M.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-CB40B.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-DTT2A.tmp
––
MD5:  ––
SHA256:  ––
2056
putty.tmp
C:\Users\admin\AppData\Local\Temp\is-K4P6R.tmp\is-29VE6.tmp
––
MD5:  ––
SHA256:  ––
2976
WerFault.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_7b17d830e25bbabc30d2dafadca68b956d6c961_0b88d7ee\Report.wer
binary
MD5: fabf44e670c54518bec6ce6d87bb75d0
SHA256: 5f794b06b7dccd0d063e75ab7e00a6095c482ffa1246a9dd2460b4afd6574777

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.