URL Details

URL
http://mqslotyzyovy.com/

Score

This url appears fairly benign with a score of 0.6 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
URL Feb. 21, 2019, 8:32 p.m. Feb. 21, 2019, 8:35 p.m. 147 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2019-02-21 20:32:49 2019-02-21 20:35:14

Analyzer Log

2019-02-21 12:32:47,062 [analyzer] DEBUG: Starting analyzer from: C:\xqwvp
2019-02-21 12:32:47,265 [analyzer] DEBUG: Pipe server name: \\.\PIPE\TbpbFQpjpQTifjbQjNRwwKvVhR
2019-02-21 12:32:47,279 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\epZRGENIrEFnDmCkPmONWXzPwiOAakcr
2019-02-21 12:32:48,762 [analyzer] DEBUG: Started auxiliary module Disguise
2019-02-21 12:32:49,308 [analyzer] DEBUG: Loaded monitor into process with pid 508
2019-02-21 12:32:49,323 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-02-21 12:32:49,323 [analyzer] DEBUG: Started auxiliary module Human
2019-02-21 12:32:49,323 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-02-21 12:32:49,323 [analyzer] DEBUG: Started auxiliary module Reboot
2019-02-21 12:32:49,651 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-02-21 12:32:49,667 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-02-21 12:32:49,667 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2019-02-21 12:32:50,368 [lib.api.process] INFO: Successfully executed process from path 'C:\\Program Files (x86)\\Microsoft Office\\Office12\\POWERPNT.EXE' with arguments ['/S', 'http://mqslotyzyovy.com/'] and pid 2284
2019-02-21 12:32:56,344 [analyzer] DEBUG: Loaded monitor into process with pid 2284
2019-02-21 12:33:01,803 [analyzer] INFO: Added new file to list with pid 2284 and path C:\Users\zamen\AppData\Local\Temp\75691.od
2019-02-21 12:33:06,546 [analyzer] INFO: Added new file to list with pid 2284 and path C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat
2019-02-21 12:33:08,153 [analyzer] DEBUG: Ignoring Office process C:\Windows\splwow64.exe 12288!
2019-02-21 12:33:27,762 [analyzer] INFO: Added new file to list with pid 2284 and path \Device\NamedPipe\DAV RPC SERVICE
2019-02-21 12:34:43,594 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-02-21 12:34:44,717 [analyzer] INFO: Added new file to list with pid 2284 and path C:\Users\zamen\AppData\Roaming\Microsoft\Office\PowerP12.pip
2019-02-21 12:34:44,983 [analyzer] INFO: Process with pid 2284 has terminated
2019-02-21 12:34:44,983 [analyzer] INFO: Process list is empty, terminating analysis.
2019-02-21 12:34:45,996 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-02-21 12:34:45,996 [analyzer] WARNING: File at path "u'\\device\\namedpipe\\dav rpc service'" does not exist, skip.
2019-02-21 12:34:45,996 [analyzer] WARNING: File at path "u'c:\\users\\zamen\\appdata\\local\\temp\\75691.od'" does not exist, skip.
2019-02-21 12:34:45,996 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-02-21 20:32:49,348 [lib.cuckoo.core.scheduler] INFO: Task #1283: acquired machine win7x64 (label=win7x64)
2019-02-21 20:32:49,386 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 23213 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/1283/dump.pcap)
2019-02-21 20:33:09,436 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2019-02-21 20:35:14,069 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2019-02-21 20:35:16,837 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-02-21 20:35:18,411 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4f9cd0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-21 20:35:18,412 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4f9a10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-21 20:35:18,413 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4f94d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-21 20:35:18,413 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4f95d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-21 20:35:18,414 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937c4f95d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937c4f95d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

Libraries known to be associated with a CVE were requested (may be False Positive) (1 event)
cve CVE-2013-3906

Screenshots

No screenshots available.

Network

DNS

Name Response Post-Analysis Lookup
mqslotyzyovy.com

Hosts

No hosts contacted.

