googleuserservices_form.htm
This report is generated from a file or URL submitted to this webservice on July 4th 2019 03:39:12 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 2 domains. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 2
-
External Systems
-
Sample was identified as malicious by a trusted Antivirus engine
- details
- No specific details available
- source
- External System
- relevance
- 5/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 3/55 Antivirus vendors marked sample as malicious (5% detection rate)
- source
- External System
- relevance
- 8/10
-
Sample was identified as malicious by a trusted Antivirus engine
-
Suspicious Indicators 2
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "faws@zf.e"
Pattern match: "pavfk@ovc-u.pd4"
Pattern match: "ou@zh.hd"
Pattern match: "xk@nboln.z"
Pattern match: "r@ovc-u.p"
Pattern match: "3w@35m.g"
Pattern match: "dng@s2.s"
Pattern match: "a1@19xmiq.ki" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Network Related
-
Uses a User Agent typical for browsers, although no browser was ever launched
- details
- Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
- source
- Network Traffic
- relevance
- 10/10
-
Uses a User Agent typical for browsers, although no browser was ever launched
-
Informative 15
-
Anti-Reverse Engineering
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
- details
- "iexplore.exe" is protecting 8192 bytes with PAGE_GUARD access rights
- source
- API Call
- relevance
- 10/10
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
-
General
-
Contacts domains
- details
-
"s01.staticapis.com"
"s01.flagcounter.com" - source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_fb4_IESQMMUTEX_0_519"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4020"
"IsoScope_fb4_IESQMMUTEX_0_519"
"IsoScope_fb4_IESQMMUTEX_0_303"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"IsoScope_fb4_IESQMMUTEX_0_331"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"Local\VERMGMTBlockListFileMutex"
"Local\ZonesLockedCacheCounterMutex"
"IsoScope_fb4_ConnHashTable<4020>_HashTable_Mutex"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"Local\ZonesCacheCounterMutex"
"IsoScope_fb4_IE_EarlyTabStart_0xdc8_Mutex"
"UpdatingNewTabPageData"
"\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData"
"\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex"
"\Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4020" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
- source
- Binary File
- relevance
- 10/10
-
Opened the service control manager
- details
-
"iexplore.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"iexplore.exe" called "OpenSCManager" requesting access rights "0XE0000000L" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1035 (Show technique in the MITRE ATT&CK™ matrix)
-
Scanning for window names
- details
-
"iexplore.exe" searching for class "ImmersiveWorkerWindowClass"
"iexplore.exe" searching for class "Shell_TrayWnd"
"iexplore.exe" searching for class "MS_AutodialMonitor"
"iexplore.exe" searching for class "MS_WebCheckMonitor" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
- Spawned process "iexplore.exe" with commandline "SCODEF:4020 CREDAT:275457 /prefetch:2" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
- Spawned process "iexplore.exe" with commandline "SCODEF:4020 CREDAT:275457 /prefetch:2" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistance
-
Creates new processes
- details
- "iexplore.exe" is creating a new process (Name: "%WINDIR%\System32\conhost.exe", Handle: 896)
- source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"urlblockindex_1_.bin" has type "data"
"6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04" has type "data"
"47XMTGBZ.txt" has type "ASCII text"
"~DF4F3E885738D6204C.TMP" has type "data"
"verAEC1.tmp" has type "XML 1.0 document UTF-8 Unicode (with BOM) text with CRLF line terminators"
"NINLogo_1_.png" has type "PNG image data 112 x 95 8-bit colormap non-interlaced"
"_758D51B3-9E0D-11E9-9108-0A002770103D_.dat" has type "Composite Document File V2 Document Cannot read section info"
"~DF740F66ED434BC103.TMP" has type "data"
"50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B" has type "data"
"favicon_1_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"
"search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"
"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 6529 bytes 1 file"
"~DF78A3A069A30C7C04.TMP" has type "data"
"RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"
"Y46QFVPZ.txt" has type "ASCII text"
"flags_1_1_.png" has type "PNG image data 160 x 20 8-bit/color RGB non-interlaced"
"0MEGQBH8.txt" has type "ASCII text"
"6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F" has type "data"
"suggestions_1_.en-US" has type "data"
