97328f00...7f6c

c:\users\eebsym5\desktop\97328f00d5dc6d72f7a1a5c75e6991135183ffeef10e1a6a49dab7cba2eb7f6c.dll

Blacklisted

»

File Properties
Names	c:\users\eebsym5\desktop\97328f00d5dc6d72f7a1a5c75e6991135183ffeef10e1a6a49dab7cba2eb7f6c.dll (Sample File)
Size	254.00 KB
Hash Values	MD5: 751d685dcedae5880fcf2ca175726d6d SHA1: 742c6a29e4d1904904c6383498cba9a0117c66a9 SHA256: 97328f00d5dc6d72f7a1a5c75e6991135183ffeef10e1a6a49dab7cba2eb7f6c
Actions	... File Actions Download File

File Reputation Information

»

Information	Value
Severity	Blacklisted
Names	Win32.Trojan.Turla
Families	Turla
Classification	Trojan

PE Information

»

Information	Value
Image Base	0x10000000
Entry Point	0x10023140
Size Of Code	0x34c00
Size Of Initialized Data	0xa800
Size Of Uninitialized Data	0x0
Format	x86
Type	Dll
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2014-02-06 13:37:44
Compiler/Packer	Unknown

Sections (4)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x10001000	0x34b4e	0x34c00	0x400	CNT_CODE, MEM_EXECUTE, MEM_READ	6.53
.data	0x10036000	0xa170	0x7400	0x35000	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	5.88
.rsrc	0x10041000	0x5a8	0x600	0x3c400	CNT_INITIALIZED_DATA, MEM_READ	4.02
.reloc	0x10042000	0x2c2a	0x2e00	0x3ca00	CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ	5.23

Imports (133)

»

