Windows
Analysis Report
EasyLogUSB+Installer.exe
Overview
General Information
Detection
Score: | 6 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Compliance
Score: | 45 |
Range: | 0 - 100 |
Signatures
Classification
- System is w10x64_ra
- EasyLogUSB+Installer.exe (PID: 7032 cmdline:
"C:\Users\ user\Deskt op\EasyLog USB+Instal ler.exe" MD5: D3D4273692E34102B88C513AD1C10040) - msiexec.exe (PID: 5672 cmdline:
"C:\Window s\system32 \MSIEXEC.E XE" /i "C: \Users\use r\AppData\ Local\Temp \{7F3BB4D9 -1954-41B0 -8FC6-1687 CA4E557E}\ EasyLog US B.msi" SET UPEXEDIR=" C:\Users\u ser\Deskto p" SETUPEX ENAME="Eas yLogUSB+In staller.ex e" MD5: 9D09DC1EDA745A5F87553048E57620CF)
- msiexec.exe (PID: 1216 cmdline:
C:\Windows \system32\ msiexec.ex e /V MD5: E5DA170027542E25EDE42FC54C929077) - msiexec.exe (PID: 5912 cmdline:
C:\Windows \syswow64\ MsiExec.ex e -Embeddi ng C16B6E8 B33D4F0B5D AD7A01ECF7 25878 C MD5: 9D09DC1EDA745A5F87553048E57620CF) - msiexec.exe (PID: 7048 cmdline:
C:\Windows \syswow64\ MsiExec.ex e -Embeddi ng 27BDE6E 8EAF754595 4F65D95558 F90D2 MD5: 9D09DC1EDA745A5F87553048E57620CF) - conhost.exe (PID: 1992 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - EL-USB Driver Setup.exe (PID: 4888 cmdline:
"C:\Progra m Files (x 86)\EasyLo g USB\EL-U SB Driver Setup.exe" MD5: 4BD3D58BEB869D0895D93ACCADC08032)
- cleanup
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Compliance |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | File created: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | File deleted: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Mutant created: |
Source: | File created: |
Source: | Static PE information: |
Source: | File read: |
Source: | Key opened: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | File written: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: | ||
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Process created: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | Windows Management Instrumentation | 1 Windows Service | 1 Windows Service | 22 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501388 |
Start date and time: | 2024-08-29 20:51:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | EasyLogUSB+Installer.exe |
Detection: | CLEAN |
Classification: | clean6.winEXE@11/44@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: EasyLogUSB+Installer.exe
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | modified |
Size (bytes): | 14060 |
Entropy (8bit): | 5.729042366049827 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7BE4DD488B5F73A58993D89780421231 |
SHA1: | 0A872C95794C761083F2A96E135E5DF18271AA27 |
SHA-256: | CA2ED180236A8119FF0F03D09E78A6991D26C66C8794E07D04ACB048CDF13A2A |
SHA-512: | 0A5E418B11E19BE83D6E7DE94CCC05CAC0C25011183CCB80448AB3D42623B109B8E5E17B33618301D538395D701DE1D2E6FDF436B64F60BCE01F0D390B602F07 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 83968 |
Entropy (8bit): | 6.294061771215002 |
Encrypted: | false |
SSDEEP: | |
MD5: | D45DC6705A858837B48002B099259447 |
SHA1: | 7381790B9470B8120D40CC8170EF31625AFA41FC |
SHA-256: | 625364E42240CCD4D34DCEDDDA385C5B999C82254866886FDECF71E2E51EAA82 |
SHA-512: | BBD23EBB9C171F599FCD7FBFBCC4074364A892402A40BBA1F501C1E6EFF9803B239F5C46D834D5C19D00630DA5C87D3BB4633E09871685FE25981815918EAD6C |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 636816 |
Entropy (8bit): | 6.215505980302389 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4BD3D58BEB869D0895D93ACCADC08032 |
SHA1: | 9005888DFBC0B2483DC4DA69683B46AA70A54283 |
SHA-256: | 604330AE230A4FDE9A3C4401CDD544394910D55DDF651A84259E0B03B39DF35E |
SHA-512: | 6966206E8E3A038B3F142459E334C3D47AD67CAE95091EB1C022C5FE00BA14EF9EDBC0010AD9795E045CC6DEE63A81EFF262E0A7A8EF30373159BBFA25C9556B |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1774 |
Entropy (8bit): | 5.242834253911726 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4AE3D4215836D424C461C60E841509A8 |
SHA1: | 155EFD4F098E9A5294AFF18E2A0E45AAC5ED0310 |
SHA-256: | 6737F7F6737B4E37004D3F3FE3DBC9A2DB68FB74DF481B39AA0ACDBD238EDA79 |
SHA-512: | 5CB6C95906B6DC23622FDE07C5A04554B90DA8DC74E87B8A42BB60ED5B7B0A47678FD241250144BB345FB61DFDE4E183DF2F3D9563C7C9DF08D6A1782F3E5C5A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11118090 |
Entropy (8bit): | 7.999336140233879 |
Encrypted: | true |
SSDEEP: | |
MD5: | B40F9A166584B9979C4DDF94E9C58B84 |
SHA1: | 7A885114A83F0A73ADEAF1180FD8182BDE270678 |
SHA-256: | A7B13BEB1F0EE9EB22CB72B41D4396B27834FCB8A0C98DFBB1DE7283C6DBF345 |
SHA-512: | 7D19BF6F1951759209DCD58B5EEDC813645E8F688117C09E2E09B987F6F8EBE7EB9CBD67D009AEA970BE99AFC72FF76C9F9AA7589CC35A91DD8DB41E364B81BF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2468864 |
Entropy (8bit): | 7.154456571356211 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3B858BC0334BA720B83C388E909ADB76 |
