setup.exe
This report is generated from a file or URL submitted to this webservice on December 6th 2017 17:46:51 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v7.20 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Reads terminal service related keys (often RDP related)
- Persistence
-
Modifies auto-execute functionality by setting/creating a value in the registry
Spawns a lot of processes
Writes data to a remote process - Fingerprint
-
Reads the active computer name
Reads the cryptographic machine GUID - Spreading
- Opens the MountPointManager (often used to detect additional infection locations)
- Network Behavior
- Contacts 1 domain and 2 hosts. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 5
-
Anti-Detection/Stealthyness
-
Modifies file/console tracing settings (often used to hide footprints on system)
- details
-
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "ENABLEFILETRACING"; Value: "00000000")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "ENABLECONSOLETRACING"; Value: "00000000")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "FILETRACINGMASK"; Value: "0000FFFF")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\TRACING\RASAPI32"; Key: "CONSOLETRACINGMASK"; Value: "0000FFFF") - source
- Registry Access
- relevance
- 5/10
-
Modifies file/console tracing settings (often used to hide footprints on system)
-
External Systems
-
Detected Emerging Threats Alert
- details
-
Detected alert "ET POLICY Installshield One Click Install User-Agent Toys File" (SID: 2014341, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected"
Detected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation" - source
- Suricata Alerts
- relevance
- 10/10
-
Detected Emerging Threats Alert
-
Installation/Persistance
-
Writes data to a remote process
- details
-
"<Input Sample>" wrote 1500 bytes to a remote process "%TEMP%\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft Vsto 2010 Runtime\vstor_redist.exe" (Handle: 1148)
"<Input Sample>" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft Vsto 2010 Runtime\vstor_redist.exe" (Handle: 1148)
"<Input Sample>" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft Vsto 2010 Runtime\vstor_redist.exe" (Handle: 1148)
"<Input Sample>" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft Vsto 2010 Runtime\vstor_redist.exe" (Handle: 1148)
"<Input Sample>" wrote 1500 bytes to a remote process "C:\Windows\System32\msiexec.exe" (Handle: 1100)
"<Input Sample>" wrote 4 bytes to a remote process "C:\Windows\System32\msiexec.exe" (Handle: 1100)
"<Input Sample>" wrote 32 bytes to a remote process "C:\Windows\System32\msiexec.exe" (Handle: 1100)
"<Input Sample>" wrote 52 bytes to a remote process "C:\Windows\System32\msiexec.exe" (Handle: 1100)
"vstor_redist.exe" wrote 1500 bytes to a remote process "C:\f20e71af71a41e77c98675\Setup.exe" (Handle: 308)
"vstor_redist.exe" wrote 4 bytes to a remote process "C:\f20e71af71a41e77c98675\Setup.exe" (Handle: 308)
"vstor_redist.exe" wrote 32 bytes to a remote process "C:\f20e71af71a41e77c98675\Setup.exe" (Handle: 308)
"vstor_redist.exe" wrote 52 bytes to a remote process "C:\f20e71af71a41e77c98675\Setup.exe" (Handle: 308)
"Setup.exe" wrote 1500 bytes to a remote process "C:\f20e71af71a41e77c98675\vstor40\vstor40_x86.exe" (Handle: 912)
"Setup.exe" wrote 4 bytes to a remote process "C:\f20e71af71a41e77c98675\vstor40\vstor40_x86.exe" (Handle: 912)
"Setup.exe" wrote 32 bytes to a remote process "C:\f20e71af71a41e77c98675\vstor40\vstor40_x86.exe" (Handle: 912)
"Setup.exe" wrote 52 bytes to a remote process "C:\f20e71af71a41e77c98675\vstor40\vstor40_x86.exe" (Handle: 912)
"vstor40_x86.exe" wrote 1500 bytes to a remote process "C:\72e043f85aa24a296a43b3\install.exe" (Handle: 232)
"vstor40_x86.exe" wrote 4 bytes to a remote process "C:\72e043f85aa24a296a43b3\install.exe" (Handle: 232)
"vstor40_x86.exe" wrote 32 bytes to a remote process "C:\72e043f85aa24a296a43b3\install.exe" (Handle: 232)
"vstor40_x86.exe" wrote 52 bytes to a remote process "C:\72e043f85aa24a296a43b3\install.exe" (Handle: 232) - source
- API Call
- relevance
- 6/10
-
Writes data to a remote process
-
Unusual Characteristics
-
Contains ability to reboot/shutdown the operating system
- details
- ExitWindowsEx@USER32.dll (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 5/10
-
Spawns a lot of processes
- details
-
Spawned process "<Input Sample>" (Show Process)
Spawned process "vstor_redist.exe" with commandline "/q:a /c:"install /q /l"" (Show Process)
Spawned process "Setup.exe" with commandline "/q:a /c:"install /q /l"" (Show Process)
Spawned process "vstor40_x86.exe" with commandline "/q" (Show Process)
Spawned process "install.exe" with commandline "/q" (Show Process)
Spawned process "msiexec.exe" with commandline "/i "%LOCALAPPDATA%\Downloaded Installations\{76F796BF-48D7-43E8-9CC0-1FF206446E38}\Whitepages Pro Excel AddIn.msi" SETUPEXEDIR="C:" SETUPEXENAME="fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe"" (Show Process) - source
- Monitored Target
- relevance
- 8/10
-
Contains ability to reboot/shutdown the operating system
-
Suspicious Indicators 24
-
Anti-Reverse Engineering
-
PE file has unusual entropy sections
- details
-
.rsrc
.rsrc
.rsrc
.rsrc with unusual entropies 7.9879083037
7.98874193795
7.98550574251
7.9867421458 - source
- Static Parser
- relevance
- 10/10
-
PE file has unusual entropy sections
-
Environment Awareness
-
Reads the active computer name
- details
-
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"vstor_redist.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"Setup.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"vstor40_x86.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"install.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
"msiexec.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME") - source
- Registry Access
- relevance
- 5/10
-
Reads the cryptographic machine GUID
- details
-
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"vstor_redist.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"vstor40_x86.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"install.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID") - source
- Registry Access
- relevance
- 10/10
-
Reads the active computer name
-
General
-
Contains ability to find and load resources of a specific module
- details
-
FindResourceW@KERNEL32.dll (Show Stream)
LockResource@KERNEL32.dll (Show Stream)
FindResourceW@KERNEL32.dll (Show Stream)
LockResource@KERNEL32.dll (Show Stream)
FindResourceW@KERNEL32.dll (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Opened the service control manager
- details
-
"<Input Sample>" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"vstor_redist.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"Setup.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"vstor40_x86.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1) - source
- API Call
- relevance
- 10/10
-
Requested access to a system service
- details
-
"<Input Sample>" called "OpenService" to access the "rasman" service
"<Input Sample>" called "OpenService" to access the "Sens" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
"<Input Sample>" called "OpenService" to access the "RASMAN" service
"vstor_redist.exe" called "OpenService" to access the "ClusSvc" service
"Setup.exe" called "OpenService" to access the "MSIServer" service
"Setup.exe" called "OpenService" to access the "ServicesActive" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
"Setup.exe" called "OpenService" to access the "gpsvc" service
"vstor40_x86.exe" called "OpenService" to access the "ClusSvc" service - source
- API Call
- relevance
- 10/10
-
Sent a control code to a service
- details
-
"Setup.exe" called "ControlService" and sent control code "0X24" to the service "gpsvc"
"Setup.exe" called "ControlService" and sent control code "0XFC" to the service "gpsvc" - source
- API Call
- relevance
- 10/10
-
Contains ability to find and load resources of a specific module
-
Installation/Persistance
-
Drops executable files
- details
-
"SetupResources.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x64_nld.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1041.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x64_ptb.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1046.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"sqmapi.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"install.res.1049.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_esn.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_kor.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_ara.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_cht.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor_redist.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1042.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_jpn.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x64_chs.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1030.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 10/10
-
Modifies auto-execute functionality by setting/creating a value in the registry
- details
- "<Input Sample>" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE"; Key: " ISSETUPPREREQUISISTES"; Value: ""C:\fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe"")
- source
- Registry Access
- relevance
- 8/10
-
Drops executable files
-
Network Related
-
Found potential IP address in binary/memory
- details
- "4.05.0.0"
