General Info

File name

Rainmeter-4.5.8.exe

Full analysis
https://app.any.run/tasks/e2a3f333-31f1-4673-9ecc-ed80e09e2137
Verdict
Malicious activity
Analysis date
15/01/2022, 02:26:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

b814c9931d086e948bad009c7be4b7da

SHA1

804aa515269b89db0540b90bb72041498e74d9f2

SHA256

399272b4806fb1613b527dffdd4582169123b3437c69b7c8f67f39c0191ba130

SSDEEP

49152:nq6+yMjWvbmux/TnkAAaqgkFoBNpJ6NcuKJoKIjST8DOmC:ndXWWv9eagoBfJnLIuT8Cn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Rainmeter-4.5.8.exe (PID: 2152)
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Writes to a start menu file
  • Rainmeter-4.5.8.exe (PID: 2152)
Drops executable file immediately after starts
  • Rainmeter-4.5.8.exe (PID: 2152)
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Application was dropped or rewritten from another process
  • Rainmeter.exe (PID: 3896)
Reads the computer name
  • Rainmeter-4.5.8.exe (PID: 2152)
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Checks supported languages
  • Rainmeter-4.5.8.exe (PID: 2152)
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Application launched itself
  • Rainmeter-4.5.8.exe (PID: 2152)
Changes default file association
  • Rainmeter-4.5.8.exe (PID: 2944)
Creates files in the user directory
  • Rainmeter-4.5.8.exe (PID: 2152)
  • Rainmeter.exe (PID: 3896)
Creates a software uninstall entry
  • Rainmeter-4.5.8.exe (PID: 2944)
Creates files in the program directory
  • Rainmeter-4.5.8.exe (PID: 2944)
Creates a directory in Program Files
  • Rainmeter-4.5.8.exe (PID: 2944)
Executable content was dropped or overwritten
  • Rainmeter-4.5.8.exe (PID: 2152)
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Drops a file with a compile date too recent
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Drops a file that was compiled in debug mode
  • Rainmeter-4.5.8.exe (PID: 2944)
  • Rainmeter.exe (PID: 3896)
Reads Environment values
  • Rainmeter.exe (PID: 3896)
Starts Internet Explorer
  • Rainmeter.exe (PID: 3896)
Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 2236)
Reads the computer name
  • iexplore.exe (PID: 2008)
  • iexplore.exe (PID: 2236)
Checks supported languages
  • iexplore.exe (PID: 2008)
  • iexplore.exe (PID: 2236)
Application launched itself
  • iexplore.exe (PID: 2008)
Reads the date of Windows installation
  • iexplore.exe (PID: 2008)
Checks Windows Trust Settings
  • iexplore.exe (PID: 2008)
  • iexplore.exe (PID: 2236)
Reads settings of System Certificates
  • iexplore.exe (PID: 2008)
  • iexplore.exe (PID: 2236)
Changes internet zones settings
  • iexplore.exe (PID: 2008)
Reads internet explorer settings
  • iexplore.exe (PID: 2236)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2021:09:25 23:56:47+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
26624
InitializedDataSize:
141824
UninitializedDataSize:
2048
EntryPoint:
0x3640
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
4.5.8.3587
ProductVersionNumber:
4.5.8.3587
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Rainmeter
FileDescription:
Rainmeter Installer
FileVersion:
4.5.8.3587
LegalCopyright:
© 2021 Rainmeter Team
OriginalFileName:
Rainmeter-4.5.8.exe
ProductName:
Rainmeter
ProductVersion:
4.5.8.3587
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
25-Sep-2021 21:56:47
Detected languages
English - United States
CompanyName:
Rainmeter
FileDescription:
Rainmeter Installer
FileVersion:
4.5.8.3587
LegalCopyright:
© 2021 Rainmeter Team
OriginalFilename:
Rainmeter-4.5.8.exe
ProductName:
Rainmeter
ProductVersion:
4.5.8.3587
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
25-Sep-2021 21:56:47
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006676 0x00006800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.41746
.rdata 0x00008000 0x0000139A 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.14107
.data 0x0000A000 0x00020378 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.11058
.ndata 0x0002B000 0x00023000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0004E000 0x00008AD0 0x00008C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.45312
Resources
1

2

3

4

5

6

7

8

9

103

105

106

111

205

206

211

305

306

311

405

406

411

505

506

511

605

606

611

705

706

711

Imports
    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    COMCTL32.dll

    USER32.dll

    GDI32.dll

    KERNEL32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
44
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start rainmeter-4.5.8.exe rainmeter-4.5.8.exe rainmeter.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2152
CMD
"C:\Users\admin\Desktop\Rainmeter-4.5.8.exe"
Path
C:\Users\admin\Desktop\Rainmeter-4.5.8.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Rainmeter
Description
Rainmeter Installer
Version
4.5.8.3587
Modules
Image
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\rainmeter-4.5.8.exe
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\nso3160.tmp\uac.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\secur32.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\gdi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shfolder.dll
c:\users\admin\appdata\local\temp\nso3160.tmp\system.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\temp\nso3160.tmp\langdll.dll
c:\users\admin\appdata\local\temp\nso3160.tmp\nsdialogs.dll
c:\windows\system32\riched20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\users\admin\appdata\local\temp\nso3160.tmp\userinfo.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sfc.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscapi.dll
c:\program files\rainmeter\rainmeter.exe
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\netutils.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

