General Info

File name

3.zip

Full analysis
https://app.any.run/tasks/cee2e517-6bb4-4496-9404-7c9fda907a45
Verdict
Malicious activity
Analysis date
4/15/2019, 08:35:59
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

rat

nanocore

Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

b61f7bf24495bfc0df4682c541141b3a

SHA1

7a6d0775acca13e9459feb4530b7983fd5e38f74

SHA256

01731dda9dd309309672159e7eab6d9875ff6ded32d9478c57066ed4bfdc6b0b

SSDEEP

49152:tNhd7eV2z9L8Stszor+RYUGWRWVQ64GCujZSb6UgTalnR9JFV:7hd7g2Csb+r9RMQGCSob6mTJn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
NanoCore was detected
  • BlackChecker.exe (PID: 2684)
Loads the Task Scheduler COM API
  • schtasks.exe (PID: 2292)
  • schtasks.exe (PID: 2892)
  • mmc.exe (PID: 3432)
Changes the autorun value in the registry
  • BlackChecker.exe (PID: 1344)
  • BlackChecker.exe (PID: 2684)
Uses Task Scheduler to run other applications
  • BlackChecker.exe (PID: 1344)
Loads dropped or rewritten executable
  • explorer.exe (PID: 2036)
  • SearchProtocolHost.exe (PID: 3908)
Application was dropped or rewritten from another process
  • BlackChecker.exe (PID: 1344)
  • BlackChecker.exe (PID: 2684)
Creates files in the program directory
  • BlackChecker.exe (PID: 1344)
Creates files in the user directory
  • BlackChecker.exe (PID: 1344)
  • BlackChecker.exe (PID: 2684)
Executable content was dropped or overwritten
  • BlackChecker.exe (PID: 1344)
  • BlackChecker.exe (PID: 2684)
Application launched itself
  • BlackChecker.exe (PID: 2684)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2018:06:21 17:16:07
ZipCRC:
0x035d1ff1
ZipCompressedSize:
79460
ZipUncompressedSize:
198656
ZipFileName:
YamlDotNet.dll

Screenshots

Processes

Total processes
46
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start drop and start winrar.exe no specs searchprotocolhost.exe no specs #NANOCORE blackchecker.exe blackchecker.exe explorer.exe no specs schtasks.exe no specs schtasks.exe no specs mmc.exe no specs mmc.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2036
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imageres.dll
c:\users\admin\desktop\blackchecker.exe
c:\users\admin\desktop\system.valuetuple.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\devicecenter.dll
c:\windows\system32\tquery.dll
c:\windows\system32\mssvp.dll
c:\windows\system32\mapi32.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\program files\microsoft office\office14\mapishell.dll
c:\windows\system32\mmc.exe
c:\program files\microsoft office\office14\1033\mapishellr.dll
c:\windows\system32\wpdshext.dll

PID
3908
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\blackchecker.exe
c:\users\admin\desktop\yamldotnet.dll
c:\users\admin\desktop\xnet-ameliorated.dll
c:\users\admin\desktop\system.valuetuple.dll
c:\users\admin\desktop\newtonsoft.json.dll
c:\windows\system32\notepad.exe
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
2596
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\3.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\notepad.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2684
CMD
"C:\Users\admin\Desktop\BlackChecker.exe"
Path
C:\Users\admin\Desktop\BlackChecker.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\blackchecker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\rpcrtremote.dll

PID
1344
CMD
"C:\Users\admin\Desktop\BlackChecker.exe"
Path
C:\Users\admin\Desktop\BlackChecker.exe
Indicators
Parent process
BlackChecker.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\blackchecker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll

PID
2892
CMD
"schtasks.exe" /create /f /tn "TCP Monitor" /xml "C:\Users\admin\AppData\Local\Temp\tmpC6BD.tmp"
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
BlackChecker.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll

PID
2292
CMD
"schtasks.exe" /create /f /tn "TCP Monitor Task" /xml "C:\Users\admin\AppData\Local\Temp\tmpC74A.tmp"
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
BlackChecker.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll

PID
880
CMD
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
Path
C:\Windows\system32\mmc.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
Microsoft Management Console
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\mmc.exe
c:\systemroot\system32\ntdll.dll

PID
3432
CMD
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
Path
C:\Windows\system32\mmc.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft Management Console
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\mmc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mmcbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\duser.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\dui70.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmcndmgr.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\version.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\apphelp.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\sxs.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mmcex\6d4bacfd54e8f79763945bee5a50711d\mmcex.ni.dll
c:\windows\assembly\gac_msil\mmcfxcommon\3.0.0.0__31bf3856ad364e35\mmcfxcommon.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mmcfxcommon\18e41c018ceff36c2512d12f570f0be7\mmcfxcommon.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.managemen#\630257a0b042768c2e3104a36559c1a9\microsoft.managementconsole.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\taskscheduler\99797e9500ed7bfa6b06063e7f017313\taskscheduler.ni.dll
c:\windows\assembly\gac_msil\miguicontrols\1.0.0.0__31bf3856ad364e35\miguicontrols.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\miguicontrols\569e273efda8306ec7e22143d5285476\miguicontrols.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\custommarshalers\bf7e7494e75e32979c7824a07570a8a9\custommarshalers.ni.dll
c:\windows\assembly\gac_32\custommarshalers\2.0.0.0__b03f5f7f11d50a3a\custommarshalers.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\riched20.dll

