General Info

File name

PANDAFREEAV.exe.7z

Full analysis
https://app.any.run/tasks/2a52a337-4164-474a-ae42-ad898cb3b923
Verdict
Malicious activity
Analysis date
14/01/2022, 20:59:45
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-7z-compressed
File info:
7-zip archive data, version 0.4
MD5

ee2d971cecf7c7c5b94b1db04f324007

SHA1

7ba348194261a903938e15265b0f73c579123e0d

SHA256

4cfbfc663343d9b814d3f34142d9732b70508fdf82c1ae15d927a13840ef0ad1

SSDEEP

49152:bsNAb4fijC72sqTRBFrshjHk1gb/sCTB4ouI/YEeifx6Ekm1:qfi2SFTRBFIhOC14e/6tEt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • PANDAFREEAV.exe (PID: 460)
  • PANDAFREEAV.exe (PID: 1324)
  • Stub.exe (PID: 3652)
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
  • Setup.exe (PID: 2368)
  • SetupUtility.exe (PID: 832)
  • SetupUtility.exe (PID: 2324)
Loads dropped or rewritten executable
  • Stub.exe (PID: 3652)
  • Setup.exe (PID: 2368)
Drops executable file immediately after starts
  • PANDAFREEAV.exe (PID: 460)
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
Changes settings of System certificates
  • Setup.exe (PID: 2368)
Actions looks like stealing of personal data
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
Checks supported languages
  • WinRAR.exe (PID: 2732)
  • PANDAFREEAV.exe (PID: 460)
  • Stub.exe (PID: 3652)
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
  • Setup.exe (PID: 2368)
  • SetupUtility.exe (PID: 832)
  • TMP766B.tmp.exe (PID: 2684)
  • SetupUtility.exe (PID: 2324)
Reads the computer name
  • WinRAR.exe (PID: 2732)
  • Stub.exe (PID: 3652)
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
  • Setup.exe (PID: 2368)
  • SetupUtility.exe (PID: 832)
  • SetupUtility.exe (PID: 2324)
  • TMP766B.tmp.exe (PID: 2684)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2732)
  • PANDAFREEAV.exe (PID: 460)
  • Stub.exe (PID: 3652)
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
  • Setup.exe (PID: 2368)
  • TMP766B.tmp.exe (PID: 2684)
Drops a file that was compiled in debug mode
  • PANDAFREEAV.exe (PID: 460)
  • Stub.exe (PID: 3652)
  • {E6381693-C0F2-419C-80D1-DE353CB06F20}.exe (PID: 3076)
Creates files in the program directory
  • Stub.exe (PID: 3652)
Reads Environment values
  • PANDAFREEAV.exe (PID: 460)
  • Setup.exe (PID: 2368)
Reads CPU info
  • Setup.exe (PID: 2368)
Manual execution by user
  • PANDAFREEAV.exe (PID: 1324)
  • PANDAFREEAV.exe (PID: 460)
Checks Windows Trust Settings
  • Stub.exe (PID: 3652)
  • Setup.exe (PID: 2368)
Reads settings of System Certificates
  • Stub.exe (PID: 3652)
  • Setup.exe (PID: 2368)
Dropped object may contain Bitcoin addresses
  • Setup.exe (PID: 2368)
  • SetupUtility.exe (PID: 832)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.7z
|   7-Zip compressed archive (v0.4) (57.1%)
.7z
|   7-Zip compressed archive (gen) (42.8%)

Screenshots

Processes

Total processes
50
Monitored processes
9
Malicious processes
5
Suspicious processes
0

Behavior graph

+
start drop and start drop and start drop and start winrar.exe pandafreeav.exe no specs pandafreeav.exe stub.exe {e6381693-c0f2-419c-80d1-de353cb06f20}.exe setup.exe setuputility.exe no specs setuputility.exe no specs tmp766b.tmp.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2732
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\PANDAFREEAV.exe.7z"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\windows\system32\explorerframe.dll
c:\program files\winrar\7zxa.dll
c:\windows\system32\imageres.dll
c:\windows\system32\duser.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dui70.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\samlib.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\slc.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\msimg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\samcli.dll
c:\windows\system32\riched20.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mpr.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\drprov.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll

PID
1324
CMD
"C:\Users\admin\Desktop\PANDAFREEAV.exe"
Path
C:\Users\admin\Desktop\PANDAFREEAV.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Panda Security, S.L.
Description
Panda Security SFX
Version
15.14.5.0
Modules
Image
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\pandafreeav.exe

PID
460
CMD
"C:\Users\admin\Desktop\PANDAFREEAV.exe"
Path
C:\Users\admin\Desktop\PANDAFREEAV.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Panda Security, S.L.
Description
Panda Security SFX
Version
15.14.5.0
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\user32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\users\admin\desktop\pandafreeav.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\7zscc1eca71\stub.exe
c:\windows\system32\apphelp.dll

PID
3652
CMD
".\Stub.exe" /c "181176" /u "http://acs.pandasoftware.com/Panda/FREEAV/181176/FREEAV.exe" /a "AFPZP1016" /p "4252"
Path
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\Stub.exe
Indicators
Parent process
PANDAFREEAV.exe
User
admin
Integrity Level
HIGH
Version:
Company
Panda Security, S.L.
Description
Version
5.0.38.3
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\setupapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winmm.dll
c:\users\admin\appdata\local\temp\7zscc1eca71\stub.exe
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\webio.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\rsaenh.dll
c:\users\admin\appdata\local\temp\7zscc1eca71\commswrapper.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\7zscc1eca71\splash.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wshtcpip.dll
c:\users\admin\appdata\local\temp\7zscc1eca71\msvcr100.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\clbcatq.dll
c:\users\admin\appdata\local\temp\7zscc1eca71\msvcp100.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\riched20.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\{e6381693-c0f2-419c-80d1-de353cb06f20}.exe
c:\windows\system32\apphelp.dll

PID
3076
CMD
"C:\Users\admin\AppData\Local\Temp\{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe"
Path
C:\Users\admin\AppData\Local\Temp\{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
Indicators
Parent process
Stub.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.6 Setup
Version
4.6.00081.00
Modules
Image
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\{e6381693-c0f2-419c-80d1-de353cb06f20}.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\feclient.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptdll.dll
c:\39adf1b9158926f1f694\setup.exe
c:\windows\system32\apphelp.dll

PID
2368
CMD
C:\39adf1b9158926f1f694\\Setup.exe /x86 /x64 /web
Path
C:\39adf1b9158926f1f694\Setup.exe
Indicators
Parent process
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Setup Installer
Version
14.0.0081.0 built by: NETFXREL2
Modules
Image
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\userenv.dll
c:\39adf1b9158926f1f694\sqmapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mpr.dll
c:\39adf1b9158926f1f694\setup.exe
c:\39adf1b9158926f1f694\setupengine.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\samcli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sfc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\bcrypt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\mscoree.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\wups.dll
c:\39adf1b9158926f1f694\setupui.dll
c:\39adf1b9158926f1f694\1033\setupresources.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wu.upgrade.ps.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorlib.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\riched20.dll
c:\windows\system32\netfxperf.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
c:\39adf1b9158926f1f694\setuputility.exe
c:\windows\system32\bitsprx2.dll
c:\windows\system32\qmgrprxy.dll
c:\39adf1b9158926f1f694\tmp766b.tmp.exe
c:\windows\system32\ntmarta.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\slc.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\msisip.dll