SHA1: | D7E5D67093A04417127BCB78B3D429157E7D668B |
SHA-256: | 19A191AAE469323D2BF25E1C7FB80BDD09E98F88BC4A6B3907BE12B57BE739AD |
SHA-512: | 59375F6F2E2FAC2B4E226C850C37E03985399C99EF9FBEBDA953528723B62577E5E9BA8F74E5284B1CDFC90D7B5DC52D43B265DE05A4337A2952D30FDA6B9431 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12519936 |
Entropy (8bit): | 5.976511471374955 |
Encrypted: | false |
SSDEEP: | |
MD5: | 99A338CA1E3B2F789BEBF09E5DA98DB6 |
SHA1: | BF360B9A4A311350FF65EA63D18ED8823F9299F0 |
SHA-256: | 27767F40E341717951DCDF231C09ADFB0C85A411A541DEB59A18EC773D09D800 |
SHA-512: | 3A14BE46C94A4A2779FC8FF1C9E468A87C2D1981B0EB2461553B6B46A2D69C6D05540BF4874002D71288991708521D9ED91065F562575C49600042A82F812ECA |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1656320 |
Entropy (8bit): | 6.478623936096293 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7DBCED1DFC2BA8632169292C78DB9023 |
SHA1: | C7902951A4853BDFA7074261F0C5444CF6137845 |
SHA-256: | 615536B9FBF5B1F79C081224D136EC6AD2DB6B51B73BC455F2D7F2F18A0F9C19 |
SHA-512: | FD1E297513F66633DA1A7E61C3584A84E86144C7D1AECBE9FC3CF3CDECDAC20EA6D49E0E3C0F092B48026BA1E5FD94490896B9C045E2055415CB14380819567A |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12278 |
Entropy (8bit): | 3.757781663348975 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8506D085E11D902F8A1823E7E321BBDE |
SHA1: | ADBAD1E5A097730E6B887D813962AC725DAB4231 |
SHA-256: | 791BE0332C3BDCC86842EA3C144CF37E00192F0A318EDBC57A020979CF229417 |
SHA-512: | E6E3050B4ABAC5E2BADBA0094E3D2712D315FB30E2B746ABFC41E0F864B6EDA675BBD92D26C21DF1F79D2DA5D2122AAE71522560B890E89B4C88CE8E05E3D3B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9484 |
Entropy (8bit): | 3.8494259019457355 |
Encrypted: | false |
SSDEEP: | |
MD5: | B293E1467C132E759298BC9C6D6DED7D |
SHA1: | 38326172C6A6146F0BF0F12A18144A1C38B379C6 |
SHA-256: | 4B0F35D8B010E8BFC24942AF1635DD6FDF8432AE5DD8B88D361EB1DF1AE06DD3 |
SHA-512: | 4D44BA05D56718B6AF663D0305B6646F0F7A8181BAD066C6C82D68F8608E4366B8F931F32E4B3DBE74D7747F6CADE5CA3B1099AE10B1CF8E233F79FFA44B76FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15477 |
Entropy (8bit): | 3.633119065723989 |
Encrypted: | false |
SSDEEP: | |
MD5: | 489A922F2345B000FD6D82CD4217F1D5 |
SHA1: | 3DEF20F03E42CD21F273D5031BC4CE2C79716675 |
SHA-256: | 0AC3BFFE44A6FF29323208F95D6487F84F8FE172065AE5C37714E46C2690BFE1 |
SHA-512: | 1B655780BDDAB2AD1312F5BC10683A15312ED06E7288A702EB1BCE7ACAB94269D197929718EF99C8AB6BC154403087DA549B08A49637211163CBB7888459C216 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44219 |
Entropy (8bit): | 3.527582608719269 |
Encrypted: | false |
SSDEEP: | |
MD5: | F8F1C58AA92A4C8850F434A77FE4411A |
SHA1: | CCCADD7400963855821CD1A849D5A184B54591AF |
SHA-256: | 4ED4C172605C504B5FDB6660DE03B708D4174814DD738FC8DA38B9C439BA7447 |
SHA-512: | 053416800239F53B64D9622C97BEEF1C50C85442FFC3A0C1DF5304AFE667AB43B3BDBC489F94F250E5D4D595C3F4A02835213F0B12653F468B64D95D94CDDFDF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 125852 |
Entropy (8bit): | 3.6068372981211265 |
Encrypted: | false |
SSDEEP: | |
MD5: | E5477135B40BAFC5CDBC0887E9F43E91 |
SHA1: | 4A98CBD1BF41A7BDB4BABB53085131072914C832 |
SHA-256: | ACCD81ED3E1A0DE10AB90D303C50B35185FFFBAC3ADB65675B22F923551D5792 |
SHA-512: | E9BE123D171F9A5B5AD5E71CEC9457B7DB6B8B4B3AC253BBCE56973E14FE293EBCFF0A685D3D6786575716EFA27EB8CF70CD19DB2CD074A54884EFE248A9BC21 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8679 |
Entropy (8bit): | 3.717253632972772 |
Encrypted: | false |
SSDEEP: | |
MD5: | 86086555543DDAF5B4703A617984C70C |
SHA1: | CD3921237802C1958A888D0273519A6B6E3C3AD1 |
SHA-256: | 8A10FFA4AEDBDA127188FBC46437A04DE0618F3E056C084A76017990EB559C3F |
SHA-512: | 011DE120A8EEDAF8A569567CBBBE6EA1D73AB7F30A6FF45B59735657107ED454EC7598A5C7B69A0E7C50E7CC246D8DC90F6D5AB615E19BD67EE27E2D77EC82D7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 467288 |
Entropy (8bit): | 6.047761304423497 |
Encrypted: | false |
SSDEEP: | |
MD5: | 195ED09E0B4F3B09EA4A3B67A0D3F396 |
SHA1: | 01A250631397C93C4AAB9A777A86E39FD8D84F09 |
SHA-256: | AEF9FCBB874FC82E151E32279330061F8F22A77C05F583A0CB5E5696654AC456 |
SHA-512: | B801C03EFA3E8079366A7782D2634A3686D88F64C3C31A03AA5CE71B7BF472766724D209290C231D55DA89DD4F03BD1C0153FFEB514E1D5D408CC2C713CD4098 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 483 |
Entropy (8bit): | 5.319487317274177 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0A73FF24BBBB30B912BFC115A24019AB |
SHA1: | EE921F92A90C13A153094E090A93EEA572EA22A4 |
SHA-256: | E19491ADE2529A48A75E625E512175ACD5BB98CA6739BEE958AAE5822E3CA488 |
SHA-512: | 9EAE1A0E046253EB041AB7020627F037A9D9B3C8853DCD09D8A7B9846ADEEC6B113772429992776E0FB732034470F76D7E481374CCAA45C97BFD045C816A10DE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8984 |