- source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Reads terminal service related keys (often RDP related)
- details
- "install.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "PERSESSIONTEMPDIR")
- source
- Registry Access
- relevance
- 10/10
-
Reads terminal service related keys (often RDP related)
-
System Security
-
Modifies Software Policy Settings
- details
-
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS")
"Setup.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS") - source
- Registry Access
- relevance
- 10/10
-
Modifies proxy settings
- details
-
"<Input Sample>" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE")
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS") - source
- Registry Access
- relevance
- 10/10
-
Queries sensitive IE security settings
- details
- "<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
- source
- Registry Access
- relevance
- 8/10
-
Tries to obtain the highest possible privilege level without UAC dialog
- details
-
"xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="Microsoft.VisualStudio.UIHandler"
type="win32"
/>
<description>External UI handler.</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="highestAvailable" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>" (Indicator: "requestedExecutionLevel level="highestAvailable"") - source
- File/Memory
- relevance
- 7/10
-
Modifies Software Policy Settings
-
Unusual Characteristics
-
CRC value set in PE header does not match actual value
- details
-
"fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe.bin" claimed CRC 1466711 while the actual is CRC 2165886
"vstor40_LP_x64_nld.exe" claimed CRC 569382 while the actual is CRC 27255
"install.res.1041.dll" claimed CRC 76081 while the actual is CRC 569382
"SetupResources.dll" claimed CRC 53604 while the actual is CRC 76081
"vstor40_LP_x64_ptb.exe" claimed CRC 578759 while the actual is CRC 53604
"install.res.1046.dll" claimed CRC 84754 while the actual is CRC 578759
"sqmapi.dll" claimed CRC 187218 while the actual is CRC 84754
"install.res.1049.dll" claimed CRC 84770 while the actual is CRC 187218
"vstor40_LP_x86_esn.exe" claimed CRC 497226 while the actual is CRC 84770
"vstor40_LP_x86_kor.exe" claimed CRC 532017 while the actual is CRC 497226
"vstor40_LP_x86_ara.exe" claimed CRC 495846 while the actual is CRC 532017
"vstor40_LP_x86_cht.exe" claimed CRC 498220 while the actual is CRC 495846
"vstor_redist.exe" claimed CRC 40076851 while the actual is CRC 498220
"install.res.1042.dll" claimed CRC 49548 while the actual is CRC 5272397
"vstor40_LP_x86_jpn.exe" claimed CRC 495283 while the actual is CRC 49548
"vstor40_LP_x64_chs.exe" claimed CRC 566301 while the actual is CRC 495283
"install.exe" claimed CRC 651654 while the actual is CRC 566301
"SetupResources.dll" claimed CRC 49651 while the actual is CRC 651654
"install.res.1030.dll" claimed CRC 59513 while the actual is CRC 49651
"SetupResources.dll" claimed CRC 43355 while the actual is CRC 59513 - source
- Static Parser
- relevance
- 10/10
-
Imports suspicious APIs
- details
-
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegDeleteKeyW
SetSecurityDescriptorDacl
OpenProcessToken
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteValueW
GetDriveTypeW
GetFileAttributesW
GetThreadContext
FindResourceExW
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
CreateThread
ExitThread
TerminateProcess
CreateToolhelp32Snapshot
LoadLibraryW
GetVersionExW
GetTickCount
VirtualProtect
LoadLibraryA
GetStartupInfoA
GetFileSize
WriteProcessMemory
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetTempFileNameW
CreateFileMappingW
WriteFile
FindNextFileW
FindFirstFileW
CreateFileW
CreateFileA
FindResourceW
Process32NextW
LockResource
GetCommandLineW
Process32FirstW
MapViewOfFile
GetModuleHandleA
GetModuleHandleW
GetTempPathW
CreateProcessW
Sleep
VirtualAlloc
ShellExecuteW
ShellExecuteExW
FindWindowExW
FindWindowW
DeviceIoControl
GetFileAttributesA
CopyFileA
GetVersionExA
CreateDirectoryA
DeleteFileA
GetCommandLineA
FindFirstFileA
FindNextFileA
GetDriveTypeA
CreateProcessA
RegOpenKeyExA
GetFileSizeEx
GetFileAttributesExW
OpenFileMappingW
FindFirstFileExW
OutputDebugStringW
GetWindowThreadProcessId
SetWindowsHookExW
StartServiceW
ConnectNamedPipe
DisconnectNamedPipe
URLDownloadToFileW - source
- Static Parser
- relevance
- 1/10
-
Reads information about supported languages
- details
-
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"vstor_redist.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"vstor40_x86.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"msiexec.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409") - source
- Registry Access
- relevance
- 3/10
-
CRC value set in PE header does not match actual value
-
Hiding 6 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 23
-
Environment Awareness
-
Contains ability to query machine time
- details
-
GetSystemTime@KERNEL32.dll (Show Stream)
GetSystemTimeAsFileTime@KERNEL32.dll (Show Stream)
GetSystemTime@KERNEL32.dll (Show Stream)
GetSystemTime@KERNEL32.dll (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to query the machine version
- details
-
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersion@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream)
GetVersionExW@KERNEL32.dll (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Makes a code branch decision directly after an API that is environment aware
- details
-
Found API call GetVersion@KERNEL32.dll (Target: "install.exe.674015067"; Stream UID: "13278-1400-004402B7")
which is directly followed by "cmp al, 06h" and "jnc 004402E0h". See related instructions: "...
+0 call dword ptr [0040111Ch] ;GetVersion
+6 cmp al, 06h
+8 jnc 004402E0h" ... (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 10/10
-
Possibly tries to detect the presence of a debugger
- details
- GetProcessHeap@KERNEL32.dll (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Reads the registry for installed applications
- details
-
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\VSTOR_REDIST.EXE")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\VSTOR_REDIST.EXE") - source
- Registry Access
- relevance
- 10/10
-
Contains ability to query machine time
-
External Systems
-
Detected Emerging Threats Alert
- details
- Detected alert "ET INFO EXE - Served Attached HTTP" (SID: 2014520, Rev: 6, Severity: 3) categorized as "Misc activity"
- source
- Suricata Alerts
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
- details
- 0/54 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Detected Emerging Threats Alert
-
General
-
Accesses Software Policy Settings
- details
-
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS"; Key: "") - source
- Registry Access
- relevance
- 10/10
-
Accesses System Certificates Settings
- details
-
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\MY"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8"; Key: "BLOB")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA"; Key: "BLOB")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\FF67367C5CD4DE4AE18BCCE1D70FDABD7C866135"; Key: "BLOB")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\109F1CAED645BB78B3EA2B94C0697C740733031C"; Key: "BLOB")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\D559A586669B08F46A30A133F8A9ED3D038E2EA8"; Key: "BLOB")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\FEE449EE0E3965A5246F000E87FDE2A065FD89D4"; Key: "BLOB")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS\A377D1B1C0538833035211F4083D00FECC414DAB"; Key: "BLOB")
"Setup.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "") - source
- Registry Access
- relevance
- 10/10
-
Contacts domains
- details
- "saturn.installshield.com"
- source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"64.14.29.56:80"
"92.122.122.138:80" - source
- Network Traffic
- relevance
- 1/10
-
Contains PDB pathways
- details
-
"C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Prerequisites_Unicode\setupPreReq.pdb"
"sfxcab.pdb"
"SetupResources.pdb"
"X" "Hhp"p"`xP"<TRSDS(D9C:\CodeBases\isdev\Redist\Language Independent\x64\ISBEW64.pdb8Ph@88h8@`@Xxh`@@@@8h@8@h(h@@X(@(p@@X(@PPPH(P@xP@0P@PH(p@PH( @Ph(@@0@p@p @ @@0hHxP@ HxP@@ @@p@pHP@@@X P@Ph@0P@@xP@@@@PpHP@pBP0", "install.pdb", "sqmapi.pdb" - source
- File/Memory
- relevance
- 1/10
-
Creates a writable file in a temporary directory
- details
-
"<Input Sample>" created file "%TEMP%\_MSI5166._IS"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Setup.INI"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\_ISMSIDEL.INI"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\0x0409.ini"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~4DA3.tmp"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~4DB8.tmp"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft .NET Framework 3.5.prq"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft VSTO 2010 Runtime.prq"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Windows Installer 3.1 (x86).prq"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\_is4E1D..dll"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Windows Imaging Component (x86).prq"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Windows Installer 3.1 for Windows Server 2003 SP1 (x86).prq"
"<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Windows Imaging Component (x64).prq" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_191"
"Local\c:!users!u43q1el!appdata!local!microsoft!windows!history!history.ie5!"