PID
832
CMD
SetupUtility.exe /aupause
Path
C:\39adf1b9158926f1f694\SetupUtility.exe
Indicators
No indicators
Parent process
Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.5 Setup
Version
14.0.0081.0 built by: NETFXREL2
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wups.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\39adf1b9158926f1f694\setuputility.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wu.upgrade.ps.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msasn1.dll

PID
2324
CMD
SetupUtility.exe /screboot
Path
C:\39adf1b9158926f1f694\SetupUtility.exe
Indicators
No indicators
Parent process
Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.5 Setup
Version
14.0.0081.0 built by: NETFXREL2
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\mscoree.dll
c:\39adf1b9158926f1f694\setuputility.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll

PID
2684
CMD
TMP766B.tmp.exe /Q /X:C:\39adf1b9158926f1f694\TMP766B.tmp.exe.tmp
Path
C:\39adf1b9158926f1f694\TMP766B.tmp.exe
Indicators
Parent process
Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.6 Setup
Version
4.6.00081.00
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\39adf1b9158926f1f694\tmp766b.tmp.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\feclient.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll

Registry activity

Total events
11425
Read events
0
Write events
65
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\Desktop\PANDAFREEAV.exe.7z
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
2
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
1
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2732
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2732
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
D4BE52B78909D801
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
D4BE52B78909D801
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3652
Stub.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3652
Stub.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2368
Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
9EB06553F63FA95C4519B3AEE1E84C1E270A59CF62E45B49E39CE7A991AF2D56
2368
Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
400900007CFB31C18909D801
2368
Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0005
c:\windows\microsoft.net\assembly\gac_msil\presentationframework-systemdata\v4.0_4.0.0.0__b77a5c561934e089\presentationframework-systemdata.dll
2368
Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
BC1B09FC14D4EDE8E8D2EC746053C4D8F89C9A18189DA591BAFBB326EB424988
2368
Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2368
Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2368
Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5
Blob
5900000001000000160000005200530041002F005300480041003200350036000000040000000100000010000000A266BB7DCC38A562631361BBF61DD11B140000000100000014000000D5F656CB8FE8A25C6268D13D94905BD7CE9A18C40300000001000000140000003B1EFD3A66EA28B16697394703A72CA340A05BD50B00000001000000540000004D006900630072006F0073006F0066007400200052006F006F007400200043006500720074006900660069006300610074006500200041007500740068006F0072006900740079002000320030003100300000000F000000010000002000000008FBA831C08544208F5208686B991CA1B2CFC510E7301784DDF1EB5BF03932391900000001000000100000003C70FAEA25600CE3B2CC5F0B222ED6295C0000000100000004000000001000002000000001000000F1050000308205ED308203D5A003020102021028CC3A25BFBA44AC449A9B586B4339AA300D06092A864886F70D01010B0500308188310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361746520417574686F726974792032303130301E170D3130303632333231353732345A170D3335303632333232303430315A308188310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361746520417574686F72697479203230313030820222300D06092A864886F70D01010105000382020F003082020A0282020100B9089E28E4E4EC064E5068B341C57BEBAEB68EAF81BA22441F6534694CBE704017F2167BE279FD86ED0D39F41BA8AD92901ECB3D768F5AD9B591102E3C058D8A6D2454E71FED56AD83B4509C15A51774885920FC08C58476D368D46F2878CE5CB8F3509044FFE3635FBEA19A2C961504D607FE1E8421E0423111C4283694CF50A4629EC9D6AB7100B25B0CE696D40A2496F5FFC6D5B71BD7CBB72162AF12DCA15D37E31AFB1A4698C09BC0E7631F2A0893027E1E6A8EF29F1889E42285A2B1845740FFF50ED86F9CEDE2453101CD17E97FB08145E3AA214026A172AAA74F3C01057EEE8358B15E06639962917882B70D930C246AB41BDB27EC5F95043F934A30F59718B3A7F919A793331D01C8DB22525CD725C946F9A2FB875943BE9B62B18D2D86441A46AC78617E3009FAAE89C4412A2266039139459CC78B0CA8CA0D2FFB52EA0CF76333239DFEB01FAD67D6A75003C6047063B52CB1865A43B7FBAEF96E296E21214126068CC9C3EEB0C28593A1B985D9E6326C4B4C3FD65DA3E5B59D77C39CC055B77400E3B838AB839750E19A42241DC6C0A330D11A5AC85234F773F1C7181F33AD7AECCB4160F3239420C24845AC5C51C62E80C2E27715BD8587ED369D9691EE00B5A370EC9FE38D80688376BAAF5D70522216E266FBBAB3C5C2F73E2F77A6CADEC1A6C6484CC3375123D327D7B84E7096F0A14476AF78CF9AE166130203010001A351304F300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414D5F656CB8FE8A25C6268D13D94905BD7CE9A18C4301006092B06010401823715010403020100300D06092A864886F70D01010B05000382020100ACA5968CBFBBAEA6F6D7718743315688FD1C32715B35B7D4F091F2AF37E214F1F30226053E16147F14BAB84FFB89B2B2E7D409CC6DB95B3B64657066B7F2B15ADF1A02F3F551B8676D79F3BF567BE484B92B1E9B409C2634F947189869D81CD7B6D1BF8F61C267C4B5EF60438E101B3649E420CAADA7C1B1276509F8CDF55B2AD08433F3EF1FF2F59C0B589337A075A0DE72DE6C752A6622F58C0630569F40B930AA40771582D78BECC0D3B2BD83C5770C1EAEAF1953A04D79719F0FAF30CE67F9D62CCC22417A07F2974218CE59791055DE6F10E4B8DA836640160968235B972E269A02BB578CC5B8BA69623280899EA1FDC0927C7B2B3319842A63C5006862FA9F478D997A453AA7E9EDEE6942B5F3819B4756107BFC7036841873EAEFF9974D9E3323DD260BBA2AB73F44DC8327FFBD61592B11B7CA4FDBC58B0C1C31AE32F8F8B942F77FDC619A76B15A04E1113D6645B71871BEC92485D6F3D4BA41345D122D25B98DA613486D4BB0077D99930961817457268AAB69E3E4D9C788CC24D8EC52245C1EBC9114E296DEEB0ADA9EDD5FB35BDBD482ECC620508725403AFBC7EECDFE33E56EC3840955032539C0E9355D6531A8F6BFA009CD29C7B336322EDC95F383C15ACF8B8DF6EAB321F8A4ED1E310EB64C11AB600BA412232217A3366482910412E0AB6F1ECB500561B440FF598671D1D533697CA9738A38D7640CF169