Summary

Process POWERPNT.EXE (2284)

  • Opened files

    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\History.IE5\
    • C:\Windows\AppPatch\sysmain.sdb
    • C:\
    • C:\Windows\SysWOW64\wininet.dll
    • \device\webdavredirector
    • C:\Users\zamen\AppData\Local\Temp\75691.od
    • C:\Users\zamen\AppData\Roaming\Microsoft\Network\Connections\Pbk\
    • C:\Users\zamen\Desktop\desktop.ini
    • \\?\PIPE\DAV RPC SERVICE
    • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
    • C:\Windows\System32
    • C:\Windows\System32\imageres.dll
    • C:\Program Files (x86)\Microsoft Office\Office12\POWERPOI.PIP
    • C:\ProgramData\Microsoft\OFFICE\DATA\OPA12.BAK
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\1033\ALRTINTL.DLL
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies\
    • C:\Windows\SysWOW64\shell32.dll
    • C:\Users\zamen\AppData\Local\Temp\CVR26D1.tmp.cvr
    • C:\Windows\WindowsShell.Manifest
    • C:\Users
    • C:\Windows\SysWOW64\en-US\urlmon.dll.mui
    • C:\Users\zamen
    • C:\Windows\System32\cryptui.dll
    • C:\Windows\System32\tzres.dll
    • C:\Users\desktop.ini
    • C:\Program Files (x86)\
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\
    • C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat
    • C:\ProgramData\Microsoft\OFFICE\DATA\
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
    • C:\Program Files (x86)\Microsoft Office\Office12\ID_00030.DPC
    • C:\Users\zamen\AppData\Local\Temp\CVR26D1.tmp
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
    • C:\Windows\System32\davhlpr.dll
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    • C:\Windows\System32\oleacc.dll
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\
    • C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    • \??\FDC#GENERIC_FLOPPY_DRIVE#6&3b4c39bd&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    • C:\Program Files (x86)\Common Files\Microsoft Shared\
    • C:\Windows\Fonts\staticcache.dat
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\RICHED20.DLL
    • C:\Windows\System32\rsaenh.dll
    • C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF
    • C:\Windows\System32\uxtheme.dll
    • C:\Windows\System32\ras\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO
  • Written files

    • C:\Users\zamen\AppData\Roaming\Microsoft\Office\PowerP12.pip
    • \\?\PIPE\DAV RPC SERVICE
    • C:\Users\zamen\AppData\Local\Temp\75691.od
    • C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat

Process POWERPNT.EXE (2284)

Process POWERPNT.EXE (2284)

Process POWERPNT.EXE (2284)

Process POWERPNT.EXE (2284)

