top title background image
flash

utility.dll

Status: finished
Submission Time: 2021-04-12 15:23:40 +02:00
Clean

Comments

Tags

Details

  • Analysis ID:
    385485
  • API (Web) ID:
    673073
  • Analysis Started:
    2021-04-12 15:26:29 +02:00
  • Analysis Finished:
    2021-04-12 15:47:14 +02:00
  • MD5:
    c84fd1069470c4f7cbcd9fa10fc32615
  • SHA1:
    94ca6af9cae336754da47e2b8694a1f33db78e89
  • SHA256:
    59d2ed9608ac543bd671da7b17558ebce275f64dd80fc84abd10fd31dea49c5e
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
clean
Score: 8
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
clean
Score: 8
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

URLs

Name Detection
http://crl.m
http://microsoft.coA
http://crl.micro
Click to see the 10 hidden entries
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://www.thawte.com/cps0/
http://crl.microsoft
http://crl.micro(
http://ocsp.thawte.com0
http://www.microsoft.co
http://crl.microsy
https://www.thawte.com/repository0
http://www.microsoft.c
http://crl.microsoft2

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC277.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF957.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2DE.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 17 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA46.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD94A.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Apr 12 13:27:33 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4A7.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC68F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC65E.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Apr 12 13:27:25 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC566.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC371.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1a1eb18902f2cde56c230bea1f2d46b66fdcaf_82810a17_1b3ef221\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA48.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Apr 12 13:27:21 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA0A.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Apr 12 13:27:21 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER54A6.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5001.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER440A.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Apr 12 13:27:57 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_8e1c7dc65b4f8892833bb6a965bb21678f4e1a_82810a17_17936916\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_8e1c7dc65b4f8892833bb6a965bb21678f4e1a_82810a17_11932288\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_6995fa83d7b0318a43db0d33e1e8ff1c3499353_82810a17_12577480\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1a1eb18902f2cde56c230bea1f2d46b66fdcaf_82810a17_1bc6e465\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#