Entropy (8bit): | 6.928193234859025 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0F98B187AC70FCBC464912A833656EB3 |
SHA1: | 3A9DA589492C7B9C419DA9BD0018100628F9D55E |
SHA-256: | 5FED39B28E3E4BB08403553C508DCC5E242A99463A957BDF0C1E42F16E2A19D6 |
SHA-512: | 1B26CE1BDB28B8C1550C33D835AAD5DDBA9A190C525CA507A103926A5C7410DAE81EBD3CF8DF30C634B273A6926271E69BEA7BE539393D82286DD38391FC0592 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24576 |
Entropy (8bit): | 5.444427923348303 |
Encrypted: | false |
SSDEEP: | |
MD5: | 971FA2980AB94A90B6A9A8385267E653 |
SHA1: | FC739185177A85ED04B71C6A8D5FDFB72D919306 |
SHA-256: | 25E3D0517AFCBD70C1EBB53097F096E1BDA49DC4524E3C858489E5EC12825608 |
SHA-512: | 6D905EC5FCEE1F8ED2870AF0714A6C630DE3E8D8611406486ADDA08ECFC1873BD57932ED73F42EF93E4F49D40FCED13CA5C1C99795E8C0CECBBE6B56327E1337 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 19456 |
Entropy (8bit): | 5.5838184446755195 |
Encrypted: | false |
SSDEEP: | |
MD5: | CEDF7CFFCCD03451FD22DBAAC2E3DE8E |
SHA1: | 3FD8383608DB769A1E2C8E0C1302C315DCA8B37E |
SHA-256: | A1F4B952099EBA4BA4E659782F85B45C4BBB411BF5B7C02D5BE0CC3DBF27AFF3 |
SHA-512: | BBA0BF8C75E5A1B1AFC72F5B5A33CACA721DBB4589DE7B3430398AE147E2E2CF18A15932DF62D32423B1093453B55B48B9E99FB7549135E3CF33976229C47376 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17408 |
Entropy (8bit): | 6.017219183396955 |
Encrypted: | false |
SSDEEP: | |
MD5: | 812318F3E7BD682E1C22F0B707F66E82 |
SHA1: | AA17A293AEC2BF1239779A8D439F84B2602D76AD |
SHA-256: | 9B4C47FAA4BD6F22E75CF8430BAC37E48108C35B6737850E583EFDC37C4D8A81 |
SHA-512: | 961BF96B873E269AD566B33243DF872D989AAB6EB51E29CC984D26BCCC331DDB60B45B301C2FD13D9F5E10BC26CAEFBD948D305D35EBAA22515453A3CD57CFD5 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14592 |
Entropy (8bit): | 6.033771703962439 |
Encrypted: | false |
SSDEEP: | |
MD5: | 599F3715602F4CB09AD0FDC606E3B9D9 |
SHA1: | 659F9A1CF662260F3FB197E6FE3592922014E831 |
SHA-256: | 589FEA41EF48ACD9F0FC54AB25A430E5627D17E8EC3C950F3C5CB71C348E9B8D |
SHA-512: | 56E55D7FD6330E2BBE60BD79D7502E22CEDC9F448982C54E9C924BD57B3C0741E634883435BA4621DB80852D7F47A081FA4FA4302217BFB4BF87558F7EC233BB |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2769 |
Entropy (8bit): | 2.9214200185059975 |
Encrypted: | false |
SSDEEP: | |
MD5: | AD6EDC97A8ADF247A41FCFF832386DFE |
SHA1: | F1FA6469F869F8FCEC7631D1F16FB11678CE2E15 |
SHA-256: | CD5FEC9C4F4242B25DD753EC2F1B78849B380CFE82F880A07CA8BAB1F238F99C |
SHA-512: | DDB38AE427A584477A05E68949F51B77739EA18C72AED6FC1E60A69973A458F5993EB5F8404160B38F8B8062D26E52C57FC7646036DA7117232A6E861B8AFE78 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2775 |
Entropy (8bit): | 2.9268640614950217 |
Encrypted: | false |
SSDEEP: | |
MD5: | 992A06209D6CBC7C25B1676E3979A571 |
SHA1: | FD4B63B71157503A1244357A9B53293A575892FC |
SHA-256: | 10D3A77D970556B6100ACBC821995AA7E5D88DBC5637613235E71F66DB176F4F |
SHA-512: | D921C07B0A62361DC5F14465E118C3590E9C4F28987909E01665652FE21331CE6732CF1338F68BBDC8852D476684D95FD7A1F17507FC9C1EF440A769F2BF6517 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 970 |
Entropy (8bit): | 4.7085217917161275 |
Encrypted: | false |
SSDEEP: | |
MD5: | FC8B7CCD3FC06C093E4B7FB5FD9366EC |
SHA1: | FDEF120EA28081EE3E90EE03C92B76B464DB3F67 |
SHA-256: | 3570012FACBCA736F40EB89EC6626C2D8F715CAC37F05BF894E711234C1F2FFC |
SHA-512: | 036B37EAB090033E3F9FDBDE33D8E0F3E80F362195EB5E501F3B53657E14576293233FCFE831080763CE86DBDD353F19A3A07252EDAA06F157E1F67910D9B52A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | FC8B7CCD3FC06C093E4B7FB5FD9366EC |
SHA1: | FDEF120EA28081EE3E90EE03C92B76B464DB3F67 |
SHA-256: | 3570012FACBCA736F40EB89EC6626C2D8F715CAC37F05BF894E711234C1F2FFC |
SHA-512: | 036B37EAB090033E3F9FDBDE33D8E0F3E80F362195EB5E501F3B53657E14576293233FCFE831080763CE86DBDD353F19A3A07252EDAA06F157E1F67910D9B52A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1015 |
Entropy (8bit): | 4.728992866932944 |
Encrypted: | false |
SSDEEP: | |
MD5: | DA45A723075941B2748E8D05EEC516FA |
SHA1: | 0BF5D9DA505EDCDDFE560B73C79E2528B77783CF |
SHA-256: | DE0F68DC2211A92B69D8249005775A16AE22E73A175D02162AD33CB4B4B8C1C3 |
SHA-512: | 6C3E72FB19A10784545C3B0A541A4B924EAD534698728B5401DC386C643803E9C4CE0A9814CAF645360236F181C2214EE225B1CEF519FD8AABAEE74C4FD3C7B1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\SysWOW64\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 205 |
Entropy (8bit): | 5.239236705496828 |
Encrypted: | false |
SSDEEP: | |
MD5: | 52E37704F6B2D0A60914D4FC33BB8392 |
SHA1: | 865DE5AD56B952BC6A55A44A9B25C5982B08856D |
SHA-256: | 80D350EEFE5A06D8D5939421EA8AA11227E1CB7531405D44D236F7C520BD1D26 |