  • DLLs Loaded

    • netutils.dll
    • API-MS-Win-Security-LSALookup-L1-1-0.dll
    • DNSAPI.dll
    • UxTheme.dll
    • C:\Windows\system32\ole32.dll
    • dwmapi.dll
    • MPR.DLL
    • API-MS-WIN-Service-Management-L2-1-0.dll
    • C:\Program Files (x86)\Microsoft Office\Office12\1033\PPINTL.DLL
    • SspiCli.dll
    • comctl32
    • ole32.dll
    • SHLWAPI.dll
    • USER32.dll
    • RASMAN.DLL
    • VERSION.DLL
    • WININET.DLL
    • C:\Program Files (x86)\Common Files\Microsoft Shared\office12\riched20.dll
    • WTSAPI32.DLL
    • C:\Windows\System32\mswsock.dll
    • SHELL32.dll
    • C:\Windows\System32\wship6.dll
    • WINMM.dll
    • HLINK.DLL
    • C:\Windows\SysWOW64\KERNEL32.DLL
    • rpcrt4.dll
    • C:\Windows\System32\wshtcpip.dll
    • IMM32.dll
    • C:\Windows\System32\drprov.dll
    • urlmon.dll
    • C:\Program Files (x86)\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL
    • WINSTA.dll
    • kernel32.dll
    • CRYPTBASE.dll
    • Netapi32.DLL
    • C:\Windows\system32\napinsp.dll
    • C:\Windows\system32\apphelp.dll
    • shlwapi.dll
    • URLMON.DLL
    • UxTheme.DLL
    • Comctl32.dll
    • C:\Windows\System32\fwpuclnt.dll
    • rtutils.dll
    • IPHLPAPI.DLL
    • RASAPI32.dll
    • winspool.drv
    • profapi.dll
    • comctl32.dll
    • SETUPAPI.dll
    • VERSION.dll
    • RpcRtRemote.dll
    • Winspool.DRV
    • C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll
    • C:\Windows\system32\rsaenh.dll
    • Shlwapi.DLL
    • iphlpapi
    • C:\Windows\SysWOW64\ADVAPI32.DLL
    • C:\Windows\syswow64\MSCTF.dll
    • CRYPTSP.dll
    • API-MS-WIN-Service-winsvc-L1-1-0.dll
    • sensapi.dll
    • C:\Windows\system32\NLAapi.dll
    • mso.dll
    • ADVAPI32.dll
    • C:\Windows\System32\davclnt.dll
    • WS2_32.dll
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
    • ntmarta.dll
    • C:\Windows\system32\mscoree.dll
    • C:\Windows\system32\Msimtf.dll
    • API-MS-WIN-Service-Management-L1-1-0.dll
    • rasadhlp.dll
    • C:\Windows\System32\ntlanman.dll
    • dnsapi
    • KERNEL32.DLL
    • OLEAUT32.DLL
    • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL
    • DwmApi.DLL
    • API-MS-Win-Security-SDDL-L1-1-0.dll
    • C:\Windows\system32\pnrpnsp.dll
    • MSO.dll
    • wininet.dll
    • DWMAPI.DLL
    • Kernel32.DLL
    • OLEAUT32.dll
    • RPCRT4.dll
    • SHLWAPI.DLL
    • C:\Windows\System32\winrnr.dll
    • cryptui.dll
    • ws2_32
    • C:\Windows\system32\mswsock.dll
    • SHELL32.DLL
    • Shlwapi.dll
    • Normaliz.dll
No static analysis available.
No antivirus signatures available.

Process Tree


POWERPNT.EXE, PID: 2284, Parent PID: 2260

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
mqslotyzyovy.com

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.109 50839 192.168.128.111 53
192.168.128.109 52588 192.168.128.111 53
192.168.128.109 54908 192.168.128.111 53
192.168.128.109 56743 192.168.128.111 53
192.168.128.109 60037 192.168.128.111 53
192.168.128.109 60112 192.168.128.111 53
192.168.128.109 65476 192.168.128.111 53
192.168.128.109 137 192.168.128.255 137
192.168.128.109 138 192.168.128.255 138
192.168.128.109 52096 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 5745c477a5209e88_powerp12.pip
Filepath C:\Users\zamen\AppData\Roaming\Microsoft\Office\PowerP12.pip
Size 1.4KB
Processes 2284 (POWERPNT.EXE)
Type data
MD5 230f0a9f6adaea4b045ea65171e0fcb6
SHA1 012cf7a476e7354f2378c8c6341ffbc62bbd01c6
SHA256 5745c477a5209e884c93ff030eb89dc3be104c575dd64126b1a5b0988bf0aad3
CRC32 B2C79812
ssdeep 24:kzSV1glbWa1UqylJZzwA6K2vmmXIEueSA7FfjSeMemiefs8RPZzXB+6Gto1rYd+X:kzSV1Ht7FlDzmXNA5iefsQBLB+Fo1rYe
Yara None matched
VirusTotal Search for analysis
Name 3d5bc0c3c759609b_opa12.dat
Filepath C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat
Size 8.0KB
Processes 2284 (POWERPNT.EXE)
Type data
MD5 0e7e24ed21bd5da96b0d882d5a043ad4
SHA1 543bba04369e50dfb74d27d24e1069810a5707ea
SHA256 3d5bc0c3c759609b3637e8efb7508600ec8a175e601779916097537c80092f2d
CRC32 E4BF56FA
ssdeep 192:12xaaUyse71abxl0fatpNnxa/2WvVJBZHp5isu/dY/tBNLqu5Xw2a:12x3slgatpNnxZGplu1Yte2ba
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 1283
Mongo ID 5c6f51d611d30812ab71f788
Cuckoo release 2.0-dev