"JavaDeployReg.log" has type "ASCII text with CRLF line terminators" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates new processes
-
Network Related
-
Contacts Random Domain Names
- details
- "s01.flagcounter.com" seems to be random
- source
- Network Traffic
- relevance
- 5/10
-
Found potential URL in binary/memory
- details
-
Pattern match: "KjHGk.eL/Lel.02%z]+"
Heuristic match: "?\m=\ro)[[uXpt]M%-)4PPF.CZ"
Heuristic match: ",CZeyXnUB|\r\rjg_7sW`s|N1psDk8 @RRi5u=!B^@IwuaZZm~<i8_.aqGFz%%!NP_75GG]Q$|/rSe: {l>\cv2EeD uHrh>6fq,4-1(et0s*(jg2g8yI`VP~MK^.Sk"
Heuristic match: "81YRQA_@a#}]5q,[#@L,DRYgs!T=y\\WU\Jyi& 6N?KFo@S3e7k%;!iYlfXX(RZla\ricr>6\mqpn7CWdGEhRYU ^0\\rixxB1\\B\nssiKz,`,`V=JQNc**#azG}b~~GUexnn z,{-2:m&.cR"
Heuristic match: "\\\r+\r+G(n~\nY]]l1\\5Qz%%5?r)$\r]:CF;)ErEl!,fn-X2:m&.cR"
Pattern match: "r4RHGk.eL/Lel.02%z|k"
Pattern match: "HGk.eL/Lel.02%z|w"
Heuristic match: ",`Dx%%}BZ3(4.fj~~g?EqXGU=,dFKzQXcVN-,]*w\'J\'wF*A@oZ7\{v] K}\rQ8m!ppwIXL0Nvd$RR7+Mu1&`n.=T,jg|\\V.A\r^m^\r#Anp~bwCK;.MO"
Heuristic match: ",gqq:aI%|6ZSs;;[VUj 3TwnM|<BbAs2Ua?6pT jlylj& MA$+UXb\Te%z2\\)cEnnj<*,{?\_vJJUI5o3D>u0?{p0Gwg|\\V.A\r^m^\r#Anp~bwCK;.MO"
Pattern match: "rdMPHGk.eL/Lel.02%z|k"
Heuristic match: "]o-TZBKM!,Z\\gd110zUj7*I$/iN {NQLZul$_()EwdUg=BuHgzO!JFR[Sh^gfk<\ra#t:rM,O[Wjux>jyYM>a[/\\l<fucGt#nzT2/CMqdOR]AA m! UC}U_7dEe! b*z*>XL:m&.MDBtdUg=BuiS |yF#[<as\r\6fx{JIxuKwo.Sc"
Heuristic match: "axC;C63HJJO~*\niZ%.sV"
Pattern match: "rE4RHGk.eL/Lel.02%z|w"
Pattern match: "A4RHGk.eL/Lel.02%z|w"
Heuristic match: "OO%P*`S@kGm`>[*\n%?[V(ax?o x=9V4Mr3}$\\\'=JeN2={ib12<y1?_gY)pn\nt,=\(,Jy?DRu4}}hO\'J\f)|A{8.sZ"
Heuristic match: "Xl,i\r]/Mjw4Dfrn~d!Xr4A\'k2!(7^Y/ ea`GB}*2:m&.oEz uO(f-H|T3b&${0\'VTIf))o>wM05KKhAL5jNx>z)3P-xZb\\!\'YOejKv(.Do"
Heuristic match: "s01.staticapis.com"
Heuristic match: "s01.flagcounter.com" - source
- File/Memory
- relevance
- 10/10
-
Contacts Random Domain Names
-
Unusual Characteristics
-
Drops cabinet archive files
- details
- "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 6529 bytes 1 file"
- source
- Binary File
- relevance
- 10/10
-
Installs hooks/patches the running process
- details
-
"iexplore.exe" wrote bytes "3030106f" to virtual address "0x6852FE90" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x767C11B8" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "60d2136f" to virtual address "0x767C13B8" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "a035106f" to virtual address "0x75A21064" (part of module "IMM32.DLL")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x774717CC" (part of module "ADVAPI32.DLL")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x776F1164" (part of module "USP10.DLL")
"iexplore.exe" wrote bytes "a035106f" to virtual address "0x7640B0CC" (part of module "IERTUTIL.DLL")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x766F14E0" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "c03a106f" to virtual address "0x6852FE80" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "60cd136f" to virtual address "0x6852FEC0" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x766A11BC" (part of module "GDI32.DLL")
"iexplore.exe" wrote bytes "60cd136f" to virtual address "0x76821E14" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "60d2136f" to virtual address "0x6852FEC4" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "80321700703217000032170060321700503217004032170030321700000000002cc99276c021170000000000901717005023170000181700601f170020361700000000004036170000000000" to virtual address "0x00178000" (part of module "IEXPLORE.EXE")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x001770C0" (part of module "IEXPLORE.EXE")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x74301250" (part of module "UXTHEME.DLL")
"iexplore.exe" wrote bytes "a035106f" to virtual address "0x767C131C" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "b033106f" to virtual address "0x77621100" (part of module "MSCTF.DLL")
"iexplore.exe" wrote bytes "a035106f" to virtual address "0x75E11144" (part of module "LPK.DLL")
"iexplore.exe" wrote bytes "c0bf116f" to virtual address "0x76821F68" (part of module "SHELL32.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops cabinet archive files
File Details
googleuserservices_form.htm
- Filename
- googleuserservices_form.htm
- Size
- 358KiB (366272 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
- Architecture
- WINDOWS
- SHA256
- 0a35fb36b97a1e5c8a7b2052be0caffd628031ea73352cf60647998bdbe5700a
- MD5
- 5122fccee06baaf67e4f3e239143365d
- SHA1
- e20eb52750d9adad42bc39f9d9731987413dd911
- ssdeep
- 6144:/GfGZfFMkZ9wDG//rrXW9sOC+PgYSf065eXerZy9Zi4I1nnza:6GlCkMAL1nnG
Classification (TrID)
- 100.0% (.TXT) Text - UTF-8 encoded
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 2 processes in total.
