Windows Analysis Report
axltools.exe

Overview

General Information

Sample name: axltools.exe
Analysis ID: 1560302
MD5: f772bf8fb484871daef9d398619596e0
SHA1: 2bc0d339292693a0d3eca3904506f280d9219fd3
SHA256: 4fe92407730542c2e0520d0bd5fb7cef3accc761356af7a23703a5f7f78fb29e
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Drops PE files
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Source: axltools.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Net-SSLeay\blib\arch\auto\Net\SSLeay\SSLeay.pdb source: axltools.exe, 00000000.00000003.1731053745.0000000006F0B000.00000004.00000020.00020000.00000000.sdmp, SSLeay.dll.0.dr
Source: Binary string: re\re.pdb source: axltools.exe, 00000000.00000003.1729821079.0000000006931000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\re\re.pdb source: re.dll.0.dr
Source: Binary string: at.pdb source: axltools.exe, 00000000.00000003.1732692258.0000000006586000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1734508182.0000000006587000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1732299586.000000000657C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1735649813.0000000006589000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1732589093.000000000657C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731722116.000000000657B000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727023778.0000000006579000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\PerlIO\encoding\encoding.pdb source: encoding.dll.0.dr
Source: Binary string: ntl.pdb source: axltools.exe, 00000000.00000003.1735540252.0000000006064000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728057106.000000000604A000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1739024122.000000000606D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cpanfly-5.16\var\cpan\build\Crypt-DES-2.05-YXMLJC\blib\arch\auto\Crypt\DES\DES.pdb source: DES.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Data-Dumper\blib\arch\auto\Data\Dumper\Dumper.pdb source: Dumper.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\MIME\Base64\Base64.pdb source: Base64.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Time\HiRes\HiRes.pdb source: HiRes.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Socket\Socket.pdb source: Socket.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\IO\IO.pdb source: IO.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Fcntl\Fcntl.pdb source: Fcntl.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\HTML-Parser\blib\arch\auto\HTML\Parser\Parser.pdb source: Parser.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Scalar-List-Utils\blib\arch\auto\List\Util\Util.pdb source: Util.dll.0.dr
Source: Binary string: C:\cpanfly-5.16\var\cpan\build\XML-LibXML-2.0018-Sq01l4\blib\arch\auto\XML\LibXML\LibXML.pdb source: axltools.exe, 00000000.00000003.1706732597.0000000006C96000.00000004.00000020.00020000.00000000.sdmp, LibXML.dll.0.dr
Source: Binary string: C:\data\buildbot-pdk-slave\pdk-perl-win2003\build\src\PerlApp\src\paperl516.pdb source: axltools.exe
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\perl516.pdb source: axltools.exe, 00000000.00000003.1701840898.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, perl516.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\XML-Parser\blib\arch\auto\XML\Parser\Expat\Expat.pdb source: Expat.dll.0.dr
Source: Binary string: ntl.pdbnbits=' source: axltools.exe, 00000000.00000003.1735540252.0000000006064000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728057106.000000000604A000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1739024122.000000000606D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Encode\blib\arch\auto\Encode\Encode.pdb source: Encode.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Digest-MD5\blib\arch\auto\Digest\MD5\MD5.pdb source: MD5.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\POSIX\POSIX.pdb source: POSIX.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Storable\Storable.pdb source: Storable.dll.0.dr
Source: axltools.exe, 00000000.00000003.1735501227.00000000061E4000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733423746.0000000006195000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1735248154.0000000006198000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727761175.0000000006195000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1736150564.00000000061E8000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1734430604.0000000006197000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://github.com/madsen/HTML-Tree
Source: axltools.exe, 00000000.00000003.1729821079.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731974437.00000000069B6000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730575731.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1729033614.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://nils.toedtmann.net/pub/subjectAltName.txt
Source: axltools.exe, 00000000.00000003.1706732597.0000000006B94000.00000004.00000020.00020000.00000000.sdmp, LibXML.dll.0.dr String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: axltools.exe, 00000000.00000003.1729821079.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731974437.00000000069B6000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730575731.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1729033614.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://rt.cpan.org/Ticket/Display.html?id=39550
Source: axltools.exe, 00000000.00000003.1752312875.0000000005E12000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733984978.000000000660B000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733592471.00000000066A4000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000002.1756897489.000000000660B000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.cisco.com/ast/soap/
Source: axltools.exe, 00000000.00000003.1724946676.0000000005E6F000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733018593.000000000610E000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727578770.00000000060ED000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1742353998.0000000001A3C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731540697.000000000610D000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725070726.0000000005D91000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1732191963.000000000610D000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730854023.0000000006109000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733167452.000000000611D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.cisco.com/ast/soap/action/#RisPort#SelectCmDevice