Registry activity

Total events
2267
Read events
2058
Write events
209
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
a
WinRAR.exe
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
MRUList
a
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\JvaENE\JvaENE.rkr
0000000000000000000000005A540000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000040000000300000012D500000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
2036
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2036
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0000000001000000070000000200000006000000030000000500000004000000FFFFFFFF
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\Qrfxgbc\OynpxPurpxre.rkr
00000000010000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF0085F99355F3D40100000000
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000050000000300000012D500000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
2036
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ApplicationDestinations
MaxEntries
15
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc\OpenWithProgids
MSCFile
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.NhgbTrarengrq.{15962175-7QSP-O1Q7-O0Q1-RO4P08SSQ754}
00000000030000000200000072430000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFFC0F46D1256F3D40100000000
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000060000000300000012D500000300000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D00000016720000000040ADD5022066210008682100C843D702387F2100640000002CD97D05FCE07D0540FC7D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0598C8DE0260DB7D0500000000A3010000FC0000000A0000002800000006000000E8DA7D05DAE28D75E3070000E0DA7D05E30704000F00060028000A00FC000A00C0F46D1256F3D40110DB7D0557C10C76FCDA7D0560DB7D0562C10C76E307040001000F000300000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D00000016720000000040ADD5022066210008682100C843D702387F2100640000002CD97D05FCE07D0540FC7D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0598C8DE0260DB7D0500000000A3010000FC0000000A0000002800000006000000E8DA7D05DAE28D75E3070000E0DA7D05E30704000F00060028000A00FC000A00C0F46D1256F3D40110DB7D0557C10C76FCDA7D0560DB7D0562C10C76E307040001000F000300000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D00000016720000000040ADD5022066210008682100C843D702387F2100640000002CD97D05FCE07D0540FC7D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0598C8DE0260DB7D0500000000A3010000FC0000000A0000002800000006000000E8DA7D05DAE28D75E3070000E0DA7D05E30704000F00060028000A00FC000A00C0F46D1256F3D40110DB7D0557C10C76FCDA7D0560DB7D0562C10C76E307040001000F00
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Gnfx Fpurqhyre.yax
00000000030000000000000002000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFFC0F46D1256F3D40100000000
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
HRZR_PGYFRFFVBA
000000000400000000000000030000000300000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000007D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0580D3DE0260DB7D0500000000A3010000FC0000000A0000002800000006000000E8DA7D05DAE28D75E3070000E0DA7D05E30704000F00060028000A00FC000A00C0F46D1256F3D40110DB7D0557C10C76FCDA7D0560DB7D0562C10C76E307040001000F000300000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000007D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0580D3DE0260DB7D0500000000A3010000FC0000000A0000002800000006000000E8DA7D05DAE28D75E3070000E0DA7D05E30704000F00060028000A00FC000A00C0F46D1256F3D40110DB7D0557C10C76FCDA7D0560DB7D0562C10C76E307040001000F000300000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000007D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0580D3DE0260DB7D0500000000A3010000FC0000000A0000002800000006000000E8DA7D05DAE28D75E3070000E0DA7D05E30704000F00060028000A00FC000A00C0F46D1256F3D40110DB7D0557C10C76FCDA7D0560DB7D0562C10C76E307040001000F00
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Flfgrz Gbbyf\Gnfx Fpurqhyre.yax
00000000030000000000000003000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFFC0F46D1256F3D40100000000
2036
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
HRZR_PGYFRFFVBA
000000000400000000000000040000000300000000000000030000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000007D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0580D3DE0260DB7D0500000000A301000020DB00005B00D023D0DA7D058291097620DB7D05D4DA7D0527950976000000000CD8DE02FCDA7D05CD9409760CD8DE02A8DB7D0580D3DE02E19409760000000080D3DE02A8DB7D0504DB7D050300000000000000030000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000007D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0580D3DE0260DB7D0500000000A301000020DB00005B00D023D0DA7D058291097620DB7D05D4DA7D0527950976000000000CD8DE02FCDA7D05CD9409760CD8DE02A8DB7D0580D3DE02E19409760000000080D3DE02A8DB7D0504DB7D050300000000000000030000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000007D05EDE05F7793740800FEFFFFFFE72F6377822E6377B8F9087633020000860000007BB11672000000001050DC0720662100F8672100D85E5703987D21005700000078D97D0534E17D0540FC7D05EDE05F7793740800000000001CDA7D05399CF576D043D7028002000080000000310000005046D702D043D70240DA7D05DE9CF576D043D70200000000B102000008000000B902000048DA7D0533020000C843D70270DA7D0543190976FB45D70260B4BE0786000000C843D702B065570333020000B8F90876460C00000C5E6E018CDA7D0533AB63770CE26F50010C0000102700000E000000C7540200C0DA7D05F8AA6377C75402000C5E6E01E0DA7D0580D3DE0260DB7D0500000000A301000020DB00005B00D023D0DA7D058291097620DB7D05D4DA7D0527950976000000000CD8DE02FCDA7D05CD9409760CD8DE02A8DB7D0580D3DE02E19409760000000080D3DE02A8DB7D0504DB7D05
3908
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3908
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2596
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\3.zip
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2596
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2596
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
2684
BlackChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TCP Monitor
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\TCP Monitor\tcpmon.exe
2684
BlackChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2684
BlackChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1344
BlackChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TCP Monitor
C:\Program Files\TCP Monitor\tcpmon.exe
3432
mmc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}
HelpTopic
C:\Windows\Help\taskscheduler.chm
3432
mmc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}
LinkedHelpTopics
C:\Windows\Help\taskscheduler.chm

