General Info

File name

SmartAlertsSetup.exe

Full analysis
https://app.any.run/tasks/c5518fd3-17dd-48c6-b43b-662bbd10c7b5
Verdict
Malicious activity
Analysis date
8/13/2019, 23:11:54
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

5ed5f5a5ee5e4eb1013d49ef2ebf7ae9

SHA1

53454df27cec51c4ba4da215e107c468986cab76

SHA256

187c695375504b56c332cd954d0a9710603483a595936f8d27b6b38957d8ca1d

SSDEEP

98304:+X6JKtHgIiG3XNAIOE8GOwF5lo4f/QaqZ:JIVHNASOwf+4f/Qak

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes settings of System certificates
  • WinZipSmartMonitor.exe (PID: 1412)
Application was dropped or rewritten from another process
  • WinZipSmartMonitor.exe (PID: 1412)
  • WinZip Smart Monitor Service.exe (PID: 2196)
  • WinZip Smart Monitor Service.exe (PID: 1580)
Loads dropped or rewritten executable
  • SmartAlertsSetup.exe (PID: 3744)
 Creates files in the program directory
  • WinZipSmartMonitor.exe (PID: 1412)
  • WinZip Smart Monitor Service.exe (PID: 2196)
  • SmartAlertsSetup.exe (PID: 3744)
Adds / modifies Windows certificates
  • WinZipSmartMonitor.exe (PID: 1412)
Removes files from Windows directory
  • WinZip Smart Monitor Service.exe (PID: 2196)
Creates files in the Windows directory
  • WinZip Smart Monitor Service.exe (PID: 2196)
Starts SC.EXE for service management
  • SmartAlertsSetup.exe (PID: 3744)
Executed as Windows Service
  • WinZip Smart Monitor Service.exe (PID: 2196)
Executable content was dropped or overwritten
  • SmartAlertsSetup.exe (PID: 3744)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:01:30 04:57:41+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
26112
InitializedDataSize:
141824
UninitializedDataSize:
2048
EntryPoint:
0x34a5
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.9.0.24
ProductVersionNumber:
2.9.0.24
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
CompanyName:
Corel Corporation
FileDescription:
WinZip Smart Monitor installer
FileVersion:
2.9.0.24
InternalName:
WinZipSmartMonitor.exe
LegalCopyright:
Copyright (c) 1991-2019 Corel Corporation. All Rights Reserved.
OriginalFileName:
WinZipSmartMonitorSetup.exe
ProductName:
WinZip Smart Monitor
ProductVersion:
2.9.0.24
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
30-Jan-2018 03:57:41
Detected languages
English - United States
CompanyName:
Corel Corporation
FileDescription:
WinZip Smart Monitor installer
FileVersion:
2.9.0.24
InternalName:
WinZipSmartMonitor.exe
LegalCopyright:
Copyright (c) 1991-2019 Corel Corporation. All Rights Reserved.
OriginalFileName:
WinZipSmartMonitorSetup.exe
ProductName:
WinZip Smart Monitor
ProductVersion:
2.9.0.24
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
30-Jan-2018 03:57:41
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006409 0x00006600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.41622
.rdata 0x00008000 0x0000138E 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.14383
.data 0x0000A000 0x00020358 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.0044
.ndata 0x0002B000 0x00013000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0003E000 0x0002AD00 0x0002AE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.33783
Resources
1

2

3

4

5

6

7

8

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Screenshot of 187c695375504b56c332cd954d0a9710603483a595936f8d27b6b38957d8ca1d taken from 20801 ms from task started

Processes

Total processes
43
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

+
drop and start start smartalertssetup.exe no specs smartalertssetup.exe winzip smart monitor service.exe no specs sc.exe no specs winzip smart monitor service.exe winzipsmartmonitor.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2196
CMD
"C:\Users\admin\AppData\Local\Temp\SmartAlertsSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\SmartAlertsSetup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Corel Corporation
Description
WinZip Smart Monitor installer
Version
2.9.0.24
Modules
Image
c:\users\admin\appdata\local\temp\smartalertssetup.exe
c:\systemroot\system32\ntdll.dll