Source: axltools.exe, 00000000.00000003.1735008504.0000000006616000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1724946676.0000000005E6F000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1742353998.0000000001A3C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1732229593.0000000006611000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726924257.00000000065F3000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725070726.0000000005D91000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.cisco.com/ast/soap/encodedTypes
Source: axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: axltools.exe, 00000000.00000003.1701840898.0000000003BFC000.00000004.00000020.00020000.00000000.sdmp, perl516.dll.0.dr String found in binary or memory: http://www.ActiveState.com
Source: axltools.exe, 00000000.00000003.1701840898.0000000003BFC000.00000004.00000020.00020000.00000000.sdmp, perl516.dll.0.dr String found in binary or memory: http://www.ActiveState.com(
Source: axltools.exe, 00000000.00000003.1737388478.0000000006366000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000002.1756564485.000000000636A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com
Source: axltools.exe, 00000000.00000003.1731496712.0000000006ACD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cisco.com/AXL/API/
Source: axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cisco.com/AXL/API/$axl_version
Source: axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1745542145.0000000001A35000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000002.1755761016.0000000005D90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/devguide/8_6_1/axlmatrix.html
Source: axltools.exe, 00000000.00000003.1729821079.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731974437.00000000069B6000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730575731.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1729033614.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC24
Source: axltools.exe, 00000000.00000003.1737224012.0000000006373000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.msftncsi.com/ncsi.txt
Source: axltools.exe, 00000000.00000003.1729821079.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731974437.00000000069B6000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730575731.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1729033614.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
Source: axltools.exe, 00000000.00000003.1731053745.0000000006DB8000.00000004.00000020.00020000.00000000.sdmp, SSLeay.dll.0.dr String found in binary or memory: http://www.openssl.org/support/faq.html
Source: axltools.exe, 00000000.00000003.1731053745.0000000006DB8000.00000004.00000020.00020000.00000000.sdmp, SSLeay.dll.0.dr String found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: axltools.exe, 00000000.00000003.1735501227.00000000061E4000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733423746.0000000006195000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1735248154.0000000006198000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727761175.0000000006195000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1736150564.00000000061E8000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1734430604.0000000006197000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.perl.com/
Source: axltools.exe, 00000000.00000003.1701840898.0000000003BFC000.00000004.00000020.00020000.00000000.sdmp, perl516.dll.0.dr String found in binary or memory: http://www.perl.org/
Source: axltools.exe, 00000000.00000003.1735501227.00000000061E4000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1733423746.0000000006195000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1735248154.0000000006198000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727761175.0000000006195000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1736150564.00000000061E8000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1734430604.0000000006197000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.suck.com/
Source: axltools.exe, 00000000.00000003.1729821079.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731974437.00000000069B6000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730575731.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1729033614.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1726693116.00000000069B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/
Source: axltools.exe, 00000000.00000003.1724946676.0000000005E6F000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1724946676.0000000005EE9000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727578770.00000000060ED000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1742353998.0000000001A3C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725070726.0000000005D91000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731219292.0000000005EE9000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1730854023.0000000006109000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://x.x.x.x:8080/ccmpd/login.do
Source: axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1742353998.0000000001A3C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725070726.0000000005D91000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://developer.cisco.com/site/axl/documents/axl-developer-guide-v11-5/#115changes
Source: axltools.exe, 00000000.00000003.1724946676.0000000005E6F000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1742353998.0000000001A3C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725070726.0000000005D91000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://developer.cisco.com/web/sxml/forums/-//message_boards/view_message/1173717
