General Info Watch the FULL Interactive Analysis at ANY.RUN!

File name

298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000

Verdict
Malicious activity
Analysis date
11/8/2018, 20:58:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
adware
installcore
pup
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

dd41eeb48f9950324319df820fd1553c

SHA1

23eae46ccf4cc93cb102c3d6b490c42ea1fcc1ef

SHA256

298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db

SSDEEP

49152:hNnGjPQbFdh+OB6ofq3Icsp6xOf3SGkkxTW8mrAwschLeGpf8:nnGbQkDoy3IFpKwS0TWXrA09F8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Messenger for Desktop.exe (PID: 3788)
  • Messenger for Desktop.exe (PID: 3416)
  • Messenger for Desktop.exe (PID: 3944)
  • Messenger for Desktop.exe (PID: 3200)
Application was dropped or rewritten from another process
  • Update.exe (PID: 2812)
  • Update.exe (PID: 676)
  • Update.exe (PID: 3368)
  • Update.exe (PID: 2288)
Changes settings of System certificates
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Connects to CnC server
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
INSTALLCORE was detected
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Creates a software uninstall entry
  • Update.exe (PID: 3368)
Executable content was dropped or overwritten
  • Messenger for Desktop.exe (PID: 3200)
  • Messenger for Desktop.exe (PID: 3416)
  • Messenger for Desktop.exe (PID: 3788)
  • Update.exe (PID: 3368)
  • messengerfordesktop-2.0.9-win32-setup.exe (PID: 236)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Creates files in the user directory
  • Update.exe (PID: 2812)
  • Messenger for Desktop.exe (PID: 3788)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads Environment values
  • Update.exe (PID: 2288)
  • Update.exe (PID: 3368)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Application launched itself
  • Messenger for Desktop.exe (PID: 3788)
  • cmd.exe (PID: 3320)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 1752)
Reads CPU info
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads internet explorer settings
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads Internet Cache Settings
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads the machine GUID from the registry
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Starts CMD.EXE for commands execution
  • cmd.exe (PID: 3320)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads Windows Product ID
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Creates files in the program directory
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Changes tracing settings of the file or console
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Adds / modifies Windows certificates
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Application was crashed
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Dropped object may contain TOR URL's
  • Messenger for Desktop.exe (PID: 3788)
Reads settings of System Certificates
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (77.7%)
.exe
|   Win32 Executable Delphi generic (10%)
.dll
|   Win32 Dynamic Link Library (generic) (4.6%)
.exe
|   Win32 Executable (generic) (3.1%)
.exe
|   Win16/32 Executable Delphi generic (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
40448
InitializedDataSize:
25600
UninitializedDataSize:
null
EntryPoint:
0xa5f8
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Degabe
FileDescription:
Samakodopa Setup
FileVersion:
LegalCopyright:
ProductName:
Samakodopa
ProductVersion:
4.7.1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Degabe
FileDescription:
Samakodopa Setup
FileVersion:
null
LegalCopyright:
null
ProductName:
Samakodopa
ProductVersion:
4.7.1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x00009D30 0x00009E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.60013
DATA 0x0000B000 0x00000250 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.75182
BSS 0x0000C000 0x00000E8C 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000D000 0x00000950 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.43073
.tls 0x0000E000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0000F000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.204488
.reloc 0x00010000 0x000008C4 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00011000 0x000053B0 0x00005400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 6.21316
Resources
1

2

3

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
58
Monitored processes
17
Malicious processes
6
Suspicious processes
4

Behavior graph

+
start drop and start 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe no specs #INSTALLCORE 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe cmd.exe no specs timeout.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs messengerfordesktop-2.0.9-win32-setup.exe no specs messengerfordesktop-2.0.9-win32-setup.exe update.exe messenger for desktop.exe update.exe no specs update.exe no specs messenger for desktop.exe messenger for desktop.exe no specs update.exe messenger for desktop.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1752
CMD
"C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe"
Path
C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Degabe
Description
Samakodopa Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll

PID
3008
CMD
"C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl
Path
C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
Indicators
Parent process
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
User
admin
Integrity Level
HIGH
Exit code
3221225477
Version:
Company
Degabe
Description
Samakodopa Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\in5d7830f2\1dd7a390_stp\messengerfordesktop-2.0.9-win32-setup.exe
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll

PID
3320
CMD
/d /c TIMEOUT 1 & cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat"+"C:\Users\admin\AppData\Local\Temp\D82812087827352.dat" "C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827352.dat"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\timeout.exe

