General Info

File name

298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000

Full analysis
https://app.any.run/tasks/5f7c942b-c3b4-49f4-b5fe-f606957409b8
Verdict
Malicious activity
Analysis date
11/8/2018, 20:58:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

adware

installcore

pup

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

dd41eeb48f9950324319df820fd1553c

SHA1

23eae46ccf4cc93cb102c3d6b490c42ea1fcc1ef

SHA256

298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db

SSDEEP

49152:hNnGjPQbFdh+OB6ofq3Icsp6xOf3SGkkxTW8mrAwschLeGpf8:nnGbQkDoy3IFpKwS0TWXrA09F8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Messenger for Desktop.exe (PID: 3944)
  • Messenger for Desktop.exe (PID: 3788)
  • Messenger for Desktop.exe (PID: 3200)
  • Messenger for Desktop.exe (PID: 3416)
Application was dropped or rewritten from another process
  • Update.exe (PID: 676)
  • Update.exe (PID: 2288)
  • Update.exe (PID: 3368)
  • Update.exe (PID: 2812)
INSTALLCORE was detected
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Changes settings of System certificates
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Connects to CnC server
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Executable content was dropped or overwritten
  • Messenger for Desktop.exe (PID: 3788)
  • Messenger for Desktop.exe (PID: 3200)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
  • Messenger for Desktop.exe (PID: 3416)
  • Update.exe (PID: 3368)
  • messengerfordesktop-2.0.9-win32-setup.exe (PID: 236)
Reads Environment values
  • Update.exe (PID: 2288)
  • Update.exe (PID: 3368)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Creates files in the user directory
  • Messenger for Desktop.exe (PID: 3788)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
  • Update.exe (PID: 2812)
Application launched itself
  • Messenger for Desktop.exe (PID: 3788)
  • cmd.exe (PID: 3320)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 1752)
Creates a software uninstall entry
  • Update.exe (PID: 3368)
Changes tracing settings of the file or console
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Starts CMD.EXE for commands execution
  • cmd.exe (PID: 3320)
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads internet explorer settings
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Adds / modifies Windows certificates
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Creates files in the program directory
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads Internet Cache Settings
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads Windows Product ID
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads CPU info
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Reads the machine GUID from the registry
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Dropped object may contain TOR URL's
  • Messenger for Desktop.exe (PID: 3788)
Reads settings of System Certificates
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)
Application was crashed
  • 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe (PID: 3008)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (77.7%)
.exe
|   Win32 Executable Delphi generic (10%)
.dll
|   Win32 Dynamic Link Library (generic) (4.6%)
.exe
|   Win32 Executable (generic) (3.1%)
.exe
|   Win16/32 Executable Delphi generic (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
40448
InitializedDataSize:
25600
UninitializedDataSize:
null
EntryPoint:
0xa5f8
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Degabe
FileDescription:
Samakodopa Setup
FileVersion:
LegalCopyright:
ProductName:
Samakodopa
ProductVersion:
4.7.1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Degabe
FileDescription:
Samakodopa Setup
FileVersion:
null
LegalCopyright:
null
ProductName:
Samakodopa
ProductVersion:
4.7.1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x00009D30 0x00009E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.60013
DATA 0x0000B000 0x00000250 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.75182
BSS 0x0000C000 0x00000E8C 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000D000 0x00000950 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.43073
.tls 0x0000E000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0000F000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.204488
.reloc 0x00010000 0x000008C4 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00011000 0x000053B0 0x00005400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 6.21316
Resources
1

2

3

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
58
Monitored processes
17
Malicious processes
6
Suspicious processes
4

Behavior graph

+
start drop and start 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe no specs #INSTALLCORE 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe cmd.exe no specs timeout.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs messengerfordesktop-2.0.9-win32-setup.exe no specs messengerfordesktop-2.0.9-win32-setup.exe update.exe messenger for desktop.exe update.exe no specs update.exe no specs messenger for desktop.exe messenger for desktop.exe no specs update.exe messenger for desktop.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1752
CMD
"C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe"
Path
C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Degabe
Description
Samakodopa Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll

PID
3008
CMD
"C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl
Path
C:\Users\admin\AppData\Local\Temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
Indicators
Parent process
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
User
admin
Integrity Level
HIGH
Exit code
3221225477
Version:
Company
Degabe
Description
Samakodopa Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\in5d7830f2\1dd7a390_stp\messengerfordesktop-2.0.9-win32-setup.exe
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll

PID
3320
CMD
/d /c TIMEOUT 1 & cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat"+"C:\Users\admin\AppData\Local\Temp\D82812087827352.dat" "C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827352.dat"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\timeout.exe

PID
3576
CMD
TIMEOUT 1
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1280
CMD
cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat"+"C:\Users\admin\AppData\Local\Temp\D82812087827352.dat" "C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1724
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827351.dat"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3140
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D82812087827352.dat"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3336
CMD
"C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe" --silent
Path
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe
Indicators
No indicators
Parent process
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\temp\in5d7830f2\1dd7a390_stp\messengerfordesktop-2.0.9-win32-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll

PID
236
CMD
"C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe" --silent --rerunningWithoutUAC
Path
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\temp\in5d7830f2\1dd7a390_stp\messengerfordesktop-2.0.9-win32-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\squirreltemp\update.exe

PID
3368
CMD
"C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC
Path
C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
Indicators
Parent process
messengerfordesktop-2.0.9-win32-setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\squirreltemp\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.comp46f2b404#\dccda7bb827d5eab8e31175f8fe70aef\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\0261f24b2fd53085823ea90b359d71ee\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll

PID
3416
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe" --squirrel-install 2.0.9
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\users\admin\appdata\local\temp\664d.tmp.node
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll

PID
2812
CMD
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe --createShortcut "Messenger for Desktop.exe"
Path
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
Indicators
No indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.comp46f2b404#\dccda7bb827d5eab8e31175f8fe70aef\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\0261f24b2fd53085823ea90b359d71ee\system.xml.linq.ni.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
676
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe" --processStart "Messenger for Desktop.exe"
Path
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll

PID
3788
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe"
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\users\admin\appdata\local\temp\9f4f.tmp.node
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll

PID
3944
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe" --type=renderer --no-sandbox --primordial-pipe-token=E114251EF164103FB178A8BF24ED7CD1 --lang=en-US --app-user-model-id=com.squirrel.messengerfordesktop.MessengerforDesktop --node-integration=true --background-color=#ffffff --hidden-page --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-channel-token=62EA646F5E111CBEA136CCEFED810ED2 --mojo-application-channel-token=E114251EF164103FB178A8BF24ED7CD1 --channel="3788.0.1096386581\287315212" --mojo-platform-channel-handle=1196 /prefetch:1
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
No indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll

PID
2288
CMD
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe --download https://updates.messengerfordesktop.com/update/stable/win32
Path
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
Indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
GitHub
Description
Update
Version
1.4.3.0
Modules
Image
c:\users\admin\appdata\local\messengerfordesktop\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.web\14da86a7ddbf09bd27b30061ff9a4f5e\system.web.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\webengine4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
3200
CMD
"C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe" --type=renderer --no-sandbox --primordial-pipe-token=60B03C80403ABB5CB8C6CA59ABB46D4F --lang=en-US --app-user-model-id=com.squirrel.messengerfordesktop.MessengerforDesktop --node-integration=false --preload="C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\resources\app.asar\scripts\renderer\preload\index.js" --guest-instance-id=1 --enable-blink-features --disable-blink-features --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-channel-token=2335D302941A291B4F67F62202C08C3D --mojo-application-channel-token=60B03C80403ABB5CB8C6CA59ABB46D4F --channel="3788.1.571769514\1202890715" --mojo-platform-channel-handle=1624 /prefetch:1
Path
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
Indicators
Parent process
Messenger for Desktop.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
MessengerForDesktop.com
Description
Messenger for Desktop
Version
2.0.9
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\messenger for desktop.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\node.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\messengerfordesktop\app-2.0.9\ffmpeg.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\users\admin\appdata\local\temp\b0b4.tmp.node
c:\users\admin\appdata\local\temp\48aa.tmp.node

Registry activity

Total events
1891
Read events
1790
Write events
101
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1752
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1752
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableFileTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
EnableConsoleTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
ConsoleTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
MaxFileSize
1048576
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
FileDirectory
%windir%\tracing
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableFileTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
EnableConsoleTracing
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
ConsoleTracingMask
4294901760
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
MaxFileSize
1048576
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
FileDirectory
%windir%\tracing
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CachePath
%APPDATA%\Microsoft\Internet Explorer\UserData
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CachePrefix
UserData
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CacheLimit
1000
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CacheOptions
8
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
CacheRepair
0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A190000000100000010000000FD960962AC6938E0D4B0769AA1A64E262000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
3368
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
EnableFileTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
EnableConsoleTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
FileTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
ConsoleTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
MaxFileSize
1048576
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
FileDirectory
%windir%\tracing
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
EnableFileTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
EnableConsoleTracing
0
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
FileTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
ConsoleTracingMask
4294901760
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
MaxFileSize
1048576
3368
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
FileDirectory
%windir%\tracing
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
DisplayIcon
C:\Users\admin\AppData\Local\messengerfordesktop\app.ico
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
DisplayName
Messenger for Desktop
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
DisplayVersion
2.0.9
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
InstallDate
20181108
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
InstallLocation
C:\Users\admin\AppData\Local\messengerfordesktop
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
Publisher
MessengerForDesktop.com
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
QuietUninstallString
"C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe" --uninstall -s
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
UninstallString
"C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe" --uninstall
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
URLUpdateInfo
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
EstimatedSize
55491
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
NoModify
1
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
NoRepair
1
3368
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\messengerfordesktop
Language
1033
2812
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
676
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
676
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3788
Messenger for Desktop.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2288
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
17
Suspicious files
89
Text files
101
Unknown types
7