SHA-512: | 19EBDD5C7765B6C4CF3F10B76550679345B51F0C38C6081DC9B8F6DE1ADD700F7124A8CF7CB948FB6E494DA607677A646ADDE50E6C748C41526DE6B698425215 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\SysWOW64\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 523512 |
Entropy (8bit): | 6.417003787731374 |
Encrypted: | false |
SSDEEP: | |
MD5: | 557E647D925831D32DA575BF45C849D7 |
SHA1: | 50B607E57D527CD076BE0BA23E1177890A401C12 |
SHA-256: | E41012393DACFDF2632243323D5718EA962ED96FD8248D1C6747903E4C2A1D36 |
SHA-512: | DB5F067EFADE41BB5B7E3B54CC1FF40AD3105CB2258329C13C92E38B29CB9E62EA2C1FFAA2401FA8E34BE16C7CBB87F6CBA5AEA88B79361181C9A81D3612E53E |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\SysWOW64\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 156928 |
Entropy (8bit): | 6.027572827219195 |
Encrypted: | false |
SSDEEP: | |
MD5: | 69E9BB71D4D394E87F0109734D328371 |
SHA1: | 82FBEF8F36AECEFBCA489D58C09CDF4B0386F787 |
SHA-256: | C3A87617D5BA229A62DA7FD4E0929BE26CAC33C58470FD5E5F0B54C30FF4D172 |
SHA-512: | 867C051E8BEAD1B4B093833776B2643E2B077E5D0866FF0D5362EA51AD277C3FF0F6892475183F4308409742DE63FFEED6289FBE4BD6DA692F873EF647AE3414 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\EasyLogUSB+Installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22480 |
Entropy (8bit): | 3.4851320007899904 |
Encrypted: | false |
SSDEEP: | |
MD5: | A108F0030A2CDA00405281014F897241 |
SHA1: | D112325FA45664272B08EF5E8FF8C85382EBB991 |
SHA-256: | 8B76DF0FFC9A226B532B60936765B852B89780C6E475C152F7C320E085E43948 |
SHA-512: | D83894B039316C38915A789920758664257680DCB549A9B740CF5361ADDBEE4D4A96A3FF2999B5D8ACFB1D9336DA055EC20012D29A9F83EE5459F103FBEEC298 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\{7F3BB4D9-1954-41B0-8FC6-1687CA4E557E}\EasyLog USB.msi
Download File
Process: | C:\Users\user\Desktop\EasyLogUSB+Installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 19083776 |
Entropy (8bit): | 7.960074563695781 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0667825A7C186AB1769BEF4A2D0D5CA6 |
SHA1: | 06EFBC582B852C4964CA6CA1DEFB5B13B182B0BA |
SHA-256: | A0875FA7ABF8474D2864DAFA61CCA887F0EA81ED0B82B57184046A1E946E4C10 |
SHA-512: | ECCF9D7FA57095BF4CDECA50DA10BF8CA2B8AAD5C756D3B7E3CEE55D4976D894B1ED5AE9D512950835EED696FD3A7DB1DB0ADB878EEC178103461C9443C62697 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\EasyLogUSB+Installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 606 |
Entropy (8bit): | 3.688532245445425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 17E6BBD1E8595815759254889DE4FF8B |
SHA1: | F15138BF500C539F7E680D90A23C0FF43F1885F5 |
SHA-256: | F470800E59BDDF14C139633534D9B7453DCBD8B5DB3EF3CB557B7AA21D77CDD4 |
SHA-512: | D8212CB89A60ACAFE4397D4978541865698417FA866C996497E672DB951F930C08996EBF45571EBB4706593EE5FB04DE5462EE3F281586271563E9235C69B8DF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\EasyLogUSB+Installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5252 |
Entropy (8bit): | 3.733760690252317 |
Encrypted: | false |
SSDEEP: | |
MD5: | 33F13D68A9E9F9845760A257286545AA |
SHA1: | A2B07B4FBF4BFCCFF550469FC12C7030892D9355 |
SHA-256: | A231E341F8E0997464F740BEC5526711605B173DC2C3101D580DB82AB636E67A |
SHA-512: | 55455655ADA80A5BFC15BD9878FE8DD7B60FCBD5800A13C06BCC8E5400D08FE5684E565DBC2B9E87FA8CCEF96CBF58B4045D59F60809A7B7C41A737D776F3C81 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207049 |
Entropy (8bit): | 5.187127303493844 |
Encrypted: | false |
SSDEEP: | |
MD5: | F1C4E84781028AAD9477FCBE89B0D6A3 |
SHA1: | F72E77E08ADFEFABC24DBC22782F88871CDEE00E |
SHA-256: | 0077833AC391A6FDCE0E95B7867994D0A8BF0EEBA89B6B098A777D43CE05AF81 |
SHA-512: | D30C68D6422F2A5E4BA0B61A57AA630424CC8F6F8AF8C4E79EB021BE9161C2090DBEA861BD9AD5312B5669872B4993EAEF600B5B7D766BB7403019CD67BA4BCD |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 1.1636092453135436 |
Encrypted: | false |
SSDEEP: | |
MD5: | 66F1B9EECDF5194B5E9683C0549EE498 |
SHA1: | BD8D4F3ED82E74B7A078FA107B42322B2A29B192 |
SHA-256: | 2C018D5C479862D93C29E6125311976D2F03EE175BE7F00CE100449F4045298C |
SHA-512: | 937B77904121DA94FA6D3D21D55BEFCF2A990D8BFCC707A4D7C07144494CED5849D429C5500A1A19487B8A0026B0FD677A3691B4CED184AC0513C28784E7E680 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72944 |
Entropy (8bit): | 5.067944027835008 |
Encrypted: | false |
SSDEEP: | |
MD5: | 23C1D640A469D3086A14F9FDF449EB50 |
SHA1: | 2F277BA7EC429B93FE4D3879973024F8BACBE832 |
SHA-256: | AE66EC7081CE696B549E39F70E5ADA5F57AC6F8173773EED1144039C24946945 |
SHA-512: | 585495B7A633B8F46ACB9D2A78703FB47A6057FC8F22171CC5F1B7EDF627D05571D39A164A15ED718C042C7B6C99AC927E00B83C95954E8EA9AE9E0FF58DC64B |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
C:\Windows\Installer\{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}\EasyLogGraph.exe_3D39C605F6D0484A88F3AD4B82B13993.exe