"Local\ZonesCacheCounterMutex"
"Local\ZoneAttributeCacheCounterMutex"
"Local\c:!users!u43q1el!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\WininetStartupMutex"
"RasPbFile"
"IESQMMUTEX_0_208"
"Local\ZonesLockedCacheCounterMutex"
"Local\_!MSFTHISTORY!_"
"Local\ZonesCounterMutex"
"IESQMMUTEX_0_191"
"Local\c:!users!u43q1el!appdata!roaming!microsoft!windows!ietldcache!"
"Local\WininetConnectionMutex"
"Local\!IETld!Mutex"
"Local\WininetProxyRegistryMutex"
"Local\c:!users!u43q1el!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!u43q1el!appdata!roaming!microsoft!windows!cookies!" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "SetupResources.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x64_nld.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "install.res.1041.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x64_ptb.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "install.res.1046.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "sqmapi.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "install.res.1049.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x86_esn.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x86_kor.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x86_ara.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x86_cht.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor_redist.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "install.res.1042.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x86_jpn.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "vstor40_LP_x64_chs.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "install.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "install.res.1030.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows")
- source
- Binary File
- relevance
- 10/10
-
GETs files from a webserver
- details
-
"GET /is/prerequisites/microsoft%20vsto%202010%20runtime.prq HTTP/1.1
User-Agent: toys::file
Host: saturn.installshield.com
Connection: Keep-Alive
Cache-Control: no-cache" - source
- Network Traffic
- relevance
- 5/10
-
Process launched with changed environment
- details
-
Process "Setup.exe" (Show Process) was launched with new environment variables: "_SFX_CAB_SHUTDOWN_REQUEST="c:\f20e71af71a41e77c98675\$shtdwn$.req", _SFX_CAB_EXE_PARAMETERS=" /q:a /c:"install /q /l"", _SFX_CAB_EXE_PATH="c:\f20e71af71a41e77c98675", _SFX_CAB_EXE_PACKAGE="%TEMP%\{C966FF4A-673A-42A1-AE12-54E67CC123DD}\Microsoft Vsto 2010 Runtime\vstor_redist.exe""
Process "vstor40_x86.exe" (Show Process) was launched with new environment variables: "__PROCESS_HISTORY="c:\f20e71af71a41e77c98675\Setup.exe""
Process "install.exe" (Show Process) was launched with modified environment variables: "_SFX_CAB_EXE_PARAMETERS, _SFX_CAB_EXE_PATH, _SFX_CAB_EXE_PACKAGE"
Process "msiexec.exe" (Show Process) was launched with missing environment variables: "__PROCESS_HISTORY, _SFX_CAB_SHUTDOWN_REQUEST, _SFX_CAB_EXE_PARAMETERS, _SFX_CAB_EXE_PATH, _SFX_CAB_EXE_PACKAGE" - source
- Monitored Target
- relevance
- 10/10
-
Reads Windows Trust Settings
- details
- "Setup.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING"; Key: "STATE")
- source
- Registry Access
- relevance
- 5/10
-
Spawns new processes
- details
-
Spawned process "vstor_redist.exe" with commandline "/q:a /c:"install /q /l"" (Show Process)
Spawned process "Setup.exe" with commandline "/q:a /c:"install /q /l"" (Show Process)
Spawned process "vstor40_x86.exe" with commandline "/q" (Show Process)
Spawned process "install.exe" with commandline "/q" (Show Process)
Spawned process "msiexec.exe" with commandline "/i "%LOCALAPPDATA%\Downloaded Installations\{76F796BF-48D7-43E8-9CC0-1FF206446E38}\Whitepages Pro Excel AddIn.msi" SETUPEXEDIR="C:" SETUPEXENAME="fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe"" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Accesses Software Policy Settings
-
Installation/Persistance
-
Dropped files
- details
-
"SetupResources.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x64_nld.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1041.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x64_ptb.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1046.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"sqmapi.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"install.res.1049.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_esn.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_kor.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_ara.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_cht.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor_redist.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1042.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x86_jpn.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"vstor40_LP_x64_chs.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"install.res.1030.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"<Input Sample>" touched file "%WINDIR%\System32\msi.dll"
"<Input Sample>" touched file "%WINDIR%\System32\WindowsCodecs.dll"
"<Input Sample>" touched file "%WINDIR%\Fonts\StaticCache.dat"
"<Input Sample>" touched file "%WINDIR%\System32\en-US\msctf.dll.mui"
"<Input Sample>" touched file "%APPDATA%\Microsoft\Windows\Cookies"
"<Input Sample>" touched file "%LOCALAPPDATA%\Microsoft\Windows\History"
"<Input Sample>" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d"
Pattern match: "http://download.microsoft.com/download/9/4/9/949B0B7C-6385-4664-8EA8-3F6038172322/vstor_redist.exe"
Heuristic match: "`&kBd.cM"
Heuristic match: ">.f`_Y.mn"
Pattern match: "Yy.Cu/W6r"
Heuristic match: "Py_.jQv.sM"
Heuristic match: ".)=VBC.ZA"
Heuristic match: ",E^KAH.yE"
Heuristic match: "saturn.installshield.com"
Pattern match: "http://go.microsoft.com/fwlink/?linkid=19446"
Pattern match: "http://go.microsoft.com/fwlink/?LinkId=47062"
Pattern match: "http://crl.thawte.com/ThawteTimestampingCA.crl0U%0"
Pattern match: "https://www.verisign.com/rpa"
Pattern match: "http://csc3-2010-crl.verisign.com/CSC3-2010.crl0DU"
Pattern match: "http://csc3-2010-aia.verisign.com/CSC3-2010.cer0U#0{&K&0`HB0"
Pattern match: "http://www.flexerasoftware.com0"
Pattern match: "https://%V4&VlW&V84%toys::file"
Heuristic match: "_atgWVZ<0;7vuCSn6h_'SdgW%1fi6p?pa.f=>bZ,p1+UekJK<B\.=Kthc;{.Sy"
Pattern match: "Py.En/k=BXPw=l;PmWXM3"
Heuristic match: "0aP<l? 5@^D&2_jdf~oZsKJB_h`Z=f?e8oQ?\fv(SDs lF3_jjYAEP%,h+lJ+DyLs`'(-Tq-X[U(Y9<%^Sx(lr TQd@I:O}n}2W2W<W;U[}6FB}ra\*}T0U.Tn"
Heuristic match: "<i?EWes c&#sT|7Shu)jlWL0SF^Fu5Y.SN"
Heuristic match: ")*.~d0w;8.xN"
Pattern match: "www.microsoft.com"
Heuristic match: "oft.com"
Pattern match: "http://schemas.microsoft.com/Setup/2008/01/im"
Pattern match: "http://go.microsoft.com/fwlink/?LinkId=146008">Microsoft"
Pattern match: "http://go.microsoft.com/fwlink/?LinkID=168641&clcid=0x409">Data"
Pattern match: "http://www.update.microsoft.com/">Windows"
Pattern match: "http://support.microsoft.com/?kbid=893803"
Pattern match: "go.microsoft.com/fwlink/?LinkId=47062" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Unusual Characteristics
-
Matched Compiler/Packer signature
- details
-
"fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe.bin" was detected as "VC8 -> Microsoft Corporation"
"SetupResources.dll" was detected as "Microsoft visual C++ vx.x DLL"
"vstor40_LP_x64_nld.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"install.res.1041.dll" was detected as "Microsoft visual C++ vx.x DLL"
"vstor40_LP_x64_ptb.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"install.res.1046.dll" was detected as "Microsoft visual C++ vx.x DLL"
"sqmapi.dll" was detected as "Visual C++ 2005 DLL -> Microsoft"
"install.res.1049.dll" was detected as "Microsoft visual C++ vx.x DLL"
"vstor40_LP_x86_esn.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"vstor40_LP_x86_kor.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"vstor40_LP_x86_ara.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"vstor40_LP_x86_cht.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"vstor_redist.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"install.res.1042.dll" was detected as "Microsoft visual C++ vx.x DLL"
"vstor40_LP_x86_jpn.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"vstor40_LP_x64_chs.exe" was detected as "Microsoft visual C++ v7.1 EXE"
"install.exe" was detected as "VC8 -> Microsoft Corporation"
"install.res.1030.dll" was detected as "Microsoft visual C++ vx.x DLL" - source
- Static Parser
- relevance
- 10/10
-
Matched Compiler/Packer signature
File Details
setup.exe
- Filename
- setup.exe
- Size
- 2MiB (2128753 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d
- MD5
- 6f5ab8993b2f1bd132e826d47f1d500a
- SHA1
- 990256f2a07b5867692e4916598aea5d4bcd789a
- ssdeep
- 49152:mkIxpjIFc3A+mJYOVTdCxZNTEQg67rcFtf8Nci1a:mk1Fc3AxJ2ZNT77rcb0Nci1a
- imphash
- b950d8063774a26bdd19d96b6b3280f3
- authentihash
- d7430963b95b816c67238138d72c6cca7e9cd9395b7b24ae4c1bf8e816ae15ad
- Compiler/Packer
- VC8 -> Microsoft Corporation
- PDB Pathway
Version Info
- LegalCopyright
- Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.