PID
3744
CMD
"C:\Users\admin\AppData\Local\Temp\SmartAlertsSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\SmartAlertsSetup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Corel Corporation
Description
WinZip Smart Monitor installer
Version
2.9.0.24
Modules
Image
c:\users\admin\appdata\local\temp\smartalertssetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nspf279.tmp\system.dll
c:\program files\winzip smart monitor\winzip smart monitor service.exe
c:\users\admin\appdata\local\temp\nspf279.tmp\execdos.dll

PID
1580
CMD
"C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe" /Service
Path
C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
Indicators
No indicators
Parent process
SmartAlertsSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Corel Corporation
Description
WinZip Smart Monitor Service
Version
2,9,0,24
Modules
Image
c:\program files\winzip smart monitor\winzip smart monitor service.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
2056
CMD
sc start "WinZip Smart Monitor Service"
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
SmartAlertsSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
2196
CMD
"C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe"
Path
C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Corel Corporation
Description
WinZip Smart Monitor Service
Version
2,9,0,24
Modules
Image
c:\users\admin\appdata\local\temp\smartalertssetup.exe
c:\program files\winzip smart monitor\winzip smart monitor service.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\program files\winzip smart monitor\winzipsmartmonitor.exe

PID
1412
CMD
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe" -run
Path
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
Indicators
Parent process
WinZip Smart Monitor Service.exe
User
admin
Integrity Level
HIGH
Version:
Company
Corel Corporation
Description
WinZip Smart Monitor
Version
2,9,0,24
Modules
Image
c:\program files\winzip smart monitor\winzipsmartmonitor.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll

Registry activity

Total events
545
Read events
442
Write events
103
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1580
WinZip Smart Monitor Service.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B71C4444-6A93-4BD8-BCCA-07C6A01F2340}
ISMSettings
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B71C4444-6A93-4BD8-BCCA-07C6A01F2340}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B71C4444-6A93-4BD8-BCCA-07C6A01F2340}\TypeLib
{CEC67385-D765-4B64-BCBD-888BA1DDFC09}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}
SMSettings
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1
WinZip Smart Monitor ServiceLib
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1\0
WinZip Smart Monitor ServiceLib
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1\0\win32
"C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe"
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2CA75AD3-A844-4DF9-999D-CB82069C55C3}
WinZip Smart Monitor Service
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WinZip Smart Monitor Service.exe
AppID
{2CA75AD3-A844-4DF9-999D-CB82069C55C3}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2CA75AD3-A844-4DF9-999D-CB82069C55C3}
LocalService
WinZip Smart Monitor Service
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZip.SMSettings.1.1
WinZipSmartMonitor settings
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZip.SMSettings.1.1\CLSID
{B5E0AC71-16D8-4F94-BD38-6373721A3995}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZip.SMSettings
SMSettings Class
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZip.SMSettings\CLSID
{B5E0AC71-16D8-4F94-BD38-6373721A3995}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZip.SMSettings\CurVer
WinZip.SMSettings.1.1
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E0AC71-16D8-4F94-BD38-6373721A3995}
SMSettings
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E0AC71-16D8-4F94-BD38-6373721A3995}\ProgID
WinZip.SMSettings.1.1
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E0AC71-16D8-4F94-BD38-6373721A3995}\LocalServer32
"C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe"
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E0AC71-16D8-4F94-BD38-6373721A3995}
AppID
{2CA75AD3-A844-4DF9-999D-CB82069C55C3}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E0AC71-16D8-4F94-BD38-6373721A3995}\TypeLib
{CEC67385-D765-4B64-BCBD-888BA1DDFC09}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5E0AC71-16D8-4F94-BD38-6373721A3995}\Version
1.1
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1
SMServiceLib
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1\FLAGS
0
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1\0\win32
C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CEC67385-D765-4B64-BCBD-888BA1DDFC09}\1.1\HELPDIR
C:\Program Files\WinZip Smart Monitor
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B71C4444-6A93-4BD8-BCCA-07C6A01F2340}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1580
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B71C4444-6A93-4BD8-BCCA-07C6A01F2340}\TypeLib
Version
1.1
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
SecureProtocols
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
SecureProtocols
2688
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASAPI32
EnableFileTracing
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASAPI32
EnableConsoleTracing
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASAPI32
FileTracingMask
4294901760
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASAPI32
ConsoleTracingMask
4294901760
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASAPI32
MaxFileSize
1048576
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASAPI32
FileDirectory
%windir%\tracing
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASMANCS
EnableFileTracing
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASMANCS
EnableConsoleTracing
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASMANCS
FileTracingMask
4294901760
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASMANCS
ConsoleTracingMask
4294901760
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASMANCS
MaxFileSize
1048576
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2196
WinZip Smart Monitor Service.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZip Smart Monitor Service_RASMANCS
FileDirectory
%windir%\tracing
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
46000000020000000900000000000000000000000000000004000000000000004090CCD71B52D501000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B000000000000001700000000000000FE80000000000000A179B3FF019923140B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A864A9000000000000000002000000C0A864A900000000000000000000000000000000000000000000000017000017DBF2000088C63500F8AD6D01000000000000000058DA350058DA35000000000000000000FFFFFFFF000000000000000000000000000000007CDA35007CDA35000000000088DA350088DA350000000000000000000000000000000000
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2196
WinZip Smart Monitor Service.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1412
WinZipSmartMonitor.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E26030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A1D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E76200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB65809000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C00B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F00720069007400790000000F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6502000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
1412
WinZipSmartMonitor.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
SecureProtocols
2720
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASAPI32
EnableFileTracing
0
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASAPI32
EnableConsoleTracing
0
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASAPI32
FileTracingMask
4294901760
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASAPI32
ConsoleTracingMask
4294901760
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASAPI32
MaxFileSize
1048576
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASAPI32
FileDirectory
%windir%\tracing
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASMANCS
EnableFileTracing
0
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASMANCS
EnableConsoleTracing
0
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASMANCS
FileTracingMask
4294901760
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASMANCS
ConsoleTracingMask
4294901760
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASMANCS
MaxFileSize
1048576
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinZipSmartMonitor_RASMANCS
FileDirectory
%windir%\tracing
1412
WinZipSmartMonitor.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1412
WinZipSmartMonitor.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1412
WinZipSmartMonitor.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1412
WinZipSmartMonitor.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1412
WinZipSmartMonitor.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A190000000100000010000000FD960962AC6938E0D4B0769AA1A64E262000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
1412
WinZipSmartMonitor.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
SecureProtocols
160