PID
2944
CMD
"C:\Users\admin\Desktop\Rainmeter-4.5.8.exe" /UAC:30102 /NCRC
Path
C:\Users\admin\Desktop\Rainmeter-4.5.8.exe
Indicators
Parent process
Rainmeter-4.5.8.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Rainmeter
Description
Rainmeter Installer
Version
4.5.8.3587
Modules
Image
c:\windows\system32\uxtheme.dll
c:\users\admin\desktop\rainmeter-4.5.8.exe
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\users\admin\appdata\local\temp\nsx62df.tmp\system.dll
c:\users\admin\appdata\local\temp\nsx62df.tmp\uac.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\usp10.dll
c:\windows\system32\secur32.dll
c:\windows\system32\slc.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\users\admin\appdata\local\temp\nsx62df.tmp\nsdialogs.dll
c:\program files\rainmeter\rainmeter.exe
c:\windows\system32\netutils.dll

PID
3896
CMD
"C:\Program Files\Rainmeter\Rainmeter.exe"
Path
C:\Program Files\Rainmeter\Rainmeter.exe
Indicators
Parent process
Rainmeter-4.5.8.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Rainmeter
Description
Rainmeter desktop customization tool
Version
4.5.8.3587
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\imm32.dll
c:\program files\rainmeter\rainmeter.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\rainmeter\rainmeter.exe
c:\windows\system32\comdlg32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\propsys.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\urlmon.dll

PID
2008
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://docs.rainmeter.net/manual/getting-started
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
Rainmeter.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\netutils.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\msctf.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\ieui.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\sxs.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mlang.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll

PID
2236
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2008 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\ieframe.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\bcrypt.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\secur32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\ieui.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\fveui.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\winmm.dll
c:\windows\system32\xmllite.dll

Registry activity

Total events
12552
Read events
0
Write events
111
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2152
Rainmeter-4.5.8.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2152
Rainmeter-4.5.8.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2152
Rainmeter-4.5.8.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2152
Rainmeter-4.5.8.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
UninstallString
C:\Program Files\Rainmeter\uninst.exe
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Rainmeter
Language
1033
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
Publisher
Rainmeter
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
InstallLocation
C:\Program Files\Rainmeter
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell
(default)
open
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\DefaultIcon
(default)
C:\Program Files\Rainmeter\SkinInstaller.exe,0
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\open\command
(default)
"C:\Program Files\Rainmeter\SkinInstaller.exe" %1
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
HelpLink
https://rainmeter.net
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rmskin
(default)
Rainmeter.SkinInstaller
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Rainmeter
NonDefault
0
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
DisplayIcon
C:\Program Files\Rainmeter\Rainmeter.exe,0
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
NoModify
1
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
Comments
Rainmeter desktop customization tool
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
DisplayVersion
4.5.8
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
NoRepair
1
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
ReleaseType
Release
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inc
(default)
inifile
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
DisplayName
Rainmeter
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller
(default)
Rainmeter Skin Installer
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
InstallDate
202201Saturday
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit
(default)
Install Rainmeter skin
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit\command
(default)
"C:\Program Files\Rainmeter\SkinInstaller.exe" %1
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Rainmeter
(default)
C:\Program Files\Rainmeter
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
VersionMinor
5
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
URLUpdateInfo
https://rainmeter.net
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
URLInfoAbout
https://rainmeter.net
2944
Rainmeter-4.5.8.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
VersionMajor
4
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935479
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935479
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
CB042764B709D801
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A1B22FBA-75AA-11EC-A45D-12A9866C77DE}
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F0002001B0007007301
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F0002001B0007007301
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F0002001B0007007301
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F0002001B0007007301
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
1FEF5164B709D801
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
1FEF5164B709D801
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F0002001B000A00FA0201000000644EA2EF78B0D01189E400C04FC9E26E
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F0002001B000B00060100000000
2008
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:

Files activity

Executable files
69
Suspicious files
27
Text files
35
Unknown types
15

Dropped files

PID
Process
Filename
Type
3896
Rainmeter.exe
C:\Users\admin\AppData\Roaming\Rainmeter\RCX730A.tmp
executable
MD5: 798f540357cea4be8bb6013e2ca9ca5d
SHA256: 64a71b1003ccef72a86e35acb42dab3f9b321d89c9a127f77ff334d53d02753d
3896
Rainmeter.exe
C:\Users\admin\AppData\Roaming\Rainmeter\Rainmeter.exe
executable
MD5: 798f540357cea4be8bb6013e2ca9ca5d
SHA256: 64a71b1003ccef72a86e35acb42dab3f9b321d89c9a127f77ff334d53d02753d
2944
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nsx62DF.tmp\nsDialogs.dll
executable
MD5: 6c3f8c94d0727894d706940a8a980543
SHA256: 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\uninst.exe
executable
MD5: a24fbb27d46c44cf2876dce03b6328e5
SHA256: 6238f4d7c0e25a98be50fbb9b19d711fe25677957b2ca0261cefc1e669c4108d
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\2070.dll
executable
MD5: 806c460fd0147105fbbee9e1317a9b60
SHA256: 7267525c67d9dec7b5271d0a59dcfa98e57c1e680cc44ea9a8c921b89184b745
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\2074.dll
executable
MD5: b907d2e7f22c72b5049d2a093f6986a7
SHA256: c85d2cfaeebb7ab400c9cafe0ea3e1433684e110d8cfada25382c46da3d1ce21
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1066.dll
executable
MD5: 8383d2257b97e967655a5ec44e4f3974
SHA256: 27df752d980a43e94ae93d063635693341100f6a8d1177daa548b74e0ef9b4f1
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\2052.dll
executable
MD5: 77f07a12d7347b33d2d915d6cf4324ad
SHA256: b8742336c7cba632610f470984956a2c6b810ff94b728fcddd479851be319970
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1060.dll
executable
MD5: 4f1e863f910bc10c0cb7cb07b0e5e73f
SHA256: bd04197edc5a53e805c0911c353dca6ff147744d895dbffb4e2e4ef6f50d093f
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1058.dll
executable
MD5: d1a6e64eb0ec2b57b5660914dd3eb82b
SHA256: f048b211c9786ce7c2ab7371657e8b586da25a5c1fccae3e20896681994fdd88
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\3098.dll
executable
MD5: de0b551d041543d9249c15457c8c79e2
SHA256: bb8b3ead471fcb0dfd90e3cc430a3e5eba8b2d59068208591b3d95f22fd9176a
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\3082.dll
executable
MD5: b7580e45538e6a7825950fa012003579
SHA256: 275be08d4e0d3b9ac02e9113fba994506ca38a0561b88548510d7f1f8ecefefc
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1086.dll
executable
MD5: 66b5d8b76be1b5778a546d7e15f8d597
SHA256: e00b928c999cc7964c120706ff1271df44fd60d27486c365eec7797eeacaabc2
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1051.dll
executable
MD5: b4efe3a7cc65f236a2855bab2226f596
SHA256: e9a7a62b22a60f1860fc58f9b4149f12cb665ed27a1c62df5e583aaff12ce33b
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1055.dll
executable
MD5: 244df263987ec52bad355c565d5343d7
SHA256: b8b4a20970927c0bac47c1875a5adec2a272198e790143071f6ab24a550d8ca0
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1049.dll
executable
MD5: 920abae5a68e201e1a186f70b9926e38
SHA256: 5e475f86a9ec27aec33f6b56abf3a70ef5a295e046aa27264ffef602fe0f93f7
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1057.dll
executable
MD5: 1672908f1b259f11969124631a1cbd89
SHA256: d3cc1f88a6c44a132a850bf253f9d7397d36c72ee06183e477f356ec305c9d0a
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1053.dll
executable
MD5: 2e9b4870037c5978df6b96e6a26ab61c
SHA256: 538d2223ab53b87bb7bfc8356b4cfb74e4efa237dd26b82c03804715a4c00c57
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1054.dll
executable
MD5: 71bcf090aebddb2b9817c4e40d590dad
SHA256: 41cc09d11954a08684e533897ee67e774bbf49a24f4ba73d5327e63a41e7a52c
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1048.dll
executable
MD5: 28882c187cf0bf5d69e104177c1448cc
SHA256: 791dd9d3b8ee230f5e586e0fb68db3d1792275c26e8d26ae935e30ce91b36a79
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1046.dll
executable
MD5: 1a0f3260b361f2f39cfd212ea6d00087
SHA256: 888bedacb5b0a22824492fed1322403f9a204ca3ac6e1058bd616653c37ac9a0
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1043.dll
executable
MD5: 49d70a199c850534f79a32e9168fe160
SHA256: 32a9e82ea746e9d3694201f07ab3bf2c79cee305b2ed1a84335e77adb8ab1278
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1041.dll
executable
MD5: aebd0929e3abec55be56217fc646fdbf
SHA256: 05415fcfaaf96e3c06d113a9bf052a3f2839c6584861696167f730c6578b7afd
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1040.dll
executable
MD5: a476f6a28e93cef940a9052db4256782
SHA256: d1ac96be060670a380dee881f931fedd5803a13881a174f3fef6f3e8ad39e01c
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1045.dll
executable
MD5: 8b99be3f4e145453de2c241e537c2af1
SHA256: 019031244cba541960aa1701af6e4196389a52a3ff29f67e710a862766c78048
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1037.dll
executable
MD5: a35617bf1d72ac56827d1623a1e29775
SHA256: f6c67885ee770a68589e053716a0ddec3889f20053a59098b90875a423d10f2d
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1042.dll
executable
MD5: fa5df0b768329a02b3aafc8c4e26ed10
SHA256: f9f279f869212c94ee3828e26419b161029240bcc8722e728d24e70a7ca1999b
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1044.dll
executable
MD5: c4fcfd5475e4a37dbcd4d27b586943b1
SHA256: e058fe60cf942e5d376f9415b8aae4e9e7e08d5f6f006a9f1f53c72f59facfdb