-
iexplore.exe
C:\0a35fb36b97a1e5c8a7b2052be0caffd628031ea73352cf60647998bdbe5700a.html
(PID: 4020)
- iexplore.exe SCODEF:4020 CREDAT:275457 /prefetch:2 (PID: 996)
Network Analysis
DNS Requests
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
185.61.152.34:80 (s01.staticapis.com) | GET | s01.staticapis.com/cache/global.js | GET /cache/global.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s01.staticapis.com
DNT: 1
Connection: Keep-Alive More Details |
185.61.152.34:80 (s01.staticapis.com) | GET | s01.staticapis.com/cache/widgets.js | GET /cache/widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s01.staticapis.com
DNT: 1
Connection: Keep-Alive More Details |
66.154.110.210:80 (s01.flagcounter.com) | GET | s01.flagcounter.com/mini/tN3t/bg_FFFFFF/txt_FFFFFF/border_FFFFFF/flags_1/ | GET /mini/tN3t/bg_FFFFFF/txt_FFFFFF/border_FFFFFF/flags_1/ HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s01.flagcounter.com
DNT: 1
Connection: Keep-Alive More Details |
185.61.152.34:80 (s01.staticapis.com) | GET | s01.staticapis.com/cache/cv_card.png | GET /cache/cv_card.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s01.staticapis.com
DNT: 1
Connection: Keep-Alive More Details |
185.61.152.34:80 (s01.staticapis.com) | GET | s01.staticapis.com/cache/NINLogo.png | GET /cache/NINLogo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: s01.staticapis.com
DNT: 1
Connection: Keep-Alive More Details |
Extracted Strings
Extracted Files
Displaying 20 extracted file(s). The remaining 17 file(s) are available in the full version and XML/JSON reports.
-
Clean 1
-
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/65
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
-
Informative Selection 1
-
-
en-US.2
- Size
- 18KiB (18176 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
-
Informative 18
-
-
0MEGQBH8.txt
- Size
- 160B (160 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 996)
- MD5
- 101b2b16385685c4b0e08d6fd91f9301
- SHA1
- 62f99886c74b25018a7842490f61b7b1ef691cfd
- SHA256
- 1b24f03dcca7fcaa69e06a05ae669323697979de6604c368be2b6e0695aa8f33
-
47XMTGBZ.txt
- Size
- 97B (97 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 264a26829f20cca78b289c5ee5678f53
- SHA1
- 56c888b65b6235b33f585856011dd0d9f6236e40
- SHA256
- eb35ca442e9ffa3cb27afbf8e1241293ef1505bb5774a30c794f41a158bf0a45
-
9XIOBBOT.txt
- Size
- 282B (282 bytes)
- Runtime Process
- iexplore.exe (PID: 996)
- MD5
- 49d677d9ba10f6b5556d1061a73fb94d
- SHA1
- d7445e38496166997c0d1913d0d854569b570a63
- SHA256
- 46d868551a06ded04b46c727926559c4b6fabe45567b5b1e89e954ae25cd26aa
-
QASB6VZ1.txt
- Size
- 78B (78 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 372c9b104e70a55bc44c7f6bcc93c1bf
- SHA1
- cb8f713db4115d24472f43f4cb1f2dae6cfa1f73
- SHA256
- e4febb740e9198661a99087e92f5d0ad28b67fb9908dfc9226295166c2fc776f
-
Y46QFVPZ.txt
- Size
- 66B (66 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 7521ffd0a25d4fe483279b99ccb55755
- SHA1
- 49dc0e6472b55bb69a6be5c3d0db88516e6a05cc
- SHA256
- d3f4d2670f756208f6b2c9230325027a160a6131ce54eeded2f8c64bb91484dc
-
Z3YNQ9J2.txt
- Size
- 199B (199 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 16b5c1492423f4caa856c6c9abcc9018
- SHA1
- f41a42bcedf101f96d8a9e849637d206df827588
- SHA256
- 05f0f622786e1e06c3faf3fee7875086520ea0f056ff65cfba4ebe862f32f4e3
-
verAEC1.tmp
- Size
- 15KiB (15845 bytes)
- Type
- text
- Description
- XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 095c72688de7d90e6526dc0d8878f3f6