KERNEL32.DLL (118)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
FreeLibrary	0x0	0x1000101c	0x101c	0x41c
GetCurrentProcess	0x0	0x10001020	0x1020	0x420
SetFileTime	0x0	0x10001024	0x1024	0x424
WriteFile	0x0	0x10001028	0x1028	0x428
LoadLibraryW	0x0	0x1000102c	0x102c	0x42c
Sleep	0x0	0x10001030	0x1030	0x430
CreateEventA	0x0	0x10001034	0x1034	0x434
GetVersionExW	0x0	0x10001038	0x1038	0x438
CreateProcessA	0x0	0x1000103c	0x103c	0x43c
ReadFile	0x0	0x10001040	0x1040	0x440
GetModuleFileNameW	0x0	0x10001044	0x1044	0x444
GetSystemDirectoryA	0x0	0x10001048	0x1048	0x448
lstrcatA	0x0	0x1000104c	0x104c	0x44c
GetEnvironmentVariableA	0x0	0x10001050	0x1050	0x450
MultiByteToWideChar	0x0	0x10001054	0x1054	0x454
lstrlenW	0x0	0x10001058	0x1058	0x458
GetLastError	0x0	0x1000105c	0x105c	0x45c
SetLastError	0x0	0x10001060	0x1060	0x460
GetProcAddress	0x0	0x10001064	0x1064	0x464
SetFileAttributesA	0x0	0x10001068	0x1068	0x468
GetTempFileNameA	0x0	0x1000106c	0x106c	0x46c
GetLocalTime	0x0	0x10001070	0x1070	0x470
LoadLibraryA	0x0	0x10001074	0x1074	0x474
CreateFileMappingA	0x0	0x10001078	0x1078	0x478
OpenEventA	0x0	0x1000107c	0x107c	0x47c
GetModuleFileNameA	0x0	0x10001080	0x1080	0x480
GetModuleHandleA	0x0	0x10001084	0x1084	0x484
lstrcatW	0x0	0x10001088	0x1088	0x488
GetVersionExA	0x0	0x1000108c	0x108c	0x48c
UnmapViewOfFile	0x0	0x10001090	0x1090	0x490
GetTempPathA	0x0	0x10001094	0x1094	0x494
DeleteFileA	0x0	0x10001098	0x1098	0x498
GetComputerNameA	0x0	0x1000109c	0x109c	0x49c
GetWindowsDirectoryA	0x0	0x100010a0	0x10a0	0x4a0
InitializeCriticalSection	0x0	0x100010a4	0x10a4	0x4a4
LeaveCriticalSection	0x0	0x100010a8	0x10a8	0x4a8
EnterCriticalSection	0x0	0x100010ac	0x10ac	0x4ac
GetFileTime	0x0	0x100010b0	0x10b0	0x4b0
DeleteCriticalSection	0x0	0x100010b4	0x10b4	0x4b4
CreateDirectoryA	0x0	0x100010b8	0x10b8	0x4b8
GetTickCount	0x0	0x100010bc	0x10bc	0x4bc
WaitForSingleObject	0x0	0x100010c0	0x10c0	0x4c0
GetShortPathNameA	0x0	0x100010c4	0x10c4	0x4c4
CreateEventW	0x0	0x100010c8	0x10c8	0x4c8
FileTimeToDosDateTime	0x0	0x100010cc	0x10cc	0x4cc
GetFileAttributesA	0x0	0x100010d0	0x10d0	0x4d0
FileTimeToLocalFileTime	0x0	0x100010d4	0x10d4	0x4d4
GetFileInformationByHandle	0x0	0x100010d8	0x10d8	0x4d8
GetModuleHandleW	0x0	0x100010dc	0x10dc	0x4dc
VirtualProtectEx	0x0	0x100010e0	0x10e0	0x4e0
SetEnvironmentVariableA	0x0	0x100010e4	0x10e4	0x4e4
CompareStringW	0x0	0x100010e8	0x10e8	0x4e8
CompareStringA	0x0	0x100010ec	0x10ec	0x4ec
GetProcessHeap	0x0	0x100010f0	0x10f0	0x4f0
SetEndOfFile	0x0	0x100010f4	0x10f4	0x4f4
GetLocaleInfoA	0x0	0x100010f8	0x10f8	0x4f8
VirtualQuery	0x0	0x100010fc	0x10fc	0x4fc
MapViewOfFile	0x0	0x10001100	0x1100	0x500
SetFilePointer	0x0	0x10001104	0x1104	0x504
GetFileSize	0x0	0x10001108	0x1108	0x508
CreateFileA	0x0	0x1000110c	0x110c	0x50c
ExitProcess	0x0	0x10001110	0x1110	0x510
CloseHandle	0x0	0x10001114	0x1114	0x514
lstrlenA	0x0	0x10001118	0x1118	0x518
HeapFree	0x0	0x1000111c	0x111c	0x51c
HeapAlloc	0x0	0x10001120	0x1120	0x520
GetSystemTimeAsFileTime	0x0	0x10001124	0x1124	0x524
ExitThread	0x0	0x10001128	0x1128	0x528
ResumeThread	0x0	0x1000112c	0x112c	0x52c
CreateThread	0x0	0x10001130	0x1130	0x530
TerminateProcess	0x0	0x10001134	0x1134	0x534
UnhandledExceptionFilter	0x0	0x10001138	0x1138	0x538
SetUnhandledExceptionFilter	0x0	0x1000113c	0x113c	0x53c
IsDebuggerPresent	0x0	0x10001140	0x1140	0x540
WideCharToMultiByte	0x0	0x10001144	0x1144	0x544
GetConsoleCP	0x0	0x10001148	0x1148	0x548
GetConsoleMode	0x0	0x1000114c	0x114c	0x54c
GetCurrentThreadId	0x0	0x10001150	0x1150	0x550
GetCommandLineA	0x0	0x10001154	0x1154	0x554
HeapCreate	0x0	0x10001158	0x1158	0x558
HeapDestroy	0x0	0x1000115c	0x115c	0x55c
VirtualFree	0x0	0x10001160	0x1160	0x560
VirtualAlloc	0x0	0x10001164	0x1164	0x564
HeapReAlloc	0x0	0x10001168	0x1168	0x568
GetStdHandle	0x0	0x1000116c	0x116c	0x56c
TlsGetValue	0x0	0x10001170	0x1170	0x570
TlsAlloc	0x0	0x10001174	0x1174	0x574
TlsSetValue	0x0	0x10001178	0x1178	0x578
TlsFree	0x0	0x1000117c	0x117c	0x57c
InterlockedIncrement	0x0	0x10001180	0x1180	0x580
InterlockedDecrement	0x0	0x10001184	0x1184	0x584
HeapSize	0x0	0x10001188	0x1188	0x588
RaiseException	0x0	0x1000118c	0x118c	0x58c
GetCPInfo	0x0	0x10001190	0x1190	0x590
GetACP	0x0	0x10001194	0x1194	0x594
GetOEMCP	0x0	0x10001198	0x1198	0x598
IsValidCodePage	0x0	0x1000119c	0x119c	0x59c
LCMapStringA	0x0	0x100011a0	0x11a0	0x5a0
LCMapStringW	0x0	0x100011a4	0x11a4	0x5a4
GetTimeZoneInformation	0x0	0x100011a8	0x11a8	0x5a8
RtlUnwind	0x0	0x100011ac	0x11ac	0x5ac
SetHandleCount	0x0	0x100011b0	0x11b0	0x5b0
GetFileType	0x0	0x100011b4	0x11b4	0x5b4
GetStartupInfoA	0x0	0x100011b8	0x11b8	0x5b8
FlushFileBuffers	0x0	0x100011bc	0x11bc	0x5bc
SetStdHandle	0x0	0x100011c0	0x11c0	0x5c0
WriteConsoleA	0x0	0x100011c4	0x11c4	0x5c4
GetConsoleOutputCP	0x0	0x100011c8	0x11c8	0x5c8
WriteConsoleW	0x0	0x100011cc	0x11cc	0x5cc
FreeEnvironmentStringsA	0x0	0x100011d0	0x11d0	0x5d0
GetEnvironmentStrings	0x0	0x100011d4	0x11d4	0x5d4
FreeEnvironmentStringsW	0x0	0x100011d8	0x11d8	0x5d8
GetEnvironmentStringsW	0x0	0x100011dc	0x11dc	0x5dc
QueryPerformanceCounter	0x0	0x100011e0	0x11e0	0x5e0
GetCurrentProcessId	0x0	0x100011e4	0x11e4	0x5e4
InitializeCriticalSectionAndSpinCount	0x0	0x100011e8	0x11e8	0x5e8
GetStringTypeA	0x0	0x100011ec	0x11ec	0x5ec
GetStringTypeW	0x0	0x100011f0	0x11f0	0x5f0