Download File
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52464 |
Entropy (8bit): | 5.106173623429902 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6E27FC142F298EEE2A5C37F3DF46975B |
SHA1: | 0348059D4CE805D7099F3E24CF9AF5548C971176 |
SHA-256: | 70DCCB008ACA50A9F1925967DF3A15B581623FEF1AF005C5BD6BD59451AA8E79 |
SHA-512: | CA5EC51965E9972946D80BFFFF617B2DFA08C743B1E3B5CF663DBFB79CC4769273B8BD28E6398F4B45E05DA48D8AC57548288018DD25812B001CE430E71A5599 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
C:\Windows\Installer\{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}\EasyLog_USB.exe_63257A9301FB4EABA085D3C69F470EC4.exe
Download File
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72944 |
Entropy (8bit): | 5.069498628939283 |
Encrypted: | false |
SSDEEP: | |
MD5: | A2936C32057A1EC0E7F343B46A1C2D60 |
SHA1: | 6FA37460864A7452A0F0E82EB87D59EEAE1058ED |
SHA-256: | 18F7E5E9E33F1A914EE9E64B239B7EB0D7FDC55C7BC2C06FFD97A23E76A8817C |
SHA-512: | 3C78590D5BCE97502BE732683AF6B2B7A6AF14AF5DE80E431F7436C204E68E98D99F136E38317C8196ACB35414571B2253534B1858D01726268E917AFB71E67C |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 454234 |
Entropy (8bit): | 5.356166206393021 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2530EDE50E19F9419DAC8CC98DF2CFDC |
SHA1: | D67B7B8F014E382BEB7EA323CDFBA2135A9F3B26 |
SHA-256: | DA4354C52FC97E32B539D9C90ED3EC6D2F61017C5861D885312A193F8BB9E6CD |
SHA-512: | A882DC0B62F051515B0EB6EEC95907F4EE4157ECC25B09A1990E56571DCAED38AD6BC06AB2528495E09CB9E733DFA4AB088336FE99B874F7D8E9EEEEB866A47B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 90112 |
Entropy (8bit): | 5.1088148238453925 |
Encrypted: | false |
SSDEEP: | |
MD5: | 372584E745A5A968AA02D7B969FB377B |
SHA1: | 3333F82ED9FBD12CBF79C4E37EC65A7991BF60F5 |
SHA-256: | 77BAADD8CF594F91C20DA6F46A0AB939796D03F92AECB5D478049D419AA8DF13 |
SHA-512: | ACE16FF6F7C2170712FCD4801B396BA54ECD0B20FCD82C7653F8294F69296493E0CA1748457D6A19AB060F3A43D4645A8A9C084E11F0C582C23E40A53AD5D6BC |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73728 |
Entropy (8bit): | 0.2416905022648147 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5D8AF881A7158C623712BC3CD1A76B09 |
SHA1: | 40E90FB951DE71DE72EBFBF0B2BFC7984B23FCA6 |
SHA-256: | 385152E36E0B50A64A9CEDF429C4FE0CD33A3029E6370759925B46E4330CE28B |
SHA-512: | F5A69BB387F3F07A39CBF970B9332033AE2D273208EF70016C457FF1E64B1C151415D7150D69D8354ACCC9208E975B24449CCF83A1932114A34C9971F6E6B93D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 1.456853896277695 |
Encrypted: | false |
SSDEEP: | |
MD5: | E2F3C1A2E03FA33972A9689A811CADD7 |
SHA1: | BB937B16BD1C1425C4CA90A618FDA90588C11A4B |
SHA-256: | 5053A5A5DF7585D4B44DA1D3EF24121927629F2E4BF1FEBB3EA5906AE5243806 |
SHA-512: | 31B89892E8727DB4CEA0288E25B90A704AAB09C0AD52783660CC30394E3A5B3BB7F4117D43B8B84F7CEEBEBBF56FC879F4ED79F99D7B4C7D82DE14C4FA301693 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.07156909361014326 |
Encrypted: | false |
SSDEEP: | |
MD5: | C20051FAD9BF592298D88B23073C7758 |
SHA1: | 203F35B2A93DC8E0896D7E65C081AA593D8F5089 |
SHA-256: | 8EDE3DA36D4A8A1EEB706EABB21DC8B2DAAB0FC6CF0D74818EBBC8EECA02EE3B |
SHA-512: | 043EE68EF5C36C158E5355BBBABC74AC6AEEBCC68AFEF6E7FEA368C31CD2B7451AF44F8DEFC6445FAFF0D631337F0D319B91AEC4FE8606BB9230B4DB5A18AA88 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 1.8450605709758332 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3C00E3104F2C14F48B953DB825835ADC |
SHA1: | 22869A1957060F00226DECCEDB1D4D489B4EBD7D |
SHA-256: | 4F5F9714E0BE81639380FFDB141E3CE9CF0D2944CA73B1BD0C649717FBC94D85 |
SHA-512: | 13D6D99416908478B4B020C89D1DDE2DFD49D08DDCDEC8C83131755D8D156246208FB3E365B0C0D418F62CB82E3481EF4F040E6EA96A85792AF5ABF91B8FAA0D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.982918880423008 |
TrID: |
|
File name: | EasyLogUSB+Installer.exe |
File size: | 19'500'624 bytes |
MD5: | d3d4273692e34102b88c513ad1c10040 |
SHA1: | 1b75e5c2644fbf075040df437b15d4d2c128c2cf |
SHA256: | cc2652dc33020fab609750a6f627e2f8e6597960b25f210981e62f5ad92f7d70 |
SHA512: | 94ea2dedb53887a40b4995536211d94247b3bd9994e0b3888eedffa52a20b4cd500a4da86f110a7a203ba2802b011d29c349774df8d4bea5ea3237f216e1157b |
SSDEEP: | 393216:BhQWQwqV7x2GH3mm+xaYzY4VGHxfwzXUxnIbG1vrMd:Bjqd9WJaYz7GRfwLUxnIbcYd |
TLSH: | 49172323B581903ED5A102328C6FAD7081A97EB35E31465BF698FF1D1DF48827927F1A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wn.............................M.......M...7...@a......M.......@a..........!...................................Rich........... |
Icon Hash: | 497971328ce1634d |
Entrypoint: | 0x4575cc |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x57B8A2BE [Sat Aug 20 18:34:38 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 4da036c357ba9b57ad512acda2ab8f70 |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | B656567D8713E66AE810DFDEF09BAA4E |
Thumbprint SHA-1: | E120C7DAC8262B2FC234FFDD7FEF64DB785FF6E4 |
Thumbprint SHA-256: | 470E7DEBE4EF2ED0668130574D9D743A3146EC84E67B32537A42A506442399B0 |
Serial: | 0129746216985DDDF8A35EE9CD1C24B9 |
Instruction |
---|
call 00007F093D108A82h |
jmp 00007F093D0F9D3Eh |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+14h] |
push esi |
test eax, eax |
je 00007F093D0F9F3Eh |
cmp dword ptr [ebp+08h], 00000000h |
jne 00007F093D0F9F15h |
call 00007F093D0F82EEh |
push 00000016h |
pop esi |
mov dword ptr [eax], esi |
call 00007F093D0FCA6Eh |
mov eax, esi |
jmp 00007F093D0F9F27h |
cmp dword ptr [ebp+10h], 00000000h |
je 00007F093D0F9EE9h |
cmp dword ptr [ebp+0Ch], eax |
jnc 00007F093D0F9F0Bh |
call 00007F093D0F82D0h |
push 00000022h |
jmp 00007F093D0F9EE2h |
push eax |
push dword ptr [ebp+10h] |
push dword ptr [ebp+08h] |
call 00007F093D0F5D7Bh |
add esp, 0Ch |
xor eax, eax |
pop esi |
pop ebp |
ret |
push ebp |
mov ebp, esp |
xor edx, edx |
mov eax, edx |
cmp dword ptr [ebp+0Ch], eax |
jbe 00007F093D0F9F13h |
mov ecx, dword ptr [ebp+08h] |
cmp word ptr [ecx], dx |
je 00007F093D0F9F0Bh |
inc eax |
add ecx, 02h |
cmp eax, dword ptr [ebp+0Ch] |
jc 00007F093D0F9EF4h |
pop ebp |
ret |
test eax, eax |
jne 00007F093D0F9F08h |
pxor xmm0, xmm0 |
jmp 00007F093D0F9F13h |
movd xmm0, eax |
punpcklbw xmm0, xmm0 |
punpcklwd xmm0, xmm0 |
pshufd xmm0, xmm0, 00h |
push ebx |
push ecx |
mov ebx, ecx |
and ebx, 0Fh |
test ebx, ebx |
jne 00007F093D0F9F7Ah |
mov ebx, edx |
and edx, 7Fh |
shr ebx, 07h |
je 00007F093D0F9F32h |
movdqa dqword ptr [ecx], xmm0 |
movdqa dqword ptr [ecx+10h], xmm0 |
movdqa dqword ptr [ecx+20h], xmm0 |
movdqa dqword ptr [ecx+30h], xmm0 |
movdqa dqword ptr [ecx+40h], xmm0 |
movdqa dqword ptr [ecx+50h], xmm0 |
movdqa dqword ptr [ecx+60h], xmm0 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe963c | 0xc8 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xf5000 | 0x4cc9c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1296130 | 0x2d20 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb5680 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xcec40 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb5000 | 0x584 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xe8cf0 | 0xe0 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb3145 | 0xb3200 | 3c5019b481b36b50861c003b927571fe | False | 0.4942537508722959 | data | 6.587897407968807 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xb5000 | 0x363a2 | 0x36400 | 9ccda080685d04b6d39abf90df4ddb2e | False | 0.4168391777073733 | data | 5.111602563063982 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xec000 | 0x8c38 | 0x2800 | ac1123bbcdd1c65593b571a2c4af0630 | False | 0.29013671875 | data | 4.4690563880861 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xf5000 | 0x4cc9c | 0x4ce00 | 4266bd2112a8e5f29d2d02ae8b566503 | False | 0.33817962398373985 | data | 6.561419459411344 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
GIF | 0xf5dcc | 0x33a7 | GIF image data, version 89a, 350 x 624 | 0.9106859260379642 | ||
GIF | 0xf9174 | 0x339f | GIF image data, version 89a, 350 x 624 | English | United States | 0.9129020052970109 |
PNG | 0xfc514 | 0x39ed | PNG image data, 360 x 150, 8-bit/color RGBA, non-interlaced | 0.9975723244992919 | ||
PNG | 0xfff04 | 0x2fc9 | PNG image data, 240 x 227, 8-bit/color RGBA, non-interlaced | 0.9968119022316685 | ||
RT_BITMAP | 0x102ed0 | 0x14220 | Device independent bitmap graphic, 220 x 370 x 8, image size 81400 | 0.34390764454792394 | ||
RT_BITMAP | 0x1170f0 | 0x1b5c | Device independent bitmap graphic, 180 x 75 x 4, image size 6900 | 0.18046830382638493 | ||
RT_BITMAP | 0x118c4c | 0x38e4 | Device independent bitmap graphic, 180 x 75 x 8, image size 13500 | 0.26689096402087337 | ||
RT_BITMAP | 0x11c530 | 0x1238 | Device independent bitmap graphic, 60 x 60 x 8, image size 3600 | 0.23499142367066894 | ||
RT_BITMAP | 0x11d768 | 0x6588 | Device independent bitmap graphic, 161 x 152 x 8, image size 24928, resolution 3796 x 3796 px/m, 256 important colors | 0.3035934133579563 | ||
RT_BITMAP | 0x123cf0 | 0x11f88 | Device independent bitmap graphic, 161 x 152 x 24, image size 73568, resolution 3780 x 3780 px/m | 0.12790729268557766 | ||
RT_ICON | 0x135c78 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | 0.21808510638297873 | ||
RT_ICON | 0x1360e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | 0.099906191369606 | ||
RT_ICON | 0x137188 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | 0.06109958506224066 | ||
RT_ICON | 0x139730 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | 0.35618279569892475 | ||
RT_ICON | 0x139a18 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | 0.42473118279569894 | ||
