General Info

File name

tf2game.zip

Full analysis
https://app.any.run/tasks/bbdd7626-af1e-4bc8-a9ce-4e93165f5ffd
Verdict
Malicious activity
Analysis date
14/01/2022, 20:42:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

1e90f32671037a25894b21037f00619b

SHA1

6d0cd472ae61d9366162a30df7bdb6109ecad858

SHA256

10cf455d7b1863f8aa40e0e8355326961ea28e3f9d362c8448408c7b7039ee2a

SSDEEP

6144:/DjamHy7qfanG++ySOd5621pMZxJ0NYtimyD/7/S2Dy596R6X//TYWqW:/D3KqfanGhgLvw0NYtHyPM596R6XwW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • setup.exe (PID: 2788)
  • setup.exe (PID: 1084)
Actions looks like stealing of personal data
  • WinRAR.exe (PID: 3336)
Reads the computer name
  • setup.exe (PID: 2788)
  • WinRAR.exe (PID: 3336)
  • setup.exe (PID: 1084)
  • dfsvc.exe (PID: 420)
Checks supported languages
  • WinRAR.exe (PID: 3336)
  • setup.exe (PID: 2788)
  • dfsvc.exe (PID: 420)
  • setup.exe (PID: 1084)
Uses RUNDLL32.EXE to load library
  • WinRAR.exe (PID: 3336)
Executable content was dropped or overwritten
  • setup.exe (PID: 2788)
  • WinRAR.exe (PID: 3336)
  • setup.exe (PID: 1084)
Drops a file with a compile date too recent
  • WinRAR.exe (PID: 3336)
Drops a file that was compiled in debug mode
  • setup.exe (PID: 2788)
  • WinRAR.exe (PID: 3336)
  • setup.exe (PID: 1084)
Checks supported languages
  • rundll32.exe (PID: 496)
Reads settings of System Certificates
  • setup.exe (PID: 2788)
  • setup.exe (PID: 1084)
Reads the computer name
  • rundll32.exe (PID: 496)
Checks Windows Trust Settings
  • setup.exe (PID: 2788)
  • setup.exe (PID: 1084)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2019:08:30 22:18:16
ZipCRC:
0x00000000
ZipCompressedSize:
null
ZipUncompressedSize:
null
ZipFileName:
tf2game/Application Files/

Screenshots

Processes

Total processes
41
Monitored processes
5
Malicious processes
2
Suspicious processes
2

Behavior graph

+
drop and start drop and start start winrar.exe setup.exe rundll32.exe no specs dfsvc.exe setup.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3336
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\tf2game.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imageres.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\riched20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\davhlpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\powrprof.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\wmasf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\samcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\dui70.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samlib.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\slc.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\imm32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\duser.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\drprov.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\users\admin\appdata\local\temp\rar$exa3336.9343\tf2game\setup.exe
c:\windows\system32\rundll32.exe
c:\users\admin\appdata\local\temp\rar$exa3336.12920\tf2game\setup.exe

PID
2788
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\setup.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
1603
Version:
Company
Description
Setup
Version
16.0.28315.86 built by: D16.0
Modules
Image
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\usp10.dll
c:\users\admin\appdata\local\temp\rar$exa3336.9343\tf2game\setup.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\user32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sfc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\normaliz.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devobj.dll
c:\windows\system32\riched20.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\webio.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\imagehlp.dll

PID
496
CMD
"rundll32.exe" dfshim.dll,ShOpenVerbApplication C:\Users\admin\AppData\Local\Temp\Rar$DIa3336.10851\tf2game.application
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\version.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\userenv.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\rsaenh.dll