ADVAPI32.dll (6)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
RegCloseKey	0x0	0x10001000	0x1000	0x400
RegCreateKeyExA	0x0	0x10001004	0x1004	0x404
RegQueryValueExA	0x0	0x10001008	0x1008	0x408
RegCreateKeyExW	0x0	0x1000100c	0x100c	0x40c
RegSetValueExA	0x0	0x10001010	0x1010	0x410
RegSetValueExW	0x0	0x10001014	0x1014	0x414

USER32.dll (9)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
SendMessageA	0x0	0x100011f8	0x11f8	0x5f8
GetMessageA	0x0	0x100011fc	0x11fc	0x5fc
RegisterClassExA	0x0	0x10001200	0x1200	0x600
wsprintfW	0x0	0x10001204	0x1204	0x604
TranslateMessage	0x0	0x10001208	0x1208	0x608
CreateWindowExA	0x0	0x1000120c	0x120c	0x60c
DefWindowProcA	0x0	0x10001210	0x1210	0x610
DispatchMessageA	0x0	0x10001214	0x1214	0x614
wsprintfA	0x0	0x10001218	0x1218	0x618

Exports (8)

»

Api name	EAT Address	Ordinal
AddAtomS	0x1000a330	0x1
AddAtomT	0x1000a270	0x2
DllCanUnloadNow	0x1001e7f0	0x5
DllGetClassObject	0x1001e7f1	0x6
DllRegisterServer	0x1001e7f2	0x7
DllUnregisterServer	0x1001e7f3	0x8
Entry	0x1000a210	0x3
InstallW	0x1000b250	0x4

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.06 KB
Hash Values	MD5: e5a53dd11c6c5493655cf92cd6ecf5ca SHA1: 60367181f47ec979afef7a7327fdf749b6ff5988 SHA256: ae382e9548254689e32b154d65476507423b3916f68ec028bd81b2c39055ec86
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\~dfbebc.tmp, ...