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1038.dll
executable
MD5: 96939c873392090464756b8ed8b5194d
SHA256: 5581c91413b2d91e79ef8a4ec191c1e5cc416b4750debc341c0cb2b1d50a4d09
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1032.dll
executable
MD5: b1ecd38295c34e072bd1816f1ea1703c
SHA256: 53e69f466a07051dbfaeabc3604470ffcf3a58053f43de71994f195857977e2c
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1030.dll
executable
MD5: 631a2b00294912e4aca4ddd6234158e1
SHA256: 8037c96d5d303e87ed5279fb4defa9c1fab849adc2dcb84b777b6dffab08a452
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1036.dll
executable
MD5: 97742b0fadea26b7c580a8da2570353d
SHA256: a1e0066567be194b68e43cdc2b3d550fcda94258dfafceabf336599d67970943
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1025.dll
executable
MD5: 406aaa0a16694f32b82b5c858affc6fd
SHA256: e72e01cf15cfde713626f7a3972ffbc49aec3981a5cf59f352e925984a7e4b86
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1026.dll
executable
MD5: 173064435934be8ff5cdac868fda5d1c
SHA256: db41edc03fbdbe618c0cc45d91fb89548b18b306b58f7dad7e69012cd7391ace
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1029.dll
executable
MD5: 428f9d5904cb6cba2970619ade69116e
SHA256: 8b4339bca2a4dbb2f4049c138905da63d01172ab47816b51fe9c42cdc50170d5
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1028.dll
executable
MD5: 1995b7e97a074f4ce5056573606da409
SHA256: 80dfb1c9b0b04506e26c7c92aa27266a3b5c71946ca29fed7315ddad3bae41ab
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\UsageMonitor.dll
executable
MD5: b016fccfc54df374afdd10e38ce701a5
SHA256: 679e0a63e4dcd4d7536907d5b0d9486d8514c4e67aa19fc93ce57ce08a7a7421
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1031.dll
executable
MD5: 35965fca2f79bcba759f1673957e29ab
SHA256: a639ae522801c4e93e8eee878430ca379bfec56ee6af7eabdde811a2379ca646
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
executable
MD5: 9e2a1f2642633c63e849712bbce0b3d1
SHA256: e894e13e1cccc7ec49645d71210793ab9ba55e0c5f2b212a73a6ca5650dd655c
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\iTunesPlugin.dll
executable
MD5: cdcfe716f29da7943e0261254eda36b4
SHA256: b0d1d25d3a3a80c65e807c2449a347983b9d22fac2625600a310b760eeeeb2c2
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1033.dll
executable
MD5: f9e4875dbbcb62befe519d74a582bbdc
SHA256: 22795100f0c7c03d4c0f7f72cc4bc963af39f83d83102d7248f8cb469db4a754
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Languages\1035.dll
executable
MD5: d3d600eddbeeb3e87879fabdbb1293c7
SHA256: b5a19df039aff56724052d7667120b23e5e8706b26975e2059e5b78cbe1c438b
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\RunCommand.dll
executable
MD5: 63b69ee7d40e7620faf0b5b9e3ecaa47
SHA256: 8929b33a259190ddf72f930218cc0dd4008f233992892cbe6ce7180dc3e43d02
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\SpeedFanPlugin.dll
executable
MD5: dfef3d07995988406209bf5b38f22ee8
SHA256: af2211f8cf34e15504c64b487af20f46420580e1f575ebab0c8bef3c4316fff1
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\PerfMon.dll
executable
MD5: 663baeede7138d5d330ad5a5f12b18f6
SHA256: 54548a3f574e314f81e2f31988ebe8b861e4dd7e50943455bcf8f44315913feb
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
executable
MD5: 6605f2e6c09f6f4ff5451fe57c27ef08
SHA256: 22e4f46a7ce6edf82e0fb7bd774fdfe8a1654272ed72048bbc73062d4dc9142c
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\ResMon.dll
executable
MD5: b32d8e721c5db0acc6b00ae17d3f76ca
SHA256: 3775c24fae86eb719e8edf09a6dc21e583c50051602f383c1e691c87a882ba90
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.dll
executable
MD5: 84a4c1a2d5a653b4f7ccafa75c12d2fb
SHA256: a03ce9c3be127fab7cfdb4d2319127e341a24dcf2fd6b4789aeaeb17b272722e
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\PingPlugin.dll
executable
MD5: cb3281351e67cccd514ae1a1748bde16
SHA256: 03a021ae2f03092a7aa22a75378bd784fc142622537623dfc5d836b526753160
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\FileView.dll
executable
MD5: fc41ec883b4d940d945e231cc22b76af
SHA256: e00a404c256d26d8deb80ca673a694105c1a46efc8a7b3b2fbb932737b1e0b19
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\InputText.dll
executable
MD5: 891fc80e37e5fb1abc3e94d4fc586ad6
SHA256: 9c8436111e8e464d876cb8821a5734c18f90b49dbd28b73af378c13359d6e864
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\AudioLevel.dll
executable
MD5: 9aa01c6429d3bec28ce34576c7b83326
SHA256: 63fa99ac3cfd0371aee4bcf123942a261b3bdcd26e8ed91b4a29469590e79890
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
executable
MD5: 680d62bbfe18817eec864f1efba8005a
SHA256: 220231d2f5924dcf9787b73142974e82910e604449a7527268e4c7c861b76628
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\FolderInfo.dll
executable
MD5: c42eecb546dc915234e483558be50103
SHA256: 830c6b4ece9b4b0b67256272c3e07dc1cde0013373cbcfafef441c06f331a1d2
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\ActionTimer.dll
executable
MD5: e77ecaf0624e58356f41d0203d762122
SHA256: 0b702396b242d2ceec613a9ad357022aeccd0681f6fc7f04c988dd68b6461457
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\CoreTemp.dll
executable
MD5: 32840793df79fdc643e2f7dd8517cb4d
SHA256: 1afbbe6524cfbda61119ca052be33a5dbcd1271d4fa8c2976a159965eca266fa
2944
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nsx62DF.tmp\System.dll