Files activity

Executable files
7
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
1344
BlackChecker.exe
C:\Program Files\TCP Monitor\tcpmon.exe
executable
MD5: 686699c9def6acfb944259d4a8a7593a
SHA256: fed4f6f706df0ca5f9d5f7af6f6b6a14e38f3cdd0653c271f9d84cff4820bf52
2036
explorer.exe
C:\Users\admin\Desktop\System.ValueTuple.dll
executable
MD5: 8c9424e37a28db7d70e7d52f0df33cf8
SHA256: e4774aead2793f440e0ced6c097048423d118e0b6ed238c6fe5b456acb07817f
2036
explorer.exe
C:\Users\admin\Desktop\YamlDotNet.dll
executable
MD5: e7daef5f6b6a24951cff560293d2364b
SHA256: 70e6cc1ad50870d43c24bd697c1bfee97ee19ee22abb517af1ea2a7724205f0d
2036
explorer.exe
C:\Users\admin\Desktop\xNet-Ameliorated.dll
executable
MD5: 44d7396d8b6fbd8f1e9ff4d0278bb767
SHA256: 16ea0eab1ffe6b3b05abf1b04baa7c2695885795c5bfecb6cfcfa595a0fa7b30
2036
explorer.exe
C:\Users\admin\Desktop\Newtonsoft.Json.dll
executable
MD5: 5afda7c7d4f7085e744c2e7599279db3
SHA256: f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
2036
explorer.exe
C:\Users\admin\Desktop\BlackChecker.exe
executable
MD5: 686699c9def6acfb944259d4a8a7593a
SHA256: fed4f6f706df0ca5f9d5f7af6f6b6a14e38f3cdd0653c271f9d84cff4820bf52
2684
BlackChecker.exe
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\TCP Monitor\tcpmon.exe
executable
MD5: 686699c9def6acfb944259d4a8a7593a
SHA256: fed4f6f706df0ca5f9d5f7af6f6b6a14e38f3cdd0653c271f9d84cff4820bf52
2036
explorer.exe
C:\Users\admin\Desktop\lists
––
MD5:  ––
SHA256:  ––
2684
BlackChecker.exe
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\run.dat
text
MD5: b00f949967daab7cfa491eae04d55fd9
SHA256: 3fd9e0b21df9959be82a453945c9743c8584ab96a9b472c004a618f6affab36c
2036
explorer.exe
C:\Users\admin\Desktop\HOW TO USE.txt
text
MD5: 6111ff856d9c02a1a3f0e7d48fac1af3
SHA256: c3f4388df56c46e7cef1e08b09f03ac261f2eca457f247bec91c2221c5189033
1344
BlackChecker.exe
C:\Users\admin\AppData\Local\Temp\tmpC6BD.tmp
xml
MD5: 660589342d7479e537a6c50b2586c2ab
SHA256: 420b8fc446a5efadb5bacc2b9d625a0b643a73cc2e317e39bad17993590c2f13
2036
explorer.exe
C:\Users\admin\Desktop\results
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\YamlDotNet.dll
––
MD5:  ––
SHA256:  ––
2036
explorer.exe
C:\Users\admin\Desktop\configuration
––
MD5:  ––
SHA256:  ––
1344
BlackChecker.exe
C:\Users\admin\AppData\Local\Temp\tmpC74A.tmp
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\System.ValueTuple.dll
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\xNet-Ameliorated.dll
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\Newtonsoft.Json.dll
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\BlackChecker.exe
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\HOW TO USE.txt
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\configuration\license.txt
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\configuration\settings.yml
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\lists\email-providers.txt
––
MD5:  ––
SHA256:  ––
2596
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2596.19765\lists\og-names.txt
––
MD5:  ––
SHA256:  ––
1344
BlackChecker.exe
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\task.dat
text
MD5: 7e35f7a1d7095f6ec6d24622f60c8c47
SHA256: 617c1dff8511e273034762852fb9ad19bd61719722a80c69a30124721ca999a8

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
17
DNS requests
0
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
1344 BlackChecker.exe 69.143.168.108:4445 Comcast Cable Communications, LLC US unknown

DNS requests

No DNS requests.

Threats

No threats detected.

Debug output strings

Process Message
mmc.exe ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn