Windows Analysis Report
upd-ps-x64-6.0.0.18849.exe

Overview

General Information

Sample name:	upd-ps-x64-6.0.0.18849.exe
Analysis ID:	1544053
MD5:	b477a084884194e6c3cd2e09d8c69ea6
SHA1:	95877637fdba4e91b22c8cf0e54346119bd84d5c
SHA256:	2c8bc2ac1cfd4cfd19427bcb25c1e269195d0752aa29af836d4ef369ea18b329

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

PE file contains sections with non-standard names

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: certificate valid

Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb! source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdb source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb! source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb source: hpbuio32.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdbE3 source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb source: HPZisc12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuiodm64.pdb source: hpbuiodm64.dll
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb0 source: hpbuio32.dll
Source:	Binary string: F:\jnks\workspace\Evo_F15\F15\evo-driver\builds\dll\x64\Release\Install.pdb source: Install.dll, Install.exe
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb! source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuio64.pdb source: hpbuio64.dll
Source:	Binary string: e:\svn_root\dot4_co-installer_dll_2_x_3_51\x64\release\hppldcoi.pdb source: hppldcoi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb! source: HPZisc12.sys

Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ocsp.thawte.com0
Source: Install.exe	String found in binary or memory: http://printserver/cgi-bin/getUserMPL.cgi?computerName=%%COMPUTERNAME%%&userName=%%USERNAME%%&userDo
Source: Install.exe	String found in binary or memory: http://printserver/userlist.asp
Source: Install.dll	String found in binary or memory: http://schemas.mi
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/http://schemas.xmlsoap.org/soap/encoding/
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discovery
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discovery/Resolve
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discoverywsdhttp://www.hp.com/schemas/imaging/con/discovery/20
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://sf.symcd.com0&
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/dictionaries/1.0
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/discovery/2006/09/19
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/discovery/2006/09/19hpdpIWSDiscoveryProvider-
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/pwg/sm/1.0
Source: upd-ps-x64-6.0.0.18849.exe	String found in binary or memory: http://www.winzip.com
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: https://d.symcb.com/cps0%
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: https://d.symcb.com/rpa0

Uses 32bit PE files

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: HPZipr12.sys	Binary string: Device name: %S\Device\
Source: HPZid412.sys	Binary string: \Device\HP_DOT4Creating new dev. object for function
Source: HPZisc12.sys	Binary string: \Device\

Source: classification engine

Classification label: clean0.winEXE@1/0@0/0

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

File read: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: iertutil.dll	Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: certificate valid

Source: upd-ps-x64-6.0.0.18849.exe

Static file information: File size 20257008 > 1048576

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: Raw size of _winzip_ is bigger than: 0x100000 < 0x1332000

Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb! source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdb source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb! source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb source: hpbuio32.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdbE3 source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb source: HPZisc12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuiodm64.pdb source: hpbuiodm64.dll
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb0 source: hpbuio32.dll
Source:	Binary string: F:\jnks\workspace\Evo_F15\F15\evo-driver\builds\dll\x64\Release\Install.pdb source: Install.dll, Install.exe
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb! source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuio64.pdb source: hpbuio64.dll
Source:	Binary string: e:\svn_root\dot4_co-installer_dll_2_x_3_51\x64\release\hppldcoi.pdb source: hppldcoi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb! source: HPZisc12.sys

PE file contains sections with non-standard names

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: section name: _winzip_

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2820829258.00000000018D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SM/K
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.3101071774.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\D/
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2267440681.00000000018E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{55630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18(
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2294404499.00000000018E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{55630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18f6
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2544737442.00000000018C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&j
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2406275866.00000000018EF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0uWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{55630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18f6
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}f,
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2821803561.00000000018C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2294404499.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}I,
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2821803561.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD0
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a/d
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD0gj
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2820829258.00000000018D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:9
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2267677634.000000000190B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2820829258.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\CdRom0d_VMware_SATA_CD0
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2266593452.000000000190A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2683959105.00000000018C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}mr
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2683959105.00000000018C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.3101125558.00000000018C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2683959105.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}6
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.3101125558.00000000018C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}4
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2572364818.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ef
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Uses 32bit PE files

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: certificate valid

Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb! source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdb source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb! source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb source: hpbuio32.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdbE3 source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb source: HPZisc12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuiodm64.pdb source: hpbuiodm64.dll
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb0 source: hpbuio32.dll
Source:	Binary string: F:\jnks\workspace\Evo_F15\F15\evo-driver\builds\dll\x64\Release\Install.pdb source: Install.dll, Install.exe
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb! source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuio64.pdb source: hpbuio64.dll
Source:	Binary string: e:\svn_root\dot4_co-installer_dll_2_x_3_51\x64\release\hppldcoi.pdb source: hppldcoi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb! source: HPZisc12.sys

Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ocsp.thawte.com0
Source: Install.exe	String found in binary or memory: http://printserver/cgi-bin/getUserMPL.cgi?computerName=%%COMPUTERNAME%%&userName=%%USERNAME%%&userDo
Source: Install.exe	String found in binary or memory: http://printserver/userlist.asp
Source: Install.dll	String found in binary or memory: http://schemas.mi
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/http://schemas.xmlsoap.org/soap/encoding/
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discovery
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discovery/Resolve
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/04/discoverywsdhttp://www.hp.com/schemas/imaging/con/discovery/20
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://sf.symcd.com0&
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/dictionaries/1.0
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/discovery/2006/09/19
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/discovery/2006/09/19hpdpIWSDiscoveryProvider-
Source: hpbuio32.dll, hpbuio64.dll	String found in binary or memory: http://www.hp.com/schemas/imaging/con/pwg/sm/1.0
Source: upd-ps-x64-6.0.0.18849.exe	String found in binary or memory: http://www.winzip.com
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: https://d.symcb.com/cps0%
Source: upd-ps-x64-6.0.0.18849.exe, HPZid412.sys, HPZipr12.sys, HPZisc12.sys, HPZius12.sys, difxapi.dll, hppldcoi.dll, Install.dll, Install.exe, hpbcfgre.dll, hpbuio32.dll, hpbuio64.dll, hpbuiodm64.dll	String found in binary or memory: https://d.symcb.com/rpa0

Uses 32bit PE files

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: HPZipr12.sys	Binary string: Device name: %S\Device\
Source: HPZid412.sys	Binary string: \Device\HP_DOT4Creating new dev. object for function
Source: HPZisc12.sys	Binary string: \Device\

Source: classification engine

Classification label: clean0.winEXE@1/0@0/0

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

File read: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Section loaded: iertutil.dll	Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: certificate valid

Source: upd-ps-x64-6.0.0.18849.exe

Static file information: File size 20257008 > 1048576

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: Raw size of _winzip_ is bigger than: 0x100000 < 0x1332000

Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb! source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdb source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb! source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb source: hpbuio32.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZid412.pdb source: HPZid412.sys
Source:	Binary string: DIFXAPI.pdbE3 source: difxapi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb source: HPZisc12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuiodm64.pdb source: hpbuiodm64.dll
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\Win32\Release\hpbuio32.pdb0 source: hpbuio32.dll
Source:	Binary string: F:\jnks\workspace\Evo_F15\F15\evo-driver\builds\dll\x64\Release\Install.pdb source: Install.dll, Install.exe
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb! source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZius12.pdb source: HPZius12.sys
Source:	Binary string: F:\jnks\workspace\UnifiedIOAPI-2.0.0\builds\x64\Release\hpbuio64.pdb source: hpbuio64.dll
Source:	Binary string: e:\svn_root\dot4_co-installer_dll_2_x_3_51\x64\release\hppldcoi.pdb source: hppldcoi.dll
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZipr12.pdb source: HPZipr12.sys
Source:	Binary string: d:\cdp_cio\dot4-convergence\src\mscodebase\longhorn\dot4\HPbin\fre\amd64\HPZisc12.pdb! source: HPZisc12.sys

PE file contains sections with non-standard names

Source: upd-ps-x64-6.0.0.18849.exe

Static PE information: section name: _winzip_

Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\upd-ps-x64-6.0.0.18849.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2820829258.00000000018D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SM/K
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.3101071774.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\D/
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2267440681.00000000018E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{55630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18(
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2294404499.00000000018E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{55630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18f6
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2544737442.00000000018C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&j
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2406275866.00000000018EF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0uWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{55630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18f6
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}f,
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2821803561.00000000018C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2294404499.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}I,
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2821803561.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD0
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a/d
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD0gj
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2820829258.00000000018D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:9
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2267677634.000000000190B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2820829258.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\CdRom0d_VMware_SATA_CD0
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2266593452.000000000190A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2683959105.00000000018C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}mr
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2683959105.00000000018C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.3101125558.00000000018C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2683959105.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.00000000018AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}6
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.3101125558.00000000018C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}4
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000003.2572364818.0000000001903000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ef
Source: upd-ps-x64-6.0.0.18849.exe, 00000000.00000002.3306673596.000000000185A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

ID:	1544053
Product:	CloudBasic
Start time:	19:03:42
Start date:	28.10.2024
Sample:	upd-ps-x64-6.0.0.18849.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b477a084884194e6c3cd2e09d8c69ea6
SHA1:	95877637fdba4e91b22c8cf0e54346119bd84d5c
SHA256:	2c8bc2ac1cfd4cfd19427bcb25c1e269195d0752aa29af836d4ef369ea18b329
Filetype:	Win32 Executable (generic) a (10002005/4) 99.30%

Windows Analysis Report
upd-ps-x64-6.0.0.18849.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report upd-ps-x64-6.0.0.18849.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
upd-ps-x64-6.0.0.18849.exe