- ISInternalVersion
- 20.0.529
- InternalName
- Setup
- FileVersion
- 1.00.0000
- CompanyName
- WhitePages Pro
- Internal Build Number
- 134369
- ProductName
- Whitepages Pro Excel AddIn
- ProductVersion
- 1.00.0000
- FileDescription
- Setup Launcher Unicode
- ISInternalDescription
- Setup Launcher Unicode
- OriginalFilename
- InstallShield Setup.exe
- Translation
- 0x0409 0x04b0
Classification (TrID)
- 48.1% (.EXE) InstallShield setup
- 34.9% (.EXE) Win32 Executable MS Visual C++ (generic)
- 7.3% (.DLL) Win32 Dynamic Link Library (generic)
- 5.0% (.EXE) Win32 Executable (generic)
- 2.2% (.EXE) Generic Win/DOS Executable
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Resources
Details | ||||
---|---|---|---|---|
File Imports
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 6 processes in total (System Resource Monitor).
-
Input Sample
(PID: 2736)
-
vstor_redist.exe
/q:a /c:"install /q /l"
(PID: 3076)
-
Setup.exe
/q:a /c:"install /q /l"
(PID: 3104)
-
vstor40_x86.exe
/q
(PID: 3460)
- install.exe /q (PID: 3536)
-
vstor40_x86.exe
/q
(PID: 3460)
-
Setup.exe
/q:a /c:"install /q /l"
(PID: 3104)
- msiexec.exe /i "%LOCALAPPDATA%\Downloaded Installations\{76F796BF-48D7-43E8-9CC0-1FF206446E38}\Whitepages Pro Excel AddIn.msi" SETUPEXEDIR="C:" SETUPEXENAME="fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe" (PID: 3616)
-
vstor_redist.exe
/q:a /c:"install /q /l"
(PID: 3076)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
saturn.installshield.com
OSINT |
64.14.29.56 |
NETWORK SOLUTIONS, LLC.
Name Server: PDNS1.ULTRADNS.NET Creation Date: Thu, 27 Apr 1995 00:00:00 GMT |
United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
64.14.29.56 |
80
TCP |
<Input Sample> PID: 2736 |
United States |
92.122.122.138 |
80
TCP |
msiexec.exe PID: 3204 |
European Union |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
64.14.29.56:80 (saturn.installshield.com) | GET | saturn.installshield.com/is/prerequisites/microsoft%20vsto%202010%20runtime.prq | GET /is/prerequisites/microsoft%20vsto%202010%20runtime.prq HTTP/1.1
User-Agent: toys::file
Host: saturn.installshield.com
Connection: Keep-Alive
Cache-Control: no-cache 200 OK More Details |
64.14.29.56:80 (saturn.installshield.com) | GET | saturn.installshield.com/is/prerequisites/microsoft%20vsto%202010%20runtime.prq | GET /is/prerequisites/microsoft%20vsto%202010%20runtime.prq HTTP/1.1
User-Agent: toys::file
Host: saturn.installshield.com
Connection: Keep-Alive
Cache-Control: no-cache 200 OK More Details |
Suricata Alerts
Event | Category | Description | SID |
---|---|---|---|
local -> 64.14.29.56:80 (TCP) | A Network Trojan was detected | ET POLICY Installshield One Click Install User-Agent Toys File | 2014341 |
local -> 64.14.29.56:80 (TCP) | A Network Trojan was detected | ET POLICY Installshield One Click Install User-Agent Toys File | 2014341 |
local -> 92.122.200.105:80 (TCP) | A Network Trojan was detected | ET POLICY Installshield One Click Install User-Agent Toys File | 2014341 |
local -> 92.122.200.105:80 (TCP) | A Network Trojan was detected | ET POLICY Installshield One Click Install User-Agent Toys File | 2014341 |
92.122.200.105 -> local:65251 (TCP) | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP | 2018959 |
92.122.200.105 -> local:65251 (TCP) | Misc activity | ET INFO EXE - Served Attached HTTP | 2014520 |
92.122.200.105 -> local:65252 (TCP) | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP | 2018959 |
92.122.200.105 -> local:65252 (TCP) | Misc activity | ET INFO EXE - Served Attached HTTP | 2014520 |
Extracted Strings
Extracted Files
Displaying 87 extracted file(s). The remaining 112 file(s) are available in the full version and XML/JSON reports.