PID
420
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
Indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
ClickOnce
Version
4.0.30319.34209 built by: FX452RTMGDR
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\gdi32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\ce11900fa489575613dc777c7fbb0d7d\system.drawing.ni.dll
c:\windows\system32\usp10.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.deployment\17ad11ad896adec5f9fbbe9c4dc2b80c\system.deployment.ni.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\kernel32.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\dfsvc\8a45f6b74acf0c603a3fe2f544bdc6f5\dfsvc.ni.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\ac38cb30c15eb9e4a54459ee01e9f8e6\system.windows.forms.ni.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\e0fea191b75897ec38735bfc31b89fe0\system.core.ni.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\microsoft.net\assembly\gac_msil\system.deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.deployment.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\7ece7799d670cdfc1393b98b0668a046\system.configuration.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\668bc5e53fd656dc16c9f40ea15e872e\system.xml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\sxs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\microsoft.net\framework\v4.0.30319\dfdll.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.security\4c1bdc03e699ab178db76a938fce6bc1\system.security.ni.dll

PID
1084
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\setup.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Setup
Version
16.0.28315.86 built by: D16.0
Modules
Image
c:\windows\system32\gdi32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\users\admin\appdata\local\temp\rar$exa3336.12920\tf2game\setup.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\riched20.dll
c:\windows\system32\devobj.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\advapi32.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\webio.dll
c:\windows\system32\fveui.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll

Registry activity

Total events
10230
Read events
0
Write events
126
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3336
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
2
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
1
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\tf2game.zip
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3336
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
@dfshim.dll,-200
ClickOnce Application Deployment Manifest
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
C1B990398709D801
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
C1B990398709D801
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2788
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2788
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
420
dfsvc.exe
delete key
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
(default)
420
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
ME15DG23ML56ABEJ0BWYBDR5
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
420
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
XVA6J5TPM5LZNG5N7J6KD62J
420
dfsvc.exe
write
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
ZNM7TV8JB4K7MJ4C131ZKJQJ
420
dfsvc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
A7F980508709D801
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
C1B990398709D801
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
A7F980508709D801
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A86499000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDetectedUrl
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
1084
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
LanguageList
en-US
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
Windows Update
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
Document Encryption
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
1084
setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust

Files activity

Executable files
9
Suspicious files
7
Text files
11
Unknown types
4

Dropped files

PID
Process
Filename
Type
1084
setup.exe
C:\Users\admin\AppData\Local\Temp\VSDC3D8.tmp\setup.exe
executable
MD5: 5ed8add314751f70f0711bdccf07bfc3
SHA256: 2598a03b3166af2ea55ad781bac7f847ab73abd314e1deffa921426546b5b671
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\setup.exe
executable
MD5: 5ed8add314751f70f0711bdccf07bfc3
SHA256: 2598a03b3166af2ea55ad781bac7f847ab73abd314e1deffa921426546b5b671
1084
setup.exe
C:\Users\admin\AppData\Local\Temp\VSDC3D8.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-CSY.exe
executable
MD5: ee421dbc1d7b158901bf274143490d4f
SHA256: c9320642ff888b118fbc63845102f793ff9e45f34d99a5dcaa8bedcad15fe873
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\Application Files\tf2game_1_0_0_0\tf2game.exe.deploy
executable
MD5: 1d6101202e0a6ae65d2c3d6cea7ae07e
SHA256: 2df0e11fd459d8b61f8d807d25c84df9806391e212047f91ca1567a8a5ae0ec3
2788
setup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\ndp472-kb4054530-x86-x64-allos-csy[1].exe
executable
MD5: ee421dbc1d7b158901bf274143490d4f
SHA256: c9320642ff888b118fbc63845102f793ff9e45f34d99a5dcaa8bedcad15fe873
2788
setup.exe
C:\Users\admin\AppData\Local\Temp\VSD3842.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-CSY.exe
executable
MD5: ee421dbc1d7b158901bf274143490d4f
SHA256: c9320642ff888b118fbc63845102f793ff9e45f34d99a5dcaa8bedcad15fe873
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\Application Files\tf2game_1_0_0_0\tf2game.exe.deploy
executable
MD5: 1d6101202e0a6ae65d2c3d6cea7ae07e
SHA256: 2df0e11fd459d8b61f8d807d25c84df9806391e212047f91ca1567a8a5ae0ec3
2788
setup.exe
C:\Users\admin\AppData\Local\Temp\VSD3842.tmp\setup.exe
executable
MD5: 5ed8add314751f70f0711bdccf07bfc3
SHA256: 2598a03b3166af2ea55ad781bac7f847ab73abd314e1deffa921426546b5b671
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\setup.exe
executable
MD5: 5ed8add314751f70f0711bdccf07bfc3
SHA256: 2598a03b3166af2ea55ad781bac7f847ab73abd314e1deffa921426546b5b671
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\tf2game.application
xml
MD5: 94620fb8d57aa76dba5bdc3485087680
SHA256: 286b98a0383c5f26684f881b04c3426bbd79bfae86dbd50adc69cb63c374756e
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\Application Files\tf2game_1_0_0_0\tf2game.exe.manifest
xml
MD5: b97a86c9e9a1ef7fcca975c003452850
SHA256: 5839143a6ed4d5e29e4e17bf11f9493c3983fb2ea4ffc40ae2ed3815a18e635b
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\Application Files\tf2game_1_0_0_0\tf2game.exe.config.deploy
xml
MD5: e44b6f93c65c87159d701ee8821227ee
SHA256: 543cb9fd5ad09e2f9148e6ffeae10c58c73a6c640469ad9ed9475e586f8a2b52
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0018BB1B5834735BFA60CD063B31956
der
MD5: f2ad82b5108e5dbfef4cb344505823f0
SHA256: 5738782b4fad90beca293376f16d1a6a2b00b18ce8f50aeeccfd480a7f4c02e0
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE
binary
MD5: bee7b75c130c5d2dfa776ceda2e7ae00
SHA256: 4ac0ce11470cddb67a69bb9c29c8ad91f23305bb1de2fa2ab13e521c9617d210
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.12920\tf2game\Application Files\tf2game_1_0_0_0\tf2game.application
xml
MD5: 94620fb8d57aa76dba5bdc3485087680
SHA256: 286b98a0383c5f26684f881b04c3426bbd79bfae86dbd50adc69cb63c374756e
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE
der
MD5: 7c13e2b4f2780cdde5523c304cca5015
SHA256: 365f401aa9abc00197c525989e6bd1dd131fc009ec547ac6230efc83adf6713b
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956
binary
MD5: aa276692302d611711faf0963d03e0ff
SHA256: cca90796d8202e9f24b1597243d25de82efd9ef9e8f449b0648ad55a2cd8615b
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F9C57C8B55E84B295CBBD8CF3D95BF44
der
MD5: ce02a0499711d1f1a3fcfc3c699a6c97
SHA256: 56da8722afd94066ffe1e4595473a4854892b843a0827d53fb7d8f4aeed1e18b
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F9C57C8B55E84B295CBBD8CF3D95BF44
binary
MD5: 8ca244a14bc9cd989ac84befc54d44fe
SHA256: 69d175b697c10bc6260bcb9d9b384c4d37288a83c35f4f5953cb77d5c1190a9a
2788
setup.exe
C:\Users\admin\AppData\Local\Temp\VSD3842.tmp\install.log
binary
MD5: 1ec6cffc90c7a44cc8b95ed7ca3d0fbf
SHA256: 6ebde9d54da21052d83e3e2ee3e5910248115599e23f4ec1634564db115cb28e
420
dfsvc.exe
C:\Users\admin\AppData\Local\Temp\Deployment\5M4GJRWR.YQX\GRCYCNVX.0GJ.application
xml
MD5: 94620fb8d57aa76dba5bdc3485087680
SHA256: 286b98a0383c5f26684f881b04c3426bbd79bfae86dbd50adc69cb63c374756e
420
dfsvc.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\NM66LF60.log
text
MD5: 0bb65d9ced9741e9b202faa77ed59781
SHA256: f91fcf4fb39e805145b33c76dcd90fc143fbaac0938713c85222ecbcf491ba37
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIa3336.10851\tf2game.application
xml
MD5: 94620fb8d57aa76dba5bdc3485087680
SHA256: 286b98a0383c5f26684f881b04c3426bbd79bfae86dbd50adc69cb63c374756e
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: e74cacc4e2b6a95356cf0166fec97e47
SHA256: a0c8a46fa851491ba6719e086b0366e4fb2361243358dbae4013a8af68666285
2788
setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 36c32062275e4942a7e4302aff140c82
SHA256: 1d3718303f21273f93c9cfaf2a358fc50f7f4fcc4aa976b78ef48dd91353b6a7
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\Application Files\tf2game_1_0_0_0\tf2game.application
xml
MD5: 94620fb8d57aa76dba5bdc3485087680
SHA256: 286b98a0383c5f26684f881b04c3426bbd79bfae86dbd50adc69cb63c374756e
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\Application Files\tf2game_1_0_0_0\tf2game.exe.manifest
xml
MD5: b97a86c9e9a1ef7fcca975c003452850
SHA256: 5839143a6ed4d5e29e4e17bf11f9493c3983fb2ea4ffc40ae2ed3815a18e635b
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\Application Files\tf2game_1_0_0_0\tf2game.exe.config.deploy
xml
MD5: e44b6f93c65c87159d701ee8821227ee
SHA256: 543cb9fd5ad09e2f9148e6ffeae10c58c73a6c640469ad9ed9475e586f8a2b52
3336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3336.9343\tf2game\tf2game.application
xml
MD5: 94620fb8d57aa76dba5bdc3485087680
SHA256: 286b98a0383c5f26684f881b04c3426bbd79bfae86dbd50adc69cb63c374756e