Dropped files

PID
Process
Filename
Type
236
messengerfordesktop-2.0.9-win32-setup.exe
C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
executable
MD5: 68bc419569ea1884b1d6036a7ef5758b
SHA256: 4be178fc9376a2f0f5f24a1bcce876ad271f858428053dc6d6b9bea8e085749d
3200
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\B0B4.tmp.node
executable
MD5: 853099fc98f4544cd2d9573289091e4c
SHA256: 04270389d8bbafc0b2fa22a1d563f0e53e319848ba72995bac466ac06e0c0a8b
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\libGLESv2.dll
executable
MD5: 6a479f33ccfb633409f6bbd01cf4750d
SHA256: a65ee84c760bf70094ed60dbe6b01d3093630b2d65138b8797efe3ce61b5422c
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\d3dcompiler_47.dll
executable
MD5: c5b362bce86bb0ad3149c4540201331d
SHA256: efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\node.dll
executable
MD5: ad716c768c372dd621ebab8f3da72abe
SHA256: 8715e9da0d2f53c439642a3529ab89767b97449582546e14c5595270ccf9bb3f
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\ffmpeg.dll
executable
MD5: 4fa235a82959276fc30f396299a780d7
SHA256: 7dfc43383b18662be0a846b52e4a6d66ac2ae36f1aa2759e0947e18dc4c9d4f0
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\Update.exe
executable
MD5: 68bc419569ea1884b1d6036a7ef5758b
SHA256: 4be178fc9376a2f0f5f24a1bcce876ad271f858428053dc6d6b9bea8e085749d
3200
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\48AA.tmp.node
executable
MD5: 853099fc98f4544cd2d9573289091e4c
SHA256: 04270389d8bbafc0b2fa22a1d563f0e53e319848ba72995bac466ac06e0c0a8b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\D82812087827351.dat
executable
MD5: 2016a32d70297f6640d77ae531b8f5b8
SHA256: 7fc832633231d7f7206d90beb1a635e370ef887603c3ca63b0a97cc7054bca3e
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\xinput1_3.dll
executable
MD5: 77f595dee5ffacea72b135b1fce1312e
SHA256: 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
3416
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\664D.tmp.node
executable
MD5: 853099fc98f4544cd2d9573289091e4c
SHA256: 04270389d8bbafc0b2fa22a1d563f0e53e319848ba72995bac466ac06e0c0a8b
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\9F4F.tmp.node
executable
MD5: 853099fc98f4544cd2d9573289091e4c
SHA256: 04270389d8bbafc0b2fa22a1d563f0e53e319848ba72995bac466ac06e0c0a8b
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\libEGL.dll
executable
MD5: fd05f6e289f2065645bb094c4f99ba1b
SHA256: 575dfc72512f4e30ff5dd130287ce55aa3e497ba4bf2c5ee64d78e92cc006a0e
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Preferences
text
MD5: dd7ca835d38bf6037225118e7a88dbc8
SHA256: 3660c729f46cd71a9572d851f24c34dc322a89788cea4803495bd6831fdc64e4
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\CAC6.tmp
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000c
compressed
MD5: 458bd5e27679dc813ccead3aff20217a
SHA256: 2892d9626f66f01964755ea5a2c44eef336077a65433c864d1e6d01626a5d69a
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000b
text
MD5: f89864991a1e604738cc4c53b0da34eb
SHA256: 71ed708d829bdd6d07ce17d7ff7fb7c0e0e47293508e2e512f72c6360d54d9df
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000a
text
MD5: 507b695a9a5cf038231bd1eba1a87b66
SHA256: 37200e09c54db4426af4268443d28fd4d3c407671c726e7c7f57861b019c5607
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000009
text
MD5: f34b9ead6d5b4d947d7024f390f1ca52
SHA256: a72210bfcb19e6df39b59056db4344525df3f26415777e0fbbabe37036c8e4f6
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000008
compressed
MD5: 12c6f60d568a59ba1ed161d2712b5a66
SHA256: 36bec66e04e75d7912541d71a685341eb179206664991900b859c8a9660df7bb
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000007
compressed
MD5: c2fe91d64d94b35b4a2e6350d6b4a4fd
SHA256: f34393abecde90245d8e18eb6c1b1504aa97dea71f10d2ae0c53e2b3a913fbba
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000006
compressed
MD5: 372480de22427386dd53e7668504a5fb
SHA256: f743d59d696de482118e96be08137cc0f2fc546d7e507a0a7ec2ecacff89cf06
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000005
compressed
MD5: cbf96c8646a97ec14933de2fae88a363
SHA256: 459627016daa71297a1aa417841ea7bc4d75a8db8cf0e2a3522619305bee5aba
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000004
image
MD5: be6900b737782872b7660c7a457a6b61
SHA256: 0b666d56cbed3c48f41e0f56703a3bf8b140a931363f77f607fdf02ef92abb86
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000003
text
MD5: 45327dd8dafddd4aa96ac5b2a6b7e4dc
SHA256: 63f6f45b7b1845de6ae068173576301489ddb17394a571b44bec258188a9c4f0
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000002
text
MD5: 5bfbef71690d5b0255918bef4bb1cb83
SHA256: 152ef7bcbd3f6e0e19f8b1682d70e173aa7700ffad16a0d8e413b8b28bf1775f
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000001
text
MD5: 27275e2ac9c9d2559e2aa674de909b55
SHA256: f963290d382007f109b3b711516d4017a348da25ffa37a31d0ed950076a7e145
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000015
binary
MD5: 2ed956ea8260124fc667a82c538bd2b8
SHA256: 0e640a665933d663944cf62939b81d8d011432497a76abea7e844d62cb4ea861
2288
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\SquirrelSetup.log
text
MD5: 3ba826431e102ae2b64cf210a83a4dfc
SHA256: c4476de6c0221205d4e9022831ed89054424eca38538e71e83a81ccff11f080c
2288
Update.exe
C:\Users\admin\AppData\Local\Temp\.squirrel-lock-3B8C033B52E1CF7E4020417A87DB272846667E0F
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\etilqs_duYRkJ0S19q5tL1
––
MD5:  ––
SHA256:  ––
2288
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\packages\.betaId
text
MD5: cea94f82ee9c7756146188399f08316c
SHA256: 012bf66d6eee75c00ece433f2e515ee7492049d24005aa814b71d94d7503fffb
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\A57A.tmp.ico
image
MD5: a6035523bbb7b204b9690b624bce19a2
SHA256: 0b80d6af5e3e8a20823824ded9c7a07dc8608e269e7e2aa99b5ab6f898ac6c72
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000014
binary
MD5: 04369acdea5a282f60448e0d3f6e8d8d
SHA256: 39a9a5c97db23b5088dc10a7ddc2c66c1233b8fdb6c222608950acd989571892
676
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\SquirrelSetup.log
text
MD5: 60cced898fab5f1ddb30910f3664ec0c
SHA256: ea788cc73b6b534536940d4c4d5ffc4e4be980cd426cc1926b540ae4056611c8
3368
Update.exe
C:\Users\admin\AppData\Local\SquirrelTemp\SquirrelSetup.log
text
MD5: 2ac90ef73223e992c0708a00e01fff51
SHA256: 9449171d39453c77fa81b3f6996a4070197ce9d7d65e6afb6b8539b98c3f0f16
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app.ico
image
MD5: c45b283eb32e55a99b6cf41b853d3bfb
SHA256: 2dab1c14e30a6b47e9a75af8c1f47c8800b638a7606cfbe86929639368268a0a
3368
Update.exe
C:\Users\admin\AppData\Local\Temp\.squirrel-lock-3B8C033B52E1CF7E4020417A87DB272846667E0F
––
MD5:  ––
SHA256:  ––
3368
Update.exe
C:\Users\admin\AppData\Local\Temp\33bb53c4-7895-4201-b34a-6c46eeaadf73.png
––
MD5:  ––
SHA256:  ––
2812
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\SquirrelSetup.log
text
MD5: 9059dad838f18d44ad524aa546b180c4
SHA256: 8063ad9084178060367901973779ae50a525f253ce46bd1580d557c40e4bb7b1
2812
Update.exe
C:\Users\admin\Desktop\Messenger for Desktop.lnk
lnk
MD5: f07ba640235177b3c56345372c3a0df3
SHA256: e8ca64204c2df7383e88f121a0e7a179d8b6163a8bd9ee267d5bbc5803ed0804
2812
Update.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerForDesktop.com\Messenger for Desktop.lnk
lnk
MD5: 1d21dd8e0fd9fa9db3ff6817d3d11cb2
SHA256: 64de08ba6a733563fa08c20de6d84a755cbce67e0686293acf8a8fa65acaab84
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\005F66DA.log
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000013
binary
MD5: ad95e487eaae53fb1e0870dc598bf4e5
SHA256: 32d2ad53ff2337aa28cb53e372cecf50a8b296b7d0a1741b6b5bace3a920d218
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\packages\RELEASES
text
MD5: 0a2fc6d42bcc7443949a8c68d729c607
SHA256: 6b4639d8982c43f6076b7501a15f6670a922b0f11533df0baed359659bd44ddb
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\packages\SquirrelTemp\tempa
––
MD5:  ––
SHA256:  ––
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\Messenger for Desktop.exe
––
MD5:  ––
SHA256:  ––
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\resources\app.asar
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000012
binary
MD5: 45049ad35ee8bebd5843208e617b30b4
SHA256: 58dfae17f886181127aa00f0ef5431f5d7f9a5ad2c18ebe5baafa2eb59f265f3
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\resources\electron.asar
asar
MD5: 360e7ea118f6328e5b848aa38d4be36d
SHA256: 62a1a3ff912a627537915a89ce6b8e9b184b69fea86912e8e751952a481abc54
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\icudtl.dat
––
MD5:  ––
SHA256:  ––
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\zh-TW.pak
binary
MD5: c444721bc6e4fb6013f6f7fc0c607150
SHA256: b7fd1be4ea9912e857f40e47d198fd49a05d440d906c342de6d3853e024ac1f3
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\zh-CN.pak
binary
MD5: 76c25457ccebd6760b47a610714032f9
SHA256: 0c2bf81d8a40f27cd76c301b0ce839c707d8dcbc456290b7837e19c7b526678d
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\vi.pak
binary
MD5: db06b5ca998e4cf1aed6e0ad95ad3d8b
SHA256: 51fc407678e9a7fae3f4fb3143aaf8d0b414d7268c0585e2d68d126169122664
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\uk.pak
binary
MD5: c5779f5fb49a0c916dab3301b33c865e
SHA256: 4d063804e639bd1f04a8840e68d4c796ba72d0f6cb35307644ff6d2763bc6e93
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\th.pak
binary
MD5: dab9a669726b3f9dff1261c711688c4a
SHA256: 929cfacbb1073e960b10f3f2010fe8380880788aeba6d512c5ec4c82495d2a75
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\tr.pak
binary
MD5: a0547a06a9e5c595af62823eed9ad634
SHA256: 4d494e55999dcd284b2d0bf4186ac084d53f30441dd2176c2bf7f587ec779d4f
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sw.pak
binary
MD5: a086394e82a88536c356de4967df7de7