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\~dfbebc.tmp (Created File) c:\users\eebsym5\appdata\local\temp\~fgf7f5.tmp (Created File) c:\users\eebsym5\appdata\local\temp\xx7 (Created File) c:\users\eebsym5\appdata\local\temp\xx8 (Created File) c:\users\eebsym5\appdata\local\temp\xx9 (Created File) c:\users\eebsym5\appdata\local\temp\xx10 (Created File) c:\users\eebsym5\appdata\local\temp\xx11 (Created File) c:\users\eebsym5\appdata\local\temp\~fgf844.tmp (Created File) c:\users\eebsym5\appdata\local\temp\xx17 (Created File) c:\users\eebsym5\appdata\local\temp\xx18 (Created File) c:\users\eebsym5\appdata\local\temp\xx19 (Created File) c:\users\eebsym5\appdata\local\temp\xx20 (Created File) c:\users\eebsym5\appdata\local\temp\xx21 (Created File) c:\users\eebsym5\appdata\local\temp\6f6c657374646d702e6f6378ff.tmp (Created File)
Size	0.00 KB
Hash Values	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

c:\users\eebsym5\appdata\roaming\help\system32\mskfp32.ocx

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\mskfp32.ocx (Created File)
Size	3.40 KB
Hash Values	MD5: 8e327c0e388ec0c2c1827724e583af90 SHA1: 479a86ae7f7beff58cd7c1cabc91d7518943b548 SHA256: 3314b865d97e1fc43c80bff1eae46e8446e53311db7bf37146e8fb82b7136d55
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.14 KB
Hash Values	MD5: ddaa12c0627796ed0f736cd978064ea0 SHA1: e04f0e466d5ec48920c6a36952dd759b493e7ee4 SHA256: 68d14a11089fc74a40a316ea28087375a6fb5a5cc3eff1d3df817b529c4fb48d
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.17 KB
Hash Values	MD5: 0f42e349bb5c41dd9136f03e9b98d42d SHA1: dd8cb6149a7e47e763badad779f2659d8c440f7a SHA256: 8a2c1e983850eafba8524a4176936f191e68cb68e515a3680be47258e87d5e27
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.30 KB
Hash Values	MD5: b7e52f066785ffe39bf1ba5049e2cf5d SHA1: bd32b29ba4fb59926044d0b57eefa5fe7303a52f SHA256: 7eb08fbe83358d9bad3a89999c0d7c9711b088c1bef996865da791964d329913
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.33 KB
Hash Values	MD5: bbc438b511eb4d9d455479b5d4efb3a7 SHA1: b82b5b36c8d5a64ef509e2463becf10f49f62e41 SHA256: c859762776a8575f5cd99c5d2e1efe0a144196a77a629240b7534f8ff4ce5ccc
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.35 KB
Hash Values	MD5: c36f658b1d502617eccc64ab3cc41261 SHA1: a228a37767052c01f6a8f33953de473b768a012c SHA256: 377645fff739d966a4361de94bc38c6f1859b094730afe3d9fa44421fe399ab9
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.40 KB
Hash Values	MD5: cfc331638fc30008aba4d63e65c24b10 SHA1: 23e363ea4ca7fc10cf709f1b790311dbc84874c6 SHA256: 1b0c20c897036f22802b78e29c4d0782159f4b7edcc7f0c8587b0ef837bb406f
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.45 KB
Hash Values	MD5: 53797e7c00fcf24c5b31a99e3d7a37ca SHA1: aa7f6ffa921b9fa2ffe293a5ba9d7bace380a875 SHA256: 5badd3652db8e8e29ecc9a21ea8791c154cfea9a46f6daeedef82f7d8cd9fc02
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.56 KB
Hash Values	MD5: 8c0e7ab861a89ad1b1b7d7bc31dfefe0 SHA1: c82048154895b326c6b3b260c9cf42585c1b6d30 SHA256: c4c3522f98d4c746c22044a55dcc84834aa8cf28c1d082c89a3a7e9012ac5681
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.61 KB
Hash Values	MD5: bb8d9775f5cde78f975727ef44ccbb4d SHA1: 0764a19044e4b9125c5f15b8fd7b0c8467c265f2 SHA256: 8127006a9187794a08920a5004b3da883213ce57a3197584559105fd0b37fdb4
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.63 KB
Hash Values	MD5: fa8cb1aa71182a0b9b79a47654059466 SHA1: 8d88ee1cbd3f1bb7065368a5e61879ed10ae55ce SHA256: 8c15aba7b388f87b5ca1a43d9dca3aec9ea1ab339841388c62907817a2c596d5
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.78 KB
Hash Values	MD5: d5077127bc32e28534a0f7e09522988e SHA1: a8fbb24a3ecfe86ba45b57d936d18bbf3d288680 SHA256: b1031f9852382075a5931d36765c551757b01c55fef152dfbb886fdb5c8ff5d6
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx2

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx2 (Created File)
Size	2.35 KB
Hash Values	MD5: d1cef9e7d2df511f5095f7532bbb3624 SHA1: a3deba0d08a85f539b1691b523189c5630a547ce SHA256: 8f0f5c99853ec802faaf9fc84a6587dc068051e935486ade64dd11643fde7f5b
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx3, ...