-
Clean 34
-
-
vstor_redist[1].exe
- Size
- 5MiB (5241612 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/59
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- 2dd4a861c0e52034bebcd3aa3aba12fe
- SHA1
- 5ea227279f071bd6d7418db5be160aa227632ee3
- SHA256
- c1bddd19648e2e1717bcf3478e80f294a2ab49a4d32b0e5c9f9c3fa316be29ed
-
vstor_redist.exe
- Size
- 5MiB (5210112 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/59
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- ec4363d90f2a514d9a9afd6ebdc0476e
- SHA1
- b4adcf035ae82bbdd9c285019d4989e66e4542f3
- SHA256
- 51b031dc3139f1bcd4fb35267123d100a4fdc389277a56a56aae3726037fdbfb
-
vc_red.msi
- Size
- 160KiB (163840 bytes)
- Type
- data
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2010 x86 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219., Template: Intel;0, Revision Number: {461C455E-DA40-49B3-871B-14308CC7CEFF}, Create Time/Date: Sun Feb 20 07:03:10 2011, Last Saved Time/Date: Sun Feb 20 07:03:10 2011, Number of Pages: 200, Name of Creating Application: Windows Installer XML (3.5.0626.3), Security: 2, Number of Words: 2
- AV Scan Result
- 0/60
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 3ff9acea77afc124be8454269bb7143f
- SHA1
- 8dd6ecab8576245cd6c8617c24e019325a3b2bdc
- SHA256
- 9ecf3980b29c6aa20067f9f45c64b45ad310a3d83606cd9667895ad35f106e66
-
vstor40_x86.exe
- Size
- 2.3MiB (2388952 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/65
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- b6475303cede2d577efd8fe65cf78a6d
- SHA1
- cb5f08c2b7e73099dd4b3bade6dd788a09f6cc59
- SHA256
- fa9617fa58b94a3439ff6efdf72ead84dcb3b211354d2ba902682169aeb8fe1a
-
install.exe
- Size
- 583KiB (597040 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/80
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- a8037e64f2a8bf4e238da4015e8dec8f
- SHA1
- 198aded1eed78ff851e321b12d61d02980adc3c8
- SHA256
- da010c2331df009532fe47061dee04016ad7fddc87db331e9995959b12dd1208
-
install.res.1028.dll
- Size
- 32KiB (32832 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/61
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 9b2249e1b2218be402bef6fb0f81f8e1
- SHA1
- 1543eb84516b27fb00b205bc1377b6987f832c61
- SHA256
- 85cfa0ed9f939facda788fa66171333beee76061b6762b128035d8174720b6f5
-
install.res.1030.dll
- Size
- 49KiB (50240 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/92
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 8348a5b90c640e993c98f9221be74900
- SHA1
- 96775b36b2ab1643dc4ab4683739ce0b6beaa6b3
- SHA256
- c317d2f3c75a13f8f4c0d463af48cf9feeb1a4744ea7f9007135f6c42e15c51d
-
install.res.1040.dll
- Size
- 52KiB (52800 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/64
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 1a78f755ab2db87f9e84c9017b385efe
- SHA1
- cb785ff09416e4df2bf90b7247585586ef38fc22
- SHA256
- bfcdd5c4b14db20fae9ea62ca688c73ecee9fdd0da0cc5410d2cabb6bb31f629
-
install.res.1041.dll
- Size
- 38KiB (38464 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/92
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 94a10694a6603edaa47ddd5882fec124
- SHA1
- 81569099b6445425a819b019d6d15b3e80c489cb
- SHA256
- 52f8dae7820eaac449b695f8f0c01d39a52f9d9e6bc89a0f34922140f910cade
-
install.res.1042.dll
- Size
- 36KiB (36928 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/88
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 6fe8bb13151cb597344005ee479ef581
- SHA1
- 156f606c363d928c0844db5a05ba570fe7134698
- SHA256
- c4a20db31f826891567c79918868ad26d1ccd6ebe7d2b2a600c964ed637c4d4c
-
install.res.1046.dll
- Size
- 49KiB (50240 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/92
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- f595e4c7d7c6016d2847e067db0033e8
- SHA1
- 4b62b91c76a7999addb3085cab8bee3bd3f37764
- SHA256
- a8b8561dc330c4ded4a86f3546c8c5920cdaa56c067951befa8b038b0bd293cb
-
install.res.1049.dll
- Size
- 49KiB (50240 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/89
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 095c22ef892754a9df076e9502ae6e1a
- SHA1
- c60df95149433617f16a66f201e127640703effb
- SHA256
- b7218b47781a3b5a2d36ad71fc069df5d92e5084d7a74cb62e46ef7fade40e4a
-
SetupEngine.dll
- Size
- 791KiB (810040 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/67
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 2749feb06ad5c5cfd1bdb471a2f05ea8
- SHA1
- 40a333d37e972806e3e0653d90d13b0a68f59ef0
- SHA256
- 7319e25bc2b1158b7e1f11e9d816aba6bc01c301c65b7c86450cd7ff7dafa195
-
sqmapi.dll
- Size
- 141KiB (144416 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/90
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 3f0363b40376047eff6a9b97d633b750
- SHA1
- 4eaf6650eca5ce931ee771181b04263c536a948b
- SHA256
- bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c
-
vstor40_LP_x64_ara.exe
- Size
- 536KiB (548856 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/50
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- b3b40a825cee1dc2ede76e73899cda6b
- SHA1
- c4719c7eedce767e1d6211b34c0de85eff990e12
- SHA256
- 9ffab44ed06266691630db17a1b1ddcf9905aa7ab378fb7de06d727f4b374b52
-
vstor40_LP_x64_chs.exe
- Size
- 524KiB (537080 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/50
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 188d0eaf0f9b245b57d0e9b8636bff63
- SHA1
- f5d76c523f412af3f482c46c38f4019fdf596e58
- SHA256
- e42e955b4e84e6595ec8600d9065ace430ad7356e3a53ae0abb41b2702caf523
-
vstor40_LP_x64_cht.exe
- Size
- 523KiB (535048 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- b1e1ba4dd6fc3ca1cfb00f786beaaad4
- SHA1
- 8903e61698b89d2fe7bc01178ea85eb4efd18039
- SHA256
- 9169a6db03d4f09a0c8d9fcb24f636909c0765220ab8f6db4f5db5f42268c862
-
vstor40_LP_x64_deu.exe
- Size
- 530KiB (542728 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/64
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- dc9c41013743bcbbfc6e7da6a138adf3
- SHA1
- 28c05554f69ac134f8ab2e800b96a20e6597b8b1
- SHA256
- 7c226a0bc4da26da075b165113b2f0e69dbc9883dedb0989d1d402ec66c22cc4
-
vstor40_LP_x64_fin.exe
- Size
- 532KiB (544264 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 6469395d586ca10bfe4687eb6ddb032f
- SHA1
- 5fb72bd9a8eeb9fdf544c78adbab54fab3e20c80
- SHA256
- 78316ab022ebb7d60b04ba7c4e50ff00e2fda40726dd936915275094cc0e0bfc
-
vstor40_LP_x64_fra.exe
- Size
- 524KiB (536584 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/65
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- c4d4b72dfc55ac4df32a1741de100ffa
- SHA1
- af34236e5ace9368b68ea4c00cb74de774a4d5aa
- SHA256
- ae62bd20d587fa52374c8dcdd221a13d146b5af1c3a62b704be71880da1594d5
-
vstor40_LP_x64_heb.exe