SHA256: 0d7cf206d60488c869f191beddc0dbf391f85a9f33e923d409ad85e008fe7749
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ta.pak
binary
MD5: cdfc7c988c4fcf751e743ce1a069fda2
SHA256: 8fdf72ef287329732449bb0f047e5bc3079854fde172bac6fedc0f4b32c59d41
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\te.pak
binary
MD5: 047d1bb8de9b59670b4a384cc843e372
SHA256: dd2e0a47c932e1f930e5768f6c8aa815f4205acee685a20925a3a65f2368c298
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sv.pak
binary
MD5: 8ab06346d1349aefa484625c8a4eb94c
SHA256: 06c6a553246e6657c306025f4a847da9826261726ae41321beeb9048441030c4
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sl.pak
binary
MD5: da50ea793666a2cd6af46ebe2acd32e4
SHA256: 3e6776f718e634efb51af719075a713a7f164c92dae5f73389e68541de481b4b
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sr.pak
binary
MD5: 77ff6fc8d6310f2a439c403da2688f22
SHA256: 406790a376d9f0557b68ffba361e05de05f0f75ff25b9910fb5909b6348ad252
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ro.pak
binary
MD5: 0e5db7d78b08db9d221f165e216c0898
SHA256: 2ae10a7694fad3834a4a16e24747b0336839de5c08701f193d7557e180f6c603
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ru.pak
binary
MD5: 04a99203ada8855ec046ce4ab7a82825
SHA256: e7ce8d8ac618875b2a8ef1f79fbe74da59a4308104598663210e41fcb2ce2346
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\pl.pak
binary
MD5: 559b8cd33e443ca97856290de465efc1
SHA256: 80e0a6807f3bec7b68d8185bc24e588824322f32810d0aa3e3bcbc1b9b20745a
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\pt-PT.pak
binary
MD5: 23bdbc6780cce89c48f11443e86a24e6
SHA256: 1bb987bd07cc7485ff439944833886a95b5a8c555b837fdac6d67cf3ff84c897
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\pt-BR.pak
binary
MD5: 7caeb69247fe613001bdc1346976a3e2
SHA256: bde92f89755b0bc59132070801a0d6db98b0343ba38bf2b588b893cbea3f16be
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\sk.pak
binary
MD5: 17d9cfe01354cc742f65df5659fcebb5
SHA256: 6bc0725e48ccd7b171e6a094cf6af04d44cf2f93bade867670008417f9f34a43
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\nl.pak
binary
MD5: d22b5abb9ed14b941e91f29aa4988f8c
SHA256: c06dd7deacc46b79121a000bda11806fc24bce29e5a72c91c8f6a73cad2fd51e
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\nb.pak
binary
MD5: b9ea5cf4ce1ea904b18a1f41c5a465a5
SHA256: 5f9146e0288043c742a5ad295b25426dfa11bd6732b29710b41d27986acb68bd
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ms.pak
binary
MD5: 13a7d5ef36889b4d4141946cd8865b92
SHA256: e4fdf2f2bdd6589fba17d7eee9e423c4f9031bb0b0f03f14cb27d323082244aa
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\mr.pak
binary
MD5: ba1b61eb6237f5cd59f4563803825418
SHA256: 5ab1218690f123eb0c90ec8d34d2e7c00bfafda7e60203f9bbdf8c02052772a0
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ml.pak
binary
MD5: f3625db33b0bf21e98d243aafb0572b9
SHA256: 0a59a6cbd17a9ca44bbad9f8d1d3d9a49e071ee34ac1defbce2b243230fa424f
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\lv.pak
binary
MD5: 125f1b089637c7bfd8e06f8935a1a5aa
SHA256: b81dcd048ddd8f5a5f93525af933f5c39279a76a7a54f9075616822f788ccbcd
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ja.pak
binary
MD5: 4706765afacc360fcba58fb710911ccd
SHA256: 8b87f71c2100af9c6ba93d9f08173418e67239783bb68baaf1c1d58527ce66a8
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\kn.pak
binary
MD5: 1a892d4dce28971aee182f90a33e2969
SHA256: 0b9d202a6a61d5c2312474d09b0591483c8d848334ad5113caef2297e00a698b
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ko.pak
binary
MD5: f377be49dcaeb4f0b989f4f2f48568f0
SHA256: cfb564547123d080d51f3a5dbe39493ceb55950905e1bc0d73f37c2772cbed84
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\lt.pak
binary
MD5: 34b800c308821def06f5b011dda8ec15
SHA256: 4cc2992eee7f15b0beb382bdd5dd2bde71cc8c0630e35d880f80bba9f120dc26
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\id.pak
binary
MD5: 05e50433111c42cfc698a00b362b777c
SHA256: 652d2dd919538323c9695bcff65e4775f48c9153c5bd059d1da48a8fd5b6b8c5
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\hr.pak
binary
MD5: 93ceabaeb43d6b4323c65358b49cdebc
SHA256: e6952d54e6bf06832e0f798ec5f22c617e1f9d6b15e3d8226199402db93cdfac
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\hu.pak
binary
MD5: 24dc4298280614a5770f328063659c03
SHA256: 7ddb0bb21ab502d9c0502685ad2c4e71103fb903ae78f235e316b95d2f4e85e2
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\it.pak
binary
MD5: 5fd9eeb32e91641c02d7ed17866c1fae
SHA256: becd5b00aae81d55fe1ccd51ab4737550958b71e12883dcd11b338ad7a244cc5
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\he.pak
binary
MD5: db4be9b6683d2a700bf69aabd2e9f506
SHA256: 01149c4e52effa2c15b2cae06294e88732d46d041c164d305cb06251857f0668
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\hi.pak
binary
MD5: 5fb69ca5b621cbc296dac0c9453394da
SHA256: 999d3d01fc47f5eb328f138b8f9ee63767cb3b12f8f7e6c41d8d997106d226b0
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\gu.pak
binary
MD5: af139a456c16712829e32eed2585a5c9
SHA256: d59a4a6db1ea282499be453b5ae5f6b391c04de3401f45f7e55b045e1be58dc7
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fr.pak
binary
MD5: 802edf44b36c7d8d1ef2196a203904d0
SHA256: c3538713e7b1bbad5ba3077f28bea5188468204f26e4d9b1b79a4fcb696cf922
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fil.pak
binary
MD5: 0a0dfbb4ed228963b6fc354d50fe2aee
SHA256: 586bd772b08ba10b3eb64748a2b991030650159535cfec4526c7d26f644c249c
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fi.pak
binary
MD5: 62bda7a0303a921bc32e5ce4fb0e5e64
SHA256: 5329f19477fa16bc0f9573445a42c170c3ad9442b695988ed39a2be86d42e56e
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fake-bidi.pak
binary
MD5: 052985ee7e4d0b7cb80dd331f1ded1a0
SHA256: f13df81df832220b371ab0febd79f283362424fd233728826eaab6aec1721ae1
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\fa.pak
binary
MD5: e130add0576163e11a913eabd24bf1e0
SHA256: 9d3a8b33f782e84e8e86590c369ecd33ba9c70247bb8c467e88b21173353d940
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\et.pak
binary
MD5: b7b32730cad77306467755dcd54eaa4f
SHA256: e944950ec88ed56c6bcdf18606ea04ab1cd2b797524bbe76689ade42f1aff40a
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\es-419.pak
binary
MD5: 95d7f985248f69321ac5cd35d3570368
SHA256: db0f907fe6ec0e042258cfce84ea520ef71950e6361a74ba7bb0cfdfb90448cc
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\es.pak
binary
MD5: e395a9ad17dba8c88036e1db9e046584
SHA256: 7cd31efe05e8c62b42f67bc5aeb58b54b30f293768b3e4808997d48f734a6cf6
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\en-US.pak
binary
MD5: b591250d8394daa523ec24b83bd43ca3
SHA256: 6f74af607a77ef220421888adc1edec46a60acc759480efa7adc3496d6b08bcf
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\en-GB.pak
binary
MD5: 6099ea0cd57f751b3eab62c48212d3f5
SHA256: 56176fb7a919b96b21e76b41c8fd2569f337bb4906b318b618661d1705430ced
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\el.pak
binary
MD5: 52e1a8eea9846394bfc41a8de09c35d8
SHA256: 7e5a3a9b0e3278d522dd267b19cbeaefcc534652ea7b689b70b9435e5d40dccc
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\de.pak
binary
MD5: b3053b50b253bf6ca9a43592de2dcb89
SHA256: b12b256ea00e91e40126bf024d3eded76b82c9c19e8473ac6168525e7eb9ed7e
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\da.pak
binary
MD5: 8fa0c9047ca3406a59c5a3b9b7bf78e8
SHA256: 04dd0ea2cd35e5ae64d498db1cabfbc341472c783aeaeb028509440c29afecae
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\cs.pak
binary
MD5: 9003d034ae5be529d4d5ca84a9b3bace
SHA256: 7f79a439209ba631f1080d224cfc349de40501ce28082934cdffd0e41878e3ec
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ca.pak
binary
MD5: 5e3ac0bfe61e04d1ab2693d77bcb6dfb
SHA256: 15344925ffb24cf9a07a2362bb5a55c4b4c1db5f35c2a3b98aa37bdd44f025ad
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\am.pak
binary
MD5: 903fa864e605934a381dda737500dba1
SHA256: 9549e54ac2614ca6b1546098dd8484bf2ce285db497b0fa7ff209d66caf3afef
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\bn.pak
binary
MD5: f94b7bbd5d5f071c02ce9dd43beb6880
SHA256: b1937eca1a17f22e7c5fa3d7900158cf99b5b0d9828fae7368e9c2c26b1eeda2
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\ar.pak
binary
MD5: 6b4d85970d35927e08a203d47db2133d
SHA256: ed984b1ef95e2b9ea82ae295d6e7d5483b0dbb84934b8613e43bc693e55bf3d3
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\locales\bg.pak
binary
MD5: cb94bfa92824660f15b3b91e032bdde4
SHA256: 3f504878b55c151b348cb8cc243d702bab69328adb2a364889742c33e830bf77
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000011
binary
MD5: 889035881f115c766c9f77b76ff6e7ce
SHA256: 490dd9e881b62d8f602cb9d3114be3d5ca6b4eec8dd229bd08c3834e61fc1918
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\views_resources_200_percent.pak
binary
MD5: 33bfef730b188ba8e055bffbce21e3bd
SHA256: 1fdfb1282c34ad7e4752a8fbbf096a3b5c8e25dbc8e15c27ff9dfd3588b989a3
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\ui_resources_200_percent.pak
binary
MD5: 7a662d039d00e1f17778700fe84d6033
SHA256: d6130c8ffad8e50588aa8d67ad6b17e6bd5c302b96b127918447f3467823979e
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\snapshot_blob.bin
html
MD5: 7260e47f596db48bdf694d436cc11e09
SHA256: 6af2e0e76ca859b73eb0c83c9fa36c615005139090ffba0b627fa0d8ef22e176
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\content_shell.pak
––
MD5:  ––
SHA256:  ––
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\natives_blob.bin
binary
MD5: 16a819fdcc843cddfaa0f1d4c7d143bd
SHA256: 35d85320e2908240da1dc8a577da3aad702936999336a3dcc0576b00c13e9756
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000010
binary
MD5: 9ed99c8665de2dee34dd8365d9c1bd40
SHA256: 186fbce9f00221acf4618ad4a8abf5db5c74f045a2d2ce7b356d3f5652b0a392
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\LICENSE
text
MD5: 22feab8f9d493bb225dff1f8b7882c18
SHA256: 7bb06e74cf96489449a46938a8fddabf76c4adf181d8de697cfb1db5236eef9d
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000f
binary
MD5: 7d66fcf8bad7a925a3f97f521404e010
SHA256: 14b7e218457cc331c025ef96dbb85ba53ba0931354a9b8ff75973ac9281159fb
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000e
binary
MD5: 8839f6e5d61ade93e458601e8e339f93
SHA256: fcf794a8788fc81bbdbecb82caddc75981744910653159793142f6a64912f13c
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_00000d
binary
MD5: 46e003365983255fcff13fa81f5c842c
SHA256: 0a553a9d5915e1aed575e152ed317ca3814511dedb458bf5a99102abaa5f2fc3
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\blink_image_resources_200_percent.pak
binary
MD5: 2a8646401e34a9ad258b09cff76d498c
SHA256: 38f5acd24b037f39d17a8f3c6c935cd709a2cd84e9e8dd175c04bd1d2dd24407
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\app-2.0.9\content_resources_200_percent.pak
binary
MD5: 7c321056f805aabd5a503821fa1994cd
SHA256: 261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a
3368
Update.exe
C:\Users\admin\AppData\Local\messengerfordesktop\packages\messengerfordesktop-2.0.9-full.nupkg
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Local\Temp\etilqs_doCvgeK9pB5tPeJ
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\005DC2BF.log
––
MD5:  ––
SHA256:  ––
236
messengerfordesktop-2.0.9-win32-setup.exe
C:\Users\admin\AppData\Local\SquirrelTemp\RELEASES
text
MD5: 0a2fc6d42bcc7443949a8c68d729c607
SHA256: 6b4639d8982c43f6076b7501a15f6670a922b0f11533df0baed359659bd44ddb
236
messengerfordesktop-2.0.9-win32-setup.exe
C:\Users\admin\AppData\Local\SquirrelTemp\messengerfordesktop-2.0.9-full.nupkg
––
MD5:  ––
SHA256:  ––
236
messengerfordesktop-2.0.9-win32-setup.exe
C:\Users\admin\AppData\Local\SquirrelTemp\background.gif
image
MD5: 4c7cb402a91c23dfe58d3aa7879d0cbb
SHA256: cde7b4a65cfe14016b1a3b3ca9ac34f4bc720808dbe86bb43fcc05eba31e4b1e
1280
cmd.exe
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp\messengerfordesktop-2.0.9-win32-setup.exe
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\D82812087827352.dat
––
MD5:  ––
SHA256:  ––
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\prefs.json
text
MD5: 201739db13d74559f762b6bdf7d690f1
SHA256: 20246e0d192e06396f663f78606b6a1e2a85df94e3af54d8ba9c02acd44d4d29
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\005F2A9C.log
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\isf_6145742.flat
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\005EE68E.log
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp.dat.part
binary
MD5: 998215dd863223206a62dfcf004babbd
SHA256: 976e28d895200827e99fbc77dcd279801535ae8c43e31b246334b5bf04f39e0a
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp.dat
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\in5D7830F2\1DD7A390_stp.dat.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\down[1].png
image
MD5: d10983c9c22859c64f208896db7d7543
SHA256: 349ea5cedfeac68559b62e56e258f0ea373b3d9ea71c3376b32cab983afc623f
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\up[1].png
image
MD5: bf2efe7d6e409dd3536119bc5287fe13
SHA256: 8f72570f752fe0f2e08569250de51220637b75fa5eb2708405dc7bb63b0bea9e
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\errorIcon[1].png
image
MD5: 011bb9b7eac7571ee8adb3cf27157c80
SHA256: 14d863edb4349caf03ea26731766a75c5df1be816d20def47d5b0bddaff749e3
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\pixel_transparent[1].gif
image
MD5: d31b57c2995afcb461e6e4bd234179fd
SHA256: 47687b5fa9e3d7ddf43a9184f60898cef093becf38d103cd6c122b8d2ab01439
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\tabMenuTarget[1].png
image
MD5: 568efcdd7be345c1a3724054e09ed29b
SHA256: a36860409a2ee343b6f71550cfe8d3342fb9858a541ea0e747c02106c8dc3017
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\detach[1].png
image
MD5: 56d7349cf76eadfeb73e3662eff42b60
SHA256: 70d4371388e0954b6c046c1edb78bc27ad553e9bb2b93bd98696f43804d66f8c
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\min[1].png
image
MD5: 467c32b8e9e090f29693dbbd73bed35c
SHA256: 1aca27e441544911f003e9db394dc1547cd31f2c66cc39b6aec840278f155b87
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\sprite[1].png
image
MD5: bae4c74485dede3bef4e2218b07f47ba
SHA256: 48b9a62a65e20412baaff8019d437ddfaee01873a1e8d9b54b90aa834b50943f
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\off[1].png
image
MD5: ab03f759b5ac95ca7c73bec47247f20f
SHA256: cace21a8714e10e748c7cfbfe68ad7eca71da806c2bb825427bf611a43917bde
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 3b4440bc9b986be79d2e53c6ac840944
SHA256: a77565d7f1292d3249f4d678d4cc45aa2d540d59b0cd47e357971ca13a43d068
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD5AC.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD5AB.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD56B.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD56A.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 2af3e4b57a8b637fcee8cb7485986fa3
SHA256: 10632f5e8df34d4641f11aa0ad917a629bf75f7c0eaa77506c5a27919e7b12aa
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD51B.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD51A.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD42E.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD42D.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD42F.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD42C.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD41B.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD40A.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD40B.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
binary
MD5: da6c793fb0533af0139a6d76c9956547
SHA256: bcec4bffd8ee03e0fdf1c1577ef4635ac08db1f94cf07b0c406a6b3a171e9e1d
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD409.tmp
compressed
MD5: 767760b1b3b838b2de0599d0e76d1c76
SHA256: c0f37380971fb93ecb0cfa3c2bd6d91cc77f254f0a6ca41edeff47fda0e409cc
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD3F6.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 6871db53da43c7ee7b8f5eac82b6702d
SHA256: 429577f6c1e4f9ac895e345b68b2885a390a8e7559fd2ec3d5cc5894372599e9
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\TarD3F8.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD3F7.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\CabD3F5.tmp
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
dat
MD5: fff6570e7b088c12a5fa6f260c013944
SHA256: 12d037543628bd90a8b42f7a8b9665fb2dd5cf6b4ed8d286e108698e2571018e
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\19YW4M7B\localStorage[1].xml
text
MD5: 04c478c6a24651d851c18fddbc87853b
SHA256: 5ae26ac726fd5b74fe71e4593a7517ec2797ca330ae54c9174cb99a7299eef49
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\LH01KXQD\localStorage[1].xml
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\firebug-lite[1].js
text
MD5: e195729d7e4313022f72442f2d663ee9
SHA256: 34ddefad2deae55030fe64c095bc7b7c0a03bc74c27de7ed3ce0d796a05bdee4
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Program Files\005DC9E3.log
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\bootstrap_39017.html
html
MD5: 1ea9e5b417811379e874ad4870d5c51a
SHA256: f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\005DC5BC.log
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\005DC5AD.log
––
MD5:  ––
SHA256:  ––
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\SV.locale
html
MD5: 50ae509201139cce5a1bca88ed1c54e1
SHA256: 3a451ec0d7423c7fd1421763fd75c2be7d394dcc4e366823bbd9bda45d51743d
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\PT.locale
html
MD5: 218ec981ae6f1d3e5c506ea097bead05
SHA256: 520bf5488494c21f2d31bf5b38d2588a35e721f6a55c661580043fdc0c88707a
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\TR.locale
html
MD5: 7bc0f039532f35e9b1c823c009946c17
SHA256: 0ff1c25a49249515b00da9f84cbe35a3bc7db6dd0a732f5fe262eaf924cb275f
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\RU.locale
html
MD5: f411162d63070489bb6ba656a1fee3a3
SHA256: a74084601d8f08f8313ea5383cc652308e30462898beb8ff2fafe40200424e4c
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\PL.locale
html
MD5: 045360401fad22e4a1bea3d30d60f77d
SHA256: 0422cd979dfefa6c79d3914e6ad8d23ddf6fbc8882a998f85088469f8cc41449
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\ZH.locale
html
MD5: d86f9b3de06f5821261064aaba4ad252
SHA256: dc79a6db0aeaf428e4d426c6a2d33225e7d14513757d833194022cb4a084b775
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\NL.locale
html
MD5: 2e3a369f90436856ad01da7bcf7bd4b8
SHA256: 532b55937c35653e6bee363aeaac6007c903677e8766a5767100d7da404996e6
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\ID.locale
html
MD5: a5e5d3d56888a2c8e5fa56c3868a6123
SHA256: e0c4a823b9507036702790658022e5ae408bcd7bd3c70b404b75d5b3ad2c104a
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\JA.locale
html
MD5: fe3fb8533e0690e3087b47e2930b7c7f
SHA256: ff3f174419dc81f55052cdaaf124aa1b6d45c154837cd100ebfe9c6347d72519
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\KO.locale
html
MD5: 0dd124fefb9d6a1f718e9e2a2cbcf496
SHA256: ee562e237fc3fc0f72604b856af5ecdf8ada3cff42ac3ea7e92fcea116406c66
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\IT.locale
html
MD5: b933ee6c3e330398f4c890f2b809c917
SHA256: f391cf54c8b4dc520a2cec79301bb29ef2dc3adb23a299a359bd042d7f1bf3cf
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\NO.locale
html
MD5: fc4148bb5d25ff06fc4c832a195a5135
SHA256: 3755b360a21aa1134746a5c5e769fbd94027a484cdbce5daf63bf3609398a7a7
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\FI.locale
html
MD5: 9d9d6f42d5d823ca1c31fc3dc3eaca82
SHA256: 7ea54e47f5e9af106b81256a4f14a828768fc12125da87735839a816e60b9170
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\DE.locale
html
MD5: 8cccb83f181b4a768fb643c1cee3b361
SHA256: b6c41924789acd63d118ef2049dc91010d2067f5fdb29bf9ea088d8e9b35555a
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\EN.locale
html
MD5: 84c99653387c36705ee898f23116ec06
SHA256: 06764bbe3a62269defbe9c5bf0b90212fb1c4b18a8c8ff4d034e8a16a1454b3b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\EL.locale
html
MD5: 9f5bd1973548ee1850236e82abcb9fa7
SHA256: f2ed44d246c71dc91c07f7e236216b8dde3d5b28ab66a9d51f39f705ac07e2df
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\FR.locale
html
MD5: 085f1af5af20f4245bdb961935c9e327
SHA256: 24b0bb804c813cf80a4b620b1dd31291c0a2a2f87fa9f58ffe551fd6f249d071
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\ES.locale
html
MD5: 29b471753a1600bf00d6ea236ff887e1
SHA256: 69e530f2b383cbd1e0720206fc0931fab089bf137a44ed959479a2f37e790c90
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\CS.locale
html
MD5: 936935abe5a9b601563ef1b13231837a
SHA256: d934da7ba904506207806099c2de1b1421fe5654c067665f0f0256e6a57c6627
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\libs\localAssests\icc\icc_v5_8.cis
binary
MD5: d3275dae3b2da9508907b2e97cd72712
SHA256: 9ae11521ced6ba7905386fbbc151c039eb056140d57413103ec0d164e94b9d03
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\sponsored.png
image
MD5: e3758d529f93fee4807f5ea95fbc1a6c
SHA256: 8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\locale\DA.locale
html
MD5: 32d22d1add58513bbdf7564acdb3270e
SHA256: bb6db9c0ae58701ed6ff751d7815c849898aba7c35263ed879a4a437bd4197e8
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\libs\localAssests\icut\icut_v2_2.cis
binary
MD5: 6eea368901ea5a93df886508c3fdfb6d
SHA256: 6e7d76f573135648243b15da732272e8e6f0c8948834ec88ac9f9f13045cae8e
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Progress.png
image
MD5: 10426821937edfc2dc331992433fa6bd
SHA256: 8be786fd74e62e994057f3ed91b0ded53183d5a223f850fe91189bd46fe7e813
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Quick_Specs.png
image
MD5: 07cd59b954e8495ad6cd6a7c11d2de86
SHA256: 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Resume_Button.png
image
MD5: 9d31583bcfad58a6b9ddeaf44549a5e6
SHA256: e466a2db2f755d9eb68619439af37ff4e45559b7a3f476e226ab2a11aeadae1a
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Pause_Button.png
image
MD5: 84b37cb510f50c8fea812eb308d3f03f
SHA256: 7bf800336671204de36b7d1f6ceffdff830040f51d21bc44f220f68d72cf492b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\ProgressBar.png
image
MD5: 7630f7d3afecf93dbfdfc4b094878f52
SHA256: 902c4506d7557b5385c3ee22daaea459f5f61159cadf68c8da3f77fbedf31e1f
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Icon_Generic.png
image
MD5: a35aeb077ffa7ffb4382c639743d29cc
SHA256: dccfb478e6097086d886b5a01d120bf511b381982b0975e0c65eab3846e4234d
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Grey_Button.png
image
MD5: 32ba03a3867ccc476cfcb785fd97c395
SHA256: 5c29ffa3885d6668503fed949dc49e289da302465b4dbb54940fa89a12f9a639
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Grey_Button_Hover.png
image
MD5: 26baa731e2b4725e95e9283b7529daa7
SHA256: a30ca4cf20a8ab3c13d5aedf6470ac2a33ba73239c8705f5869d4b6d934ae9cd
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Color_Button_Hover.png
image
MD5: 26baa731e2b4725e95e9283b7529daa7
SHA256: a30ca4cf20a8ab3c13d5aedf6470ac2a33ba73239c8705f5869d4b6d934ae9cd
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Loader.gif
image
MD5: afc685139a108e33bd945d5a3ff64122
SHA256: 4d70f45a9c69d8ce2e630214c1b2871454d631ccf9d88976470170d0e106acbc
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\BG_M.png
image
MD5: 569d4213acfdb366345fd311a39dfd36
SHA256: b86e7a430c9cf914f107f597a66d940524337854b1a7131762f7ac65d15eea2b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\BG.png
image
MD5: 4b4fdad44a9e7559d241229d902b2c76
SHA256: 0212aa2956baeae0be72dbf804e9cb0669281ab27472d71256d44a7dc08d8bf1
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Close_Hover.png
image
MD5: 7c3999c511e1704b43f7fc8b1c1b7da1
SHA256: bf197094091d37d8b1813bc203e846499a961c2c30899eb3fc0c951ae7dfec07
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Close.png
image
MD5: 7c3999c511e1704b43f7fc8b1c1b7da1
SHA256: bf197094091d37d8b1813bc203e846499a961c2c30899eb3fc0c951ae7dfec07
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\images\Color_Button.png
image
MD5: 32ba03a3867ccc476cfcb785fd97c395
SHA256: 5c29ffa3885d6668503fed949dc49e289da302465b4dbb54940fa89a12f9a639
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\_browse.scss
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\_checkbox.scss
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\_button.scss
text
MD5: cfe3a6bdd0517296eb8217d40a7acb4f
SHA256: 2ee3a84389a7073946f77e3a5c3780caa17e1656e65a953dc0d8b91b89209060
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\sdk-ui\_progress-bar.scss
text
MD5: 0dce8b2d152948a7c134bfb98cb09522
SHA256: 2d92f324b5e52b412057b5a7cc428665ee5205d07022c681e99b631d20a5137e
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_width-height.scss
text
MD5: dd8af246e3a767aeb684a8272fc7c2c9
SHA256: 86d060bfd279cf4e9cbbaa9a3f444da99339f247af0c9d9e85b109a31474bdd9
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_visibility.scss
text
MD5: 02061aea75eac76fff1d2a8e9607d64c
SHA256: f32292cf3212f83814c985aa82f0f8a0e8dada0aee81cd7401aa3aac08e45bc0
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_z-index.scss
text
MD5: 76a55c9ab774e449c10487624ac3f45e
SHA256: 176c81a57205a8496a0a472bdead1de1350beb5fc03ea339703c65d2a29a0b93
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_typography.scss
text
MD5: 0d6e99087615172921e0383b0bce87d2
SHA256: a94bd2fb6595faea527116d8d8ee090ff74e89216ef3c9260f5f0b5bfa330e0e
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_padding.scss
text
MD5: 839ce4bba9e717524487b58757ea63da
SHA256: 54c64f48133908b48ed7c739a95b9edca865b3a89bdaa34d29973652c3648ede
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_margin.scss
text
MD5: e83d43d06045e990e910e494aebae8ae
SHA256: 15484f9e0794f7526e5671615bcdbb436dc7f53012387821d2163ce59fa5e84b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_lists.scss
text
MD5: bda575f11636073d71b86b89c94c6e42
SHA256: b15b8db0368e31991fbe43c121409484562e20fb9599b5b3828e3093217de163
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_positions.scss
text
MD5: d70ee316e26374f839174916490e937e
SHA256: 3affbaeb6f57451faf94ca9cbcab2504ef75df0e8570aa7be99dd52c9cecb8e7
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_colors.scss
text
MD5: 2da278fbb61e370e0cc9f548e8154e1c
SHA256: 857a73fc1da7cf54525048aa60ec9e2f07328ee1d718a66e3b17186170bb5b5b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_clearfix.scss
text
MD5: add166bc071472dc105f4734d2dcf0e2
SHA256: 75ebe8b4a4cbbac0eb4de35b60972452b4526c56eefb5186dd40a92c70773377
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_display.scss
text
MD5: 7fc18252c6212f1ebb349b5f7f429217
SHA256: 1b1f774d3b163c1ba9c86cad87d4b594fba588a364132121f8a234f149816429
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_float.scss
text
MD5: bc5eb91b59a99e0fc439e02f80319975
SHA256: eaf9d36e3e75177e64090ac71c6fcf9bb6465cd21f5c0a5ccb05666033609da8
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_border.scss
text
MD5: 681fb7eb197e8e7ebd89f828d1181fd6
SHA256: 51e8afa69ed6d92eb82f71939b0b8fd34ef23faecee457698238e5a4f28df984
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_border-radius.scss
text
MD5: 6bdf3fd89410e39d33f8137e04ad4a16
SHA256: 2c6b98cb19c3e3a0e37472767c53df213243ae92bc80ef9a7f5baa17f7b6fa31
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_align.scss
text
MD5: bbbbd243f9525acc7dc6077010627409
SHA256: 1f11b5f53e0aa7da1a1559a1a5cdd52bf03119ea74e5091462461c550e9288db
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\helpers\_backgrounds.scss
text
MD5: 6092a3768f84cfbc6e5c52301f5b63ea
SHA256: 8a22a3285f3c7d82aa1a4273bdd62729da241723507c1ecd5d2fd0a24c12e23b
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\_functions.scss
text
MD5: 8f7259de64f6ddf352bf461f44d34a81
SHA256: 80edc9d67172bc830d68d33f4547735fb072cadf3ef25aab37a10b50db87a069
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\_helpers.scss
text
MD5: 5f158dbbd9fc4594a2f6c13854501916
SHA256: bf12b79f67f1cb9988797f7d81f6f504c8dfe0f0435482e64819a140dbc8da14
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\_variables.scss
text
MD5: 07922410c30f0117cbc3c140f14aea88
SHA256: af1999b49c03f5dcbb19466466fac2d8172c684c0ff18931b85a8d0a06332c73
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\main.css
text
MD5: 592dd32be4d2ff44c95f5f9c1db74efa
SHA256: 48d6faf38b8c964b31ab0e44ef547fe416375bf67ed641bb30c7471ed13a7af3
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\main.scss
text
MD5: 9813d02d9ecfe32111aa209d6a7df585
SHA256: 34ca3c826614077e15853de3c0dc58043360bec2a2ab81a476d987b664ae5257
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\form.bmp.Mask
binary
MD5: d2fc989f9c2043cd32332ec0fad69c70
SHA256: 27dd029405cbfb0c3bf8bac517be5db9aa83e981b1dc2bd5c5d6c549fa514101
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\ie6_main.scss
text
MD5: f336aa4d3ac7f291984d6cf4933edfa8
SHA256: b6b8795fad34918dd3b8387e1ef585e0d97f40ca1be76a2d3be6515223761d68
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
3008
298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe
C:\Users\admin\AppData\Local\Temp\inH614470358829\css\ie6_main.css
text
MD5: 4380298ab45468332dd3baec638e2bd1
SHA256: 5eee1c6442edb46b3ee800fcc13557c1af5858949d98655647514bcfdcfe99dc
3788
Messenger for Desktop.exe
C:\Users\admin\AppData\Roaming\Messenger for Desktop\Cache\f_000016
binary
MD5: 02f482f13d1b75cc77e148aa44505d3d
SHA256: 4f7be3cfca39824efebcd39eeea25dabfb94af425f63359f3ae85352304d8751

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
21
TCP/UDP connections
37
DNS requests
19
Threats
5

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe POST 200 52.214.73.247:80 http://ww2.lopatomatita.com/ IE
binary
––
––
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe POST 200 52.210.42.57:80 http://portal.lopatomatita.com/Aluxian_MFD/ IE
binary
binary
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 200 52.216.82.120:80 http://dnld.icdownloads.com.s3.amazonaws.com/backup_dnld_bucket/public/Firebug/firebug-lite.js US
text
shared
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 200 52.222.163.164:80 http://x.ss2.us/x.cer US
der
whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 200 52.222.163.162:80 http://x.ss2.us/x.cer US
der
whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 200 2.16.186.56:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab unknown
compressed
whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe HEAD 200 146.185.27.53:80 http://dev.lopatomatita.com/app/Aluxian/MFD_270817.cis GB
––
––
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe POST 200 52.214.73.247:80 http://ww2.lopatomatita.com/ IE
binary
––
––
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET –– 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
––
––
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET –– 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
––
––
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET –– 146.185.27.53:80 http://dev.lopatomatita.com/app/Aluxian/MFD_270817.cis GB
––
––
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 206 146.185.27.53:80 http://dev.lopatomatita.com/app/Aluxian/MFD_270817.cis GB
binary
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET –– 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
––
––
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET –– 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
––
––
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 206 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
binary
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 206 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
binary
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe GET 206 192.96.201.161:80 http://gw.lopatomatita.com/app/Aluxian/MFD_270817.cis US
binary
suspicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe POST 200 52.214.73.247:80 http://ww2.lopatomatita.com/ IE
binary
––
––
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe POST 200 52.214.73.247:80 http://ww2.lopatomatita.com/ IE
binary
––
––
malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe POST 200 52.214.73.247:80 http://ww2.lopatomatita.com/ IE
binary
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 52.214.73.247:80 Amazon.com, Inc. IE malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 52.210.42.57:80 Amazon.com, Inc. IE malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 52.216.82.120:80 Amazon.com, Inc. US shared
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 52.222.161.153:443 Amazon.com, Inc. US unknown
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 52.222.163.164:80 Amazon.com, Inc. US whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 52.222.163.162:80 Amazon.com, Inc. US whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 2.16.186.56:80 Akamai International B.V. –– whitelisted
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 146.185.27.53:80 UK-2 Limited GB malicious
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe 192.96.201.161:80 Leaseweb USA, Inc. US suspicious
3368 Update.exe 151.101.0.133:443 Fastly US malicious
2288 Update.exe 104.24.109.166:443 Cloudflare Inc US unknown
3788 Messenger for Desktop.exe 31.13.92.10:443 Facebook, Inc. IE whitelisted
3788 Messenger for Desktop.exe 31.13.92.14:443 Facebook, Inc. IE whitelisted
3788 Messenger for Desktop.exe 31.13.92.36:443 Facebook, Inc. IE whitelisted

DNS requests

Domain IP Reputation
ww2.lopatomatita.com 52.214.73.247
52.31.104.117
malicious
portal.lopatomatita.com 52.210.42.57
54.72.148.179
malicious
dnld.icdownloads.com.s3.amazonaws.com 52.216.82.120
shared
getfirebug.com 52.222.161.153
52.222.161.58
52.222.161.240
52.222.161.128
whitelisted
x.ss2.us 52.222.163.164
52.222.163.162
52.222.163.47
52.222.163.220
whitelisted
www.download.windowsupdate.com 93.184.221.240
whitelisted
dev.lopatomatita.com 146.185.27.53
malicious
gw.lopatomatita.com 192.96.201.161
suspicious
raw.githubusercontent.com 151.101.0.133
151.101.64.133
151.101.128.133
151.101.192.133
shared
updates.messengerfordesktop.com 104.24.109.166
104.24.108.166
unknown
analytics.messengerfordesktop.com No response unknown
www.messenger.com 31.13.92.10
malicious
static.xx.fbcdn.net 31.13.92.14
whitelisted
connect.facebook.net 31.13.92.14
whitelisted
www.facebook.com 31.13.92.36
whitelisted

Threats

PID Process Class Message
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
3008 298187577d918306f2dbd115b1434170a9dd08c49da12cc7375926cba674e0db.exe.000.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4

1 ETPRO signatures available at the full report

Debug output strings

No debug info.