General Info

File name

PowerISO7.exe

Full analysis
https://app.any.run/tasks/f1dce7a7-5977-4b7f-b86d-0335d694377d
Verdict
Malicious activity
Analysis date
7/12/2019, 00:35:36
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

adware

installcore

pup

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

b98b4fbafbabf89033b412bff198be8f

SHA1

c84e5f28b63c9929729d002c2bed55afd3badf08

SHA256

29c1840f0ea8a6b485de5d74ee11f33c0c62e7ec9526ca5268c66f2c8d5b2fc2

SSDEEP

98304:n2n8WUbk4nWAlJcOcQFeQSZ6dgxNIhEi+HkYcnnDcldHqRB+GO2IF:2nnUbk4nrlJBcQ+6exD7EdnD4mEF2IF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • PowerISO7.exe (PID: 4056)
  • regsvr32.exe (PID: 3924)
  • PowerISO.exe (PID: 2412)
Registers / Runs the DLL via REGSVR32.EXE
  • PowerISO7.exe (PID: 4056)
  • PowerISO.exe (PID: 2412)
INSTALLCORE was detected
  • PowerISO7.exe (PID: 4056)
Connects to CnC server
  • PowerISO7.exe (PID: 4056)
Changes the autorun value in the registry
  • PowerISO7.exe (PID: 4056)
Application was dropped or rewritten from another process
  • PWRISOVM.EXE (PID: 4092)
  • PowerISO.exe (PID: 2412)
Creates files in the Windows directory
  • PowerISO7.exe (PID: 4056)
Reads Windows Product ID
  • PowerISO7.exe (PID: 4056)
Creates a software uninstall entry
  • PowerISO7.exe (PID: 4056)
Reads CPU info
  • PowerISO7.exe (PID: 4056)
Creates files in the program directory
  • PowerISO7.exe (PID: 4056)
Modifies the open verb of a shell class
  • PowerISO7.exe (PID: 4056)
Executable content was dropped or overwritten
  • PowerISO7.exe (PID: 4056)
Creates files in the driver directory
  • PowerISO7.exe (PID: 4056)
Reads internet explorer settings
  • PowerISO7.exe (PID: 4056)
Creates or modifies windows services
  • PowerISO7.exe (PID: 4056)
Reads the machine GUID from the registry
  • PowerISO7.exe (PID: 4056)
Starts Internet Explorer
  • PowerISO7.exe (PID: 4056)
Reads Environment values
  • PowerISO7.exe (PID: 4056)
Creates COM task schedule object
  • regsvr32.exe (PID: 3924)
Reads internet explorer settings
  • iexplore.exe (PID: 3664)
Application launched itself
  • iexplore.exe (PID: 3588)
Manual execution by user
  • PowerISO.exe (PID: 2412)
Changes internet zones settings
  • iexplore.exe (PID: 3588)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:02:24 20:19:59+01:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
28672
InitializedDataSize:
445952
UninitializedDataSize:
16896
EntryPoint:
0x39e3
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
7.4.0.0
ProductVersionNumber:
7.4.0.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
ASCII
CompanyName:
Power Software Ltd
FileDescription:
PowerISO Setup
FileVersion:
7.4.0.0
LegalCopyright:
Copyright(c) 2004-2019
ProductName:
PowerISO Setup
ProductVersion:
7.4.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
24-Feb-2012 19:19:59
Detected languages
English - United States
CompanyName:
Power Software Ltd
FileDescription:
PowerISO Setup
FileVersion:
7.4.0.0
LegalCopyright:
Copyright(c) 2004-2019
ProductName:
PowerISO Setup
ProductVersion:
7.4.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
24-Feb-2012 19:19:59
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006F10 0x00007000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.49788
.rdata 0x00008000 0x00002A92 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.39389
.data 0x0000B000 0x00067EBC 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.47278
.ndata 0x00073000 0x00135000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x001A8000 0x00008F88 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.38407
.reloc 0x001B1000 0x00000F8A 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.14318
Resources
1

2

3

4

5

6

7

8

9

102

103

105

106

107

111

202

203

205

206

207

211

302

303

305

306

307

311

402

403

405

406

407

411

502

503

505

506

507

511

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
46
Monitored processes
9
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start start poweriso7.exe no specs #INSTALLCORE poweriso7.exe regsvr32.exe no specs regsvr32.exe no specs pwrisovm.exe no specs iexplore.exe iexplore.exe poweriso.exe no specs regsvr32.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3264
CMD
"C:\Users\admin\AppData\Local\Temp\PowerISO7.exe"
Path
C:\Users\admin\AppData\Local\Temp\PowerISO7.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Power Software Ltd
Description
PowerISO Setup
Version
7.4.0.0
Modules
Image
c:\users\admin\appdata\local\temp\poweriso7.exe
c:\systemroot\system32\ntdll.dll

PID
4056
CMD
"C:\Users\admin\AppData\Local\Temp\PowerISO7.exe"
Path
C:\Users\admin\AppData\Local\Temp\PowerISO7.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Power Software Ltd
Description
PowerISO Setup
Version
7.4.0.0
Modules
Image
c:\users\admin\appdata\local\temp\poweriso7.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nss40ae.tmp\system.dll
c:\users\admin\appdata\local\temp\nss40ae.tmp\yiuwwubjj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\nss40ae.tmp\math.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nss40ae.tmp\nsdialogs.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\poweriso\uninstall.exe
c:\program files\poweriso\poweriso.exe
c:\program files\poweriso\pwrisovm.exe
c:\users\admin\appdata\local\temp\nss40ae.tmp\instopt.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2288
CMD
regsvr32.exe /s /u "C:\Program Files\PowerISO\PWRISOSH.DLL"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
PowerISO7.exe
User
admin
Integrity Level
HIGH
Exit code
3
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3924
CMD
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\PowerISO\PWRISOSH.DLL"
Path
C:\Windows\System32\regsvr32.exe
Indicators
No indicators
Parent process
PowerISO7.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\poweriso\pwrisosh.dll
c:\windows\system32\winspool.drv