- Size
- 529KiB (541704 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/64
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 75e9f8072a66f889ba54163063290663
- SHA1
- b414c09e8a4abc984a67bef5e4ea906d0fd312cd
- SHA256
- a88d9cdb25d482043190791b98f9270cc10b62d73f3cb2095da29841b6bec0c5
-
vstor40_LP_x64_kor.exe
- Size
- 521KiB (533000 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 2a4a20e0727af383dbffcb0682b00612
- SHA1
- 3da5fb77a0f42d9bd1df04336fd73f17327cd621
- SHA256
- b97bfdd1b073e91d8fd40a17f831b1fb59702998f7b0222aeb9f6c425c688c41
-
vstor40_LP_x64_nld.exe
- Size
- 531KiB (543752 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- e01fdf04bcfa6364a6d22e3413d6799b
- SHA1
- ad1870f38d625bf121f04c2213f94975aae54c04
- SHA256
- 80b1b8e5eafe97322900ac1654bb955f03bb6c9fa5c019dd19bb51208aa0b864
-
vstor40_LP_x64_ptb.exe
- Size
- 532KiB (544760 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 006081e51a92b7c8f2712424bb7eee55
- SHA1
- 3296bc75d8dba3a925120b32b65e6e6e58ac1b55
- SHA256
- 08ec4bad4de0398eebddd0392d8542b34f82a3d1715c944ce2a49792b7527574
-
vstor40_LP_x86_ara.exe
- Size
- 477KiB (488456 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 020f9e2c977b8c51370bbad082f7d541
- SHA1
- 99c32e14f0457b3d6ec51cd46f2e167dc439bc10
- SHA256
- 0d9179c669dfd3004db3299fb0b1da790d84b251142801d295d2a1ee12cf6905
-
vstor40_LP_x86_cht.exe
- Size
- 463KiB (474104 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 9d81c9ae50d8aced0ce37aa96303bc6e
- SHA1
- 9cb29f5519424996db9d89dc7fa7d3a9ad4717c3
- SHA256
- 44271b042a47c0f1b978e30b7cc076878434ce746e81f5ec6fe350e5e865fd91
-
vstor40_LP_x86_dan.exe
- Size
- 469KiB (479752 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 394a9c18aa59ac14cf14a93e45c75ddd
- SHA1
- aabdc5a7fa15d61a2ad6692c3de1aee1876155b5
- SHA256
- 51b34ca3d8ea924c2bf45399d655628d404d57e4305a1648f2f8a433e7c5e83b
-
vstor40_LP_x86_deu.exe
- Size
- 471KiB (482296 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/62
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- b665da86d2e8e4778aff7cc66e215cb0
- SHA1
- 527438fbcb8b7355782cc04bf17bdc225038a9fb
- SHA256
- d6b85fc388fd5546be13b17810e5a7cb0efdfb6be392fab1c057ea0b5ef23940
-
vstor40_LP_x86_esn.exe
- Size
- 469KiB (479752 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- e8747c2dc3a599feea73f28105eadf14
- SHA1
- 92a61fcdda08d5446e08771b4f5fda473f5964ae
- SHA256
- 9a3dbfa63043679a0ba8628e39d55f7fa179f5283db56f3b8c7b2f97e0664142
-
vstor40_LP_x86_fra.exe
- Size
- 464KiB (475144 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- f9d0ccecb3019a8f2ab1b5562ac02b69
- SHA1
- 3aba892c2fbc644592bb10196b9928fac92f2e04
- SHA256
- 96e8044481f0dde20a8403312ea43dff2ae8097c3b04ff4dc2e34d4385645fbc
-
vstor40_LP_x86_jpn.exe
- Size
- 470KiB (481784 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- f92fcbcef5f6df49c1620155f17b51da
- SHA1
- 92db42a1a26fdc55555c353652b1b10e7848edaa
- SHA256
- 1bb35fd95643c24678b4ae8e7e75b2a1475e7c43a59edbeec9d6ef17198f3f5a
-
vstor40_LP_x86_kor.exe
- Size
- 461KiB (471560 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/68
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 360c3d7b60bd8384b2cfdf3165058d03
- SHA1
- 4b42d2548ff0a81fc5f13ce179689d98dbe865fe
- SHA256
- be8d9e0c66835c142adc184d128499925de621a0126b4e2588ff8e4f9f2c4126
-
vstor40_LP_x86_plk.exe
- Size
- 473KiB (483848 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/66
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- d626657cbf1ae7d066ffc3acb6f9c859
- SHA1
- 91e8634e473a7d79d87710d4dbdd0c737cdde1d5
- SHA256
- fc98997c2b4f9fd43341d64ad4818b685f0326603028ab182e7e50a8b7683a00
-
vstor40_x64.exe
- Size
- 2.6MiB (2675696 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/65
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- ede102c506edab6cb3242e9fef682e51
- SHA1
- 6efdbb61b1c9a5e349821c62964424640f455104
- SHA256
- 0921cd5868621515e1bd5f43b83f2f9bceb5e40f158c5d769d2a648beaa68ab5
-
-
Informative Selection 2
-
-
Whitepages Pro Excel AddIn.msi
- Size
- 1.1MiB (1173504 bytes)
- Type
- rtf
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Whitepages Pro Excel AddIn, Author: WhitePages Pro, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield Limited Edition 20, Last Saved Time/Date: Thu Aug 6 11:41:28 2015, Create Time/Date: Thu Aug 6 11:41:28 2015, Last Printed: Thu Aug 6 11:41:28 2015, Revision Number: {76F796BF-48D7-43E8-9CC0-1FF206446E38}, Code page: 1252, Template: x64;1033
- Runtime Process
- msiexec.exe (PID: 3616)
- MD5
- 4a7a78e132ec60c3e0b096f1af0906a4
- SHA1
- 15472541006ce96e28d8758a6a37739fbe5e11cf
- SHA256
- 33c85950fa8836b12ce4c1f664797364295d21c55f7a2eef14314ac63883b866
-
LocalizedData.xml
- Size
- 39KiB (39960 bytes)
- Type
- text
- Description
- XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- c535b0d3bad7cd3764e4a8c36d7cc511
- SHA1
- 03b90f562d1bc51e10b25fa39f79e00bd5c43cb7
- SHA256
- 41d63b6a88de932dbcd7be2c3028cba9e2f7760da88068f0fe1a2553c8feb071
-
-
Informative 51
-
-
microsoft%20vsto%202010%20runtime[1].prq
- Size
- 2.4KiB (2427 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- dae6190842a956e234c62530d6a5a578
- SHA1
- a34fbdb5e9d121bb524d45b6424442217e99159c
- SHA256
- ffb6d6eb3b0ff6665f116bc78793c0c218cda31021f937dbeefba6fb312b715e
-
HFI2F3D.tmp.html
- Size
- 2B (2 bytes)
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- f3b25701fe362ec84616a93a45ce9998
- SHA1
- d62636d8caec13f04e28442a0a6fa1afeb024bbb
- SHA256
- b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
-
HFI32A7.tmp.html
- Size
- 12KiB (11886 bytes)
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 019e3e8dfa58860ce354f81a64510c20
- SHA1
- b96aa99e71c1cf1c0a98dfe99d8b7c03a018ed52
- SHA256
- 92e3db3ac3713a90a72400146a0a83051ff69c7e1c347556a655ece1f1f0ae96
-
Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20171206_175049818.html
- Size
- 281KiB (287262 bytes)
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 0e9ef034b1889f0566f9a6cbed5b27fd
- SHA1
- 1ecd401782b63aa503c0c20d7f0369c17153b22a
- SHA256
- b13f4058635bb2f3b52433b65474686f60a0507604acae30cc3fd8c674c97fb8
-
Setup_20171206_175049067.html
- Size
- 41KiB (41888 bytes)
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 943102cedeb003a895a586b7c7900845
- SHA1
- 5bd28978052599c2d00222a56746d63647b4b4ae
- SHA256
- a65db1c0c041c93eecb7355c2d68c13447e1aba2d5299198127591c0ffa0882c
-
VWL6DB5.tmp
- Size
- 326B (326 bytes)
- Runtime Process
- install.exe (PID: 3536)
- MD5
- 2c244543099028e901961bbc91810844
- SHA1
- 011f5df733bdacc4cc270ad004073b232dbb31e5
- SHA256
- 6d634035690228b385d2fcbbe271085b4288e03a926012933f3b952b66e6fe40