Files activity

Executable files
41
Suspicious files
8
Text files
114
Unknown types
8

Dropped files

PID
Process
Filename
Type
2684
TMP766B.tmp.exe
C:\39adf1b9158926f1f694\TMP766B.tmp.exe.tmp\netfx_fullcab.msi
executable
MD5: 0e3bf774979a3b882aa7dff49cce411a
SHA256: 512b1c4a034e222d924f94b7942495aaf79af470bceb3c984a1b069e329d9e9c
2368
Setup.exe
C:\39adf1b9158926f1f694\TMP0000.tmp
executable
MD5: c3ff1ffe08444ac9e9f335ebd8800260
SHA256: db4925a2e2e04a4817b52739e1e11a5fd3e7a492eea05577ac9fcd9622623c6c
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\sqmapi.dll
executable
MD5: 6404765deb80c2d8986f60dce505915b
SHA256: b236253e9ecb1e377643ae5f91c0a429b91c9b30cca1751a7bc4403ea6d94120
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1049\SetupResources.dll
executable
MD5: b66b97abf73492eec018e63cd8342026
SHA256: f41ff973568ddd7561df348a00d294d4a489c829b799b13803917b27e4033307
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1055\SetupResources.dll
executable
MD5: 6741d33f47d957febd887062b27fdf45
SHA256: bf36974e7b16014599e2596e42b60b261d72804d4f7f9cdf6d29671e284a9c26
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1038\SetupResources.dll
executable
MD5: 66a2c79c740c051013c56ae7d5285279
SHA256: c37bbcb1e0fe1f56e4e83333270fdc48c46d80be36181c505bc036047a95e6ff
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\SetupUi.dll
executable
MD5: 5a65ae94d5b334444102ceb6f005cf4f
SHA256: 624de3996820d57f38e49906e921c62891c7f9b65eeb149ee84e539ff5347976
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1032\SetupResources.dll
executable
MD5: a82699043a9405f40ca136909872e49c
SHA256: 244ece0c8e3ead93549b455440185407ebf9ed1ad835244791bc6f444239d915
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1043\SetupResources.dll
executable
MD5: 632c4f2d2c6b73a4d0b9783d42d7ac91
SHA256: 614639b08ba6433660e26fddb6554aeae5e13b44b7af2cc4c9edff313e7869ef
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1036\SetupResources.dll
executable
MD5: 75e95786e8afa8cb00559f77247961de
SHA256: 6baa0c76789be80708c3f9e97258b39f3d06d6c69b3e92cad6bc2fa861d2f7e5
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\3082\SetupResources.dll
executable
MD5: a5edf8cb48d3c8514fffcad7775a5d9b
SHA256: 2924d27bb6cb77484c6305044ea84581b66024ed6801b31074625ce2e019af40
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\2070\SetupResources.dll
executable
MD5: 056b563522d505da911b4192c497e523
SHA256: 3fd02b3e74758369030e4134ea1be98a95b2705710e69e3fb020988ae5d37a5c
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1045\SetupResources.dll
executable
MD5: d07721fef699e5842461278ebfedad0a
SHA256: 2ca64c07df713bad8cac53a5a7e6439d91d1ac15a72e5d7fd1d17b04268c26b9
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1053\SetupResources.dll
executable
MD5: 531bcb6262b8d124bf15c6cc9f68dafd
SHA256: 5d8768c088c360b6b68bb1bd6cb12b75fdbfc8f05231ba2eec5ccb197f2f08ff
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1033\SetupResources.dll
executable
MD5: 2c96c270f9d46106f480526ff28cf031
SHA256: 57e96ffa80c5cbb28d4d56e0a668e28f56a1501e3f4fb5455d4e069c564a455c
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1042\SetupResources.dll
executable
MD5: 42507bd862922504fd1eaa98e03dca89
SHA256: c0ab4706fbd9a6621849f7e6be109e3cae2d7236ff3115229abd136031faecd0
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\2052\SetupResources.dll
executable
MD5: 21caaf8a1c6034049532df45332cd0cd
SHA256: 1ca82b45d7d16967d93a254dd0ca6bc889ac0ac84862f9aae394ce28cd6d5c4a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1030\SetupResources.dll
executable
MD5: d6bc6c48f9747b881ec2f3b2e3f3f057
SHA256: f31f03bd962a287da4ee4de51e95fe73ae7bbe168ceb80a9c1b7b7c5948cc6f0
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1029\SetupResources.dll
executable
MD5: 13da53c52afceb4d5ec90cf4606c1896
SHA256: f8e957bbaa1c81ba9bf70d77115aadd9d561be910e3617c4977335baaffc3efd
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1044\SetupResources.dll
executable
MD5: 24feda16f6d2020b47bcea4bf69071be
SHA256: 59ac8179b825267eb742a676caa67cf19e718672e733b1471badf56395947447
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1040\SetupResources.dll
executable
MD5: f4b50199fc2437f0f834dacaded6ff70
SHA256: be7df7d00c535b789a9b1c11cf60d873541041f48281a35348d9104a73504840
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1035\SetupResources.dll
executable
MD5: 19a5b24518e1d59720cefd2aebebf4fe
SHA256: 13f3e8b8722902bd374426829ce753345fc95536d2a97ce04289a08d03295d56
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1031\SetupResources.dll
executable
MD5: f0ffad61f1eee8d9d5c1087d7aa8aaf8
SHA256: 3d62109ddc0493dadedf9fa568b6abdc78f098b8053315d01e55e2ed349b77e3
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1046\SetupResources.dll
executable
MD5: 2c660a00ccd3ce68b4c9cbbfc7021a17
SHA256: 8918e0668508decf63df8287a3a2fc700c07537db8b2070d536b4b8623ade251
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1028\SetupResources.dll
executable
MD5: 356fd3029f9bdba5d192e58d107a7d52
SHA256: cf71419a701dadb6cd35ae49ca5354e4d03f32a94389e45d5a96558856494ee3
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1037\SetupResources.dll
executable
MD5: 818a307fae1a1bb41fb092d684ef4872
SHA256: 47e4b0cba79d1acc7ef7bf505499035812dba41793f12888808ff54d55a1cc08
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1025\SetupResources.dll
executable
MD5: 47fc1fe80452c81c9e2150320d017cf3
SHA256: 25aafbcb0418c6f12abc125012cb295470772b0570e896e3d1357cf3afc52bd2
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Setup.exe
executable
MD5: 07be124a892bc1e7dd6c3af029556dc1
SHA256: 0e0a1503fbf5074d31e1ca4b17d6ca7b68bb031059cd672643c11380209cb92a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\SetupUtility.exe
executable
MD5: 8db09fc113d6470ddf95ad23847f39c2
SHA256: 7ea69d954640a5fd05af37def1f5f4ecaa5837c9615d58ca0923319d484f91be
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1041\SetupResources.dll
executable
MD5: 3d468729bc28845a21cced979c5340ad
SHA256: 871200e90e3b5f15ef068df965b754921fe1c96ec52ed56cf39aa0f558d97ae5
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\SetupEngine.dll
executable
MD5: 40acaa93601f9e80e2aedd8c2b1662f7
SHA256: 7d63cac945b4ecfa09c859011870c4071cbcea861b405d15776dd51c211bdbdc
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\putczip.dll
executable
MD5: 5fbbd0ad928bb667808d1acb1a3427d4
SHA256: b1bd0d4f04de3290f75f68c1a4699bb25d0ffcd616152f3adbc2610b2344cdad