PID
3576
CMD
TIMEOUT 1
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1280
CMD
cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat"+"C:\Users\admin\AppData\Local\Temp\D82812087827352.dat" "C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1724
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3140
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827352.dat"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3336
CMD
"C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe" --silent
Path
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe
Indicators
No indicators
Parent process
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\temp\in5d7830f2\1dd7a390_stp\messengerfordesktop-2.0.9-win32-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll

PID
236
CMD
"C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe" --silent --rerunningWithoutUAC
Path
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\temp\in5d7830f2\1dd7a390_stp\messengerfordesktop-2.0.9-win32-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\squirreltemp\update.exe

PID
3368
CMD
"C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC
Path
C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
Indicators
Parent process
messengerfordesktop-2.0.9-win32-setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\squirreltemp\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.comp46f2b404#\dccda7bb827d5eab8e31175f8fe70aef\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\0261f24b2fd53085823ea90b359d71ee\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll

PID
3416
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe" --squirrel-install 2.0.9
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\users\admin\appdata\local\temp\664d.tmp.node
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll

PID
2812
CMD
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe --createShortcut "Messenger for Desktop.exe"
Path
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
Indicators
No indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.comp46f2b404#\dccda7bb827d5eab8e31175f8fe70aef\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\0261f24b2fd53085823ea90b359d71ee\system.xml.linq.ni.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
676
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe" --processStart "Messenger for Desktop.exe"
Path
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll

PID
3788
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe"
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\users\admin\appdata\local\temp\9f4f.tmp.node
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll

PID
3944
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe" --type=renderer --no-sandbox --primordial-pipe-token=E114251EF164103FB178A8BF24ED7CD1 --lang=en-US --app-user-model-id=com.squirrel.messengerfordesktop.MessengerforDesktop --node-integration=true --background-color=#ffffff --hidden-page --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-channel-token=62EA646F5E111CBEA136CCEFED810ED2 --mojo-application-channel-token=E114251EF164103FB178A8BF24ED7CD1 --channel="3788.0.1096386581\287315212" --mojo-platform-channel-handle=1196 /prefetch:1
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
No indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll

PID
2288
CMD
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe --download https://updates.messengerfordesktop.com/update/stable/win32
Path
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
Indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.web\14da86a7ddbf09bd27b30061ff9a4f5e\system.web.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\webengine4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
3200
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe" --type=renderer --no-sandbox --primordial-pipe-token=60B03C80403ABB5CB8C6CA59ABB46D4F --lang=en-US --app-user-model-id=com.squirrel.messengerfordesktop.MessengerforDesktop --node-integration=false --preload="C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\resources\app.asar\scripts\renderer\preload\index.js" --guest-instance-id=1 --enable-blink-features --disable-blink-features --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-channel-token=2335D302941A291B4F67F62202C08C3D --mojo-application-channel-token=60B03C80403ABB5CB8C6CA59ABB46D4F --channel="3788.1.571769514\1202890715" --mojo-platform-channel-handle=1624 /prefetch:1
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\users\admin\appdata\local\temp\b0b4.tmp.node
c:\users\admin\appdata\local\temp\48aa.tmp.node

Registry activity

Total events
1891
Read events
1790
Write events
101
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableFileTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableConsoleTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
ConsoleTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
MaxFileSize
1048576
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileDirectory
%windir%\tracing
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableFileTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableConsoleTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
ConsoleTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
MaxFileSize
1048576
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileDirectory
%windir%\tracing
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CachePath
%APPDATA%\Microsoft\Internet Explorer\UserData
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CachePrefix
UserData
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CacheLimit
1000
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CacheOptions
8
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CacheRepair
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A190000000100000010000000FD960962AC6938E0D4B0769AA1A64E262000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
1752
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1752
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3368
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
EnableFileTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
EnableConsoleTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
FileTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
ConsoleTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
MaxFileSize
1048576
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
FileDirectory
%windir%\tracing
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
EnableFileTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
EnableConsoleTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
FileTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
ConsoleTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
MaxFileSize
1048576
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
FileDirectory
%windir%\tracing
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
DisplayIcon
C:\Users\admin\AppData\Local\messengerfordesktop\app.ico
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
DisplayName
Messenger for Desktop
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
DisplayVersion
2.0.9
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
InstallDate
20181108
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
InstallLocation
C:\Users\admin\AppData\Local\messengerfordesktop
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
Publisher
MessengerForDesktop.com
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
QuietUninstallString
"C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe" --uninstall -s
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
UninstallString
"C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe" --uninstall
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
URLUpdateInfo
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
EstimatedSize
55491
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
NoModify
1
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
NoRepair
1
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
Language
1033
2812
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
676
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
676
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3788
Messenger for Desktop.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2288
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
17
Suspicious files
89
Text files
101
Unknown types
7

