Summary

ff185ec81d19e900_dw20.exe

File ff185ec81d19e900_dw20.exe

Summary
Download Resubmit sample

Size 27.1MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 77f56e880f6477354cf908d184446caa
SHA1 1590cad3a3f2534251168cc550a4389fd63d02a9
SHA256 ff185ec81d19e9006e981a36ddd5a64d67f16e0fd2d1d936f85700a0c8c02a67
SHA512
5c03c795bce923505921dd7e21119dce66ead1473981315e26a4ebb7b421aa7f9b9a2b8e3a15dbcc8cddc4bdfcf35c57451e2939fd3067be79150a7060d0a34e
CRC32 644524FE
ssdeep None
Yara
  • PoetRat_Python - (no description)
  • Base64_encoded_Executable - Detects an base64 encoded executable (often embedded)
  • DebuggerException__ConsoleCtrl - (no description)
  • DebuggerException__SetConsoleCtrl - (no description)
  • SEH__vectored - (no description)
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:7168471

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Nov. 25, 2025, 3:09 p.m. Nov. 25, 2025, 3:20 p.m. 633 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-11-22 02:12:41,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpwoh6zt
2025-11-22 02:12:41,000 [analyzer] DEBUG: Pipe server name: \??\PIPE\RaBmGSVFfAiIFfIUJoOlYsiCU
2025-11-22 02:12:41,000 [analyzer] DEBUG: Log pipe server name: \??\PIPE\HKaFPqGXMoJlPwkXtsjZeaLkGLKBhwFD
2025-11-22 02:12:41,000 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-11-22 02:12:41,062 [analyzer] INFO: Automatically selected analysis package "exe"
2025-11-22 02:12:41,280 [analyzer] DEBUG: Started auxiliary module Curtain
2025-11-22 02:12:41,280 [analyzer] DEBUG: Started auxiliary module DbgView
2025-11-22 02:12:41,703 [analyzer] DEBUG: Started auxiliary module Disguise
2025-11-22 02:12:41,890 [analyzer] DEBUG: Loaded monitor into process with pid 500
2025-11-22 02:12:41,890 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-11-22 02:12:41,890 [analyzer] DEBUG: Started auxiliary module Human
2025-11-22 02:12:41,890 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-11-22 02:12:41,890 [analyzer] DEBUG: Started auxiliary module Reboot
2025-11-22 02:12:41,983 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-11-22 02:12:41,983 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-11-22 02:12:41,983 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-11-22 02:12:42,000 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-11-22 02:12:42,421 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\ff185ec81d19e900_dw20.exe' with arguments '' and pid 1480
2025-11-22 02:12:42,687 [analyzer] DEBUG: Loaded monitor into process with pid 1480
2025-11-22 02:13:04,898 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Windows\System32\rMs.exe
2025-11-22 02:13:05,059 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL
2025-11-22 02:13:05,250 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.exe
2025-11-22 02:13:05,450 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL
2025-11-22 02:13:05,642 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.exe
2025-11-22 02:13:05,828 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
2025-11-22 02:13:05,996 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.exe
2025-11-22 02:13:06,272 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
2025-11-22 02:13:06,410 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.exe
2025-11-22 02:13:06,595 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL
2025-11-22 02:13:06,742 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.exe
2025-11-22 02:13:06,904 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT
2025-11-22 02:13:07,075 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.exe
2025-11-22 02:13:07,252 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
2025-11-22 02:13:07,408 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.exe
2025-11-22 02:13:07,585 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP
2025-11-22 02:13:07,740 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.exe
2025-11-22 02:13:07,888 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
2025-11-22 02:13:08,130 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.exe
2025-11-22 02:13:08,381 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest
2025-11-22 02:13:08,505 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.exe
2025-11-22 02:13:08,730 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL
2025-11-22 02:13:08,904 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.exe
2025-11-22 02:13:09,088 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll
2025-11-22 02:13:09,252 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.exe
2025-11-22 02:13:09,453 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll
2025-11-22 02:13:09,622 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe
2025-11-22 02:13:09,859 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.exe
2025-11-22 02:13:10,105 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG
2025-11-22 02:13:10,499 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.exe
2025-11-22 02:13:10,713 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT
2025-11-22 02:13:10,867 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.exe
2025-11-22 02:13:11,073 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT
2025-11-22 02:13:11,217 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.exe
2025-11-22 02:13:11,378 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT
2025-11-22 02:13:11,503 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.exe
2025-11-22 02:13:11,677 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
2025-11-22 02:13:11,792 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.exe
2025-11-22 02:13:11,917 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
2025-11-22 02:13:12,046 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.exe
2025-11-22 02:13:12,463 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM
2025-11-22 02:13:12,622 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.exe
2025-11-22 02:13:12,793 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
2025-11-22 02:13:13,026 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.exe
2025-11-22 02:13:13,183 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF
2025-11-22 02:13:13,375 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.exe
2025-11-22 02:13:13,545 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
2025-11-22 02:13:13,732 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.exe
2025-11-22 02:13:13,892 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
2025-11-22 02:13:14,062 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.exe
2025-11-22 02:13:14,605 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG
2025-11-22 02:13:14,755 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.exe
2025-11-22 02:13:14,936 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT
2025-11-22 02:13:15,073 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.exe
2025-11-22 02:13:15,236 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT
2025-11-22 02:13:15,397 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.exe
2025-11-22 02:13:15,542 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT
2025-11-22 02:13:15,680 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.exe
2025-11-22 02:13:15,874 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL
2025-11-22 02:13:15,996 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.exe
2025-11-22 02:13:16,490 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
2025-11-22 02:13:16,612 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.exe
2025-11-22 02:13:16,750 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll
2025-11-22 02:13:16,861 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.exe
2025-11-22 02:13:17,030 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.exe
2025-11-22 02:13:17,184 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.exe
2025-11-22 02:13:17,351 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL
2025-11-22 02:13:17,484 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.exe
2025-11-22 02:13:17,602 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL
2025-11-22 02:13:17,709 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.exe
2025-11-22 02:13:17,832 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL
2025-11-22 02:13:17,946 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL.exe
2025-11-22 02:13:18,122 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL
2025-11-22 02:13:18,921 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL.exe
2025-11-22 02:13:19,144 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM
2025-11-22 02:13:19,236 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.exe
2025-11-22 02:13:19,348 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL
2025-11-22 02:13:19,438 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL.exe
2025-11-22 02:13:19,556 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL
2025-11-22 02:13:19,654 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.exe
2025-11-22 02:13:19,759 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL
2025-11-22 02:13:19,865 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.exe
2025-11-22 02:13:19,989 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL
2025-11-22 02:13:20,470 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.exe
2025-11-22 02:13:20,767 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL
2025-11-22 02:13:20,858 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL.exe
2025-11-22 02:13:20,971 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL
2025-11-22 02:13:21,125 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL.exe
2025-11-22 02:13:21,486 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM
2025-11-22 02:13:21,578 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.exe
2025-11-22 02:13:21,700 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll
2025-11-22 02:13:21,796 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll.exe
2025-11-22 02:13:21,927 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL
2025-11-22 02:13:22,019 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.exe
2025-11-22 02:13:22,128 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL
2025-11-22 02:13:22,219 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.exe
2025-11-22 02:13:22,322 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL
2025-11-22 02:13:22,413 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL.exe
2025-11-22 02:13:22,519 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL
2025-11-22 02:13:22,625 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL.exe
2025-11-22 02:13:22,734 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL
2025-11-22 02:13:22,832 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL.exe
2025-11-22 02:13:22,951 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL
2025-11-22 02:13:23,042 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL.exe
2025-11-22 02:13:23,799 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL
2025-11-22 02:13:24,148 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL.exe
2025-11-22 02:13:24,253 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL
2025-11-22 02:13:24,345 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL.exe
2025-11-22 02:13:24,447 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL
2025-11-22 02:13:24,539 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL.exe
2025-11-22 02:13:24,642 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL
2025-11-22 02:13:24,733 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL.exe
2025-11-22 02:13:24,818 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL
2025-11-22 02:13:24,908 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL.exe
2025-11-22 02:13:25,003 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL
2025-11-22 02:13:25,586 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL.exe
2025-11-22 02:13:25,707 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL
2025-11-22 02:13:25,796 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL.exe
2025-11-22 02:13:25,904 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL
2025-11-22 02:13:26,002 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL.exe
2025-11-22 02:13:26,108 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL
2025-11-22 02:13:26,213 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.exe
2025-11-22 02:13:26,338 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL
2025-11-22 02:13:26,453 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.exe
2025-11-22 02:13:26,579 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL
2025-11-22 02:13:26,670 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL.exe
2025-11-22 02:13:26,799 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll
2025-11-22 02:13:26,891 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.exe
2025-11-22 02:13:27,007 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll
2025-11-22 02:13:27,615 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.exe
2025-11-22 02:13:28,006 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2025-11-22 02:13:28,115 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.exe
2025-11-22 02:13:28,224 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL
2025-11-22 02:13:28,315 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL.exe
2025-11-22 02:13:28,418 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL
2025-11-22 02:13:28,526 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL.exe
2025-11-22 02:13:28,664 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL
2025-11-22 02:13:28,802 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL.exe
2025-11-22 02:13:28,940 [analyzer] INFO: Added new file to list with pid 1480 and path C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE
2025-11-22 02:13:29,642 [analyzer] INFO: Process with pid 1480 has terminated
2025-11-22 02:13:29,642 [analyzer] INFO: Process list is empty, terminating analysis.