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\InstallRes.dll
executable
MD5: acf7d45e9b3e5be0fb4c1a2c38a6000b
SHA256: d5a071d71a25eadfe9782a53aea53dfa807992e9c3f2d0eefb8c6c1a67865a0a
3652
Stub.exe
C:\Users\admin\AppData\Local\Temp\{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
executable
MD5: 58d88886a42aeb5d17e8b232c2697899
SHA256: e5ced0f95e6aefc4e4ee0884ca7ce317fff7d91edbda32243a436123e46d9439
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\Splash.dll
executable
MD5: cae3bdf938e570dc1d06d9b669de35f3
SHA256: daddee5633db37c0968befd9339dac7e202b9265bdeef364341e8287ba38b85a
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\CommsWrapper.dll
executable
MD5: de835b63304969aab279fd08ff927a8d
SHA256: a474a520c9dac0e66678a967e9b94923fcbd084e449403399f96b1f0879cf0e6
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\PSINanoRun.exe
executable
MD5: 3ad2044128c842eb326eaff9b29a21b9
SHA256: 3e1fffd44c575e94d6cecbd40a05451ea191a5cbe5a1f5e92b61a9898490f2e7
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\Stub.exe
executable
MD5: 4ce3dad5815ba7ab73a16998d07e394c
SHA256: 52ecc36c7e6e2d0a694227f35158d23d78592887e688291e7fd3c79e45f47bf1
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\msvcr100.dll
executable
MD5: bf38660a9125935658cfa3e53fdc7d65
SHA256: 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\msvcp100.dll
executable
MD5: e3c817f7fe44cc870ecdbcbc3ea36132
SHA256: d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
2732
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2732.15823\PANDAFREEAV.exe
executable
MD5: 459ad089e2fe8fb886dcd22f641b75ea
SHA256: 7b24813fea6f9b2cfb91a5aeb8f400b397e769d82bf577a9eefbdd6e794ea4cf
2368
Setup.exe
C:\39adf1b9158926f1f694\netfx_Full.mzz
––
MD5:  ––
SHA256:  ––
2684
TMP766B.tmp.exe
C:\39adf1b9158926f1f694\TMP766B.tmp.exe.tmp\netfx_Full.mzz
––
MD5:  ––
SHA256:  ––
2368
Setup.exe
C:\39adf1b9158926f1f694\Windows6.1-KB958488-v6001-x86.msu
––
MD5:  ––
SHA256:  ––
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4C7F163ED126D5C3CB9457F68EC64E9E
der
MD5: 51b05210ba1792de3acc1c13e9af93d3
SHA256: 05ba5820d3b14ba7c67b4fa32cab0bfc2a7278d02d059b075c4b60b2dc6334c9
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C7F163ED126D5C3CB9457F68EC64E9E
binary
MD5: 1b24dd2a3b98cfc9533e679e665bae28
SHA256: 9af07fdac3ea0fc14ef6864db9fb451e63be777cdea07491c7e98f4a4484d23f
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956
binary
MD5: 04f9b512abd1caa4c8909e77a1643ab6
SHA256: 59057c87cbdaab369dc4754dedbb0617e2a169cf06b078460c494dc9d090c7b9
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A583E2A51BFBDC1E492A57B7C8325850
binary
MD5: 38fbf55a36235b2e12ce53c04add37e5
SHA256: 35638a58b29848334ac16ca4f785cfedd9e27061f0f67aed60e8bd18eec63990
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
der
MD5: 6872fae8288db34207d9e7ee350157f4
SHA256: 50795b027e2bc566d3b7acb89913f8efd23b70615c9db9bf5b23323ad3132a7d
832
SetupUtility.exe
C:\Users\admin\AppData\Local\Temp\dd_SetupUtility.txt
text
MD5: c7a2e49db88084e3a708949a96cae2c3
SHA256: 1d474351b000e88ea41c8b0cbac7d40ff9980b268bffa7ee5befc13f93f7e0f0
2684
TMP766B.tmp.exe
C:\Users\admin\AppData\Local\Temp\dd_TMP766B.tmp_decompression_log.txt
text
MD5: 372bb4a14f15660cd1c689e9934ba509
SHA256: 88adbf9ee6542bd1fcc6baa436356269d9d5d25a8014f3e59f2aa721a1e10693
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0018BB1B5834735BFA60CD063B31956
der
MD5: f2ad82b5108e5dbfef4cb344505823f0
SHA256: 5738782b4fad90beca293376f16d1a6a2b00b18ce8f50aeeccfd480a7f4c02e0
832
SetupUtility.exe
C:\Windows\WindowsUpdate.log
text
MD5: 62017b25787997f31130934dc6db864c
SHA256: b289f3cfb570f050705478e3ddbbc933df50ff2f76aa5f131e490b3dae95e79d
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE
der
MD5: 7c13e2b4f2780cdde5523c304cca5015
SHA256: 365f401aa9abc00197c525989e6bd1dd131fc009ec547ac6230efc83adf6713b
2368
Setup.exe
C:\Users\admin\AppData\Local\Temp\HFIC5A4.tmp.html
text
MD5: f3b25701fe362ec84616a93a45ce9998
SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A583E2A51BFBDC1E492A57B7C8325850
der
MD5: c59b81962f46b889395396cdd21c7ab7
SHA256: 3dd445fd92063636b965552dd05eff8efb8d434bca64461e0af0ba5ff94a53a4
2368
Setup.exe
C:\Users\admin\AppData\Local\Temp\Microsoft .NET Framework 4.6 Setup_20220114_210027747.html
html
MD5: e1f319ba701d69a8bc406ecb63786058
SHA256: 09d0aa4f44e5c09cc311e15e00b77f06e378dca68fa22a2ea9ded08d27a46a2d
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE
binary
MD5: 049273e93bf2adaeb117760d7a95a685
SHA256: 699081c63d4fb3e512f3e976229edb3cef695597311f026f7b9be6f83409e5d8
2368
Setup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
der
MD5: e95af9b03513d729d28fd890cff4ebe9
SHA256: b19f80a5970542f71e1728cdeee5d4534598329ba22fabf5bbd2280ebd6ba629
2368
Setup.exe
C:\Users\admin\AppData\Local\Temp\HFIC012.tmp.html
text
MD5: f3b25701fe362ec84616a93a45ce9998
SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
2368
Setup.exe
C:\Users\admin\AppData\Local\Temp\Setup_20220114_210026481.html
html
MD5: cd131d41791a543cc6f6ed1ea5bd257c
SHA256: e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1053\eula.rtf
text
MD5: 8ca89fafa113bdca3dfb5a141e206b84
SHA256: 411414181d515ad8ca0ed1b1f462a067648a98d26451b7414d91601c1e6c449a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1046\eula.rtf
text
MD5: 38d9c6729a26ce70a4c1fdcdf713330c
SHA256: 93d224e61f60ab50bafb44501dffdaea139883e535c6dc14ebf90255459fd570
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\3082\eula.rtf
text
MD5: 0f3c263c53afada86d3992bfcd7d91e5
SHA256: c6ae5b63acc21df755d5320e91b773710b0456c8ab533e568449ee9c8659bbbc
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1040\eula.rtf
text
MD5: 67a9f0946d135a41e51d90220c0c8c67
SHA256: 1478376f05d1bbe824cf1efdebc485d736e3ba1aa72dc8dff69cc9e3b8127cf8
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1031\eula.rtf
text
MD5: 8a4a240a60bb32e3cd53e1aba87c0c79
SHA256: c370091f2c32fe9570e40ef03fd241fe8a98dc16418d4274b675375206ae2359
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1049\eula.rtf
text
MD5: 2dc63ef2d9079c2035e938a163e01654
SHA256: 12586f586171ce3e0ce4a38244c453fa2e48a546e89297fa7e7ea3846f31abb1
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1042\eula.rtf
text
MD5: bc276e5145db5ca24127cb921c5e2808
SHA256: 518c628ddb63aaebaeb9bdd2e9009e7277585a69fe1a16bbd984d8bd318e3140
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1045\eula.rtf