-
dd_vstor40_x86UI17E0.txt
- Size
- 11KiB (11296 bytes)
- Runtime Process
- install.exe (PID: 3536)
- MD5
- a881530c5b67a47d086a8d88a06682a6
- SHA1
- 824df65ea9cb6435cac8f2a96921eb4d31d0bd56
- SHA256
- cd38825adce0cf7aa1a4fc599d2c74d315dd5b3882e01a82fac21a0c8041a290
-
0x0409.ini
- Size
- 22KiB (22492 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- be345d0260ae12c5f2f337b17e07c217
- SHA1
- 0976ba0982fe34f1c35a0974f6178e15c238ed7b
- SHA256
- e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3
-
Microsoft .NET Framework 3.5.prq
- Size
- 2.2KiB (2257 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- 7dca3ad0ca1b6412ec15e63b2f144577
- SHA1
- 8f43d48e6ef499d29f6ca8e5a0885f9722380c54
- SHA256
- e0dba754fa9f04f9b17c9bcaf2558a464b1ce9607cd31c2b080f26163476bb64
-
Microsoft .NET Framework 4.0 Full.prq
- Size
- 3.4KiB (3498 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- c500d7636c74a40f8e47cebefb5eaf4a
- SHA1
- eb719e682dd02fd62f5c2de880789f3ac9fed0f9
- SHA256
- b5f37b1260e6133d7939909fa02bb451cf298f6a2d3fe404f097592e3a520d99
-
Microsoft VSTO 2010 Runtime.prq
- Size
- 2.1KiB (2134 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- 55412237f4466dc2bbae47006cf26c02
- SHA1
- 35c3e108411d3865606fa0949fbbcd60e4d3dbf1
- SHA256
- 520b2b02e01d29e73d4d8b635c17d290a0150fb8edb9fb73e38f4c75e5479d52
-
microsoft vsto 2010 runtime.prq
- Size
- 2.4KiB (2427 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- dae6190842a956e234c62530d6a5a578
- SHA1
- a34fbdb5e9d121bb524d45b6424442217e99159c
- SHA256
- ffb6d6eb3b0ff6665f116bc78793c0c218cda31021f937dbeefba6fb312b715e
-
Setup.INI
- Size
- 6.2KiB (6376 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- 262aed0b11bba3f0f933be6d53cd217f
- SHA1
- ea25588dc3c3e62b13644505cc0dc2014fb84210
- SHA256
- 2ad8791d2c891da56ee889f6f84b6f7e4d41594edf8502d24a6a5c81e4c42bfc
-
Windows Imaging Component (x64).prq
- Size
- 1.3KiB (1334 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- d62628e0ff64047b5062b039c9ed483c
- SHA1
- 949b132cdf5dc9df82aa026b889b44f003dd7c80
- SHA256
- 48bf0bd3f2288621bffe796a0cfdb2f6c8c513cbaa06a5aae502164abca419d4
-
Windows Imaging Component (x86).prq
- Size
- 1.3KiB (1380 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- 62b69af9596fe2d6998eec9d7fedb365
- SHA1
- 8eeeca5b614904ea2820e86688a263e9cce1b612
- SHA256
- f30ee3c5f50eb8fe2fe29e173fd7b6e08d324d9753d995ed5d21f4e430a3db3f
-
Windows Installer 3.1 (x86).prq
- Size
- 1.6KiB (1613 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- 2cee8889ab159e0071065b7b01a04a54
- SHA1
- fe0d3e5b4078e15e98e98176d74ae414359f1f48
- SHA256
- 7c452695e76e194d70eeaaf791b5a29354c268918169da3f849d87eebad5f4c3
-
Windows Installer 3.1 for Windows Server 2003 SP1 (IA64).prq
- Size
- 1.2KiB (1266 bytes)
- Runtime Process
- fde297206f458729c614f68458279f852b8cf910ef3f8d8906163991f750482d.exe (PID: 2736)
- MD5
- c77640ec384d667c1d97eaff507c6826
- SHA1
- e2648d47b8201b4b29c30f555003e631f1c209ac
- SHA256
- aa9d4f6825fbe88f9300d95327e9fa5087797ab3dc3673727c0f71fa4fe2f1d4
-
vstor40_x86.msi
- Size
- 485KiB (496640 bytes)
- Runtime Process
- install.exe (PID: 3536)
- MD5
- 42d5416db19e291c0f820726ccf06a7c
- SHA1
- 801e09d6675e7b4bbe8a7e155f01bec2d2f7e135
- SHA256
- a3986d151cefdaf4166e704cb9cb7db2ef8437e45849269eb2b109071129deeb
-
Setup.exe
- Size
- 77KiB (78888 bytes)
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 1be03946c8981a0136207b8947c1ad6d
- SHA1
- 6210e86db8cd847c90806ec5f582008af0da081f
- SHA256
- 426659c72c08c0c31915dca1b35a242d1fd170dac11662b5067eef0d6cba06cb
-
msp_kb2565063.msp
- Size
- 4.4MiB (4637184 bytes)
- Runtime Process
- Setup.exe (PID: 3104)
- MD5
- 905fcc526204ddf1e6650212abc3d848
- SHA1
- aded77f45b75d796cc4795263c826c822df5f0d9
- SHA256
- 4cd45cf57644d49b4c8f96e4a0efdc46a5ba196fa4f5a10190f790ccc74bb1bf
-
install.res.1025.dll
- Size
- 45KiB (45632 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 362b40016a379a15e372377a9acbd954
- SHA1
- b839b23a04ef47d7d984a0d237995e0388042fc1
- SHA256
- 06553117c0c5873f5b2350f2e83101e2ee5668d2139081f0066247d0cc5c9871
-
install.res.1031.dll
- Size
- 53KiB (53824 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 4b40134f896eea9acf6b6415d220defa
- SHA1
- a9e3cbccc68271b37782f45c5b918085192127c7
- SHA256
- c75e8210480a4c04c7136f12c4434ec49a5356e691f28b3c69da4f59494c3722
-
install.res.1033.dll
- Size
- 47KiB (48192 bytes)
- Runtime Process
- install.exe (PID: 3536)
- MD5
- 747336e2d5b04ac741e47e77f12c5002
- SHA1
- 46ad89ebd4556ae7bd5aee887892e68b71cfa745
- SHA256
- 2cf9b4ac59b742ad93f5ed88ad6797e6b3661b203e77f3825bd2b0248419ff01
-
install.res.1035.dll
- Size
- 48KiB (49216 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 76429c794b9b6e1cc17da9610c3b5521
- SHA1
- d127eab79e0360505d07584c4bb7af2ab72ea4f7
- SHA256
- d5d259a541ace6072b0688de8b17a14b7cf3f6c202811a15c9cfdd803114692d
-
install.res.1036.dll
- Size
- 53KiB (54336 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 1a33da31bfb963651ef056f607447116
- SHA1
- 00c00e6678951c8b36bdacf44bd0927aad582a80
- SHA256
- b4e08f3d57fe19fd54f0c003f042a9ecf24af897541628ff19a23b51136553de
-
install.res.1037.dll
- Size
- 43KiB (43600 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 26be2bd222af5654f0def4bc2154d15d
- SHA1
- 75e182d6d2ce64dfc52a3475e6b64d3bd7d5e1bc
- SHA256
- d3ef76ea1430ff29fd3c272da97011c4fa2f0daaf5704711ea9c71beb2482e2f
-
install.res.1043.dll
- Size
- 51KiB (51792 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- a2f32424caabe9f8a9c7036886827ad4
- SHA1
- 8fc3f4ce08a91f232f14730a52a1571c0dc8b1c8
- SHA256
- 60d1a61cdb11e04e027a2d7d4715a810386612ea337c19cd046d13438c07d266
-
install.res.1044.dll
- Size
- 49KiB (49744 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 7588c0f969d7cb3f8efb5f21f4588859
- SHA1
- dea2bb695fee849c85e1700f1e275c05ffb462b3
- SHA256
- 770d0aadc3387a2dc9b18107b7738cf23a1b2f25a3d44d531a93839cc597e204
-
install.res.1045.dll
- Size
- 51KiB (51776 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- bc5148107889a83a9419e8c1d1be2ad2
- SHA1
- 5f2243545bb0623823ff45ca654c85ca1d821223
- SHA256
- f4852b92749a6d0882fc1e9861a082b86840ef6dc95ef556e72f57455b7967eb
-
install.res.1053.dll
- Size
- 49KiB (49728 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 5bdad3e3115333905a08ff6580e16f20
- SHA1
- b1982d2c2eeae8af5db69ec3b618b472db0bf69c
- SHA256
- e7371df2d6f02c2c3b65cd62095a1716c7294d35248b931c288511c713adeb60
-
install.res.2052.dll
- Size
- 32KiB (32336 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- db88b3f4091a5fedd10b8b3d159568b0
- SHA1
- 3f5ff796fdd6e0862749fc4c37168b85daa03fc1
- SHA256