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
10
TCP/UDP connections
8
DNS requests
8
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2788 setup.exe GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=863258&clcid=0x405 NL
––
––
whitelisted
2788 setup.exe GET 200 8.241.78.254:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?106f60eccc60ab4c US
compressed
whitelisted
2788 setup.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared
2788 setup.exe GET 200 104.79.89.142:80 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt US
der
whitelisted
2788 setup.exe GET 200 92.123.194.163:80 http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl unknown
der
whitelisted
2788 setup.exe GET 200 104.79.89.142:80 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl US
der
whitelisted
2788 setup.exe GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=863258&clcid=0x405 NL
––
––
whitelisted
2788 setup.exe GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=863258&clcid=0x405 NL
––
––
whitelisted
2788 setup.exe GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=863258&clcid=0x405 NL
––
––
whitelisted
1084 setup.exe GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=863258&clcid=0x405 NL
––
––
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2788 setup.exe 104.89.38.104:80 Akamai Technologies, Inc. NL malicious
2788 setup.exe 68.232.34.200:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2788 setup.exe 8.241.78.254:80 Level 3 Communications, Inc. US unknown
2788 setup.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2788 setup.exe 104.79.89.142:80 Time Warner Cable Internet LLC US malicious
2788 setup.exe 92.123.194.163:80 Akamai International B.V. –– suspicious
1084 setup.exe 104.89.38.104:80 Akamai Technologies, Inc. NL malicious

DNS requests

Domain IP Reputation
go.microsoft.com 104.89.38.104
whitelisted
download.visualstudio.microsoft.com 68.232.34.200
whitelisted
ctldl.windowsupdate.com 8.241.78.254
67.27.157.254
8.253.207.120
67.27.233.126
8.248.133.254
whitelisted
ocsp.digicert.com 93.184.220.29
shared
www.microsoft.com 104.79.89.142
whitelisted
crl.microsoft.com 92.123.194.163
92.123.194.162
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
–– *** Status originated: -1073741811 *** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
–– *** Status originated: -1073741811 *** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230