General Info

File name

Adobe Photoshop_24_242.exe

Full analysis
https://app.any.run/tasks/f24dab6d-5686-4623-9744-e65de677e533
Verdict
Malicious activity
Analysis date
6/12/2019, 10:53:58
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

adware

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

d8f704b2f289171737a56c50357cfb52

SHA1

cc5627c8a1223e58a04363a5d14e5df2a1364f7e

SHA256

0b0f2c452ed06229e6f9ddb58d5f72230d140f3db348cbb83ce85a8ddb292c23

SSDEEP

98304:sODn6E6vnzaUbRnW4aeQ7bWWkhdVbmt4QI5zEKKJA7/fYMnkOBPde:sQn6EGzaGW7eQ7Mbbm2zEKp7dkOBQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Connects to CnC server
  • Adobe Photoshop_24_242.exe (PID: 3180)
  • MiniThunderPlatform.exe (PID: 1040)
Changes settings of System certificates
  • Adobe Photoshop_24_242.exe (PID: 3180)
Loads dropped or rewritten executable
  • MiniThunderPlatform.exe (PID: 1040)
  • Adobe Photoshop_24_242.exe (PID: 3180)
Application was dropped or rewritten from another process
  • MiniThunderPlatform.exe (PID: 1040)
Executed via COM
  • explorer.exe (PID: 3672)
Adds / modifies Windows certificates
  • Adobe Photoshop_24_242.exe (PID: 3180)
Creates files in the user directory
  • Adobe Photoshop_24_242.exe (PID: 3180)
Low-level read access rights to disk partition
  • MiniThunderPlatform.exe (PID: 1040)
Reads internet explorer settings
  • Adobe Photoshop_24_242.exe (PID: 3180)
Creates files in the program directory
  • MiniThunderPlatform.exe (PID: 1040)
Executable content was dropped or overwritten
  • Adobe Photoshop_24_242.exe (PID: 3180)
Reads settings of System Certificates
  • Adobe Photoshop_24_242.exe (PID: 3180)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   InstallShield setup (54.3%)
.exe
|   Win64 Executable (generic) (34.8%)
.exe
|   Win32 Executable (generic) (5.6%)
.exe
|   Generic Win/DOS Executable (2.5%)
.exe
|   DOS Executable Generic (2.5%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:05:30 03:46:35+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
1655808
InitializedDataSize:
4364800
UninitializedDataSize:
null
EntryPoint:
0x153174
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.2
ProductVersionNumber:
1.0.0.2
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Chinese (Simplified)
CharacterSet:
Windows, Chinese (Simplified)
Comments:
downer for windows
FileDescription:
downer for windows
FileVersion:
1
InternalName:
downloader.exe
LegalCopyright:
Copyright ? 2018 - 2019 xiao T
OriginalFileName:
downloader.exe
ProductName:
downer for windows
ProductVersion:
1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
30-May-2019 01:46:35
Detected languages
Chinese - PRC
English - United States
Debug artifacts
d:\work\yxbox\trunk\bin\Win32\Release\Patch\downloader2\RAR压缩_24_197.pdb
Comments:
downer for windows
FileDescription:
downer for windows
FileVersion:
1.0
InternalName:
downloader.exe
LegalCopyright:
Copyright ? 2018 - 2019 xiao T
OriginalFilename:
downloader.exe
ProductName:
downer for windows
ProductVersion:
1.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
30-May-2019 01:46:35
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0019421F 0x00194400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.38163
.rdata 0x00196000 0x00044FA6 0x00045000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.8927
.data 0x001DB000 0x00012080 0x0000B000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.14927
.rsrc 0x001EE000 0x003C217C 0x003C2200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.8767
.reloc 0x005B1000 0x0001761C 0x00017800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 4.69443
Resources
1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