2025-11-22 02:13:31,174 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-11-22 02:16:44,065 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\cgmimp32.fnt.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\png32.flt.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceexcl.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\equation\eqnedt32.hlp.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\ado210.chm
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\msointl.rest.idx_dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\msointl.dll.idx_dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\pictim32.flt.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\filters\msgfilt.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\ado210.chm.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceerr.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\euro\msoeuro.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.jpg.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.png
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\euro\msoeuro.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceodbc.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acewdat.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceoledb.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\acerecr.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceodbc.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\help\msitss55.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acerep.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acetxt.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.gif
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\alrtintl.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\aceintl.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\equation\eqnedt32.cnt.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceodexl.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\equation\eqnedt32.cnt
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.eps.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\cgmimp32.cfg.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\cgmimp32.flt
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\aceodbci.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\equation\eqnedt32.hlp
2025-11-22 02:16:44,081 [analyzer] WARNING: File at path u'c:\\windows\\system32\\rms.exe' does not exist, skip.
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acecore.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\acerecr.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\acewstr.dll.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\filters\msgfilt.dll
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\cultures\office.odf.exe
2025-11-22 02:16:44,081 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\filters\odffilt.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceexch.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\dw\dbghelp.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceodexl.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\filters\odffilt.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\exp_xps.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\csisoap.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acerep.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acerclr.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceexch.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\cgmimp32.flt.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\help\hxds.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\equation\eqnedt32.exe.manifest.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\msointl.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\oarpmanr.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.cgm.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\dw\dwtrig20.exe.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\equation\eqnedt32.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\alrtintl.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\jpegim32.flt
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\acewstr.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\help\hxds.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\fltldr.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceodtxt.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.wpg
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\expsrv.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\csi.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\aceodbci.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\oarpmanr.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.gif.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\epsimp32.flt
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\dw\dwtrig20.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\expsrv.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\ms.png.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\1033\xlsrvintl.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\acetxt.dll
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\office14\aceerr.dll.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\msinfo\en-us\msinfo32.exe.mui.exe
2025-11-22 02:16:44,095 [analyzer] WARNING: Too many files: c:\program files\common files\microsoft shared\grphflt\epsimp32.flt.exe

Cuckoo Log

2025-11-25 15:09:58,122 [cuckoo.core.scheduler] INFO: Task #7199893: acquired machine win7x643 (label=win7x643)
2025-11-25 15:09:58,137 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.203 for task #7199893
2025-11-25 15:09:58,542 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 298557 (interface=vboxnet0, host=192.168.168.203)
2025-11-25 15:11:43,521 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x643
2025-11-25 15:11:45,073 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x643 to vmcloak
2025-11-25 15:14:02,399 [cuckoo.core.guest] INFO: Starting analysis #7199893 on guest (id=win7x643, ip=192.168.168.203)
2025-11-25 15:14:03,430 [cuckoo.core.guest] DEBUG: win7x643: not ready yet
2025-11-25 15:14:08,549 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x643, ip=192.168.168.203)
2025-11-25 15:14:09,313 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x643, ip=192.168.168.203, monitor=latest, size=6660546)
2025-11-25 15:14:13,052 [cuckoo.core.resultserver] DEBUG: Task #7199893: live log analysis.log initialized.
2025-11-25 15:14:14,047 [cuckoo.core.resultserver] DEBUG: Task #7199893 is sending a BSON stream
2025-11-25 15:14:15,007 [cuckoo.core.resultserver] DEBUG: Task #7199893 is sending a BSON stream
2025-11-25 15:14:15,358 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0001.jpg'
2025-11-25 15:14:15,564 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 116222
2025-11-25 15:14:16,552 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0002.jpg'
2025-11-25 15:14:16,589 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 129838
2025-11-25 15:14:27,840 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:14:38,038 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0003.jpg'
2025-11-25 15:14:38,069 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 137570
2025-11-25 15:14:39,586 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0004.jpg'
2025-11-25 15:14:39,608 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 150646
2025-11-25 15:14:40,725 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0005.jpg'
2025-11-25 15:14:40,763 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 164011
2025-11-25 15:14:49,990 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:14:50,826 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0006.jpg'
2025-11-25 15:14:54,159 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 174165
2025-11-25 15:14:54,196 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0007.jpg'
2025-11-25 15:14:54,359 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 190338
2025-11-25 15:14:55,428 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0008.jpg'
2025-11-25 15:14:55,465 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 194542
2025-11-25 15:14:56,532 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0009.jpg'
2025-11-25 15:14:56,609 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 192695
2025-11-25 15:14:57,671 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0010.jpg'
2025-11-25 15:14:57,705 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 191582
2025-11-25 15:14:58,788 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0011.jpg'
2025-11-25 15:14:58,838 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 192810
2025-11-25 15:14:59,885 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0012.jpg'
2025-11-25 15:14:59,929 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 194562
2025-11-25 15:15:01,003 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'shots/0013.jpg'
2025-11-25 15:15:01,023 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 133497
2025-11-25 15:15:01,909 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'curtain/1763774010.85.curtain.log'
2025-11-25 15:15:01,913 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 36
2025-11-25 15:15:02,172 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'sysmon/1763774011.1.sysmon.xml'
2025-11-25 15:15:02,295 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 2512990
2025-11-25 15:15:02,461 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/64d626e50bb350aa_msitss55.dll'
2025-11-25 15:15:03,757 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29121268
2025-11-25 15:15:03,907 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/d50d9b2590f1505d_acecore.dll.exe'
2025-11-25 15:15:05,831 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:15:06,463 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29200124
2025-11-25 15:15:06,504 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/f5e63c5271266091_mtextra.ttf.exe'
2025-11-25 15:15:14,781 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29187836
2025-11-25 15:15:19,562 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/4984aa03f8a7a9a8_cgmimp32.cfg'
2025-11-25 15:15:23,417 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29122292
2025-11-25 15:15:25,922 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:15:28,412 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/bccc60d111dfea73_acedao.dll'
2025-11-25 15:15:32,815 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29137652
2025-11-25 15:15:37,432 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/0b42ad83dc7d5b79_aceintl.dll.exe'
2025-11-25 15:15:41,366 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:15:41,455 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29255420
2025-11-25 15:15:45,821 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/12fddecf7d0261b4_msointl.dll.exe'
2025-11-25 15:15:49,712 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29234940
2025-11-25 15:15:53,795 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/a8eba5e207f56326_aceoddbs.dll.exe'
2025-11-25 15:15:56,638 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29115132
2025-11-25 15:15:56,951 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:16:02,707 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/19d18429a65dfb38_gifimp32.flt.exe'
2025-11-25 15:16:07,428 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29203196
2025-11-25 15:16:11,957 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/a5319b642fec32d3_aceoddbs.dll'
2025-11-25 15:16:12,298 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:16:15,094 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29097716
2025-11-25 15:16:17,991 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/a4154782f0a9f01a_ms.eps'
2025-11-25 15:16:22,922 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29154036
2025-11-25 15:16:27,764 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:16:28,075 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/caff8772cb412428_msointl.rest.idx_dll.exe'
2025-11-25 15:16:30,650 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29140732
2025-11-25 15:16:34,630 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/346e8ac4ce2afbd2_msointl.dll.idx_dll.exe'
2025-11-25 15:16:37,045 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29182716
2025-11-25 15:16:40,081 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/aca63a494939e1a1_acer3x.dll'
2025-11-25 15:16:42,750 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29095668
2025-11-25 15:16:42,966 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:16:46,336 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/ba28ba9f4155a723_aceoledb.dll'
2025-11-25 15:16:48,766 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29081332
2025-11-25 15:16:51,243 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/af21e08270f274f5_itircl55.dll.exe'
2025-11-25 15:16:55,162 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29196028
2025-11-25 15:16:57,432 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/9858117b5f36adfd_wpgimp32.flt'
2025-11-25 15:16:58,484 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:17:00,309 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29170420
2025-11-25 15:17:04,355 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/02476ecd8f468d43_gifimp32.flt'
2025-11-25 15:17:06,944 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29128436
2025-11-25 15:17:11,247 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/291ea816b166b299_png32.flt'
2025-11-25 15:17:13,595 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29169396
2025-11-25 15:17:13,719 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:17:13,880 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/f470d7d945e4532f_mssoapr3.dll'
2025-11-25 15:17:16,337 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29106932
2025-11-25 15:17:16,499 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/fb3943a2224912a4_csisoap.dll.exe'
2025-11-25 15:17:19,235 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29075196
2025-11-25 15:17:19,442 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/cfda66d3dc1696d7_office.odf'
2025-11-25 15:17:20,637 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29103860
2025-11-25 15:17:20,805 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/280a324ebee05764_acexbe.dll'
2025-11-25 15:17:21,920 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29116148
2025-11-25 15:17:22,039 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/9d661c3119060d3b_acexbe.dll.exe'
2025-11-25 15:17:22,966 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29136636
2025-11-25 15:17:23,123 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/4279a2aa31e67810_pictim32.flt'
2025-11-25 15:17:24,262 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29163252
2025-11-25 15:17:24,354 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/1d4409d826cf79a0_exp_pdf.dll'
2025-11-25 15:17:25,699 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29107956
2025-11-25 15:17:25,877 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/9871df2d725b8d57_mtextra.ttf'
2025-11-25 15:17:27,148 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29165300
2025-11-25 15:17:27,347 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/f85a77ea4397ce84_aceodtxt.dll'
2025-11-25 15:17:28,862 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29174516
2025-11-25 15:17:28,879 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:17:29,233 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/bf46444681a7d739_eeintl.dll.exe'
2025-11-25 15:17:30,903 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29096700
2025-11-25 15:17:31,149 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/3699a3ad4b02fea7_xlsrvintl.dll'
2025-11-25 15:17:32,773 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29133556
2025-11-25 15:17:32,929 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/b0114be9614850d6_acees.dll.exe'
2025-11-25 15:17:34,131 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29117180
2025-11-25 15:17:34,346 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/7ce9bab165391e90_jpegim32.flt.exe'
2025-11-25 15:17:35,979 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29138684
2025-11-25 15:17:36,374 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/00044addca2d333f_acees.dll'
2025-11-25 15:17:38,578 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29077236
2025-11-25 15:17:38,771 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/30affe66cad859b9_dw20.exe'
2025-11-25 15:17:40,781 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29145844
2025-11-25 15:17:40,979 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/1e0e7348fcb85fa9_exp_xps.dll'
2025-11-25 15:17:42,563 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29170420
2025-11-25 15:17:42,825 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/fa609dbebd815f6a_dw20.exe.exe'
2025-11-25 15:17:44,170 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29154044
2025-11-25 15:17:44,411 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:17:44,480 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/47d093be84fcd52b_acewdat.dll.exe'
2025-11-25 15:17:46,063 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29252348
2025-11-25 15:17:46,251 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/3373750d2e700dc4_eqnedt32.exe.exe'
2025-11-25 15:17:48,278 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29195004
2025-11-25 15:17:48,409 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/2e79da469d2bc1ab_readme.htm'
2025-11-25 15:17:49,865 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29123316
2025-11-25 15:17:50,532 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/afcc5ecc1ba95983_acer3x.dll.exe'
2025-11-25 15:17:52,661 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29162236
2025-11-25 15:17:53,933 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/56f899f89737f22a_offfiltx.dll.exe'
2025-11-25 15:17:56,126 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29128444
2025-11-25 15:17:56,838 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/43ae8a95f41cdf7a_csi.dll'
2025-11-25 15:17:58,538 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29149940
2025-11-25 15:17:58,698 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/136b7797e5f3b2c5_eeintl.dll'
2025-11-25 15:17:59,730 [cuckoo.core.guest] DEBUG: win7x643: analysis #7199893 still processing
2025-11-25 15:18:00,111 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29080308
2025-11-25 15:18:00,255 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/87db1db2c3fdddc3_aceexcl.dll.exe'
2025-11-25 15:18:01,659 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29135612
2025-11-25 15:18:01,753 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/79711910d41fb903_eqnedt32.exe.manifest'
2025-11-25 15:18:02,737 [cuckoo.core.guest] INFO: win7x643: end of analysis reached!
2025-11-25 15:18:02,756 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-11-25 15:18:02,783 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-11-25 15:18:03,862 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29123316
2025-11-25 15:18:03,934 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/2f7983e193d273b3_ms.wpg.exe'
2025-11-25 15:18:04,278 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x643 to path /srv/cuckoo/cwd/storage/analyses/7199893/memory.dmp
2025-11-25 15:18:04,282 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x643
2025-11-25 15:18:06,201 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29185788
2025-11-25 15:18:06,404 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/bcad917524e6b961_msaddndr.dll'
2025-11-25 15:18:07,980 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29156084
2025-11-25 15:18:08,089 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/5153a7c40f3c0ade_wpgimp32.flt.exe'
2025-11-25 15:18:09,702 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29219580
2025-11-25 15:18:09,835 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/8ece53641bb6b8b2_mssoapr3.dll.exe'
2025-11-25 15:18:12,166 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29168380
2025-11-25 15:18:12,555 [cuckoo.core.resultserver] DEBUG: Task #7199893: File upload for 'files/e1137576e8af5aad_acerclr.dll.exe'
2025-11-25 15:18:15,179 [cuckoo.core.resultserver] DEBUG: Task #7199893 uploaded file length: 29197052
2025-11-25 15:18:15,202 [cuckoo.core.resultserver] DEBUG: Task #7199893 had connection reset for <Context for LOG>
2025-11-25 15:20:26,410 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.203 for task #7199893
2025-11-25 15:20:26,862 [cuckoo.core.scheduler] DEBUG: Released database task #7199893
2025-11-25 15:20:26,891 [cuckoo.core.scheduler] INFO: Task #7199893: analysis procedure completed

Signatures

Yara rules detected for file (10 events)
description (no description) rule PoetRat_Python
description Detects an base64 encoded executable (often embedded) rule Base64_encoded_Executable
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule SEH__vectored
description Create a windows service rule create_service
description Communications over UDP network rule network_udp_sock
description Listen for incoming communication rule network_tcp_listen
description Communications over RAW socket rule network_tcp_socket
description Communications use DNS rule network_dns
Command line console output was observed (50 out of 72 events)
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: https://ent34ndx3cz8k.x.pipedream.net//a?son=1749642851&brother=1111575874&selfhash=ff185ec81d19e9006e981a36ddd5a64d67f16e0fd2d1d936f85700a0c8c02a67&seed=1763773963023437500&runnigfrom=C:\Users\Administrator\AppData\Local\Temp\ff185ec81d19e900_dw20.exe
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL
console_handle: 0x0000000000000007
1 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)
section .symtab
Creates executable files on the filesystem (50 out of 115 events)
file C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.exe
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll
file C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL
file C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe
file C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.exe
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.exe
file C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL
file C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL
file C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.exe
file C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
file C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL
file C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.exe
file C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL
file C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL.exe
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.exe
file C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.exe
Raised Snort alerts (1 event)
snort ET INFO DNS Query for Webhook/HTTP Request Inspection Service (x .pipedream .net)
Installs itself for autorun at Windows startup (1 event)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rMs reg_value c:\Windows\System32\rMs.exe
Detects the presence of Wine emulator (1 event)
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd867a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076dd0000
-1073741511 0
File has been identified by 10 AntiVirus engine on IRMA as malicious (10 events)
G Data Antivirus (Windows) Virus: Gen:Variant.Tedy.816526 (Engine A)
Avast Core Security (Linux) Win64:MalwareX-gen [Misc]
WithSecure (Linux) Trojan.TR/Spy.Gen
eScan Antivirus (Linux) Gen:Variant.Tedy.816526(DB)
ESET Security (Windows) a variant of Win64/Agent.PR trojan
Sophos Anti-Virus (Linux) Troj/Agent-BLKX
DrWeb Antivirus (Linux) BackDoor.GravityRAT.3
Bitdefender Antivirus (Linux) Gen:Variant.Tedy.816526
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Vimditator.gen
Emsisoft Commandline Scanner (Windows) Gen:Variant.Tedy.816526 (B)
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.