Dropped files

PID Process Filename Type
236 messengerfordesktop-2.0.9-win32-setup.exe C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe executable
3200 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\B0B4.tmp.node executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\libGLESv2.dll executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\d3dcompiler_47.dll executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\node.dll executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\ffmpeg.dll executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe executable
3200 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\48AA.tmp.node executable
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe C:\Users\admin\AppData\Local\Temp\D82812087827351.dat executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\xinput1_3.dll executable
3416 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\664D.tmp.node executable
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\9F4F.tmp.node executable
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\libEGL.dll executable
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Preferences text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\CAC6.tmp ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000c compressed
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000b text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000a text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000009 text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000008 compressed
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000007 compressed
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000006 compressed
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000005 compressed
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000004 image
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000003 text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000002 text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000001 text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000015 binary
2288 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\SquirrelSetup.log text
2288 Update.exe C:\Users\admin\AppData\Local\Temp\.squirrel-lock-3B8C033B52E1CF7E4020417A87DB272846667E0F ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_3 ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_2 ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_1 ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_0 ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\index ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\etilqs_duYRkJ0S19q5tL1 ––
2288 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\packages\.betaId text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\A57A.tmp.ico image
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000014 binary
676 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\SquirrelSetup.log text
3368 Update.exe C:\Users\admin\AppData\Local\SquirrelTemp\SquirrelSetup.log text
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app.ico image
3368 Update.exe C:\Users\admin\AppData\Local\Temp\.squirrel-lock-3B8C033B52E1CF7E4020417A87DB272846667E0F ––
3368 Update.exe C:\Users\admin\AppData\Local\Temp\33bb53c4-7895-4201-b34a-6c46eeaadf73.png ––
2812 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\SquirrelSetup.log text
2812 Update.exe C:\Users\admin\Desktop\Messenger for Desktop.lnk lnk
2812 Update.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerForDesktop.com\Messenger for Desktop.lnk lnk
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe C:\Users\admin\AppData\Local\Temp\005F66DA.log ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000013 binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\packages\RELEASES text
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\packages\SquirrelTemp\tempa ––
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe ––
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\resources\app.asar ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000012 binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\resources\electron.asar asar
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\icudtl.dat ––
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\zh-TW.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\zh-CN.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\vi.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\uk.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\th.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\tr.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ta.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sw.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\te.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sv.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sl.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sr.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\pt-BR.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ru.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ro.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\pl.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sk.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\pt-PT.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\nl.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\nb.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\mr.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ms.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ml.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ko.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\lv.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\lt.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\kn.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ja.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\it.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\hu.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\hr.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\id.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\hi.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\he.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\gu.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fr.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fil.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fi.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fake-bidi.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fa.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\et.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\es.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\es-419.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\en-US.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\el.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\en-GB.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\de.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\da.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ca.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\cs.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\am.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ar.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\bn.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\bg.pak binary
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000011 binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\views_resources_200_percent.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\ui_resources_200_percent.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\snapshot_blob.bin html
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\content_shell.pak ––
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\natives_blob.bin binary
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000010 binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\LICENSE text
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000f binary
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000e binary
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000d binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\blink_image_resources_200_percent.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\content_resources_200_percent.pak binary
3368 Update.exe C:\Users\admin\AppData\Local\messengerfordesktop\packages\messengerfordesktop-2.0.9-full.nupkg ––
3788 Messenger for Desktop.exe C:\Users\admin\AppData\Local\Temp\etilqs_doCvgeK9pB5tPeJ ––
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe C:\Users\admin\AppData\Local\Temp\005DC2BF.log ––
236 messengerfordesktop-2.0.9-win32-setup.exe C:\Users\admin\AppData\Local\SquirrelTemp\RELEASES text
236 messengerfordesktop-2.0.9-win32-setup.exe C:\Users\admin\AppData\Local\SquirrelTemp\messengerfordesktop-2.0.9-full.nupkg ––
236 messengerfordesktop-2.0.9