- a346ce6bd59abb0d80a807fad8301312c9a4ec27b3087e6832101e5c1546ec58
-
install.res.3082.dll
- Size
- 52KiB (53328 bytes)
- Runtime Process
- vstor40_x86.exe (PID: 3460)
- MD5
- 212a6633402d20737b6b05851fd51210
- SHA1
- d63522b0611ed21ba4aebf7cf7680c45a8f3a949
- SHA256
- 78dffa3d10739d2158283653f8a5e54fe588608a966719509f38709ce81eb46c
-
SetupResources.dll
- Size
- 19KiB (19008 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- b8d02200635df4f4bc6a91902ca274f7
- SHA1
- f5afbcaf097ac95f4901bdcb17bcef85074049b4
- SHA256
- 0853a53d520c60aeefec822d77668ed705c56cd72ddef3909e4417a8179e7895
-
SetupUi.dll
- Size
- 289KiB (295984 bytes)
- Type
- pedll executable
- Description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- d7af6c0fc6aa55966659d0b0dd833643
- SHA1
- 3db7ea8e4be4d8b810b80df251e7fcd8a7f416b1
- SHA256
- ff718734833ee1fe9cbef6ae2bdbcc73637e14e3dcbe7fd6f47bd27af43de341
-
vstor40_LP_x64_dan.exe
- Size
- 528KiB (540664 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 98986963a89e43042cd50f8542ea4ca2
- SHA1
- be069a18e36ba8e03bcf1ac49fb9ac73e09a3f58
- SHA256
- 3350efe344b715269c4cc9fda9ea8ba55d447c253910413a9853525fa73a0878
-
vstor40_LP_x64_esn.exe
- Size
- 527KiB (539144 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- d79135509ce2260b295c0e9882e0e6f4
- SHA1
- aac94e662441de90291d1aa34231fd7a139ab651
- SHA256
- 2131688ada12a507bfefdb65b812ba45f70bcbef43844963185e69e2265485bc
-
vstor40_LP_x64_ita.exe
- Size
- 526KiB (539128 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 973403c72402a49d8f4dbd3ac061a598
- SHA1
- eca0216be51861abe66fd4d9e9ada2797294afb4
- SHA256
- e0891d669c2f72ab0555254e225984624f65ab424674b1f4e7ae95ee36eff43f
-
vstor40_LP_x64_jpn.exe
- Size
- 528KiB (540664 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 1d32c3af9ca64299ac3a473203b4ed4f
- SHA1
- 5b8cf8040baf4cd7935698469b794c1c7d665078
- SHA256
- 5992df08ea7148e4518e8f269b0b2af8da8dd7a6aec1c49c964b94d7c315e7c2
-
vstor40_LP_x64_nor.exe
- Size
- 528KiB (540168 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 96de801928e6965c5bf33cd957853565
- SHA1
- 414a33b55a4cfc276c68338237f38730fcff2b27
- SHA256
- 8d3b8e91b89e023bf20d8ac9f5a37b864acce482695af6a33c4da63be51d37d4
-
vstor40_LP_x64_plk.exe
- Size
- 532KiB (544776 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- f460ad3c781d675e62baaff065d46256
- SHA1
- 8de1c1642c7132ca81d6413497beaffb4bff53f3
- SHA256
- a57204493d73cd8248c1fa9d7eea728815305eea6df2b47d830d8d1f2f257226
-
vstor40_LP_x64_rus.exe
- Size
- 535KiB (548344 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- a2a533e05b74eeba6df66c04f413342f
- SHA1
- 6f27b1ff6afdbbf074280d1dc4569c351742bf5b
- SHA256
- d4d7018a083a6119011ee8b5d5849e175fce9e76db1805cc9dbd84b1eba14318
-
vstor40_LP_x64_sve.exe
- Size
- 525KiB (537592 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- d15a30e46d21b008ff9e8dae83569403
- SHA1
- 80941140f2fc2792790a0bd295b8828f069e880a
- SHA256
- e3e470c05d830fee814a48a378b6ee72e67d8e644c697fb7acd61ebc05715b37
-
vstor40_LP_x86_chs.exe
- Size
- 467KiB (478200 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 893b8bc8a8970e2b676a163ddd77bf00
- SHA1
- f5a90eb3172c7dbf759e41a755a6d7d75b2eeff3
- SHA256
- b2b0e01e59c62765060fc811651f0693f7fcf630cc98611a9dd258cc9de43e61
-
vstor40_LP_x86_fin.exe
- Size
- 473KiB (484856 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- a08e3d4290eecc1ae673eeb83d3d5daa
- SHA1
- f8ff1f27633f600d6a7469960aeac19e04089364
- SHA256
- f7b1fbc9555f53264ac7957fcf722a5d34d100867a52283c2b580c949e2f702e
-
vstor40_LP_x86_heb.exe
- Size
- 471KiB (481800 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 41cddf853dab98fe4db55c6aca503066
- SHA1
- 201a4f3522ebbc167100459114994b3876551916
- SHA256
- 6d141211e94ee8781329883a9cba991a35923062f23a07469aafa33f754ba79f
-
vstor40_LP_x86_ita.exe
- Size
- 467KiB (478712 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 57e7b03c96f8fee2870e265331e3eb68
- SHA1
- 4e85ce227c3938b80bd7ae36d5552f322272dd98
- SHA256
- 08ed67417485704a855bbd43a5de09196255d2140796da3353a760495efc2203
-
vstor40_LP_x86_nld.exe
- Size
- 472KiB (483336 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 00730cc97d5a0244b0c7272331882ad3
- SHA1
- 28f024e819921ba6709989c1deab2f6290ae81e9
- SHA256
- d9873b8f5aef72bed6aec368c5c96e9191962244bc7f8c98a21c355afa06cb23
-
vstor40_LP_x86_nor.exe
- Size
- 469KiB (480760 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 638f8aa388d0e6fc8e727b8aa022db41
- SHA1
- 1c3de4bacfa1f15f3ca5c25d8c7fde502915b4ae
- SHA256
- 002a0e34f1f3fa14a43b80ce3c2fa52ee98e013c579f6646d29bb69253d1fe2d
-
vstor40_LP_x86_ptb.exe
- Size
- 474KiB (484872 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 08e60ae63d97113cc24160b908582100
- SHA1
- 507c1de9960f10a4c7fc476440ab59bff5fa5944
- SHA256
- a2cf9f707b4d965e6852834edd2abff5cdd8951de15aab44a5b51e29872e0654
-
vstor40_LP_x86_rus.exe
- Size
- 477KiB (488456 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 4dd5219027ce8326dee64702f7642f2f
- SHA1
- 1dcd4074e85daa59c6c219f82649c1477e72bc0b
- SHA256
- 9900120619d06cdf2fb8f5ec6ccc660b19a7ad6b1bfd14b497a8cc2b77c72e4d
-
vstor40_LP_x86_sve.exe
- Size
- 467KiB (478200 bytes)
- Runtime Process
- vstor_redist.exe (PID: 3076)
- MD5
- 79dc8f770ce18935ed83ac0ddd2b19b4
- SHA1
- 63b93f0ba15e302e0a858c6c6bee0f5a94d5ae9c
- SHA256
- 15ddb3d9715f7a71114d4003495fa86573a58de3e74bfa45ac7bee2523f26808
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Although all strings were processed, but some are hidden from the report in order to reduce the overall size
- Not all IP/URL string resources were checked online
- Not all file accesses are visible for msiexec.exe (PID: 3616)
- Not all sources for signature ID "api-4" are available in the report
- Not all sources for signature ID "api-55" are available in the report
- Not all sources for signature ID "binary-0" are available in the report
- Not all sources for signature ID "binary-1" are available in the report
- Not all sources for signature ID "binary-16" are available in the report
- Not all sources for signature ID "mutant-0" are available in the report
- Not all sources for signature ID "registry-1" are available in the report
- Not all sources for signature ID "registry-17" are available in the report
- Not all sources for signature ID "registry-18" are available in the report
- Not all sources for signature ID "registry-19" are available in the report
- Not all sources for signature ID "static-0" are available in the report
- Not all sources for signature ID "static-18" are available in the report
- Not all sources for signature ID "static-6" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)