PID
4092
CMD
"C:\Program Files\PowerISO\PWRISOVM.EXE" 999
Path
C:\Program Files\PowerISO\PWRISOVM.EXE
Indicators
No indicators
Parent process
PowerISO7.exe
User
admin
Integrity Level
HIGH
Version:
Company
Power Software Ltd
Description
PowerISO Virtual Drive Manager
Version
7, 4, 0, 0
Modules
Image
c:\program files\poweriso\pwrisovm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll

PID
3588
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
PowerISO7.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
3664
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3588 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll

PID
2412
CMD
"C:\Program Files\PowerISO\PowerISO.exe"
Path
C:\Program Files\PowerISO\PowerISO.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Power Software Ltd
Description
PowerISO
Version
7, 4, 0, 0
Modules
Image
c:\program files\poweriso\poweriso.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\program files\poweriso\7z.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

PID
2304
CMD
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\PowerISO\PWRISOSH.DLL"
Path
C:\Windows\System32\regsvr32.exe
Indicators
No indicators
Parent process
PowerISO.exe
User
admin
Integrity Level
MEDIUM
Exit code
5
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\poweriso\pwrisosh.dll
c:\windows\system32\winspool.drv

Registry activity

Total events
912
Read events
762
Write events
146
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
TbInstallFlag
0
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
TbInstallFlag2
0
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASAPI32
EnableFileTracing
0
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASAPI32
EnableConsoleTracing
0
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASAPI32
FileTracingMask
4294901760
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASAPI32
ConsoleTracingMask
4294901760
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASAPI32
MaxFileSize
1048576
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASAPI32
FileDirectory
%windir%\tracing
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASMANCS
EnableFileTracing
0
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASMANCS
EnableConsoleTracing
0
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASMANCS
FileTracingMask
4294901760
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASMANCS
ConsoleTracingMask
4294901760
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASMANCS
MaxFileSize
1048576
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PowerISO7_RASMANCS
FileDirectory
%windir%\tracing
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4056
PowerISO7.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsw5689.tmp
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\PowerISO
Install_Dir
C:\Program Files\PowerISO
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
Install_Dir
C:\Program Files\PowerISO
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
DisplayName
PowerISO
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
DisplayIcon
"C:\Program Files\PowerISO\PowerISO.exe"
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
UninstallString
"C:\Program Files\PowerISO\uninstall.exe"
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
InstallLocation
C:\Program Files\PowerISO
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
DisplayVersion
7.4
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
VersionMajor
7
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
VersionMinor
4
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
Publisher
Power Software Ltd
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
NoModify
1
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
NoRepair
1
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCDEmu
ErrorControl
1
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCDEmu
Start
1
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCDEmu
Type
1
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
Status
5
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO\SCDEmu
DiskCount
1
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO\SCDEmu
FLAGS
1
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
ShellIntegration
1
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO\FileTypes\.iso\Saved
Windows.IsoFile
4056
PowerISO7.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iso
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerISO
PowerISO File
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerISO\shell\open\command
"C:\Program Files\PowerISO\PowerISO.exe" "%1"
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerISO\DefaultIcon
C:\Program Files\PowerISO\PowerISO.exe,0
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iso
PowerISO
4056
PowerISO7.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.daa
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.daa
PowerISO
4056
PowerISO7.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.uif
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.uif
PowerISO
4056
PowerISO7.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.isz
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.isz
PowerISO
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
62
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
CheckUpgrade
0
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO\SCDEmu
FLAGS
5
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PWRISOVM.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE -startup
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\PowerISO
Language
1033
4056
PowerISO7.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
63
4056
PowerISO7.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000079000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
PowerISO
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32
C:\Program Files\PowerISO\PWRISOSH.DLL
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32
ThreadingModel
Apartment
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
3924
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
PowerISO
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{4AD7A0F7-A42C-11E9-A9B1-5254004A04AF}
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004000B001600240015005D03
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004000B001600240015005D03
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3588
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B001600240016004F00
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
83
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B00160024001600DC00
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
4975
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B00160024001B008E00
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
160
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3664
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2412
PowerISO.exe
write
HKEY_CURRENT_USER\Software\PowerISO
ShellIntegration
1
2412
PowerISO.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2412
PowerISO.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2412
PowerISO.exe
write
HKEY_CURRENT_USER\Software\PowerISO
Status
5
2412
PowerISO.exe
write
HKEY_CURRENT_USER\Software\PowerISO
Language
1033