- SHA1
- a1cae182fb7e86c74fb5467c0014b2a27472be37
- SHA256
- 8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
-
6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
- Size
- 434B (434 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- f8a3e74adc9b2818f759c5c8ac397591
- SHA1
- ab7ed53eb3e74ffa3bbd9c7c559b430ba3d61fed
- SHA256
- f4ff255d117204f6ab4083aaf7ce9032cb3d8125cb4fc3d75eae6551e28370b5
-
6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
- Size
- 442B (442 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 6018d4f1426a046c6db6be5e641fd81c
- SHA1
- b30b766310a69c269ba565a89852433153035608
- SHA256
- 4278b15a8517c86e02b13805c9d3086733bcc85dde59a5d624cc4e6213ced12b
-
6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
- Size
- 1.5KiB (1507 bytes)
- Runtime Process
- iexplore.exe (PID: 996)
- MD5
- 4e806fd827a23dc809a09dcc965688c1
- SHA1
- ef0793074d439e28b0c10298ad2526efabd7bff4
- SHA256
- 39bd31b45d6d48345138c09ca29edce392375444b173a497104b9489143fd928
-
50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
- Size
- 486B (486 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 191523ef9dc28cca6ebb70683a074c07
- SHA1
- 85a6778369e931199f757381bfbb4f40b31b18b1
- SHA256
- 283b4e1097f655ab152052ad1f98616e3c97c0c49990e11a32c032c3c120f255
-
57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- Size
- 342B (342 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 45c84cce3aabe64a77d9635cbac9b761
- SHA1
- 023c18b508de50f6008d2d7a428fcf9596adf622
- SHA256
- 8a42b9e1d3b62fe90f1f3f832387fd2e4c17d35b76a3841a3ab588aa7684c6c0
-
JavaDeployReg.log
- Size
- 38KiB (38952 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- iexplore.exe (PID: 996)
- MD5
- c6e129eeaed7ac1232569a6a705ee4ff
- SHA1
- b5f85c3498a81cff7f72fc7815c86fdf202155f1
- SHA256
- 995b285556a18b6217bf4ea9dedb8659f970c0fe2479f496b41db1bccce9d752
-
~DF3D840EB4EB4B9160.TMP
- Size
- 16KiB (16384 bytes)
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- a6f6abf3d01761e88f20087d47ee06b3
- SHA1
- 07bfc9950d391780f0860a9e400bac5c131c4db2
- SHA256
- 3557869c93416f870daf08a0af1ed28a54f2b6a358e754bbcf9e9c4850d71686
-
~DF4F3E885738D6204C.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 28183d98576ccf2e7093ab2c77423a00
- SHA1
- 00a434a2139cd4e1a24c2920d25502337a61da06
- SHA256
- 669d71bfac96437a65a0779683415e281581c6d3254c6b50d59fc16fd4f8b2ba
-
~DF740F66ED434BC103.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 65e4c8b71d1c9ecfd92e8badea1ff578
- SHA1
- 51bc68bf7b0ddd64ddf9c0b4ad0c92b403944e24
- SHA256
- 78539ffefc5a6410a8a68ea5052ad37fc054c0431095d8b9d414d21ffc725bc8
-
~DF78A3A069A30C7C04.TMP
- Size
- 20KiB (20480 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4020)
- MD5
- 7ea0e9dc8985cc8bffd71a4436151509
- SHA1
- 35e23f09110429fd4b7c5f01eeae45e3ba73c6ad
- SHA256
- 8ee565ba7b52156a76889f34869e83e2de1757df9ae1faba398d785e6b0f64e8
-
NINLogo_1_.png
- Size
- 1.3KiB (1303 bytes)
- Type
- img image
- Description
- PNG image data, 112 x 95, 8-bit colormap, non-interlaced
- MD5
- e90e8cdfcda2d8199e6ae83808bb6080
- SHA1
- 1f1e37008a66c15a2ff0188a6acb20881752e9fc
- SHA256
- c000022de5b9f8f6c8d66b91acd2391929f5e260d4692dee76ad1cc6a8a80354
-
Notifications
-
Runtime
- Network whitenoise filtering was applied
- Not all Falcon MalQuery lookups completed in time
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Some low-level data is hidden, as this is only a slim report