Files activity

Executable files
5
Suspicious files
16
Text files
6
Unknown types
6

Dropped files

PID
Process
Filename
Type
3744
SmartAlertsSetup.exe
C:\Users\admin\AppData\Local\Temp\nspF279.tmp\System.dll
executable
MD5: 75ed96254fbf894e42058062b4b4f0d1
SHA256: a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
3744
SmartAlertsSetup.exe
C:\Program Files\WinZip Smart Monitor\Uninstall.exe
executable
MD5: 757d9a1230738634303e4b2379e7b263
SHA256: 8549968ac340a9f9e27867f273f24b95f143027455c223aa0fca570db6cf5b4a
3744
SmartAlertsSetup.exe
C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
executable
MD5: c2cf78f29202734fb284bdd86d28f633
SHA256: 28a1af49391ed7413d3e55937f5952883ac9435745d64d0bd686503a3cb29d60
3744
SmartAlertsSetup.exe
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
executable
MD5: 51710c8d202e5f2160ac2874bc7ab10c
SHA256: 36e7def410838657d59089cf861d6b536fbc25be83ea5b75e752f2f80e7673bd
3744
SmartAlertsSetup.exe
C:\Users\admin\AppData\Local\Temp\nspF279.tmp\execDos.dll
executable
MD5: 0deb397ca1e716bb7b15e1754e52b2ac
SHA256: 720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
1412
WinZipSmartMonitor.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\settings[1]
text
MD5: 0bf96c02963ffd0e1f6dab022643431f
SHA256: c1a0a1d35117538ce062e3777b812e14a8818a194d09c0dbf38d90da0721d3e8
1412
WinZipSmartMonitor.exe
C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-1302019708-1500728564-335382590-1000\settings.data
text
MD5: 7724fb6760ea5bbe7952296b9046c3dd
SHA256: d9e489baa42f59b44a2135691eac673f5ec80ecc1e1496cdbbb1480b9f434b68
1412
WinZipSmartMonitor.exe
C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-1302019708-1500728564-335382590-1000\settings.data
text
MD5: 145ac732c4d8159648aa661c5e833992
SHA256: 3f30878ae1e61ff34f6860382a8f6943336d9b8e3abd3722aaab7a00c5dd6b33
2196
WinZip Smart Monitor Service.exe
C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-1302019708-1500728564-335382590-1000\smsettings
text
MD5: 3da8043732f566e2fa749f6267abcc93
SHA256: 79b18978637868aa31f346c5c628fa95e21a3442a1896aa627c5e4fd21533d04
2196
WinZip Smart Monitor Service.exe
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: 64bc6b0e1d907ae8acf27bdb155344c2
SHA256: dd4e0b0b64da5d95420c0e5423726f109e820e18b8a0b602274a7404f16f3ab2
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
der
MD5: ceaf86e46f34911db83ab3bbb0e575b2
SHA256: 44d8e7e064f9c3b74f958eefef4e0e106810187f2c538fe4ae654e2d724e7a76
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
binary
MD5: 6162f184bdd068f37f1df155527743d7
SHA256: 052ce78c0b932b213f001f2be3f85b5f56db30fcf8e5a740f990b1cadc11137b
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: e05479c46b38f19621cce24688205cf7
SHA256: c97f9d81e23f87f03538d051299916edb3a51e699153803b285bfe4e6a8fe978
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 58a3badc25e15583224e2b922f370a4f
SHA256: 7e0630e9c468031329cad1a21bfb37c12153bda0f4d6298ee1b8682dd0c35f8a
2196
WinZip Smart Monitor Service.exe
C:\Windows\TEMP\TarA9D6.tmp
––
MD5:  ––
SHA256:  ––
2196
WinZip Smart Monitor Service.exe
C:\Windows\TEMP\CabA9D5.tmp
––
MD5:  ––
SHA256:  ––
2196
WinZip Smart Monitor Service.exe
C:\Windows\TEMP\Cab9522.tmp
––
MD5:  ––
SHA256:  ––
2196
WinZip Smart Monitor Service.exe
C:\Windows\TEMP\Tar9523.tmp
––
MD5:  ––
SHA256:  ––
3744
SmartAlertsSetup.exe
C:\Users\admin\AppData\Local\Temp\nspF278.tmp
––
MD5:  ––
SHA256:  ––
2196
WinZip Smart Monitor Service.exe
C:\Windows\TEMP\Tar2000.tmp
––
MD5:  ––
SHA256:  ––
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_D36E62E6B95806368073A91A53215EAB
binary
MD5: b97446b8fb8b82704176db3a01e630d2
SHA256: 33051a3398cf730e69629c655ac38fbb1c44e4ca87ea801987223ae3bb274b35
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_D36E62E6B95806368073A91A53215EAB
der
MD5: 39f0dfb209e3f033a8c776e6488684c2
SHA256: 452654ea9db9d5045178e59169bd3f35c0c95a32cff055980e7dda527a40dc0a
2196
WinZip Smart Monitor Service.exe
C:\Windows\TEMP\Cab1FFF.tmp
––
MD5:  ––
SHA256:  ––
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
der
MD5: db393cef9fd5500280e4adc8c816cb30
SHA256: 25944a969143e598c3a79156bc186be0dc7774342695cbf429ff79d9324c807c
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
binary
MD5: 2067a81deef5dc53637aa11d29d89efc
SHA256: 1335747e80de57770c0747b68dd41bdfacffe4efa3a62acabfc27548904a7d41
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
binary
MD5: 0e6872090615acab9ca5f988b1dca030
SHA256: e0b92992fcb53f57999c034cf72bd1168d72c9ef699dbd7b98c74e175f4ed2fa
1412
WinZipSmartMonitor.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\update[1]
text
MD5: 9caaba0a44419824380f6f016ce1a94a
SHA256: d6108d39a63f4cce1404cbb775b686ea406052ed8f97a102f3e0cf9aac631cc8
3744
SmartAlertsSetup.exe
C:\Program Files\WinZip Smart Monitor\apps
binary
MD5: 1292c65360ac8901f339d6b44218bd45
SHA256: 44e0e89fecff53e108203b837e80ccc8d2d59e572ccec1c9a712999bb29a3de9
3744
SmartAlertsSetup.exe
C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab
binary
MD5: b4698344cf2ea1ea9d4f0979aed28550
SHA256: 2a2e6933bc6a4447eaa89d21e6071140b4704aaa0127ac22830c910bfc0efbe8
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 6dba8b2a080ac4e635ba5e37124efd7f
SHA256: b97fc0c653432ef77d396a3c24db90147a9f8359cafbccd1fc6c1324187ca5b0
3744
SmartAlertsSetup.exe
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab
binary
MD5: c691c48a553d696d8400f2b8030fb189
SHA256: 45cdb6d5ac7b4f07868dce6e712220cae6a3c73805472c5267529c37b2031228
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2196
WinZip Smart Monitor Service.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
der
MD5: a8b529bbacc12b204cac28e3751314bb
SHA256: af908038807fa91177fd4beff2c78e0f46695d043db88fa90b4ac1a7f61b07fb