100

102

103

128

129

130

131

132

133

134

136

137

138

140

141

158

160

163

164

165

166

167

168

169

170

171

172

173

174

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

3841

3842

3843

3857

3858

3859

3860

3865

3866

3867

3868

3869

3887

30721

30734

30977

30994

30996

30998

30999

31000

31001

31002

31003

31004

31005

31006

31007

31008

31009

31010

31011

Imports
    WININET.dll

    VERSION.dll

    PSAPI.DLL

    KERNEL32.dll

    USER32.dll

    GDI32.dll

    COMDLG32.dll

    WINSPOOL.DRV

    ADVAPI32.dll

    SHELL32.dll

    COMCTL32.dll

    SHLWAPI.dll

    ole32.dll

    OLEAUT32.dll

    oledlg.dll

    urlmon.dll

    gdiplus.dll

    IPHLPAPI.DLL

    NETAPI32.dll

    snmpapi.dll

    WS2_32.dll

    OLEACC.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
41
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start adobe photoshop_24_242.exe no specs adobe photoshop_24_242.exe minithunderplatform.exe explorer.exe no specs explorer.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2856
CMD
"C:\Users\admin\AppData\Local\Temp\Adobe Photoshop_24_242.exe"
Path
C:\Users\admin\AppData\Local\Temp\Adobe Photoshop_24_242.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
downer for windows
Version
1.0
Modules
Image
c:\users\admin\appdata\local\temp\adobe photoshop_24_242.exe
c:\systemroot\system32\ntdll.dll

PID
3180
CMD
"C:\Users\admin\AppData\Local\Temp\Adobe Photoshop_24_242.exe"
Path
C:\Users\admin\AppData\Local\Temp\Adobe Photoshop_24_242.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Description
downer for windows
Version
1.0
Modules
Image
c:\users\admin\appdata\local\temp\adobe photoshop_24_242.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\xldl.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\minithunderplatform.exe
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
1040
CMD
"C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\MiniThunderPlatform.exe" -StartTP
Path
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\MiniThunderPlatform.exe
Indicators
Parent process
Adobe Photoshop_24_242.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
深圳市迅雷网络技术有限公司
Description
迅雷云加速开放平台
Version
3.2.1.20
Modules
Image
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\minithunderplatform.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\msvcp71.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\msvcr71.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\dl_peer_id.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\xlbughandler.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\download_engine.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\atl71.dll
c:\users\admin\appdata\local\temp\yxminitp\eyz3w\download\zlib1.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sensapi.dll

PID
3572
CMD
"C:\Windows\explorer.exe" /select, C:\Users\admin\AppData\Local\Temp\.txt
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
Adobe Photoshop_24_242.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

PID
3672
CMD
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\imageres.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\mpr.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\ehstorapi.dll
c:\users\admin\appdata\local\temp\adobe photoshop_24_242.exe

Registry activity

Total events
837
Read events
755
Write events
82
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASAPI32
EnableFileTracing
0
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASAPI32
EnableConsoleTracing
0
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASAPI32
FileTracingMask
4294901760
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASAPI32
ConsoleTracingMask
4294901760
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASAPI32
MaxFileSize
1048576
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASAPI32
FileDirectory
%windir%\tracing
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASMANCS
EnableFileTracing
0
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASMANCS
EnableConsoleTracing
0
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASMANCS
FileTracingMask
4294901760
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASMANCS
ConsoleTracingMask
4294901760
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASMANCS
MaxFileSize
1048576
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Adobe Photoshop_24_242_RASMANCS
FileDirectory
%windir%\tracing
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Youxun\stat
year
2019
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Youxun\stat
month
6
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Youxun\stat
day
12
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3180
Adobe Photoshop_24_242.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3180
Adobe Photoshop_24_242.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3180
Adobe Photoshop_24_242.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
1040
MiniThunderPlatform.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASAPI32
EnableFileTracing
0
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASAPI32
EnableConsoleTracing
0
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASAPI32
FileTracingMask
4294901760
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASAPI32
ConsoleTracingMask
4294901760
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASAPI32
MaxFileSize
1048576
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASAPI32
FileDirectory
%windir%\tracing
1040
MiniThunderPlatform.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1040
MiniThunderPlatform.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASMANCS
EnableFileTracing
0
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASMANCS
EnableConsoleTracing
0
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASMANCS
FileTracingMask
4294901760
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASMANCS
ConsoleTracingMask
4294901760
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASMANCS
MaxFileSize
1048576
1040
MiniThunderPlatform.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MiniThunderPlatform_RASMANCS
FileDirectory
%windir%\tracing
1040
MiniThunderPlatform.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1040
MiniThunderPlatform.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3672
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3672
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0100000000000000070000000200000006000000030000000500000004000000FFFFFFFF
3672
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
MRUListEx
0000000002000000010000000400000003000000FFFFFFFF
3672
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Locked
1
3672
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\39\Shell
SniffedFolderType
Generic
3672
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3672
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3672
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US

Files activity

Executable files
11
Suspicious files
7
Text files
36
Unknown types
0

Dropped files

PID
Process
Filename
Type
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\zlib1.dll
executable
MD5: 89f6488524eaa3e5a66c5f34f3b92405
SHA256: bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\msvcr71.dll
executable
MD5: ca2f560921b7b8be1cf555a5a18d54c3
SHA256: c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\XLBugHandler.dll
executable
MD5: 92154e720998acb6fa0f7bad63309470
SHA256: 1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\minizip.dll
executable
MD5: 7fd4f79aca0b09fd3a60841a47ca96e7
SHA256: fc10c877e2bcfab35758446a72a8db704d8e8455470d65a6de5492c10c8d6786
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\msvcp71.dll
executable
MD5: a94dc60a90efd7a35c36d971e3ee7470
SHA256: 6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\dl_peer_id.dll
executable
MD5: dba9a19752b52943a0850a7e19ac600a
SHA256: 69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\atl71.dll
executable
MD5: 79cb6457c81ada9eb7f2087ce799aaa7
SHA256: a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\xldl.dll
executable
MD5: 9ca496db44ca38d887280248ea65a48a
SHA256: 5d7eb8bf305efd43d6b016b71d98c886d6376909b2b64fea79d780331c5cc535
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\MiniThunderPlatform.exe
executable
MD5: 40aa3147c860babca156b0ec134b3f99
SHA256: 6415beef5dab987511b8356c71b4f19c2e8462ce60d30283a15433b75b62e28b
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\XLBugReport.exe
executable
MD5: 67c767470d0893c4a2e46be84c9afcbb
SHA256: 64f8d68cc1cfc5b9cc182df3becf704af93d0f1cc93ee59dbf682c75b6d4ffc0
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\download_engine.dll
executable
MD5: 9c1fa91497ac88c3670601720327c34e
SHA256: b6c358930935c55a458e4d008f68837522ec910396762402afea68c60897907d
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\lib\js\background.js
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\css\popup.css
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\css\main.css
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\css\branch.css
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0.zip
compressed
MD5: 3ba47c0c3160004b8eedd98d2539af7a
SHA256: 6ecd9079d0f9d1c527da2c55ea56bd5e5e1e566e7ca8e140e0e078543f243dff
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\123.zip
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\HlJhf.7z
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\EyZ3w.7z
––
MD5:  ––
SHA256:  ––
1040
MiniThunderPlatform.exe
C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNDE=\Version_3_2_1_20\Profiles\stat.dat
text
MD5: 05c9263ae0d1bef5e212f82615744bbb
SHA256: 55e54d7a7411f737ce0cb2f1b6643eadf01e9511830856c6859612b2994115d6
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\.txt
text
MD5: 47a18db555d3c32e226c2a9459467dcf
SHA256: dc08d7ca673129b88ceb4050519553d142cb2315311a06290c285502afc18ca3
1040
MiniThunderPlatform.exe
C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNDE=\038U
compressed
MD5: f96b8fe4dcff1f91f2baac0b7eba2d15
SHA256: 5ba9c439600ecead4d137f9f8f9f0818de311570b288e21217b79f6eb56f1994
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 6e59bb2a4c3bad6eb98d7c4e651a07c4
SHA256: 5bde57c74c0c74080d0012afdc70e9d13981328a588fda2326c1da4fca6c0e14
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 75dd55285b0236b5cd44036bd9e55820
SHA256: f5fc137174dbf042b890eb5a45ea1fcecc11864bfaadc714a8617044a5519602
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\z_stat[1].php
text
MD5: 0fbc948091d029ce2a4d43719c8489c5
SHA256: fa1403f4f8d0373842daf2e8cae5e522a0fc79bc500311fecb96a1f4b4c3552d
1040
MiniThunderPlatform.exe
C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNDE=\Version_3_2_1_20\Profiles\asyn_frame.dat
text
MD5: 2a357a037c7c31e99344e8e3cd768b55
SHA256: 0cdf89d5e96523d7df62daadd7084299975d8f0e9312f5ff1f71bf9382b7cbaf
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\0105-4[1].gif
image
MD5: 37741383e9c4bb02181ac8264e62c15a
SHA256: f00e028cb9c4af9a55fb0f9d443cc3530c2ca93ca5fb6b25af1e867f3ba78987
1040
MiniThunderPlatform.exe
C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNDE=\Version_3_2_1_20\Profiles\asyn_frame.dat
text
MD5: 4de2d96fdc186dbc8fe298f46d1af98d
SHA256: 12e7c583982438fe38fedff8a1f1273c93d605b02be5ceb79bdcc2bcd4bfe533
1040
MiniThunderPlatform.exe
C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNDE=\Version_3_2_1_20\Profiles\asyn_frame.dat
text
MD5: eefd1009272ef5082b0890201714d0b5
SHA256: fc7479d7591f398846e206bb56390e8a4c4a7808d9687a3ba7296f7467bff597
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\index_az_11[1].htm
html
MD5: 9b910a45ac0ccc06f0c378e186ffd6b7
SHA256: 0b214aaa61bf87eb61293ce7060f8e21b765dee412e45d82a23f01b45d55be9d
1040
MiniThunderPlatform.exe
C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
text
MD5: e350610e85abbd7a2177eaec31e1772e
SHA256: 6143899bebfb242eabf0f466291d9a289ea555875f323904940b68a1e61186f6
1040
MiniThunderPlatform.exe
C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNDE=\Version_3_2_1_20\Profiles\error.dat
text
MD5: 75eda0dba07d209f665d0cb43fc8262e
SHA256: 2c9fed110f7f6a9a94b7119c8f289e3003d83793457e7b8f77bc20541e226524
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\sgex.db
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\manifest.json
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\main.7z
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\logo\logo_48.png
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\pluginfos.json
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\logo\logo_16.png
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\download\id.dat
text
MD5: a8dace414756aba24a3e4ba2ce4f3e5f
SHA256: d57e1b0ea65a5f811847d70168fc6d4fd110cf21814699b22bf52303ee618de9
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\lib\js\score.js
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\logo\logo_128.png
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\lib\js\jquery-1.10.1.min.js
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\lib\js\branch.js
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\lib\background.html
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\yxMiniTp\EyZ3w\engin.zip
––
MD5:  ––
SHA256:  ––
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\box_520x240[1].htm
html
MD5: ca9f5cd82f45f05866998d8b423caadc
SHA256: c88a0b1bf669ef63bdbefb0b124557c133a8c85476a6a4e88b819db5b381d1db
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\getentity[1].txt
text
MD5: 1f081f525e9fcb8783870e15a0c471bd
SHA256: 4e823e6cba2d7bc0659c062e87c850273f2535daf1120faaafdb5e7194efbfad
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\新建文件夹\down.7z
compressed
MD5: 0aaf1208e98404376293f655a5a81a36
SHA256: 503a69b4da7364380dfc09f91a7b1860f8b7a9b1467bfc7919f8f794f59e3934
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\新建文件夹\2.7z
compressed
MD5: 0d5dd5003e01c58cc9b46b9cee7998fb
SHA256: fcc0a8543c3ea878110fc71e97c627cffa2dc217603c56d464c385579693627d
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\新建文件夹\down1.7z
compressed
MD5: cb0ea7c0d52b80448f32abc5da524479
SHA256: aba772ae4bd5ed7f47fe8dd8dad6ec76809bba0ebd9ea96a2382a3855b187289
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\新建文件夹\down.zip
compressed
MD5: b107ae30ecbaf944ddab4540667d90e9
SHA256: a2af856323f94ad48b5308cc3a46d0c4dd87bb1299efa8e82d7d0817a2266a28
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\新建文件夹\新建文件夹\down.7z
compressed
MD5: 6be83b7ca27bfd08c891cc2b51940a9f
SHA256: 031f03b8ea3cae71eb8bac4a05333ee0523ef48279f61fee5e20c6bb6cfc46cc
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\tmall.ico
image
MD5: ada90e066218879f7a2ba9ddbc2a8c3c
SHA256: 28f510fef2b0f562c33a43362a9ebee73a16eb759514854e83e3b8eee04501bf
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\toutiao.ico
image
MD5: 73eb4204050d42f198d28f9c187111ca
SHA256: 950279ed6a431ba3df74ab60cd2a6294d7720059d2911a7d03c605a928f00719
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\temai.ico
image
MD5: 6ed6686c133ba3159d89aad6b6a4ee10
SHA256: 63403102ba0c06b6cb9918d66dd8a888bf2716ac4da49e1f84a4655b28a8e2f6
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\shipin.ico
image
MD5: 56db8fc68b28dcdc5e37fde17957ac13
SHA256: ce1725220a36dd26d78b7cd582a31aa65f0273d741a46e3d4d88c00196463769
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\tmmarket.ico
image
MD5: 5f8b47dc7a085e0a0d379a505310e23b
SHA256: b0d150d2c69a8f09b060ce9eaf19ec8c94d2fd5703a5f11cde6e48ea11cb9e27
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\zqcq.ico
image
MD5: 737acc426f531c567da35e2dbb25a6b1
SHA256: fca3b0257f18b5f4582d809682ab25263606f7bf04a59577b30a5ede70f81275
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\wangzdh.ico
image
MD5: d88c1d43fc223677a1e6019998a531b3
SHA256: cb843ca33dc0fc3f6503e0c270487dfc7f9cc61b91983a1d736f47ee81ba5b9a
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\cqsf.ico
image
MD5: 436fcdac987dd49bd5e664c5c283a209
SHA256: 2a85783774e2f7cfa6f480d4c3f437d934876d20fb46b42482297e000296e46d
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\cjsf.ico
image
MD5: 174107aab5ee6c13bce23d759aa27eb0
SHA256: 30267f79ca6faadeed541b29e956d7678904d9542c703aae2185904e86d6541d
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\baidu.ico
image
MD5: 861f227d99793baf229a5adf29a2e7dd
SHA256: 1441505511bfff6ef63584a3d3b6ce7086e427a16503818f1ca536617c856d9a
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\biantaisifu.ico
image
MD5: 88e669109cafa51f97bb489ed3c941f8
SHA256: 4833081d270150772d6ba6f1e6f538e3ae6c25bfd8b169e42096c1f5873711c1
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\jhs.ico
image
MD5: 4234a87aa111281f8af2c28f9dfbd468
SHA256: 499603368c57cbb188a3510b1e92344d02b54992b86a4906ae7e7cf061362684
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\lsqy_tb.ico
image
MD5: 2a03e678288929731a710d4a19d3fd1b
SHA256: 8973f18f0d4678f96049fa3e4c3d31bcedc4736dca127e471f97adb578cdfc5c
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\aitb.ico
image
MD5: 0b495875abcf45abf90385ad888cfc5c
SHA256: 7c92cd859e4deb5880418767277302f2ad9012d66008bf7a764a4ca5d1874beb
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\caipiao.ico
image
MD5: a3b545261150433e5673f571eb5319eb
SHA256: 29a7e0be47f90497c44624591aea444eea5411595899543c2659ac2c76f58de0
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Roaming\youxunbox\atb.ico
image
MD5: e5bb3c522a1ef4706d1815d415331eca
SHA256: fc8cb1f04664239f93a4ac7018123ca9a34d3fbbbe49b006bf2416a1e44da242
3180
Adobe Photoshop_24_242.exe
C:\Users\admin\AppData\Local\Temp\1.0.1.1_0\popup.html
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
16
TCP/UDP connections
20
DNS requests
27
Threats
16

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3180 Adobe Photoshop_24_242.exe GET 200 163.171.128.148:80 http://api.pcsoft.jshhdian.com/cgi/PCSoftInfo.ashx/pcsoft/getentity?id=242 US
text
malicious
3180 Adobe Photoshop_24_242.exe GET –– 163.171.128.148:80 http://ggstats.yb.jshhdian.com/pinforesults.do?sc=%3DFUQmS3ck6XanRkNgSXZwync4AHaA13cza3ZnRXZwync4AHaA13czanKxFUQ16XewOnKnGXM1BUMiSUMxBUM1VUMzVUQkGXcnFUQlm3d US
––
––
whitelisted
3180 Adobe Photoshop_24_242.exe GET 200 163.171.132.119:80 http://dw.jshhdian.com/xiazaiqi/box_520x240.html US
html
malicious
3180 Adobe Photoshop_24_242.exe GET 200 119.28.47.147:80 http://api.pcsoft.70gj.cn/cgi/PCSoftInfo.ashx/pcsoft/countdo?sc=5lkO6J0NxZUOy1UaumHenRkNgSXZwync4AHaARXbuAndnajN1JUQlmnKAl2WaSYVF2FeGelU1GFSOSYVV6FeKSmUA53d CN
text
malicious
3180 Adobe Photoshop_24_242.exe GET 200 182.118.46.58:80 http://sdmv.wxyxch.cn/Install/0105-4.gif CN
image
malicious
1040 MiniThunderPlatform.exe POST 401 123.129.242.221:80 http://123.129.242.221:80/ CN
binary
html
malicious
1040 MiniThunderPlatform.exe POST –– 163.177.79.152:80 http://163.177.79.152:80/ CN
binary
––
––
malicious
1040 MiniThunderPlatform.exe POST 200 121.9.209.165:80 http://121.9.209.165:80/ CN
binary
binary
unknown
1040 MiniThunderPlatform.exe POST 200 47.92.195.246:80 http://47.92.195.246:80/ CN
binary
binary
unknown
1040 MiniThunderPlatform.exe POST –– 112.80.23.156:80 http://112.80.23.156:80/ CN
binary
––
––
malicious
1040 MiniThunderPlatform.exe GET –– 122.143.23.180:80 http://down10.zol.com.cn/it/Adobe0PhotoshopCS6.zip CN
––
––
suspicious
1040 MiniThunderPlatform.exe POST –– 153.37.209.8:80 http://153.37.209.8:80/ CN
binary
––
––
malicious
3180 Adobe Photoshop_24_242.exe GET 200 163.171.132.119:80 http://dw.jshhdian.com/post/index_az_22.html US
html
malicious
3180 Adobe Photoshop_24_242.exe GET 200 163.171.128.148:80 http://ggstats.yb.jshhdian.com/noencrypt_count.do?from=download&cfrom=download_24&type_show=&type_selected=&type_down_succ=&type_install_succ=&sn=52-54-00-4a-04-af&&time=1560329711 US
text
whitelisted
3180 Adobe Photoshop_24_242.exe GET 200 163.171.128.148:80 http://ggstats.yb.jshhdian.com/pinforesults.do?sc=%3D%3DRNAVHawOncmajfiOnfg63ewSHf62UcwKoakaTauG3a5mYQuAndnaDNy1EevW4ckajai2DOx1TZ11DNx1DO21jN210Zi2nK1FUQlm3d US
text
whitelisted
–– –– GET 200 171.11.231.39:80 http://bapo.granudan.cn/Install/xzqnewp.ini CN
binary
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3180 Adobe Photoshop_24_242.exe 163.171.128.148:80 US malicious
3180 Adobe Photoshop_24_242.exe 163.171.132.119:80 US malicious
–– –– 119.28.47.147:80 Tencent Cloud Computing (Beijing) Co., Ltd CN unknown
3180 Adobe Photoshop_24_242.exe 182.118.46.58:80 CHINA UNICOM China169 Backbone CN malicious
1040 MiniThunderPlatform.exe 119.188.108.12:8000 CHINA UNICOM China169 Backbone CN malicious
1040 MiniThunderPlatform.exe 112.80.23.156:80 CHINA UNICOM China169 Backbone CN malicious
1040 MiniThunderPlatform.exe 153.37.209.8:80 CHINA UNICOM China169 Backbone CN malicious
3180 Adobe Photoshop_24_242.exe 222.85.26.209:443 No.31,Jin-rong Street CN unknown
1040 MiniThunderPlatform.exe 123.129.242.221:80 CHINA UNICOM China169 Backbone CN malicious
1040 MiniThunderPlatform.exe 163.177.79.152:80 China Unicom Guangdong IP network CN malicious
1040 MiniThunderPlatform.exe 121.9.209.165:80 CHINANET Guangdong province network CN unknown
1040 MiniThunderPlatform.exe 47.92.195.246:80 Hangzhou Alibaba Advertising Co.,Ltd. CN unknown
3180 Adobe Photoshop_24_242.exe 222.85.26.208:443 No.31,Jin-rong Street CN unknown
1040 MiniThunderPlatform.exe 122.143.23.180:80 CHINA UNICOM China169 Backbone CN suspicious
3180 Adobe Photoshop_24_242.exe 203.119.206.97:443 CN unknown
–– –– 171.11.231.39:80 No.31,Jin-rong Street CN unknown

DNS requests

Domain IP Reputation
api.pcsoft.jshhdian.com 163.171.128.148
malicious
ggstats.yb.jshhdian.com 163.171.128.148
whitelisted
dw.jshhdian.com 163.171.132.119
malicious
api.pcsoft.70gj.cn 119.28.47.147
unknown
sdmv.wxyxch.cn 182.118.46.58
171.11.231.39
171.11.231.37
malicious
hub5pn.hz.sandai.net 157.255.225.53
118.212.146.20
211.91.242.38
157.255.225.49
61.135.179.35
211.91.242.37
61.135.179.34
58.144.251.1
153.3.232.174
118.212.146.21
58.144.251.2
153.3.232.175
unknown
hub5pnc.hz.sandai.net 119.188.108.12
119.188.108.56
malicious
hub5u.hz.sandai.net 47.92.34.184
47.92.75.245
unknown
s13.cnzz.com 222.85.26.209
222.85.26.208
unknown
relay.phub.hz.sandai.net 121.9.209.192
unknown
hub5c.hz.sandai.net 112.87.43.228
153.37.209.7
123.129.242.227
153.37.209.8
123.129.242.226
112.87.43.227
123.129.242.250
123.129.242.221
malicious
pmap.hz.sandai.net 112.80.23.156
malicious
hub5idx.shub.hz.sandai.net 153.37.209.8
123.129.242.226
123.129.242.221
112.87.43.227
153.37.209.7
123.129.242.227
112.87.43.228
123.129.242.250
malicious
hub5pr.hz.sandai.net 47.92.195.246
47.92.39.6
47.92.125.145
47.92.169.85
47.92.171.207
47.92.194.216
unknown
imhub5pr.hz.sandai.net 121.9.209.165
121.9.209.150
121.9.209.160
unknown
score.phub.hz.sandai.net 163.177.79.152
malicious
down10.zol.com.cn 122.143.23.180
suspicious
c.cnzz.com 222.85.26.208
222.85.26.209
unknown
z7.cnzz.com 203.119.206.97
whitelisted
hubstat.hz.sandai.net No response malicious
bapo.granudan.cn 171.11.231.39
182.118.46.58
171.11.231.37
malicious

Threats

PID Process Class Message
1040 MiniThunderPlatform.exe Misc activity ADWARE [PTsecurity] Win32.Downloader (Sogou/Chindo)
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
3180 Adobe Photoshop_24_242.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Misc activity ADWARE [PTsecurity] Win32.Downloader (Sogou/Chindo)
1040 MiniThunderPlatform.exe Misc activity ADWARE [PTsecurity] Win32.Downloader (Sogou/Chindo)
1040 MiniThunderPlatform.exe Misc activity ADWARE [PTsecurity] Win32.Downloader (Sogou/Chindo)
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
1040 MiniThunderPlatform.exe Generic Protocol Command Decode SURICATA STREAM CLOSEWAIT FIN out of window
3180 Adobe Photoshop_24_242.exe Misc activity ADWARE [PTsecurity] PUA.RiskWare.Youxun Checkin

1 ETPRO signatures available at the full report

Debug output strings

No debug info.