Source: axltools.exe, 00000000.00000003.1724946676.0000000005E6F000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725572559.00000000019FA000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728536452.0000000001A21000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1742353998.0000000001A3C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728440924.0000000001A0C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1725070726.0000000005D91000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728596851.0000000001A34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://discdungeon.cdw.com/apps/dbtables/cucm_14.0.1/type_data/typeproduct.txt
Source: axltools.exe, 00000000.00000003.1734508182.0000000006522000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727023778.0000000006521000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rt.cpan.org/Ticket/Display.html?id=58024
Source: axltools.exe, 00000000.00000003.1701840898.0000000003BFC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameperl514.dll6 vs axltools.exe
Source: axltools.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean2.winEXE@2/20@0/0
Source: C:\Users\user\Desktop\axltools.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7268:120:WilError_03
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\ Jump to behavior
Source: axltools.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\axltools.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\axltools.exe "C:\Users\user\Desktop\axltools.exe"
Source: C:\Users\user\Desktop\axltools.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\axltools.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Section loaded: msasn1.dll Jump to behavior
Source: axltools.exe Static file information: File size 5468256 > 1048576
Source: axltools.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x527000
Source: axltools.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Net-SSLeay\blib\arch\auto\Net\SSLeay\SSLeay.pdb source: axltools.exe, 00000000.00000003.1731053745.0000000006F0B000.00000004.00000020.00020000.00000000.sdmp, SSLeay.dll.0.dr
Source: Binary string: re\re.pdb source: axltools.exe, 00000000.00000003.1729821079.0000000006931000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\re\re.pdb source: re.dll.0.dr
Source: Binary string: at.pdb source: axltools.exe, 00000000.00000003.1732692258.0000000006586000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1734508182.0000000006587000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1732299586.000000000657C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1735649813.0000000006589000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1732589093.000000000657C000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1731722116.000000000657B000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1727023778.0000000006579000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\PerlIO\encoding\encoding.pdb source: encoding.dll.0.dr
Source: Binary string: ntl.pdb source: axltools.exe, 00000000.00000003.1735540252.0000000006064000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728057106.000000000604A000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1739024122.000000000606D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cpanfly-5.16\var\cpan\build\Crypt-DES-2.05-YXMLJC\blib\arch\auto\Crypt\DES\DES.pdb source: DES.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Data-Dumper\blib\arch\auto\Data\Dumper\Dumper.pdb source: Dumper.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\MIME\Base64\Base64.pdb source: Base64.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Time\HiRes\HiRes.pdb source: HiRes.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Socket\Socket.pdb source: Socket.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\IO\IO.pdb source: IO.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Fcntl\Fcntl.pdb source: Fcntl.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\HTML-Parser\blib\arch\auto\HTML\Parser\Parser.pdb source: Parser.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Scalar-List-Utils\blib\arch\auto\List\Util\Util.pdb source: Util.dll.0.dr
Source: Binary string: C:\cpanfly-5.16\var\cpan\build\XML-LibXML-2.0018-Sq01l4\blib\arch\auto\XML\LibXML\LibXML.pdb source: axltools.exe, 00000000.00000003.1706732597.0000000006C96000.00000004.00000020.00020000.00000000.sdmp, LibXML.dll.0.dr
Source: Binary string: C:\data\buildbot-pdk-slave\pdk-perl-win2003\build\src\PerlApp\src\paperl516.pdb source: axltools.exe
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\perl516.pdb source: axltools.exe, 00000000.00000003.1701840898.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, perl516.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\XML-Parser\blib\arch\auto\XML\Parser\Expat\Expat.pdb source: Expat.dll.0.dr
Source: Binary string: ntl.pdbnbits=' source: axltools.exe, 00000000.00000003.1735540252.0000000006064000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1728057106.000000000604A000.00000004.00000020.00020000.00000000.sdmp, axltools.exe, 00000000.00000003.1739024122.000000000606D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Encode\blib\arch\auto\Encode\Encode.pdb source: Encode.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\Digest-MD5\blib\arch\auto\Digest\MD5\MD5.pdb source: MD5.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\POSIX\POSIX.pdb source: POSIX.dll.0.dr
Source: Binary string: C:\cygwin\home\gecko\build-20130313T112414-ysnczhlqvy\perl\lib\auto\Storable\Storable.pdb source: Storable.dll.0.dr
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\500883b23a63199dc2829fdbc8348f21\POSIX.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\06d5b1ac5da862cdbb0b3ac695f3453c\LibXML.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\53072790dde17440c4012890afb43815\Storable.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\f16e1f679da123c81245279f1a139748\Parser.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\596571347931e8153c5521d6812d9e81\HiRes.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\1abd50a1c2ab4a3ff0345cde2d55afba\Socket.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\d2bcc46d29a882b1323ba2455a4cf8f1\perl516.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\f522a0e96a8361deca2c563f29dc9a24\Base64.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\c81ac6c36772666ca1e702e01dde5e9b\SSLeay.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\ba85e8995e0035a5652e7d02ad624f50\re.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\acbada12c63ba66ffc285eb2359b75e8\encoding.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\d39c15784bafcd23e55c5a0271f988ac\MD5.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\de07dcca160c9bd3b1faa05ac3c78ea8\Dumper.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\72c787717c09ab77d76b10d4ff014126\Encode.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\79e6d4a9f909690faec53f6e463896e8\IO.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\5ffaccc40de6d509ec33dff1fea9026c\Expat.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\27ea229280968204d59354ee0a6341a7\DES.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\a9f68920f6ea43580143946a0633ee0a\Util.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe File created: C:\Users\user\AppData\Local\Temp\pdk-user\b3ae4e9cf03fb0d5a98dfc18ef69a34b\Fcntl.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\500883b23a63199dc2829fdbc8348f21\POSIX.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\53072790dde17440c4012890afb43815\Storable.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\06d5b1ac5da862cdbb0b3ac695f3453c\LibXML.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\f16e1f679da123c81245279f1a139748\Parser.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\596571347931e8153c5521d6812d9e81\HiRes.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\d2bcc46d29a882b1323ba2455a4cf8f1\perl516.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\1abd50a1c2ab4a3ff0345cde2d55afba\Socket.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\f522a0e96a8361deca2c563f29dc9a24\Base64.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\c81ac6c36772666ca1e702e01dde5e9b\SSLeay.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\ba85e8995e0035a5652e7d02ad624f50\re.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\acbada12c63ba66ffc285eb2359b75e8\encoding.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\d39c15784bafcd23e55c5a0271f988ac\MD5.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\de07dcca160c9bd3b1faa05ac3c78ea8\Dumper.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\72c787717c09ab77d76b10d4ff014126\Encode.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\5ffaccc40de6d509ec33dff1fea9026c\Expat.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\79e6d4a9f909690faec53f6e463896e8\IO.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\27ea229280968204d59354ee0a6341a7\DES.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\a9f68920f6ea43580143946a0633ee0a\Util.dll Jump to dropped file
Source: C:\Users\user\Desktop\axltools.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pdk-user\b3ae4e9cf03fb0d5a98dfc18ef69a34b\Fcntl.dll Jump to dropped file
Source: axltools.exe, 00000000.00000002.1755522734.0000000001AFE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\axltools.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\b3ae4e9cf03fb0d5a98dfc18ef69a34b\Fcntl.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\b3ae4e9cf03fb0d5a98dfc18ef69a34b\Fcntl.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\53072790dde17440c4012890afb43815\Storable.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\53072790dde17440c4012890afb43815\Storable.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\f522a0e96a8361deca2c563f29dc9a24\Base64.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\f522a0e96a8361deca2c563f29dc9a24\Base64.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\f16e1f679da123c81245279f1a139748\Parser.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\f16e1f679da123c81245279f1a139748\Parser.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\a9f68920f6ea43580143946a0633ee0a\Util.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\a9f68920f6ea43580143946a0633ee0a\Util.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\5ffaccc40de6d509ec33dff1fea9026c\Expat.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\5ffaccc40de6d509ec33dff1fea9026c\Expat.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\d39c15784bafcd23e55c5a0271f988ac\MD5.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\d39c15784bafcd23e55c5a0271f988ac\MD5.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\27ea229280968204d59354ee0a6341a7\DES.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\72c787717c09ab77d76b10d4ff014126\Encode.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\72c787717c09ab77d76b10d4ff014126\Encode.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\de07dcca160c9bd3b1faa05ac3c78ea8\Dumper.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\de07dcca160c9bd3b1faa05ac3c78ea8\Dumper.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\79e6d4a9f909690faec53f6e463896e8\IO.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\79e6d4a9f909690faec53f6e463896e8\IO.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\06d5b1ac5da862cdbb0b3ac695f3453c\LibXML.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\06d5b1ac5da862cdbb0b3ac695f3453c\LibXML.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\500883b23a63199dc2829fdbc8348f21\POSIX.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\500883b23a63199dc2829fdbc8348f21\POSIX.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\ba85e8995e0035a5652e7d02ad624f50\re.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\ba85e8995e0035a5652e7d02ad624f50\re.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\acbada12c63ba66ffc285eb2359b75e8\encoding.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\acbada12c63ba66ffc285eb2359b75e8\encoding.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\596571347931e8153c5521d6812d9e81\HiRes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\596571347931e8153c5521d6812d9e81\HiRes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\1abd50a1c2ab4a3ff0345cde2d55afba\Socket.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\1abd50a1c2ab4a3ff0345cde2d55afba\Socket.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\c81ac6c36772666ca1e702e01dde5e9b\SSLeay.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Queries volume information: C:\Users\user\AppData\Local\Temp\pdk-user\c81ac6c36772666ca1e702e01dde5e9b\SSLeay.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\axltools.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
No contacted IP infos