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
6
TCP/UDP connections
9
DNS requests
7
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2196 WinZip Smart Monitor Service.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D US
der
whitelisted
2196 WinZip Smart Monitor Service.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAEU4rgWp2Ty1wBkYdRCEyE%3D US
der
whitelisted
2196 WinZip Smart Monitor Service.exe GET 200 205.185.216.42:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2196 WinZip Smart Monitor Service.exe GET 200 54.230.93.57:80 http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D US
der
whitelisted
2196 WinZip Smart Monitor Service.exe GET 200 54.230.93.58:80 http://x.ss2.us/x.cer US
der
whitelisted
2196 WinZip Smart Monitor Service.exe GET 200 54.230.93.2:80 http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2196 WinZip Smart Monitor Service.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2196 WinZip Smart Monitor Service.exe 52.54.209.7:443 Amazon.com, Inc. US unknown
2196 WinZip Smart Monitor Service.exe 54.230.93.170:80 Amazon.com, Inc. US unknown
2196 WinZip Smart Monitor Service.exe 205.185.216.42:80 Highwinds Network Group, Inc. US whitelisted
2196 WinZip Smart Monitor Service.exe 54.230.93.57:80 Amazon.com, Inc. US unknown
1412 WinZipSmartMonitor.exe 34.199.57.221:443 Amazon.com, Inc. US unknown
–– –– 34.199.57.221:443 Amazon.com, Inc. US unknown
–– –– 54.230.93.58:80 Amazon.com, Inc. US suspicious
–– –– 54.230.93.2:80 Amazon.com, Inc. US whitelisted

DNS requests

Domain IP Reputation
ocsp.digicert.com 93.184.220.29
whitelisted
updaterv.winzip.com 52.54.209.7
52.4.170.111
unknown
x.ss2.us 54.230.93.170
54.230.93.58
54.230.93.183
54.230.93.43
whitelisted
www.download.windowsupdate.com 205.185.216.42
205.185.216.10
whitelisted
o.ss2.us 54.230.93.57
54.230.93.230
54.230.93.52
54.230.93.31
whitelisted
api.winzip.com 34.199.57.221
54.236.190.125
unknown
ocsp.rootg2.amazontrust.com 54.230.93.2
54.230.93.218
54.230.93.36
54.230.93.212
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.