Files activity

Executable files
18
Suspicious files
41
Text files
85
Unknown types
6

Dropped files

PID
Process
Filename
Type
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nss40AE.tmp\YIUwwuBJJ.dll
executable
MD5: 846427ac0ec2197cad17753b61a3ec08
SHA256: 8d7ec7f830154d0ad7cf69fd58ac957ef84c7dfb7213865383e6e4cf3c3fa771
4056
PowerISO7.exe
C:\Program Files\PowerISO\lame_enc.dll
executable
MD5: b415d99733681b7ebd6f0cb923adc27b
SHA256: a5bb57f3b7f0d71519885aa94500339d9a9f05f78ee4be6575a92aa9e2ab6feb
4056
PowerISO7.exe
C:\Program Files\PowerISO\PowerISO.exe
executable
MD5: d2b290efbfe4106c7d73c8dfa1b9daf1
SHA256: 7d3f5d77cf7ed3d5b79f3a0d45bf3f4d233abfbacc5c184f71988196f52a3e7b
4056
PowerISO7.exe
C:\Program Files\PowerISO\piso.exe
executable
MD5: dfa161ce574c1b7c1791e1c2a2324bb1
SHA256: db4a16d06d751eb6b756fb91169ff2ae658d6755f9593a3d012ffe617c53b5c3
4056
PowerISO7.exe
C:\Windows\system32\Drivers\scdemu.sys
executable
MD5: 4b5579223186e2e1ab4a24b608fdc949
SHA256: c7b58da9fd4cf2f7f83f92b2e98437a2420150fec6e58c2bd84c82edd2da9a8e
4056
PowerISO7.exe
C:\Program Files\PowerISO\PWRISOSH.DLL
executable
MD5: f364d3031aed95a4dd5a7281eff56c4a
SHA256: b46b87974588177cf57baf6315ff79fa9489270e2deab8904dac9cb46256a4c9
4056
PowerISO7.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
executable
MD5: 2ecc697658c769a72e8ca5445c7aa423
SHA256: 48042ea949106e482250b5ce0c87462bbd1538f78725353a315b8aa3041d10d2
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nss40AE.tmp\nsDialogs.dll
executable
MD5: 4ccc4a742d4423f2f0ed744fd9c81f63
SHA256: 416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
4056
PowerISO7.exe
C:\Program Files\PowerISO\uninstall.exe
executable
MD5: 60c8f07025a8da40958c16619e81e556
SHA256: 22f9260f7e1f884411b787c991ba5b603a90c40b3986a58357a92829d89836c7
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nss40AE.tmp\Math.dll
executable
MD5: 889e8fe8a034acb4d4a33349e34907a9
SHA256: d9b253e80eca58d3e2c5882359b5aa3257bd0b4bec5d02a7874004466ef77c57
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nss40AE.tmp\InstOpt.dll
executable
MD5: ff9f7edbf51c0da68caf0d1cec1949a2
SHA256: f292b8671e16581ad448eb319aaa9542cfca85fd09dd98fdfc821915189a4df2
4056
PowerISO7.exe
C:\Program Files\PowerISO\MACDll.dll
executable
MD5: 30ae564b315b18be68d4975a083939d5
SHA256: 12924bc9d14f159917bd59e8fcd5996e692da3320f4f9761fc2e628acfaf0a54
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nss40AE.tmp\System.dll
executable
MD5: bf712f32249029466fa86756f5546950
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
4056
PowerISO7.exe
C:\Program Files\PowerISO\libvorbis.dll
executable
MD5: 3d74a92b65f7a75a79719fbf6c158a00
SHA256: cd51886c6b5e9dc3faf1b9f095717731c508382e32f22d221e03448755c487a8
4056
PowerISO7.exe
C:\Program Files\PowerISO\libFLAC.dll
executable
MD5: ebbc719e881f2311d352ade3b5e48aee
SHA256: aa0603abb74ed604518063a5b7f037d007e63b6349f23c2c00d0985609365293
4056
PowerISO7.exe
C:\Program Files\PowerISO\unrar.dll
executable
MD5: 29374c529351f3b06f09ece5fe933a76
SHA256: 8631fdf21a823a26f7173cc53b58372030145a528c30c720d6872e67ffa8e9db
4056
PowerISO7.exe
C:\Program Files\PowerISO\7z.dll
executable
MD5: da406ee652048d7c2d192aa8264c5c55
SHA256: 19071879a5b3b9884bb9d3196fce6f4fd67b8058240b0dd526ccd72c371dbfe4
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsw5689.tmp
executable
MD5: e2399827f98c20dff849baf9703b76ee
SHA256: ee90ee53cacaab34eb38cf4a130ac2196b02bc16e46ba99752129c01e329978d
4056
PowerISO7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk
lnk
MD5: 9c4b0c653eec47252fc595440113d763
SHA256: 3fc447f0adc60b983572e2692243366d4c318eb4a105a060f94b288868f377c6
4056
PowerISO7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk
lnk
MD5: 1b3d0402c09a373917ae282273a0452c
SHA256: 6afd64586bab65242bf452a58260572ddea1170125bdfe1ff8840ff36db1b352
3664
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: e31a93f4a36a2afba5b4b38cae1bfda3
SHA256: b57ccca9f6ee61995691cd22d6ada59811221857deba0bfbd897b6211bebf68e
3588
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AD7A0F8-A42C-11E9-A9B1-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3588
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFF0615894A59964D3.TMP
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\Program Files\PowerISO\License.txt
text
MD5: 8869195ce7cf8db93f2fd26d98c8288c
SHA256: 9cf8ecd56cafb0852755917d64d7bf91e276ea0088accdf773ca1eceb62154fe
4056
PowerISO7.exe
C:\Program Files\PowerISO\Readme.txt
text
MD5: dcc5165bbe7e9ae15edd22b92de3f3bc
SHA256: 631d64615a3767fb657362ef79db5197255b91e37ed86426e05fac4d10ac5d8c
4056
PowerISO7.exe
C:\Program Files\PowerISO\PowerISO.chm
chm
MD5: 88c36f907484ef60a29817435120f191
SHA256: 668d8abdf21ab5d890f0f8de0bfd7d6f10c870760d46b10778f2fed2479ed98e
3588
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{54636B4E-A42C-11E9-A9B1-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3588
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFA00F40CBA8A402B6.TMP
––
MD5:  ––
SHA256:  ––
3664
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\thankyou[1].htm
html
MD5: 86f0f5a529927a755c9c27ed38094b76
SHA256: 6ac6ce983f000b6d86f5fcceb86de9bae9a92919d1bf793c97f02482644d9605
3588
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3588
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3588
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsc409D.tmp
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Burmese.lng
binary
MD5: 578604d8ea7b9721c10da9c1ac3cf4c2
SHA256: 17ef55a36ec345b1980cfc14fd05195de6908e4aa10b1a473dc9ce70d9e6a6bc
3588
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Finnish.lng
binary
MD5: 2f9aa74f68d74f574c29bf7c0b964358
SHA256: a28569aaa735d3fcf9934460b283e47a8c510ea80439c57ded797d7d767c9a47
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Urdu(Pakistan).lng
binary
MD5: 38cfde2f37d4e7d11a992ce6aa3bfba8
SHA256: f76bbc98150882bb51cc052fe1a2882335c65bc8b1ec0b34bd118df8c18e3db2
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Romanian.lng
binary
MD5: 3486c3c25d06011ee04b79ab0727d996
SHA256: d1e4cc47e9491cab3cb58e5a7f101e47d0ce3429aad7fd4df962aa85e76d072e
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Vietnamese.lng
binary
MD5: 94d849449c0244af9ca3eae11afbbb87
SHA256: 043fe68126861476328c4844cd37b8174e24750bd606e62ae21a4de417ff818a
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Indonesian.lng
binary
MD5: 590c45a771ec412f469d3fc512692bd4
SHA256: 1832c7639f5ca292d617f7e61a502aad96ef40c38b5407ec84057aa63a250c86
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Azerbaijani.lng
binary
MD5: 78a717846a059de665e889e05313ea9a
SHA256: 696307e616727c3ef2b791916d4a340cac85c6ede86bed1b0322e5e37ca66043
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\kazakh.lng
binary
MD5: 6e690ee505ec2a4b8803e24ceba5ca43
SHA256: c651d03de96e44f2cd616ebbbfe67b9b0c4f5561318e1be87e424a61cd8a585a
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Bosnian.lng
binary
MD5: 27e3f9caf5c2f6f56d05839db1f55dd1
SHA256: 7be27864827af5ffeb2b8582f52d47eee58ffe84719512cfe721720abc5383c7
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Serbian(cyrl).lng
binary
MD5: 389bb2ac22ae877fa3f5ed445947b756
SHA256: 1cd7276031f5ed13f96b0d58a444be88a3aef11c5f2e32c41ef1248ef6555dc5
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Slovak.lng
binary
MD5: 958db42d0e508626ac43828765d3bf8c
SHA256: 0fdf647f874bf9f25f7541f5abf8b4cb961070051e38fb774693daecce6b1c29
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Malay.lng
binary
MD5: 1ed091525519a0ec8a7fcc616c26f80d
SHA256: c9e547edb7681c759c3222f89daf0b6ee2e8597a4ef8984bf01e06881a721486
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Ukrainian.lng
binary
MD5: 98b00d012b8f73646db72eefcc8e8d9c
SHA256: dc6262f605f7c9fde9cc4080ab038f6073a22745c2a3147bf9aa9d59495bbf07
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Armenian.lng
binary
MD5: 39a9944552e746501be30e128f511471
SHA256: 75b9ed8ead6235aa0caedab794b353e3a74957f82d3c0c938a1dffcfe9f54bab
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Belarusian.lng
binary
MD5: 52374ebf32ba06f759a20a644dbbe838
SHA256: 7e80b73e66232e8ca164aded1a08f63fabe65e4e38859963e6d5541f7f7ab300
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Farsi.lng
binary
MD5: 197bcf165a0302fd910a683d9bddc63c
SHA256: d3441d10af3bb133441c1658a0622b5ca69198ad04c84e4b74a92f9f02902485
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\croatian.lng
binary
MD5: b94e0fe2974e41da7639cb9691fc8c96
SHA256: b20d52aeaf8a51049ac2e9bfcdf5047b37e17acefc1b98ab982e9cabf7d2b8e7
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Thai.lng
binary
MD5: eb7287a2f3386731a82482874d7b1480
SHA256: b02cff6bbad76ae35133d43e38d2066ea62b9bbdad10593533acc29abb0c688e
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Dutch.lng
binary
MD5: 385598dce848016d384bb3c398c2b5b3
SHA256: 4c1aa77b952889020db65ca546d761943dc35f172bfea9b61ba466b5a777221b
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\danish.lng
binary
MD5: 16f6aa7bd28bede15f749c173ba26649
SHA256: 1b3ab2dd6dafb98f01855432efbe46da0b6043fa036b9de127b0f997281bd469
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Swedish.lng
binary
MD5: 584888d64db509b30515314812d8c9e1
SHA256: cf194b5adf22d4fa86391630b675a6a95c61c4d34662b8dd17e50758367e2ebc
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Norsk.lng
binary
MD5: 9fb352837deeab09555d518911676960
SHA256: d2737ff31d12e0a453e6169661dd77042b8d641a5d1f38268a907e8f7579d50b
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Portuguese(Brazil).lng
binary
MD5: d379cc86ff42e20fbb3145a3f76e20b8
SHA256: a71fe9004edc8c5cc9bc4defd9893dfc7bf09ec803229ba71ca8af30aca015cb
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Russian.lng
binary
MD5: 9e60e2f6ef61f9256c43d4a80ce6a272
SHA256: 078f492b1337d3100b1328ffbe52e30cc80849487d25611f081d8bde8da7f387
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Japanese.lng
binary
MD5: aab9fe3c069a17aa7d825d8d535cfa41
SHA256: 1718dae7a38bfc3ab3f4b22985eb6c4008f375c784286e7bbf0d9e517f9a89de
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\slovenian.lng
binary
MD5: 32e1be6f2471b31eb65bd465b25d58b4
SHA256: 4f356c32d79a42b29cf487b0db540a7dec5cca9d7893a87b5029b9b74811d22a
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\German.lng
binary
MD5: 7e3aca4d1a575fc2468f0fa00f065e9f
SHA256: ec62cd4a05f21c4d68d540409e35a5dad88924f20ba8e41b88474b23328c910f
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Hungarian.lng
binary
MD5: 79a36dda96dc8f6d022806c0f703e88d
SHA256: 41e36eec51243468966723a571ab090a70dc67c953237a481089f44bbd1e05fe
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Greek.lng
binary
MD5: 8c45a390970fa529372d8905a6d894ae
SHA256: d9a60341e865f6805f39c5a228e6d752a8d4b7831997241eeda91eb8352bdf62
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Spanish.lng
binary
MD5: a7e5dc1cb8850bdc186a5cda5209b308
SHA256: b0c5f7d0a545adbc6c141a929d6e95453c4e2150062d78e30f1247c44cbd413d
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Turkish.lng
binary
MD5: 1e0061d895a3b316d3ecedfd0292dbda
SHA256: dbc9b4222bb3a9d1bb1db164d2d4b723990dc0598600764c595a56ba63c69428
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\czech.lng
binary
MD5: 6467c861413f6b7e72c3d371f77b3f0e
SHA256: cae40937b08957ed4063ab17bf5e4be418f48baef68033b702238d2eeb1d2547
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Korean.lng
binary
MD5: fa0d9b861ac8657c3a04760e4814ad4c
SHA256: d1e86808ebe1f4b5ddaacef599e8b31ccd10ff64bb6362f103ba86ff7648c012
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Bulgarian.lng
binary
MD5: a34dc8c1f9a0143d45d3df4fdffca3e5
SHA256: c731157caac81fa4bf758d4ba01410c91b227397ee0a5007b50e2ce4f69afec7
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Lithuanian.lng
binary
MD5: 071ce70a4cd0fad14c843e8a02b159af
SHA256: 3c2103115e8d1f5251a5294605e2863387d9921a43530571cdb2bb43f63eba4d
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Arabic.lng
binary
MD5: df394959eb900bc4500324b7e1a674f1
SHA256: 566220bd0badc31c82ceedce53cb17b8c009e2ae5c1df4e32690274d3511b014
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\french.lng
binary
MD5: b9459b3be5f555aee76dfcab8ecf8836
SHA256: ecc615cc64d9a02cabbe1099704dbda14a4cfb1429bfb602ffc95ea67fdb48f5
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Polish.lng
binary
MD5: 21f46a47a19039f849eba69c27f8c74b
SHA256: 52db726e52f0925e60e48a70e7f5f1f0cdc135d068b1f5ca003afaf5723aa7a6
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\Italian.lng
binary
MD5: 9883579f6a5baaf68aea1c21d39dd01b
SHA256: 3d59c8e0883a00d7063eb825116a1c309d39901976be6d99c79bddfee202a629
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\SimpChinese.lng
binary
MD5: 7e42ad9c90234de08ba27d0b6dbc3747
SHA256: fcf97b6b9b0289259344087580893fc3a5b6e60ccd09b25d9037941bdce75dd0
4056
PowerISO7.exe
C:\Program Files\PowerISO\Lang\TradChinese.lng
binary
MD5: 5f96e768d52ae6792171dd7e095fd4cc
SHA256: 41f8512bf5a2f79fc2c616064b905111474f171907c2f0a30ad50fe4e94b75a1
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\00158BFD.log
––
MD5:  ––
SHA256:  ––
3588
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF7017D3AA321E065B.TMP
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\Users\Public\Desktop\PowerISO.lnk
lnk
MD5: fa1985f7acfb2bd920a6d8dfbe3a6b9d
SHA256: 4629984a00924835b58830ac6052a46922075449418a20dab835cec6e0fef2b4
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nss40AE.tmp\modern-header.bmp
image
MD5: ca2542b0e66e48d7e3f361c8eef8f720
SHA256: 4566dfcc153cba168a02eebc5ddd9d82832cf463ebb8ecb4ec2f269f9f85aeca
4056
PowerISO7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk
lnk
MD5: 9ae4681b426f0a0be58983229046c8fc
SHA256: 0f20a670877dae5a7f1688d7856b922d651d9c66a79b6e84bfc293d4889282f3
4056
PowerISO7.exe
C:\Program Files\001548DA.log
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\bootstrap_8654.html
html
MD5: 1ea9e5b417811379e874ad4870d5c51a
SHA256: f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\00154734.log
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\VI.locale
text
MD5: 1c68a0b054e91821a6ee5fcc95a8f370
SHA256: 949be3edb5994b200e83ca062b6badcffdac4c177ce1a77b2976ede622797399
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\YO.locale
text
MD5: 28cadcc5482ef94c3dd399966efce474
SHA256: 18350d0b95fea022fe7f65b2c21748423ad96ac9f4a87e833395873d45130dad
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\ZH.locale
text
MD5: f87a44df4ee66271fcb7cb8909be2c2e
SHA256: f212cbeb0355b860a19969bf9a685b6aae5e8cd1b50ca97ec59880bdbaac24ad
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\UK.locale
text
MD5: 805b4a7d627d697d81889e90b5dc26f1
SHA256: 63148079e733a889e2531b21e0234c1ba7f1c981f9c1d025e539a5a3b420e065
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\ZU.locale
text
MD5: e0fe6b07557ceadb3cdee5cd6bf1553c
SHA256: 9a5f171619d63344771d0af667662cc3672222166fc7d5368724b818d4508b24
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\UR.locale
text
MD5: f98806a6c51ad09ab464191f95320bba
SHA256: 5e7131784e1de61479c8dc8bfcf8de40ed07f4d0ffdd4a29c42be6f298ad169f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\UZ.locale
text
MD5: d7bb18debd6ae4b95ca1128a01550970
SHA256: 816b2817affbeb1d634235c0d901bdf45504da18527b5cce6895b4cf8cf8e7ba
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\TR.locale
text
MD5: 9456c52aed7848fb1ff6d05de42e8391
SHA256: dd4e1cbeabc982697c1d4227f4c8cd18413351a279962a40041cafe3e427b036
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\TL.locale
text
MD5: 4685406c7549ce5fcb79fae49c013dec
SHA256: 107c995c36d3412886613b05e62bf27c8941b106912c2ed9e9ac54b7240f7524
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\TE.locale
text
MD5: 4c04155e36f1c718a97bcf3f4ba20697
SHA256: a85fdcd0a5fbc7b09f1401a343f2c7d334caac8d7dfbd0d3bfca20a9fd76d7ec
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\TA.locale
text
MD5: 0357e9121095334fb270b19d2e847368
SHA256: 009f1c6bfbb1f39d8a59e9a8fc589f4dc8a978b4150c283fb2f3f1dfca7a4b87
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\SV.locale
text
MD5: d9fd720403c7b8c786224b693c6331ad
SHA256: f7361ffcba975398338a814f1f061720064d58fd838d2b8879f1b3e6dc5138aa
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\TH.locale
text
MD5: 02b331449294adfdbbafa59074e4984c
SHA256: c53cf743d7169e2d17433d5f123ac45a672d415484fed6af4cbe0f8441b88515
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\SR.locale
text
MD5: af688f29d4745ac3d641017da91ef575
SHA256: bb47f7a85af70aedbb61c86c7ed7199aafb823350b185722468f7a6d492b2632
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\SQ.locale
text
MD5: 393bf5a36c36bd97b7f206a13d602827
SHA256: a6b643c1d26d2a9d13c94c147ba35a520b749c40af3e729910fa99eb636fc63b
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\SL.locale
text
MD5: 84cc837239842449c8ff335b165c07e6
SHA256: bbe36fcc8d9404395a3e85f76479a6f4f4ec67106e53ad93a3d70747e5157a3d
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\RO.locale
text
MD5: 44652248cbb99cea6dd8f5613b874cfa
SHA256: 57a1b5998c567221f90bfd66f42161273ddd60f52418de1fc939e9c86a51cef9
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\SK.locale
text
MD5: 405b3c6f0e68d2db60d1585385896623
SHA256: ee1ce5e2bfe867f5600c4a15c47b9d319e23046de25bee4c21b1171bb21a9623
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\PT.locale
text
MD5: 49b6cd7b7b3df73b1de5bb76c4f22e2f
SHA256: bdb75d81031c2e2c588d4be0ad4c303141259dd88e19b3ae9d77580224037998
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\RU.locale
text
MD5: 84c7cb5b39f47ab1cd80ce1f0c25921e
SHA256: 8012719a70324556c482dd3598ba2ed2f959d5dec8a6db44faa421ef672becca
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\PS.locale
text
MD5: 06efce2d687d52bcb57a48e8b0b726b4
SHA256: 45a64d28eb92e02855f2ba2c1999cb217ff84f4bc9abc89e49c974cfc884a847
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\NO.locale
text
MD5: 2febd73097d15772b1c90a4e12278018
SHA256: 8585251a7a33f40b2cebb310f57ac0f80dff863bffec69874eb20923eb98adbf
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\PL.locale
text
MD5: fb48165b230ae752119d6f89bd7699ee
SHA256: 6c83b789070f2f9f193aaac52e6f610e6766007352bebb7ee9f6113439ccae48
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\PA.locale
text
MD5: ab30b346b4c737c4a9c3ba9b49f2ba83
SHA256: f57cb5d5f9225c52dce26ef9ba742a36b5958f927eec5cd6c898f4f7ea3c3b9c
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\NE.locale
text
MD5: 5d79e5cec4f95a3ca6a202970ced6d6e
SHA256: 54f1ddd4b34f705ee10714210e71f59ee51b8931a07b190920bbba2e03950c09
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\MK.locale
text
MD5: 9766f19ce1168c26a4ba2ab95e177759
SHA256: a4968d3d8bed8e9ea59f980fc5b31b27bf81911036d70f9305956ede2d92f28f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\NL.locale
text
MD5: ade4560acaaf360f9dc5e590419abe83
SHA256: 23d3afc51acc6f786f6fcb46aeb0cf74af9f430a0aa539916f68c6be8a7add48
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\LV.locale
text
MD5: 5db26fee22efa33110cdc356002e82ae
SHA256: a925bc583d473136f561fbc2893685ad0112cd578d7fec9ced53cab8a8bf4681
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\MR.locale
text
MD5: bbaf39e1500f3851ad4ea9a0f8d8e3fd
SHA256: 988c7d261cab45a65b09cb485405da216f34c75d228c7e934c309999d3fbf8dd
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\MS.locale
text
MD5: e333713949b150ee82345f922e0040ec
SHA256: 44d77861ff9fc61c13bc1408e2e8d43c32673844c7f0b04e17f075232e4ba7de
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\ML.locale
text
MD5: 119243b7f2c19e278e4684d266de18e6
SHA256: 5db2b398c16f0c95f1caa5d268be5b6fa2da37072bf3522b9d911a7cbe7e19d8
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\LT.locale
text
MD5: ed29292834140f8500e4548bf3dffbf2
SHA256: 278889852149473c3f2795593f25a1e544e367a07297573f01e712dde175fee8
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\KU.locale
text
MD5: 1b0984c7b45d39fb72f200c72c1d00bd
SHA256: 6ee56f9f35e3c11102221ea9fd6bb083e75826c9dad46fc9fd5705363b191e40
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\JA.locale
text
MD5: 6bc9980050aed56c2eab3b378bd2ca7c
SHA256: 330e2fcef32fdf2acc2e0ca307436926ffb03532af10bea54ea6c1d66ef9e32f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\KO.locale
text
MD5: dbf7f7864e99ee24bee3a2acdb534766
SHA256: 9039e23765337dcfff2cf9eefbb33a6394c5fe402843209298ef0f31db3cb494
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\LO.locale
text
MD5: 08a83d5e6c8683249c5c3b195a33a007
SHA256: 7dd5d3b863ae1c4fce0a3342646639cc8dac2423b2addcc14bcc585a7b8dd83f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\KK.locale
text
MD5: 27cadfd9aa0fe98538ea44e91c149070
SHA256: f4ba3b56a35e18371e059ba3b9e9711c3cd99d04295ba51ae826767c12aa38e9
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\KA.locale
text
MD5: 1a4abc33ce6e481942ecc7de68ca8d9c
SHA256: 70a39de6f6c425e362bafb70401e762fd724be0aa208748378d199ac4aab3072
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\HR.locale
text
MD5: 0df1fbe32d5c0037c39d94981f56e186
SHA256: 9078de8455c43a85408108abe2181be496897dc0bcbf533b15098fcddd4ebce1
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\IT.locale
text
MD5: 5beb8094b02db5fe5acb113ea615b428
SHA256: 046a44dbd7f96007576ae6e193d308b16dd409f24b3434b2f97bc9e32d03ebec
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\HT.locale
text
MD5: 642c180660f79cd3cc7d841614b57365
SHA256: 045aa565e48add4ccbeab74bf38248733e0c4d8becaefab19a6746213ba17762
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\ID.locale
text
MD5: e871501287a24ef0d6802d62cd27b46c
SHA256: 0f2899ee236e8d53022ab9f18202114e1567e6c8c93a3fdd128f38bb80355931
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\HY.locale
text
MD5: ab8b9b0e16b5ef75e0357a8b3f490e05
SHA256: 480570dada38e88b723aa39ac7d79eac7915eb72550b96157022ee0324406804
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\HU.locale
text
MD5: 7cce69e942d9e14a1cf10280499a2667
SHA256: 83001fce7998f3de063073587f905a13c7649f45ffd3139e8f589978e8fdaf7f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\HI.locale
text
MD5: 791e420383be8d190644640fe7a10ab6
SHA256: 38c96d6da4f0b00a61cfc0f3734b80a37cf79d92cb583428e23e8381746081ca
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\IS.locale
text
MD5: e43741977970f32159950e862a2e51ca
SHA256: f6706486f6928bc7f56e5ba9269cb57780a1a3db1cf08ccbf477418579e2b421
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\EU.locale
text
MD5: 49c617241f6bfd93bc5b4b0573bd8b26
SHA256: 6c7241993651cb8414a78afc817b4a40dbbe3a359e7a8ce1f5e31ac1c6f78171
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\HE.locale
text
MD5: d1aea6c331c1db405a2a991346533477
SHA256: f71341df3639a6017693333d8bcce3131ca51f428adea6e940e21d2475342b79
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\FR.locale
text
MD5: 227c91a86f898c3b565180646141d680
SHA256: 5109297aaf2b41406b4b210c1da7cfe462c195af1b2bf1b60225477903919bc2
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\ES.locale
text
MD5: 53755996be49144a3a83890c026b4049
SHA256: d8cd03140dc31d4d08b2c7cb8067a77ca46ad3c58347988e6625cf15c6c8a4e2
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\FA.locale
text
MD5: 9dbb5724b5a1526b1bfad362d67854f2
SHA256: b154cb9b33a3f2d3390b201025a027c0dee848f98118d601a5710988e95e33b3
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\GU.locale
text
MD5: d58f240e4f4d700b8523cd8ecb3a83e2
SHA256: 25f31b56585cc3a34b59b9e72e8eff6a654d911fe1c7fb18feeb8dc62d4e0331
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\EN.locale
text
MD5: 4459c311642a67b43941afcf798d7791
SHA256: d27e381c436210ac3d8c5ba9a2954cc050619b353c99c5978bb775759cd5f3b0
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\FI.locale
text
MD5: aa02a7f1269174618543687ea202f385
SHA256: b891b31e69071351a1669b93f35c434f094973931572dfe36b3c24e648a0d12b
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\ET.locale
text
MD5: 31adb5d5e61e0a2e7fa200340df57102
SHA256: de026d2a590398259e6f34200aceb16ffca75c7b8479930b9c2d5524869cce15
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\DA.locale
text
MD5: 7b1312c0dea89488087e56d35651e472
SHA256: e2f6b6a141164fd442aeaa79a261f2e9799a0c7700c928df701702468b902a8c
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\BS.locale
text
MD5: ff9188bbc0c3a5c14658db0627b28585
SHA256: add647d223c183f6d56a1aa9a22d2b0436f18c9f972da7bc8705cccf867d74dd
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\CA.locale
text
MD5: 18dd92b6bfcf4b2d04ec752f2bbed37e
SHA256: acd3d339fc4c4978bd6942e95f451da49d10e8861d8d89022c9edc62748039f3
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\CS.locale
text
MD5: 0af631d42063eef22d6bfcf3b1780254
SHA256: 8290556e9ad37befee2ccff5b65aab1dd44ac7f45292220a33ab30282e6b9d3a
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\DE.locale
text
MD5: ac99de234c1c7dff173e1be6507d2b50
SHA256: 5f5f05b25b6f44af38ae2fabb99b1bb3f4cc9413e2275b2998b0d3771286737f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\BG.locale
text
MD5: c77a1f22bc00991db483daad060c21b9
SHA256: f3cfc4b300d6ac056cd21934c9a4cefbfde6531905323f08bf1985f9f3867da9
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\EL.locale
text
MD5: 71035ad0232f4d8dc0e837d5865e8834
SHA256: 3aea8bcfd2855028b3c77db0b53627e8884cd9c1d9481a8d83731a9d2b1e5d9f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\AF.locale
text
MD5: 85683d68fac960fd7887669059b18113
SHA256: 6578baf8fab1dce694229303df0bac1be2bca437d05f3391d9939d9610028fe1
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\BE.locale
text
MD5: 411748400cd72340bcf29e34f539340a
SHA256: 2c9e5a82c1edabe537c04c330a87332faa1188a4ba3394084e756e9ab2f0066a
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\locale\AZ.locale
text
MD5: 90a482ef6f51d900b5f3fbbfdeeedd8b
SHA256: 254679039a064418809eb8c9187c0d6588a0f2e44c671b77f79c82806c900750
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\images\Loader.gif
image
MD5: 57ca1a2085d82f0574e3ef740b9a5ead
SHA256: 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\browse.css
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\main.css
text
MD5: 9b27e2a266fe15a3aabfe635c29e8923
SHA256: 166aa42bc5216c5791388847ae114ec0671a0d97b9952d14f29419b8be3fb23f
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\progress-bar.css
text
MD5: 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA256: 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\button.css
text
MD5: 37e1ff96e084ec201f0d95feef4d5e94
SHA256: 8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\sdk-ui\checkbox.css
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\css\ie6_main.css
text
MD5: 74f08d5a243ae79f1de64dffdaf846cb
SHA256: 15590060bfd227f656e569031113a080e0d45621a5c944dfc352f869eadafef2
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\nsd139417115806\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
4056
PowerISO7.exe
C:\Users\admin\AppData\Local\Temp\001545FB.log
––
MD5:  ––
SHA256:  ––
4056
PowerISO7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk
lnk
MD5: 7f5ab825d6a9564d136564ac36148d00
SHA256: 4b70b11e15986bb6e509cdfd69c939199e0c9e92824788fb1532d44f8d24f9ca
3588
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4AD7A0F7-A42C-11E9-A9B1-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
8
TCP/UDP connections
7
DNS requests
4
Threats
6

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4056 PowerISO7.exe GET 200 54.194.149.175:80 http://rp.powopibobu3.com/ IE
––
––
malicious
4056 PowerISO7.exe POST 200 54.194.149.175:80 http://rp.powopibobu3.com/ IE
binary
––
––
malicious
4056 PowerISO7.exe POST 200 52.51.129.59:80 http://os.powopibobu3.com/FusionPowerISO/ IE
binary
binary
malicious
4056 PowerISO7.exe POST 200 54.194.149.175:80 http://rp.powopibobu3.com/ IE
binary
––
––
malicious
3664 iexplore.exe GET 301 50.62.134.113:80 http://www.poweriso.com/thankyou.htm US
html
suspicious
3588 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3664 iexplore.exe GET 200 50.62.134.113:80 http://www.poweriso.com/thankyou.php US
html
suspicious
3664 iexplore.exe GET –– 50.62.134.113:80 http://www.poweriso.com/images/thank-you-bg1.gif US
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4056 PowerISO7.exe 54.194.149.175:80 Amazon.com, Inc. IE malicious
4056 PowerISO7.exe 52.51.129.59:80 Amazon.com, Inc. IE malicious
3664 iexplore.exe 50.62.134.113:80 GoDaddy.com, LLC US suspicious
3588 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
rp.powopibobu3.com 54.194.149.175
52.214.73.247
malicious
os.powopibobu3.com 52.51.129.59
52.50.98.206
34.247.72.148
malicious
www.poweriso.com 50.62.134.113
suspicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

PID Process Class Message
4056 PowerISO7.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
4056 PowerISO7.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1
4056 PowerISO7.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3

3 ETPRO signatures available at the full report

Debug output strings

No debug info.