executable
MD5: cff85c549d536f651d4fb8387f1976f2
SHA256: 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Plugins\AdvancedCPU.dll
executable
MD5: 517a8fcf79979ab221cfcf299f5e6c86
SHA256: ba035439ee46182cbcd9516f96a6b84277fc2c7901aec38ea367a7276572e78b
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Rainmeter.exe
executable
MD5: 6f80e8d31a130c28e97257a4f7bc4ba2
SHA256: b9a89a76b25392c5d5f9ca41806fd6e734c2d7293eb790021c98e535be058ddb
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\SkinInstaller.exe
executable
MD5: faf3f57711070e86d5acfae10974ca37
SHA256: afad929c68a082766f1179fa291f7e78bd7c4388e583b5337e873ade449f70b9
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\RestartRainmeter.exe
executable
MD5: afeb0cb0cf7da3378eb75d6ae88cfb17
SHA256: 37eee28da02683b69836503542a5d96c57dfa3f98ba4af9d995b8d2618a3e514
2944
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nsx62DF.tmp\UAC.dll
executable
MD5: adb29e6b186daa765dc750128649b63d
SHA256: 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Rainmeter.dll
executable
MD5: ca40936e0b353d60ac707df241572483
SHA256: 4a410f646e8e3b499a6b05adca77bf67d6ba6462c7a6378680f23ef68a321668
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nso3160.tmp\nsDialogs.dll
executable
MD5: 6c3f8c94d0727894d706940a8a980543
SHA256: 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nso3160.tmp\LangDLL.dll
executable
MD5: 68b287f4067ba013e34a1339afdb1ea8
SHA256: 18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nso3160.tmp\UserInfo.dll
executable
MD5: 2f69afa9d17a5245ec9b5bb03d56f63c
SHA256: e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nso3160.tmp\System.dll
executable
MD5: cff85c549d536f651d4fb8387f1976f2
SHA256: 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nso3160.tmp\UAC.dll
executable
MD5: adb29e6b186daa765dc750128649b63d
SHA256: 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
2008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat
binary
MD5: 653d41d2dfbb5756e712f3c22101a221
SHA256: af82b626d14406db4d84698a1b546e53eca036a3d564ca3422b7d2e761bc83da
2008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF782C19099B9DFEC0.TMP
gmc
MD5: cc1cb9235d3c0d4a976210d5acf6a6be
SHA256: bfef3438f867c0588ae9175bc6b5e37372a02bfba770666158ac921bd39a71db
2008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico
image
MD5: f397c5814f8774b0a889c758e90898e1
SHA256: 3ab9d9d86b26a07496dd8d04efd3acb06a4ff81950a9dfacbdd06090192cacff
2008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A1B22FBC-75AA-11EC-A45D-12A9866C77DE}.dat
binary
MD5: 83fa4c595d44282292bf4d6235a7dac6
SHA256: 7e67c3250bac535ba1cc86812b6e1a091a0f1d58a7e306624b0ade2cbdbfa8c9
2008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{A1B22FBD-75AA-11EC-A45D-12A9866C77DE}.dat
binary
MD5: b076d12e30efe206978a0a90ae80529c
SHA256: 4cc9c2175f778d025efc7bbb16d610330284747cf50af0ea177573cf858bbc08
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\css[1].css
text
MD5: b6af3ac2ae250e2f3853d2305cfeef9c
SHA256: 3f40289d13ec82ff98c68f147689bcf77535608a479486051f0c50f4e1ba5e92
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3iQ[1].woff
woff
MD5: 158a46520e8063ba4c8c88fabc5151a4
SHA256: 359bcfc02b61d924846471b3fee1b1b5487e89a8012fb6493a883faa5e8f7f46
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo[1].woff
woff
MD5: b6d4791a22b048d606e42cd3ea97d21c
SHA256: 02d588262259e6707239912f2219aa0ddd7fa9d6e8953ad95613ee9e616d2947
2008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF159BE9B40DE855F4.TMP
gmc
MD5: 1e7c7cffedbcf814a7fba4b8b898ce05
SHA256: 9761e10e0602ae8d6c574608aa24fa39b8011462679e1ec3f7c9302accc8f825
2008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat
binary
MD5: ce6033007f488a1ec969e5e619ed0109
SHA256: d81f9de08a53bfb7702fa24ff1c4a8c6aff7fe422e4ae20a6c21914acb35f0f4
2008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF40518F13CAD76C1D.TMP
gmc
MD5: 43d4b22d4fbad5522689ca1e8d056537
SHA256: cac3bf6aade9ded9f521f241ffd7d1b8e7021f2e07918bec8c023dc5395f307f
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
binary
MD5: cbd35395e6e95e74bdf0c2ba33efc74a
SHA256: 3d2895a96e4848f8ec3721141d2d246a462d650d441443aa1498f37663cdfb67
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
der
MD5: 16d3f9ab9906795a97d054c743d7e35f
SHA256: 35eab9b4604650214054008310c2665f30fb12bc3fc3865a1277318786f67a3b
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\XRXI3I6Li01BKofiOc5wtlZ2di8HDFwmdTQ3iQ[1].woff
woff
MD5: f3fb6dce76a2d22efde08550dbfc61b4
SHA256: 7bf58c8a335ddfb6221a5e2e2988cf79abf242f617585c700905d2964e86cab9
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j[1].woff
woff
MD5: 8c45c15e212f873e698fb14988caa09f
SHA256: d28666c1352cdd0ceff9f04ba3c8777c0e3dbcd0f338b9b68b0d59b3ee494007
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
binary
MD5: 25278000ded8a2d13cfbfadb1fb9f42c
SHA256: 03004898b84a397bad9e4a3fb8fffa45a2445a09f13a4b54dd58a09e3e8bdcef
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdo[1].woff
woff
MD5: b8ac08e709d742417d2130576f6e3c63
SHA256: a6b2178ed83a551b7b6d017c0bb06bfc05d344baf91ac40c39d1f9b8e73e0233
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\css[1].css
text
MD5: 298178320f74362bcf30df605fc72f3f
SHA256: cbc4d83d7346df5e466149469c4b44c04422eca9deced3ef7257414a88915dbb
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
der
MD5: c4815bbdddd37a45a6df78b6c330d07c
SHA256: 29e78bf056e19e529bd143d9c325ae9ff506c0b25b5b8c477171575d5d081186
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\index-skins[1].png
image
MD5: ee4615098bd54e328641334399d7b419
SHA256: 3ab4cedc1de75170d764505bce6263aad51380f7f0ce5f046dcc78f598aa7d99
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: e89340713e4c870d7b0845aa50bfb7a4
SHA256: 09179c0e184f9a5f319410951c7b87cb780ed7ec74480bc580f7b6f2e6b76c5c
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: 0926c2d6c330fc81838e7a85d7b0ff48
SHA256: ca88b6e87cf75dfdab4c7f2fa4d82f4b09e295cbcfa30acd0bfdf9e5d45083c8
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\index-ui[1].png
image
MD5: ee27c011fdcebc7982dff6f466703aa8
SHA256: 0c9983582845ec73af5ba66f6778c74402d76704ba50bee6324dfe284bea6712
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\index-code[1].png
image
MD5: b0051445169d62b3a996df71eb439dcf
SHA256: cb9b2a768f877b772d9b02f2e87bea075edf3b5368a1782d64b1c400617e4c81
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ahk-sliding-panel[1].js
text
MD5: 23bf9163c4ce86202fbcb8f7675e690f
SHA256: 117e8044811572c924393498d6f3ac1763814cb0424a07daee4f23789bd2c128
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery.fancybox.min[1].js
text
MD5: 03fb3cb50afc9664b2db317b463ba541
SHA256: 65515bd165d88a90a8a86bc7757e49d38155fe2b83722375b073f69f0c74043b
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\bootstrap.min[1].js
text
MD5: baaadea4492b059f284187d75af46063
SHA256: 0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery-3.2.1.slim.min[1].js
text
MD5: 5f48fc77cac90c4778fa24ec9c57f37d
SHA256: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
binary
MD5: 25717c02902de1c76a8f3c66487fbb03
SHA256: 1cb0cfcb39da93de3dbd5a9e63a0f3a21deb16b7bb997ab46442c5900cc47ee9
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\getting-started[1].htm
html
MD5: f47faa2d2443cf60d4fcac4fe039c886
SHA256: ff6e945098caaf77456c29a900e4a0e1cfd879400e2b3480cee766a657976bf8
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\logo_nav[1].png
image
MD5: 5a7500f7d7916b9946245f33e1b37d66
SHA256: 4a89e1261d678524dbfa55edadb29e6dd3ab73ff7d5901869f74da616af4109c
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\rainmeter[1].css
text
MD5: aa4732bc58546489f91e18c2389858f7
SHA256: de8d04f0710f2a3a6104ea4cffcfb4ee83f7e42febcbd1560a091fd6fd93079c
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\main[1].js
text
MD5: 70586de93ce8cde854643d3f20b71acf
SHA256: 0ce44be74b9e5f9a51313bcf877d14713186d514650b02231fbc176cc7df8455
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\bootstrap.min[1].css
text
MD5: 3ffbab350748e841d3768b5d1ca48933
SHA256: 9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
der
MD5: beab9da0aa8e569dd7b0dedba4676d02
SHA256: 7c5ee0ff5ecd229ba442c639096cfb79d50d7fc6841a8e99693393a920a70c33
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery.fancybox.min[1].css
text
MD5: ab89ed26e60aa43608e334321aaa9f96
SHA256: 3e5abd97d8cc264231d8f5fd45ac7402480dcc55e9682dd853f5c594be4c6051
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\getting-started[1].htm
html
MD5: 42c394b8f0152b372537ace9acc3f7bb
SHA256: 6aaad3365c30c4f8d2504e569527e588d33eeae66dd7045bcfeef7413820db2a
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
2944
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nsi62CF.tmp
––
MD5:  ––
SHA256:  ––
2236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\getting-started[1]
text
MD5: fda44910deb1a460be4ac5d56d61d837
SHA256: 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
3896
Rainmeter.exe
C:\Users\admin\AppData\Local\Temp\cfg7369.tmp
binary
MD5: e7c252045282bcc9b1e5675865d8408c
SHA256: a2298019b2774ef5f7fa1d22d08738f36e7749ea125bf441a6b8bad23b960826
2236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 6eda32f801ca8ccc64ff19d5b6c8157e
SHA256: 5e0fa11d80d13422bc1f8c7e4d94e2233daa4818ae880494197e5fe07b8f7f93
3896
Rainmeter.exe
C:\Users\admin\AppData\Roaming\Rainmeter\Rainmeter.stats
text
MD5: 8d8fdd288384b581a21484457ac95147
SHA256: bbaed1225b640899c768cc23df0e7a356a779f832ac0e2ec91758099a71e467e
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\@Resources\Background.png
image
MD5: 751ae72195e782cf91732d0e89138582
SHA256: ae72127580a6401f4b3cba621267fcb4d13f0547b7ea00d2748a3a3892cb54de
3896
Rainmeter.exe
C:\Users\admin\AppData\Roaming\Rainmeter\Layouts\illustro default\Rainmeter.ini
text
MD5: 7ed3f1a420c2ba65345af28455a754da
SHA256: 97030b68fafaee7bb69eacb3c737ba0ca0d75b70e805166494b34fc589f1b7d9
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\System\System.ini
binary
MD5: e7c252045282bcc9b1e5675865d8408c
SHA256: a2298019b2774ef5f7fa1d22d08738f36e7749ea125bf441a6b8bad23b960826
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Network\Network.ini
binary
MD5: a7563446fd3438921b3dc748ab860225
SHA256: 9680dd5ffc0da92026e19ed42610f1c99d8686bd5d9923104dc94b8383b0ea69
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Welcome\Background.png
image
MD5: 27c60fa5b6e8c9545c885f108f501a36
SHA256: 3aea0caa797e487abb0901648773251ca52f14b680a960baee080f263d2dd9ec
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Disk\2 Disks.ini
text
MD5: 7215e77b41579b66126d8d010ab6894a
SHA256: 3106efa019016e9d84d0ee4e484f45ffc4311617d3ef3ddce74393a6e41952f0
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Recycle Bin\Recycle Bin.ini
binary
MD5: 0a1fe3462f5f9e3599d5bb33b157f74a
SHA256: 0ff9e0d8cf8d2a902e9fcda78857ead00b3378815c2f342b1e1b5cd7eea39a10
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Disk\1 Disk.ini
binary
MD5: bd443770cbb26712f476fa3d41ab812c
SHA256: 1e243b7ec358bc79d65da9d5446758cfd567847cf7fea6ce128f4947d04d7346
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Google\Google.ini
binary
MD5: f04f5cd3c064a53966592193b7fe372e
SHA256: d5088ede9c2366864572a95cbc87afddd3dbe0adc9d890b640646acd1dd401c2
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nsy314F.tmp
binary
MD5: 40d20bce673f05e1bbe87d3874ec34f0
SHA256: 818514174eccf24117d55b26549eada9049c51fa75837df8026dad38a3e293ba
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Clock\Clock.ini
binary
MD5: a23de9c5c90b698420fc8b3517f36598
SHA256: 45b2d5644208a29e7e90cc74e130c0fb77c35099e9dbd17ffc010080a3ef1d8d
3896
Rainmeter.exe
C:\Users\admin\Documents\Rainmeter\Skins\illustro\Welcome\Welcome.ini
binary
MD5: 9fd985ded033fa0fcc86c222e8e4370d
SHA256: 6b710c75c1bfc4046ce0bdcde3c4f920aaefe1ecd4fa186d3bdfee12af897707
3896
Rainmeter.exe
C:\Users\admin\AppData\Roaming\Rainmeter\Rainmeter.ini
text
MD5: 7ed3f1a420c2ba65345af28455a754da
SHA256: 97030b68fafaee7bb69eacb3c737ba0ca0d75b70e805166494b34fc589f1b7d9
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Welcome\Background.png
image
MD5: 27c60fa5b6e8c9545c885f108f501a36
SHA256: 3aea0caa797e487abb0901648773251ca52f14b680a960baee080f263d2dd9ec
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Welcome\Welcome.ini
binary
MD5: 9fd985ded033fa0fcc86c222e8e4370d
SHA256: 6b710c75c1bfc4046ce0bdcde3c4f920aaefe1ecd4fa186d3bdfee12af897707
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
lnk
MD5: 3634e3e5673a5cf733268c362edf822f
SHA256: 362b9c0256a3c133e17fe2b93aacc8f6cea8338fe918ffd204cc161340713a0e
2944
Rainmeter-4.5.8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
lnk
MD5: 5a2eb976ad3cc5fa74d40cf17ab327be
SHA256: 8874177719aa482ea06fd3863440516f3527b5cd609955e41980d2b926b758ed
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Layouts\illustro default\Rainmeter.ini
text
MD5: 7ed3f1a420c2ba65345af28455a754da
SHA256: 97030b68fafaee7bb69eacb3c737ba0ca0d75b70e805166494b34fc589f1b7d9
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Recycle Bin\Recycle Bin.ini
binary
MD5: 0a1fe3462f5f9e3599d5bb33b157f74a
SHA256: 0ff9e0d8cf8d2a902e9fcda78857ead00b3378815c2f342b1e1b5cd7eea39a10
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Network\Network.ini
binary
MD5: a7563446fd3438921b3dc748ab860225
SHA256: 9680dd5ffc0da92026e19ed42610f1c99d8686bd5d9923104dc94b8383b0ea69
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Clock\Clock.ini
binary
MD5: a23de9c5c90b698420fc8b3517f36598
SHA256: 45b2d5644208a29e7e90cc74e130c0fb77c35099e9dbd17ffc010080a3ef1d8d
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Disk\1 Disk.ini
binary
MD5: bd443770cbb26712f476fa3d41ab812c
SHA256: 1e243b7ec358bc79d65da9d5446758cfd567847cf7fea6ce128f4947d04d7346
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Google\Google.ini
binary
MD5: f04f5cd3c064a53966592193b7fe372e
SHA256: d5088ede9c2366864572a95cbc87afddd3dbe0adc9d890b640646acd1dd401c2
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\@Resources\Background.png
image
MD5: 751ae72195e782cf91732d0e89138582
SHA256: ae72127580a6401f4b3cba621267fcb4d13f0547b7ea00d2748a3a3892cb54de
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Disk\2 Disks.ini
text
MD5: 7215e77b41579b66126d8d010ab6894a
SHA256: 3106efa019016e9d84d0ee4e484f45ffc4311617d3ef3ddce74393a6e41952f0
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Defaults\Skins\illustro\System\System.ini
binary
MD5: e7c252045282bcc9b1e5675865d8408c
SHA256: a2298019b2774ef5f7fa1d22d08738f36e7749ea125bf441a6b8bad23b960826
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\VisualElements\Rainmeter_600.png
image
MD5: c7f56473aa0e6a06df975d9400932eb8
SHA256: abef784c64c988fbac66c58ffc9ab64bb33642a8d8ceb5cee953dc56f7de0b2f
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Rainmeter.exe.config
xml
MD5: a5084f9f5cb184d3c8cb72457fa06e46
SHA256: a77c288bea101129fe2c522f15ffb221396be10624c1112e25be15f8e409f325
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\Rainmeter.VisualElementsManifest.xml
text
MD5: e4098704c3efc586c9f15ce77915be65
SHA256: 31f202eb450d1691d1ea74d3fc3aa4de8045cbd91107965890e595918d07e6a3
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\VisualElements\Rainmeter_176.png
image
MD5: 3e92cd2c272056f0fa1a5ebc3b4c1549
SHA256: 8d7877fbd9c13ab4c7b6f00ba461f564775fdf89a05b2381d6d4f26d4c099b84
2944
Rainmeter-4.5.8.exe
C:\Program Files\Rainmeter\writetest~.rm
text
MD5: 568f3f4163773733e3e36e8a29cf0029
SHA256: 410fee16714cf6db0624a3a9a4e73de4bc18cae5ca7e5d9acf0e9e44aa4133e2
2944
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nsx62DF.tmp\modern-wizard.bmp
image
MD5: e713642c356c0a90d844f0df15e2c686
SHA256: 20abb0c4188442ce1aecbe40455ba4f797a6db706157bc188615b49420c2dac3
2152
Rainmeter-4.5.8.exe
C:\Users\admin\AppData\Local\Temp\nso3160.tmp\modern-wizard.bmp
image
MD5: e713642c356c0a90d844f0df15e2c686
SHA256: 20abb0c4188442ce1aecbe40455ba4f797a6db706157bc188615b49420c2dac3

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
7
TCP/UDP connections
20
DNS requests
9
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2236 iexplore.exe GET 301 162.159.138.85:80 http://docs.rainmeter.net/manual/getting-started unknown
––
––
suspicious
2236 iexplore.exe GET 200 67.27.157.254:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?25917a5300e7a530 US
compressed
whitelisted
2236 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D US
der
shared
2236 iexplore.exe GET 200 216.58.212.163:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
2236 iexplore.exe GET 200 216.58.212.163:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
2236 iexplore.exe GET 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D US
der
shared
2236 iexplore.exe GET 200 216.58.212.163:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG9FXshPqpwWCgAAAAEn3MY%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2236 iexplore.exe 162.159.138.85:80 Cloudflare Inc –– suspicious
2236 iexplore.exe 67.27.157.254:80 Level 3 Communications, Inc. US suspicious
2236 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2236 iexplore.exe 162.159.138.85:443 Cloudflare Inc –– suspicious
2236 iexplore.exe 142.250.186.138:443 Google Inc. US whitelisted
2236 iexplore.exe 216.58.212.163:80 Google Inc. US whitelisted
2236 iexplore.exe 142.250.184.227:443 Google Inc. US whitelisted
2008 iexplore.exe 162.159.138.85:443 Cloudflare Inc –– suspicious

DNS requests

Domain IP Reputation
docs.rainmeter.net 162.159.138.85
162.159.137.85
suspicious
ctldl.windowsupdate.com 67.26.75.254
8.253.207.121
67.27.158.254
67.27.157.254
67.27.159.254
whitelisted
ocsp.digicert.com 93.184.220.29
shared
fonts.googleapis.com 142.250.186.138
shared
ocsp.pki.goog 142.250.186.99
216.58.212.163
shared
www.rainmeter.net 162.159.138.85
162.159.137.85
suspicious
fonts.gstatic.com 142.250.184.227
shared

Threats

No threats detected.

Debug output strings

No debug info.