text
MD5: ab648e920dc59fb45dd2f9fd9022395f
SHA256: ae5a86d25bc39e7178c6fa6f31a88e09d73ad80cc36f9e255e937ac1a4fd6c73
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1037\eula.rtf
text
MD5: 3be1992cd2e4d9ca5d89621f25559378
SHA256: 22aa867d37d9146dd86dbdc5869e9bd444cd05df7668e7bfa55e39322f88c3ce
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\2052\eula.rtf
text
MD5: fd7fada8c96c3cdd1b3b411f4fbf483d
SHA256: 2290555df2e2c968357f8fe963e5c6c74165d1ee9b8377fec85a7ab03de5bada
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\2070\eula.rtf
text
MD5: fe8360f7b19f7869e6492990dbf85f78
SHA256: 6fe81686b7deb8708096553bd9d392e06c5c0f2d5e222ddc28cb09ecdd3edaa1
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1055\eula.rtf
text
MD5: 3414258b3034783490a8ba099b2dab25
SHA256: 5dfbb086ee026dad796ad22dba9da82d64b024d5ad02a4724f9b6506d99d21d3
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1041\eula.rtf
text
MD5: d3f251c6fcf02ea716013d9aa8300aae
SHA256: b4b6e837c04abccb561708ac13969ce2263d56a5be18f02268e7aea90cd097be
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1033\eula.rtf
text
MD5: a9cc9946d59444327fc2de158c43aa38
SHA256: 72f47af01b72d9f499ae5d87508148c00c2d4beb229a584cc9b9ba3416ffeb90
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1044\eula.rtf
text
MD5: 9e163591854612b03e48dc660157778a
SHA256: ea50eaf008c10662e7ce79eaf09b436ec73a617f0a5949154c9493df2ca83b76
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1038\eula.rtf
text
MD5: 293e0d15a4c1bee5b9780c2a1874664e
SHA256: 0dfbbd176a7d125e2cfdd9fbfcecf8470f1e57239e9b202c7491071f68518510
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1043\eula.rtf
text
MD5: 44a3f631d72d0253913344a6451c9c04
SHA256: 7cbab9416aa28394d0a903a1419b1abb5c0f8cee92c0821407859ef2212cb45a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\SetupUi.xsd
xml
MD5: a9f6a028e93f3f6822eb900ec3fda7ad
SHA256: aaf8cb1a9af89d250cbc0893a172e2c406043b1f81a211cb93604f165b051848
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1035\eula.rtf
text
MD5: 406d246b68e5437cac90ade45acddf36
SHA256: 7f77503e2e4b54c1ac13fa7f3587b29885a0280b99422949cd44285a1440c22f
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1036\eula.rtf
text
MD5: 7bbe5abc6bea511d2f1bc3aad0375839
SHA256: 05dbdb4d13c46b6147ef666dbe518d7d94687c3a49760c484018f131b895e576
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1025\eula.rtf
text
MD5: bc8a899443e94aa88b0efa37692d39d7
SHA256: 4f1d17ed8b6e4fe11676912744bfb796934b920ced8bf65be62ef4632a45f0c4
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1029\eula.rtf
text
MD5: c39d3b9db59960ba9ceb6b9d3c2aabc1
SHA256: 6160afa1bba3328e303dd3e8ee4e45e2c0a39e37ee98125fea4fe762df960590
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1030\eula.rtf
text
MD5: 1714bf464118fc48e951a079a29f4d11
SHA256: caeefb843ea00ed22a1a6bb4a9ddb1d25b8e20cd3a3a1d2fee52a0357ac13f23
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1045\LocalizedData.xml
xml
MD5: 747b6ca240fc9de79c67166f21e63638
SHA256: ab2d3f6fea48eaeb8b0497a55c2c92cf2acb702e4e9a2c0c7eafe814e7cc44e9
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1032\eula.rtf
text
MD5: 7dfbc4b3b86debe4b46e03c633346ccc
SHA256: 2c01bafd313c67cad3c05710792106c5a6b9ad316dabc5d6614b9492dd10b285
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\DHtmlHeader.html
html
MD5: cd131d41791a543cc6f6ed1ea5bd257c
SHA256: e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\UiInfo.xml
xml
MD5: cb78d0ca2b26ab8ed781819e722567a2
SHA256: 7e6d551037d889ee3eb5fab8b84f23cc9ce459c6150104a5d7f5c78ecf81c6d0
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Strings.xml
xml
MD5: 8a28b474f4849bee7354ba4c74087cea
SHA256: 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1028\eula.rtf
text
MD5: 4e7525532e037599bd981c604c9e0b58
SHA256: cd1ae8e90aa335905e59dc7548d9251790def5d79a4facd91477ed7b059355fe
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1036\LocalizedData.xml
xml
MD5: 0ec32eec42f36f37d74df7816351e42a
SHA256: f714085b13a1cf604f72cfc2cf9926a8936483bf1e00b4b212e3f8fd10d33838
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\ParameterInfo.xml
xml
MD5: 446720f60f4a17ea7a33301101fbd89e
SHA256: 3b101657020578c0a836134195f57b8c748ab460ab0b2ed3dc1d7c81e3deff45
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1055\LocalizedData.xml
xml
MD5: bd9873160c8916ee0bba0bee755ac291
SHA256: 64b9e6586aeeb153d20d1b3624b8218785a78fb9a05140e278231f32e676521e
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1038\LocalizedData.xml
xml
MD5: b11f71a6fa40c53fa44a695f7731a4ff
SHA256: 183d52d9ea67ef96a3151952181981100fbec1a332976133e47c45e30437b043
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1043\LocalizedData.xml
xml
MD5: 072908d5a453682a1b72997e5af9eb71
SHA256: eba1426c63b203e8303317f47d783d67d7240a9ac8281807321006910ce4bd21
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1040\LocalizedData.xml
xml
MD5: 9c2c186e60c8f38c39bcc90db12a513c
SHA256: b5097537a21404a47929591764e029cd75238aaf32cf77f1b7b8cd4840980f4e
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1049\LocalizedData.xml
xml
MD5: 35d2f0619b2ce54764d4deb2e26fa925
SHA256: ed1a227349087831e54ca0fd48bd514361ee8f8174800eeeeba1f4c68f034012
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1044\LocalizedData.xml
xml
MD5: 6264e96178a904a10f162f94c0fdbaee
SHA256: f604cd64421e551c6fd4ef4b5ebf327d506ce30055fd5ab57e982b04cec0d1d3
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\2070\LocalizedData.xml
xml
MD5: 9375758946abaf43ae2418d932f78c13
SHA256: 100a6f11dc0bb25ba30357c1a50855f9d1736ac7cda9cbc9f3da55a31d4f01b8
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1037\LocalizedData.xml
xml
MD5: b958a669b74d850a47209e397e4a7c84
SHA256: 700be803f089c72973edd6a517f8a62a3fb70ad761b7f5f2fe9ea06dade6885d
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1035\LocalizedData.xml
xml
MD5: aa586b84884603f6b363af60a6fe5cf4
SHA256: 913df0ec7665b055f3fd8b9b3f81ae3c6dbe6af25b98e86f3b7f58460bc0ec4c
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1053\LocalizedData.xml
xml
MD5: 2ef153ef6eead2ceeec77d08943c5a1f
SHA256: 516c6f3f591c3aef2d7d9fbef92ac172d655e13489005a9aa60f9492a0477ca5
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1046\LocalizedData.xml
xml
MD5: 60bcb132dfca5b913302d7c1146f073c
SHA256: e34943b4c953aa278c2ffa2ce6f76bd2f530aa2e3def4b5d58792832faad8547
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1031\LocalizedData.xml
xml
MD5: ed7850a5f925af22ee229ab0ce6aabd4
SHA256: ccde7dffc69daa5b020fb579da4715b05c7eb3231731139102713f429f4b8c2b
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1029\LocalizedData.xml
xml
MD5: f68dae8cdd1a7e26be4a0bba399452c1
SHA256: 75aea2198cf76b9054a407cb217dd9a0c28546503f6548c860723e0d9f552327
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1028\LocalizedData.xml
xml
MD5: 7b518979e15b23feeb6ca58403f3721a
SHA256: ffc4023b1976757235f56a7e6c646950a6deb4358aeff665a85d287d0aa70e3f
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1032\LocalizedData.xml
xml
MD5: 915c59cbeb1d0e2e3d17875ab6557d39
SHA256: a30f3b6a2fccebb470a040795d4144feb27a625e24d81bdc666df85db4649e3a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1042\LocalizedData.xml
xml
MD5: 6943305456bfc876435c46c36f7e6402
SHA256: 6f74fd8aaf1b3a16ff9e6669aa6bcdf0b86397c7175457f031aed50ab9f1b85a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1041\LocalizedData.xml
xml
MD5: 0197bcd560452ebb51c0ad118dc63087
SHA256: 01dfaa8b2a15447cbbb4c0d2515cb54199edbb3648131fe24ce48ebb1f3c8bfb
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1033\LocalizedData.xml
xml
MD5: 43c60c1720f3f189d7b0e917d0d496b4
SHA256: d9b2439dcfd42a97e971a906b1f576d0a5e3553434082bb044ab58b06d0c1879
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1025\LocalizedData.xml
xml
MD5: 349bc4b53df4b7ba9885fc4986c687d1
SHA256: 51d1e14b43edbe9f5d8dbbb6e2ee08a04b9f78480845d3041e34804bc089719f
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Save.ico
image
MD5: c66bbe8f84496ef85f7af6bed5212cec
SHA256: 1372c7f132595ddad210c617e44fedff7a990a9e8974cc534ca80d897dd15abd
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\SysReqNotMet.ico
image
MD5: eca24331ce0850d188bd2eb5c22de684
SHA256: deba0a7a6e2ca99d3380d35ae33f8d266806fdbcbf75fb06b5718be5873258f6
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\stop.ico
image
MD5: 7d1bccce4f2ee7c824c6304c4a2f9736
SHA256: bfb0332df9fa20dea30f0db53ceaa389df2722fd1acf37f40af954237717532d
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\3082\LocalizedData.xml
xml
MD5: 9a7ab30d8aaefd0263b1648c5ede81ee
SHA256: efa24c2e67f1a32ee7d0d08822909b17ddd488e34559322e466d5983a582abdf
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\2052\LocalizedData.xml
xml
MD5: affd041800412b2a937c9be555e6b01f
SHA256: 0ff5c8f3ead085f956a131693e6ffbf2584833731cfff9cc351499871b3eafc7
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Setup.ico
image
MD5: 6125f32aa97772afdff2649bd403419b
SHA256: a0c7b4b17a69775e1d94123dfceec824744901d55b463ba9dca9301088f12ea5
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\SysReqMet.ico
image
MD5: 889472312e724195d7b946eecaea20c1
SHA256: c9ca53f83a5cc10f726248d47ff82981b584b3ff62ee591229a8237c11340991
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate5.ico
image
MD5: 25f0d572761cb610bdad6dd980c46cc7
SHA256: ce2afc0aa52b3d459d6d8d7c551f7b8fbf323e2260326908c37a13f21fee423e
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\watermark.bmp
image
MD5: b0075cee80173d764c0237e840ba5879
SHA256: ab18374b3aab10e5979e080d0410579f9771db888ba1b80a5d81ba8896e2d33a
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate3.ico
image
MD5: 0ade6be0df29400e5534aa71abfa03f6
SHA256: c2f6faa18b16f728ae5536d5992cc76a4b83530a1ea74b9d11bebdf871cf3b4e
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate8.ico
image
MD5: e7a252c763ce259f800183fd9dd1f512
SHA256: fde052efe70c27d8023065f0859627fc88bf86e166016e9cb00185c21de52742
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate6.ico
image
MD5: 5ac2b8e1a766c204f996d9ce33fb3db4
SHA256: ee387d9642df93e4240361077af6051c1b7e643c3cf110f43da42e0efe29a375
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate2.ico
image
MD5: f824905e5501603e6720b784add71bdd
SHA256: d15a6f1eefefe4f9cd51b7b22e9c7b07c7acad72fd53e5f277e6d4e0976036c3
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\warn.ico
image
MD5: c8824ea3ce0a54ff1e89f8a296b4e64b
SHA256: 4bb9ea033f4e93dbf42fc74e6faf94fe8b777a34836f7d537436cbe409fd743f
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Print.ico
image
MD5: d39bad9dda7b91613cb29b6bd55f0901
SHA256: d80ffeb020927f047c11fc4d9f34f985e0c7e5dfea9fb23f2bc134874070e4e6
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\1030\LocalizedData.xml
xml
MD5: 1ed52437be5656ceb29ba398e1eb35aa
SHA256: b84e3854c131573c716a62b6a3a18928449421720f8244622fa4a020253a28b6
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate9.ico
image
MD5: 8853da1f831cae28e59d45f5e51885ac
SHA256: 0203c7d678464641c016dc3d658aba0a68f20b9a141d6e3ee1820c5b8b6401db
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate1.ico
image
MD5: 9b70c7fa81dca6d3b992037d0c251d92
SHA256: 18226b9d56d2b1c070a2c606428892773cb00b5b4b95397e79d01de26685ccd4
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate7.ico
image
MD5: b4947d242ab4a902031fcd1ffd3a56cd
SHA256: 995c9f4ea0d98c0c4e5037ede43fc44a680d85cb1e37c782adab775915e975b8
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate4.ico
image
MD5: 267b198fef022d3b1d44cca7fe589373
SHA256: 303989b692a57fe34b47bb2f926b91ac605f288ae6c9479b33eaf15a14eb33ac
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\DisplayIcon.ico
image
MD5: f9657d290048e169ffabbbb9c7412be0
SHA256: b74ad253b9b8f9fcade725336509143828ee739cc2b24782be3ecff26f229160
3652
Stub.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
binary
MD5: 36af1b19ca88700ce5e782d883f18c0a
SHA256: 0aac4368ec5fe75d8c20fc6b4fb6224f209b576518f9f72098066c591f3f909f
3652
Stub.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
der
MD5: 4ce3ebbc54bf47d856f19f1bdfd546bd
SHA256: 03887a592e96c10969759d00f7e8e58a8323de635fa9946b111ce1cf3abc6d76
3652
Stub.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: baf00242dac2c607ccec8537fb289323
SHA256: f0c39bd48f603aa63bbb1fe733fdf905baae94e61a6b1752a2b8ab5903edaba9
3652
Stub.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\SplashScreen.bmp
image
MD5: bc32088bfaa1c76ba4b56639a2dec592
SHA256: b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7
3652
Stub.exe
C:\ProgramData\Panda Security\PSLogs\Stub_exe.log
text
MD5: ecaa88f7fa0bf610a5a26cf545dcd3aa
SHA256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_spa.png
image
MD5: 1d70d3ae40f19b091cb0e251d37d6b5a
SHA256: 58a8e4bb2542c19f7c9cebada575a7b755901f74596dd748a61893d46b4c901e
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\header.bmp
image
MD5: 41c22efa84ca74f0ce7076eb9a482e38
SHA256: 255025a0d79ef2dac04bd610363f966ef58328400bf31e1f8915e676478cd750
3652
Stub.exe
C:\Users\admin\AppData\Local\Temp\{441D51FB-A9ED-4EAF-9D8F-52C8929623C4}.txt
text
MD5: 7207e114c7e73188127db7b9cb8f352b
SHA256: 1e72004402f4b876b60ec00e62b3f2ea22688ff657a793b7e01464fce8c1cf24
3076
{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe
C:\39adf1b9158926f1f694\Graphics\Rotate10.ico
image
MD5: 0cca04a3468575fdcefee9957e32f904
SHA256: b94e68c711b3b06d9a63c80ad013c7c7bbdb5f8e82cbc866b246ff22d99b03fe
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\StubInstaller.dat
binary
MD5: 238dcab1cb4709a2cb212a4acf1944d2
SHA256: 17b5f3d0697f2b41cf09d65f595e030b90de23b2afcdfb85be1969b57c9a4b72
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_slv.png
image
MD5: 24184c4dda78503cd91f0c76edd6c0a8
SHA256: 07ce1eb64de925de3dc80008d98b618003b91fa02340e8ffc3b5a7a51ef67946
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\StubInstaller.ico
image
MD5: b1c57c999f8a3bdec9529abe456eed97
SHA256: e64df356b9e79a982daa7c3d35db3bf85a800d4d7f870a64c666216bde731657
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_pol.png
image
MD5: f680507f4dfd9ab1bc02482633e8008d
SHA256: 28f56aef807da8d9bf7a57e2424462577e459c13870e000b0839a4448c25e460
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_por.png
image
MD5: eb350769b6c5a1c298b29ef472390c2e
SHA256: 61374d09794d3aae32421f3d7363f6502286f6bbfc7096e60f95461fd5269991
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_tur.png
image
MD5: e339e67376a4cef32b62b2721166aba5
SHA256: 195da9b0353faa5041827ff3ca24c95969a1a48150d6f44fc07ec04e4dbfb931
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_swe.png
image
MD5: 73c267e6e3e666aee82fd1b06b4c31ed
SHA256: a484d6f2ed2e08cde9360eb5f33f0da1a643c3031c9f5c0b8af903631c13f92c
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_gre.png
image
MD5: 96e74e56037d5c9bb0af4ddb4878d774
SHA256: abb97380abaa187fa78e3d7378871823b95c19aca6803b64251b0fae8308a581
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\Stubinstaller.ini
ini
MD5: b60743583f91495a3e4f619e8cbd1442
SHA256: 28bd8ac11fc118e592ca978f6fa40f53f0e8bcb91b654d79c55df56e5fd16395
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_ger.png
image
MD5: 5c441c6ddf34f033cbaa514b9ef44634
SHA256: 716402fb9b69d7d0765a3bc2e4fb0d7976750394ebba92ec050d2cd0f13f2ec7
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_hun.png
image
MD5: 57081372d1587b4709fe543b2b506e14
SHA256: ef734177c18bdf8f2b511521d9b245af426932a108ea910e6a987bde220c8009
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_ita.png
image
MD5: 2b614e0b7f794b5a72a89796026e05ab
SHA256: a97c8129e18d2e53bd8dabdb3db58ec7e98a198e00ddef3113cd96d4c601a689
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_fre.png
image
MD5: b0c548a5529e5bb1c3ad451482547783
SHA256: b819b6c483a3ff99cbf670008279ef15f7e718a376963ac8a092f3ddb88046af
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_rus.png
image
MD5: 8bee0a800ccd5ce6eb4ba2726db5dd38
SHA256: b8304a93f2efe084ae5f76d6edccc46d32e2d658666c99740e2c0155b932ff33
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_fin.png
image
MD5: 8e418df97b8c4111ccd50c0c17315c6b
SHA256: 91d34faf20e8c26ac74f8baac37a3cfd7dcaf2e73207a6ffd53fa379bf13d9a2
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_nor.png
image
MD5: 46e32fc9262997af81814fa612d46913
SHA256: f96b94b08aae142edb643fb125b6a978fde697ed9eb7bfaab1ecec720274ebfc
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\background.png
image
MD5: 66f91f2b36927e1b51344bda4b373b04
SHA256: dae5e3f303d3cab68a7d920f081923bf89dd8fd1c58621c6bc3cad8b880f1494
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\img_product2.png
image
MD5: fd92546fc781efef844196c15e45f570
SHA256: 99466f827368ef2fe2783e0112b683fdb29973055bea1d88b30462918d776993
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\final_img.png
image
MD5: 30595bc50c0660181e78fcc5ce594ec9
SHA256: 3e20967850f3604da98b070c8a82fd161b454e9b974b67503b04b04a39e254a1
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_dut.png
image
MD5: 0b07de9ee44426722e28b7d4e4af1fc9
SHA256: 1a5ac12d61ac5e51ce841f9a98ce78f1474b857f60e79c9b80f8f279c84678a8
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\ico_ven_cancel.png
image
MD5: d3d94c8acb4ce42424526da2dcf5df39
SHA256: 4e67660226a201929a6cf6d75cba7681fa278d30541d412458768ff785ea886b
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\atras.png
image
MD5: 6f14adb92d1aa42ad923182993281a21
SHA256: 53f1830ae5664aba50edb70017519db778953a269e4178566328a5328f422cea
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_eng.png
image
MD5: 81354e9c2fd7345627769b3fe7170208
SHA256: 33d026dc50f812a41b83e0d7e5eb2b4c35d9a35e93c09b9729b8c1a67a32b8f6
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_bul.png
image
MD5: 6be345e9b3c61c4abafeeaee15bb6dc6
SHA256: 5e6e8c18f239e740a842a167289c48d5dd8a72cbfb0519c83fa5af7fbd61fc7d
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_bra.png
image
MD5: a48f4ca1316f2ce5829a13a6e473ff6b
SHA256: a0a3b6ecd55b9f6d5cccd0f8ceaec0385390e2405a7267da1970cd51bd68edbd
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\recorte_cloud.png
image
MD5: f037258f333d7967d5cb7672ae0dd4ca
SHA256: 226928bd446dbf9542dbde8d38367194dcca65c18a552f4f26daf30520e41822
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_chi_tra.png
image
MD5: 9bc154c90df9bc76d58e182bd43809c9
SHA256: 2abc487808a9c2f7d4c03d78d595f2a9d4fd61f1d3042f098e2d07096ef2e7cb
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\cancel.png
image
MD5: dc86c6898184a6335c26f7830a67b6b0
SHA256: bb138da55a6362afc4851c30c23be279b08b1ffa2b4d3170a715c7571c46e5c1
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_dan.png
image
MD5: 0d1a2b6c14e6351b1a92133297d565c5
SHA256: 5cb0d9bc99f4b17b9e8de4cee5e15c91d080b2e0f83b9ffecc8830dca39c5aca
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\avDetect.dat
gpg
MD5: 9a17b5ac44705cc4bc3608c6232e1f16
SHA256: 4ad849f737b18084b060828c7cca48bcf512cc2ada2a937f5cfbab79f1b29677
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\opera_chi_sim.png
image
MD5: c7b6f609a1474b0cb8cf0faf50a2285e
SHA256: 1641e037e4e7c91270e4dc6359ce1d00e8a2b6bb31d143d764e221bde5d02168
460
PANDAFREEAV.exe
C:\Users\admin\AppData\Local\Temp\7zSCC1ECA71\res\img_product1.png
image
MD5: 1714652a08968aab7e4ccc1801e0050f
SHA256: ef693f45d5cfbe30a3f4f0081daed414390b412de0946cd45c14b9b218868390

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
21
TCP/UDP connections
15
DNS requests
17
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3652 Stub.exe GET 200 2.16.107.106:80 http://acs.pandasoftware.com/Panda/FREEAV/Promo_pd/FREEAV_INST.txt unknown
text
whitelisted
3652 Stub.exe GET 200 2.16.107.106:80 http://acs.pandasoftware.com/Panda/FREEAV/Promo_pd/FREEAV_INST.txt unknown
text
whitelisted
3652 Stub.exe GET 200 40.69.210.172:80 http://eventtrack.pandasecurity.com/track/install/details.html?ProductID=4252&Stub_Event=Start&_ei=FD8174B1-CD36-4718-9BE0-AF16DE8B9B4D&_es=1&_et=Stub&_lt=20220114210010 IE
––
––
suspicious
3652 Stub.exe GET 200 40.69.210.172:80 http://eventtrack.pandasecurity.com/track/install/details.html?Installation_Code=1035&Installation_End=ERROR&Stub_Event=End&_ei=CEC550F8-8E3D-4207-A21F-DB2F6AC746DB&_es=1&_et=Stub&_lt=20220114210010 IE
––
––
suspicious
3652 Stub.exe GET 200 40.69.210.172:80 http://eventtrack.pandasecurity.com/track/install/details.html?Installation_Code=1034&Installation_End=ERROR&Stub_Event=End&_ei=DE61434F-0189-4DAB-9CC7-9DBAB4B1F3C3&_es=1&_et=Stub&_lt=20220114210010 IE
––
––
suspicious
3652 Stub.exe GET 301 104.111.243.23:80 http://www.pandasecurity.com/Vg5sw34C5j NL
text
unknown
3652 Stub.exe GET 302 92.122.255.148:80 http://download.microsoft.com/download/1/4/A/14A6C422-0D3C-4811-A31F-5EF91A83C368/NDP46-KB3045560-Web.exe unknown
––
––
whitelisted
3652 Stub.exe GET 200 41.63.96.0:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b77572da0326f97c ZA
compressed
whitelisted
3652 Stub.exe GET 200 93.184.220.29:80 http://crl3.digicert.com/Omniroot2025.crl US
der
shared
2368 Setup.exe GET 200 92.123.194.163:80 http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl unknown
der
whitelisted
–– –– HEAD 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=249117&clcid=0x409 NL
––
––
whitelisted
2368 Setup.exe GET 200 92.123.194.154:80 http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl unknown
der
whitelisted
–– –– GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=249117&clcid=0x409 NL
––
––
whitelisted
–– –– HEAD 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=528231&clcid=0x409 NL
––
––
whitelisted
–– –– GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=528231&clcid=0x409 NL
––
––
whitelisted
–– –– HEAD 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409 NL
––
––
whitelisted
–– –– GET 302 104.89.38.104:80 http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409 NL
––
––
whitelisted
2368 Setup.exe GET 200 92.123.194.163:80 http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl unknown
der
whitelisted
2368 Setup.exe GET 200 104.85.1.163:80 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl US
der
whitelisted
2368 Setup.exe GET 200 92.123.194.154:80 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl unknown
der
whitelisted
2368 Setup.exe GET 200 92.123.194.163:80 http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl unknown
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3652 Stub.exe 2.16.107.106:80 Akamai International B.V. –– suspicious
3652 Stub.exe 40.69.210.172:80 Microsoft Corporation IE suspicious
3652 Stub.exe 104.111.243.23:80 Akamai International B.V. NL unknown
3652 Stub.exe 92.122.255.148:80 GTT Communications Inc. –– malicious
3652 Stub.exe 92.122.255.148:443 GTT Communications Inc. –– malicious
3652 Stub.exe 41.63.96.0:80 Limelight Networks, Inc. ZA suspicious
–– –– 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3652 Stub.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2368 Setup.exe 92.123.194.163:80 Akamai International B.V. –– suspicious
–– –– 104.89.38.104:80 Akamai Technologies, Inc. NL malicious
–– –– 104.102.28.147:443 Akamai Technologies, Inc. US suspicious
2368 Setup.exe 92.123.194.154:80 Akamai International B.V. –– suspicious
–– –– 68.232.34.200:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2368 Setup.exe 104.85.1.163:80 Time Warner Cable Internet LLC US suspicious

DNS requests

Domain IP Reputation
acs.pandasoftware.com 2.16.107.106
2.16.107.33
whitelisted
eventtrack.pandasecurity.com 40.69.210.172
unknown
www.pandasecurity.com 104.111.243.23
unknown
ctldl.windowsupdate.com 41.63.96.0
41.63.96.128
whitelisted
ocsp.digicert.com 93.184.220.29
shared
crl3.digicert.com 93.184.220.29
shared
crl.microsoft.com 92.123.194.163
92.123.194.162
92.123.194.154
whitelisted
go.microsoft.com 104.89.38.104
whitelisted
download.microsoft.com 104.102.28.147
92.122.255.148
whitelisted
download.visualstudio.microsoft.com 68.232.34.200
whitelisted
www.microsoft.com 104.85.1.163
whitelisted

Threats

PID Process Class Message
3652 Stub.exe Potentially Bad Traffic ET INFO Terse Request for .txt - Likely Hostile
3652 Stub.exe Potentially Bad Traffic ET INFO Terse Request for .txt - Likely Hostile

Debug output strings

No debug info.