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx3 (Created File) c:\users\eebsym5\appdata\local\temp\xx5 (Created File)
Size	0.03 KB
Hash Values	MD5: d44f6f1dbff7a816acdd7e69884ae707 SHA1: 4e5607be0fded9c09fe7966c077576db3753c2a8 SHA256: 9e8ce688f7492930823f1517ee7458cd89ddad33a8440261cf82564323a65bec
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx4

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx4 (Created File)
Size	2.35 KB
Hash Values	MD5: 12992a1633ce781d47655cb43bcdbd12 SHA1: 214670d71ba883f66e035a0f300528e4b1cf5b00 SHA256: a38a6a923110ec4cdb46bcfe128985b84cd3b3e7f1e22e5a9b06a5b683f3f040
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx6, ...

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx6 (Created File) c:\users\eebsym5\appdata\local\temp\xx16 (Created File)
Size	0.01 KB
Hash Values	MD5: 7b5b6c7bf41e6055abd4e74476e08575 SHA1: 5c05d3a68f69258d236f6d9677cc0a42e399e7cc SHA256: 2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx12

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx12 (Created File)
Size	0.91 KB
Hash Values	MD5: 5224b3b768472c31e9837eb091ac4da2 SHA1: 3f33aefb075a3747ed9f77c009f2de156487a05f SHA256: eb3018114ff7109d4b57abd24dafd3ebce34a61c5a59f2e34709cd1a54c45f71
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx13, ...

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx13 (Created File) c:\users\eebsym5\appdata\local\temp\xx15 (Created File)
Size	0.03 KB
Hash Values	MD5: b03290b76ede0df2bffd30926b522eae SHA1: fc81346041f384f162afd9fca259c544f996538d SHA256: 0bb31e27bfd7adde01ada0184515b36ec5f553126c6965efa1febd327b48276f
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\xx14

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\xx14 (Created File)
Size	0.91 KB
Hash Values	MD5: 2452a6b1368ec890a1e24fe8a7963ed6 SHA1: b880a509cc1af5748cca9c1493519ed81e3a3495 SHA256: 8f8fd27d15c33844302cd60b3238125cac0a8639cabb17aa01b4b42ee2569462
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\msvcrtd.tlb (Created File)
Size	0.13 KB
Hash Values	MD5: ab9ad9219a870758a276abbe307cc7c3 SHA1: dfe318674f8b28bef0f746e0c18486d71894b269 SHA256: 0d6f02c115b1048eb192905d395f939b8b33a58339fddbace946f31efac7f545
Actions	... File Actions Download File

c:\users\eebsym5\appdata\roaming\help\system32\olestdmp.ocx, ...

»

File Properties
Names	c:\users\eebsym5\appdata\roaming\help\system32\olestdmp.ocx (Created File) c:\users\eebsym5\appdata\local\temp\6f6c657374646d702e6f6378ff.tmp (Created File)
Size	3.43 KB
Hash Values	MD5: de99e5057f0ea5ed7aba40661b762e4a SHA1: edb269e72b9b9f02095cd3e1a9de928780dba698 SHA256: c873a7fa57871e32e0721dcec4e9d82eaa3baa42c804b70276f9c98d59de7d62
Actions	... File Actions Download File

c:\users\eebsym5\appdata\local\temp\6f6c657374646d702e6f6378ff.tmp

»

File Properties
Names	c:\users\eebsym5\appdata\local\temp\6f6c657374646d702e6f6378ff.tmp (Created File)
Size	3.91 KB
Hash Values	MD5: c93e29a5dc3c9cf60e00a94cc5492f4a SHA1: 655f9442d3d230d7dd9a035ddccd83bdd52c9d0c SHA256: 21d05fd99dac6ce5c2457d8cc55d700f0f501d3c35c096698c799c153550fff1
Actions	... File Actions Download File

Number of sample files submitted for analysis	1
Number of files created and extracted during analysis	24
Number of files modified and extracted during analysis	0

Notifications (2/2)

Files Information

Before

After