RT_DIALOG | 0x139d00 | 0x1ce | data | 0.48917748917748916 | ||
RT_DIALOG | 0x139ed0 | 0x266 | data | 0.4527687296416938 | ||
RT_DIALOG | 0x13a138 | 0x2b0 | data | 0.438953488372093 | ||
RT_DIALOG | 0x13a3e8 | 0x54 | data | 0.6904761904761905 | ||
RT_DIALOG | 0x13a43c | 0x34 | data | 0.8846153846153846 | ||
RT_DIALOG | 0x13a470 | 0xd6 | data | 0.6495327102803738 | ||
RT_DIALOG | 0x13a548 | 0x114 | data | 0.5036231884057971 | ||
RT_DIALOG | 0x13a65c | 0xd6 | data | 0.5841121495327103 | ||
RT_DIALOG | 0x13a734 | 0x246 | data | 0.4690721649484536 | ||
RT_DIALOG | 0x13a97c | 0x3c8 | data | 0.4194214876033058 | ||
RT_DIALOG | 0x13ad44 | 0x14e | data | 0.5359281437125748 | ||
RT_DIALOG | 0x13ae94 | 0x1e8 | data | 0.49385245901639346 | ||
RT_DIALOG | 0x13b07c | 0x1c6 | data | 0.5286343612334802 | ||
RT_DIALOG | 0x13b244 | 0x1ee | data | 0.49190283400809715 | ||
RT_DIALOG | 0x13b434 | 0x7c | data | 0.7580645161290323 | ||
RT_DIALOG | 0x13b4b0 | 0x3bc | data | 0.4372384937238494 | ||
RT_DIALOG | 0x13b86c | 0x158 | data | 0.5581395348837209 | ||
RT_DIALOG | 0x13b9c4 | 0x1da | data | 0.5168776371308017 | ||
RT_DIALOG | 0x13bba0 | 0x10a | data | 0.6015037593984962 | ||
RT_DIALOG | 0x13bcac | 0xde | data | 0.6441441441441441 | ||
RT_DIALOG | 0x13bd8c | 0x1d4 | data | 0.5085470085470085 | ||
RT_DIALOG | 0x13bf60 | 0x1dc | data | 0.5210084033613446 | ||
RT_DIALOG | 0x13c13c | 0x294 | data | 0.48787878787878786 | ||
RT_STRING | 0x13c3d0 | 0x160 | data | English | United States | 0.5340909090909091 |
RT_STRING | 0x13c530 | 0x23e | data | English | United States | 0.40418118466898956 |
RT_STRING | 0x13c770 | 0x378 | data | English | United States | 0.4222972972972973 |
RT_STRING | 0x13cae8 | 0x252 | data | English | United States | 0.4393939393939394 |
RT_STRING | 0x13cd3c | 0x1f4 | data | English | United States | 0.442 |
RT_STRING | 0x13cf30 | 0x66a | data | English | United States | 0.3617539585870889 |
RT_STRING | 0x13d59c | 0x366 | data | English | United States | 0.41379310344827586 |
RT_STRING | 0x13d904 | 0x27e | data | English | United States | 0.4561128526645768 |
RT_STRING | 0x13db84 | 0x518 | data | English | United States | 0.39800613496932513 |
RT_STRING | 0x13e09c | 0x882 | data | English | United States | 0.3002754820936639 |
RT_STRING | 0x13e920 | 0x23e | data | English | United States | 0.45121951219512196 |
RT_STRING | 0x13eb60 | 0x3ba | data | English | United States | 0.3280922431865828 |
RT_STRING | 0x13ef1c | 0x12c | data | English | United States | 0.5266666666666666 |
RT_STRING | 0x13f048 | 0x4a | data | English | United States | 0.6756756756756757 |
RT_STRING | 0x13f094 | 0xda | data | English | United States | 0.6100917431192661 |
RT_STRING | 0x13f170 | 0x110 | data | English | United States | 0.5845588235294118 |
RT_STRING | 0x13f280 | 0x20a | data | English | United States | 0.4521072796934866 |
RT_STRING | 0x13f48c | 0xba | Matlab v4 mat-file (little endian) P, numeric, rows 0, columns 0 | English | United States | 0.5860215053763441 |
RT_STRING | 0x13f548 | 0xa8 | data | English | United States | 0.6607142857142857 |
RT_STRING | 0x13f5f0 | 0x12a | data | English | United States | 0.5201342281879194 |
RT_STRING | 0x13f71c | 0x422 | data | English | United States | 0.2741020793950851 |
RT_STRING | 0x13fb40 | 0x5c2 | data | English | United States | 0.37720488466757124 |
RT_STRING | 0x140104 | 0x40 | data | English | United States | 0.671875 |
RT_STRING | 0x140144 | 0xcaa | data | English | United States | 0.2313386798272671 |
RT_STRING | 0x140df0 | 0x284 | data | English | United States | 0.4363354037267081 |
RT_GROUP_ICON | 0x141074 | 0x30 | data | 0.8125 | ||
RT_GROUP_ICON | 0x1410a4 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x1410b8 | 0x14 | data | 1.2 | ||
RT_VERSION | 0x1410cc | 0x424 | data | 0.4349056603773585 | ||
RT_MANIFEST | 0x1414f0 | 0x52a | XML 1.0 document, ASCII text, with CRLF line terminators | 0.46520423600605143 | ||
RT_MANIFEST | 0x141a1c | 0x280 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.553125 |
DLL | Import |
---|---|
COMCTL32.dll | |
KERNEL32.dll | LoadLibraryW, lstrcmpW, lstrcmpiW, GetSystemDefaultLangID, GetUserDefaultLangID, VerLanguageNameW, CompareFileTime, CreateDirectoryW, FindClose, FindFirstFileW, FindNextFileW, SetFileAttributesW, GetSystemTimeAsFileTime, GetPrivateProfileStringW, MoveFileW, LocalFree, FormatMessageW, GetSystemInfo, MulDiv, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LoadLibraryExW, GetVersion, GetLocalTime, IsValidLocale, GetCommandLineW, GetFileAttributesW, GlobalAlloc, GlobalFree, FlushFileBuffers, SetEndOfFile, VirtualQuery, lstrcpyA, IsBadReadPtr, GetDiskFreeSpaceExW, GetDriveTypeW, GetExitCodeProcess, GetCurrentThread, GetLocaleInfoW, InterlockedExchange, LoadLibraryExA, DecodePointer, LCMapStringW, RtlUnwind, IsDebuggerPresent, MoveFileExW, WriteProcessMemory, VirtualProtectEx, GetSystemDirectoryW, FreeLibrary, SetThreadContext, GetThreadContext, CreateProcessW, ResumeThread, TerminateProcess, ExitProcess, GetCurrentProcess, Sleep, WaitForSingleObject, DuplicateHandle, RemoveDirectoryW, DeleteFileW, SetCurrentDirectoryW, lstrlenW, lstrcpynA, LocalAlloc, lstrcmpA, SystemTimeToFileTime, ResetEvent, SetEvent, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, GetCurrentDirectoryW, FindResourceExW, GetEnvironmentVariableW, SetFileTime, GetFileTime, OpenProcess, GetProcessTimes, ReadConsoleW, WriteConsoleW, SetStdHandle, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FatalAppExitA, EnumSystemLocalesW, GetUserDefaultLCID, GetTimeFormatW, GetDateFormatW, SetConsoleCtrlHandler, OutputDebugStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetFileType, HeapReAlloc, CreateSemaphoreW, GetStartupInfoW, TlsFree, TlsSetValue, IsProcessorFeaturePresent, CompareStringA, CompareStringW, lstrcatW, GetVersionExW, InterlockedDecrement, InterlockedIncrement, CreateEventW, QueryPerformanceFrequency, GetTempFileNameW, CopyFileW, GetTickCount, GetExitCodeThread, CreateThread, FindResourceW, GlobalUnlock, GlobalLock, SizeofResource, LockResource, LoadResource, lstrcpyW, GetWindowsDirectoryW, SetErrorMode, GetTempPathW, FlushInstructionCache, ExpandEnvironmentStringsW, lstrcpynW, GetModuleFileNameW, GetProcessHeap, HeapFree, HeapAlloc, WriteFile, SetFilePointer, ReadFile, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, CloseHandle, GetFileSize, CreateFileW, SetLastError, GetLastError, LoadLibraryA, GetSystemDirectoryA, GetProcAddress, GetModuleHandleW, TlsGetValue, TlsAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStringTypeW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, GetCurrentThreadId, HeapSize, AreFileApisANSI, GetModuleHandleExW, GetStdHandle, EncodePointer |
USER32.dll | CreateWindowExW, SetTimer, KillTimer, LoadCursorW, RegisterClassW, DefWindowProcW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PostQuitMessage, GetSysColorBrush, CharPrevW, SendDlgItemMessageW, wvsprintfW, LoadImageW, CreateDialogParamW, MoveWindow, SetCursor, GetWindow, GetDlgItemTextW, SetFocus, EnableWindow, SetForegroundWindow, SetActiveWindow, SetDlgItemTextW, IsDialogMessageW, FindWindowW, SubtractRect, IntersectRect, SetRect, FillRect, GetSysColor, GetWindowRect, GetDC, GetSystemMetrics, GetDlgCtrlID, CreateDialogIndirectParamW, DestroyWindow, IsWindow, SendMessageW, MessageBoxW, CharNextW, WaitForInputIdle, SetWindowLongW, GetWindowLongW, GetClientRect, EndPaint, BeginPaint, ReleaseDC, ExitWindowsEx, CharUpperW, GetWindowDC, SetWindowPos, SetWindowTextW, GetDlgItem, EndDialog, DialogBoxIndirectParamW, ShowWindow, GetDesktopWindow, MsgWaitForMultipleObjects, PeekMessageW, wsprintfW, LoadIconW |
GDI32.dll | UnrealizeObject, CreateHalftonePalette, GetDIBColorTable, SelectPalette, RealizePalette, GetSystemPaletteEntries, CreatePalette, CreateFontW, GetObjectW, SetTextColor, SetBkMode, GetDeviceCaps, CreateSolidBrush, CreateFontIndirectW, SetStretchBltMode, StretchBlt, SelectObject, DeleteDC, CreateDIBitmap, CreateCompatibleDC, BitBlt, DeleteObject, GetStockObject, TranslateCharsetInfo |
ADVAPI32.dll | CryptCreateHash, CryptSignHashW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, OpenThreadToken, OpenProcessToken, SetEntriesInAclW, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateWellKnownSid, RegQueryInfoKeyW, RegEnumKeyExW, RegDeleteKeyW, RegSetValueExW, RegEnumValueW, RegCreateKeyExW, RegDeleteValueW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, AdjustTokenPrivileges, LookupPrivilegeValueW, RegOverridePredefKey, RegCreateKeyW, RegEnumKeyW, RegOpenKeyW, CryptAcquireContextW, CryptReleaseContext, CryptDeriveKey, CryptDestroyKey, CryptSetHashParam, CryptGetHashParam, CryptExportKey, CryptImportKey, CryptDestroyHash, CryptHashData, CryptVerifySignatureW |
SHELL32.dll | SHGetMalloc, SHGetFolderPathW, SHBrowseForFolderW, ShellExecuteW, CommandLineToArgvW, SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW |
ole32.dll | CoCreateInstance, StringFromGUID2, CoCreateGuid, CreateItemMoniker, GetRunningObjectTable, CLSIDFromProgID, CoTaskMemAlloc, CoTaskMemRealloc, ProgIDFromCLSID, CoTaskMemFree, CoUninitialize, CoInitializeSecurity, CoInitialize |
OLEAUT32.dll | RegisterTypeLib, UnRegisterTypeLib, SetErrorInfo, LoadTypeLib, CreateErrorInfo, SysAllocStringLen, SysFreeString, SysReAllocStringLen, SysStringLen, SysAllocString, SysStringByteLen, SysAllocStringByteLen, VarBstrCat, VarBstrFromDate, VariantClear, VariantChangeType, GetErrorInfo, VarUI4FromStr, SystemTimeToVariantTime |
RPCRT4.dll | RpcStringFreeW, UuidCreate, UuidToStringW, UuidFromStringW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |