General Info

File name

1779574982-107-0_1.veraport-g3-sha2.exe

Full analysis
https://app.any.run/tasks/a147a16a-b10d-4712-abce-d2692d27e1b0
Verdict
Malicious activity
Analysis date
5/15/2019, 10:00:22
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

59323c83bf8aa8e1bd863d72edfc5b7a

SHA1

7f83d69415e83104109a55f11e18e015cf191f97

SHA256

70422c2cc15b323f14b6d22bace1c39b59f1fe954535502be94683f431b7db6c

SSDEEP

98304:JUMqX5rmXeZVYzayppWTYgRKC5cbTf/XgEyHoJu9OwudEW2yPs0i:L46OZVYzamwPkC5cbrX+okXdyPM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • certutil.exe (PID: 2208)
  • veraport.exe (PID: 3792)
  • wpmsvc.exe (PID: 640)
  • wpmsvc.exe (PID: 3000)
  • certutil.exe (PID: 3440)
  • WizSvcUtil.exe (PID: 3016)
  • wizveraregsvr.exe (PID: 2584)
  • certutil.exe (PID: 1664)
  • certutil.exe (PID: 2124)
Changes settings of System certificates
  • wpmsvc.exe (PID: 640)
  • wizcertutil.exe (PID: 2136)
Loads dropped or rewritten executable
  • certutil.exe (PID: 1664)
  • certutil.exe (PID: 2208)
  • certutil.exe (PID: 3440)
  • certutil.exe (PID: 2124)
  • wizveraregsvr.exe (PID: 2584)
  • regsvr32.exe (PID: 3432)
Adds new firewall rule via NETSH.EXE
  • WizSvcUtil.exe (PID: 3016)
Changes the autorun value in the registry
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Registers / Runs the DLL via REGSVR32.EXE
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Uses NETSH.EXE for network configuration
  • WizSvcUtil.exe (PID: 3016)
Adds / modifies Windows certificates
  • wpmsvc.exe (PID: 640)
Starts SC.EXE for service management
  • wpmsvcsetup.tmp (PID: 1480)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Executable content was dropped or overwritten
  • wpmsvcsetup.tmp (PID: 1480)
  • wpmsvcsetup.exe (PID: 3120)
  • 1779574982-107-0_1.veraport-g3-sha2.exe (PID: 1592)
  • 1779574982-107-0_1.veraport-g3-sha2.exe (PID: 1708)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Creates files in the user directory
  • certutil.exe (PID: 1664)
  • certutil.exe (PID: 2124)
  • certutil.exe (PID: 3440)
Creates COM task schedule object
  • wizveraregsvr.exe (PID: 2584)
  • regsvr32.exe (PID: 3432)
Modifies the open verb of a shell class
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Application was dropped or rewritten from another process
  • wpmsvcsetup.exe (PID: 3120)
  • wizcertutil.exe (PID: 2136)
  • wpmsvcsetup.tmp (PID: 1480)
  • veraport20unloader.exe (PID: 2512)
  • veraport20unloader.exe (PID: 180)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 2052)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Creates a software uninstall entry
  • wpmsvcsetup.tmp (PID: 1480)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Creates files in the program directory
  • wpmsvcsetup.tmp (PID: 1480)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)
Loads dropped or rewritten executable
  • wpmsvcsetup.tmp (PID: 1480)
  • 1779574982-107-0_1.veraport-g3-sha2.tmp (PID: 4068)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (77.7%)
.exe
|   Win32 Executable Delphi generic (10%)
.dll
|   Win32 Dynamic Link Library (generic) (4.6%)
.exe
|   Win32 Executable (generic) (3.1%)
.exe
|   Win16/32 Executable Delphi generic (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
37888
InitializedDataSize:
17920
UninitializedDataSize:
null
EntryPoint:
0x9c40
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
3.7.3.4
ProductVersionNumber:
3.7.3.4
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Wizvera
FileDescription:
Veraport
FileVersion:
3.7.3.4
LegalCopyright:
Wizvera
ProductName:
Veraport
ProductVersion:
3,7,3,4
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Wizvera
FileDescription:
Veraport
FileVersion:
3.7.3.4
LegalCopyright:
Wizvera
ProductName:
Veraport
ProductVersion:
3,7,3,4
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x00009364 0x00009400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.56223
DATA 0x0000B000 0x0000024C 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.75348
BSS 0x0000C000 0x00000E4C 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000D000 0x00000950 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.43073
.tls 0x0000E000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0000F000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.204488
.reloc 0x00010000 0x000008B4 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00011000 0x00002C00 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 4.46702
Resources
1

2

3

4

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
78
Monitored processes
28
Malicious processes
13
Suspicious processes
1

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start 1779574982-107-0_1.veraport-g3-sha2.exe 1779574982-107-0_1.veraport-g3-sha2.tmp no specs 1779574982-107-0_1.veraport-g3-sha2.exe 1779574982-107-0_1.veraport-g3-sha2.tmp sc.exe no specs veraport20unloader.exe no specs veraport20unloader.exe no specs regsvr32.exe no specs wizveraregsvr.exe no specs wizcertutil.exe no specs certutil.exe no specs certutil.exe no specs certutil.exe no specs certutil.exe no specs wpmsvcsetup.exe wpmsvcsetup.tmp sc.exe no specs wizsvcutil.exe netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs sc.exe no specs wpmsvc.exe sc.exe no specs wpmsvc.exe veraport.exe no specs sc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1708
CMD
"C:\Users\admin\AppData\Local\Temp\1779574982-107-0_1.veraport-g3-sha2.exe"
Path
C:\Users\admin\AppData\Local\Temp\1779574982-107-0_1.veraport-g3-sha2.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Wizvera
Description
Veraport
Version
3.7.3.4
Modules
Image
c:\users\admin\appdata\local\temp\1779574982-107-0_1.veraport-g3-sha2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-ug99i.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp

PID
2052
CMD
"C:\Users\admin\AppData\Local\Temp\is-UG99I.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp" /SL5="$60158,5835162,54272,C:\Users\admin\AppData\Local\Temp\1779574982-107-0_1.veraport-g3-sha2.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-UG99I.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-ug99i.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll

PID
1592
CMD
"C:\Users\admin\AppData\Local\Temp\1779574982-107-0_1.veraport-g3-sha2.exe" /SPAWNWND=$70280 /NOTIFYWND=$60158
Path
C:\Users\admin\AppData\Local\Temp\1779574982-107-0_1.veraport-g3-sha2.exe
Indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Wizvera
Description
Veraport
Version
3.7.3.4
Modules
Image
c:\users\admin\appdata\local\temp\1779574982-107-0_1.veraport-g3-sha2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-0dqi6.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp

PID
4068
CMD
"C:\Users\admin\AppData\Local\Temp\is-0DQI6.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp" /SL5="$701F8,5835162,54272,C:\Users\admin\AppData\Local\Temp\1779574982-107-0_1.veraport-g3-sha2.exe" /SPAWNWND=$70280 /NOTIFYWND=$60158
Path
C:\Users\admin\AppData\Local\Temp\is-0DQI6.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp
Indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-0dqi6.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\veraport20unloader.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\regsvr32.exe
c:\program files\wizvera\veraport20\wizveraregsvr.exe
c:\users\admin\appdata\local\temp\is-e0itj.tmp\wizcertutil.exe
c:\users\admin\appdata\local\temp\is-e0itj.tmp\wpmsvcsetup.exe
c:\program files\wizvera\veraport20\veraport.exe

PID
1420
CMD
"C:\Windows\system32\sc.exe" stop WizveraPMSvc
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
1060
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
180
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\veraport20unloader.exe" /addloopback
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\veraport20unloader.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Wizvera
Description
Veraport20 Module Unloader
Version
2, 0, 1, 7
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\veraport20unloader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
2512
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\veraport20unloader.exe" /link
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\veraport20unloader.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Wizvera
Description
Veraport20 Module Unloader
Version
2, 0, 1, 7
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\veraport20unloader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
3432
CMD
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Wizvera\Veraport20\veraport20.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\wizvera\veraport20\veraport20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll

PID
2584
CMD
"C:\Program Files\Wizvera\Veraport20\wizveraregsvr.exe" veraport20.dll
Path
C:\Program Files\Wizvera\Veraport20\wizveraregsvr.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
WIZVERA
Description
Wizvera Regsvr
Version
1, 0, 0, 1
Modules
Image
c:\program files\wizvera\veraport20\wizveraregsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\wizvera\veraport20\veraport20.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptbase.dll

PID
2136
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wizcertutil.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wizcertutil.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Wizvera
Description
Certificate Util
Version
1.0.0.9
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\wizcertutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\certutil.exe
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\certutil.exe

PID
3440
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\certutil.exe" -A -n "WIZVERA CA" -t "TCu,Cuw,Tuw" -i wizvera_ca.crt -d "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default"
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\certutil.exe
Indicators
No indicators
Parent process
wizcertutil.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\certutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\smime3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\nss3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\softokn3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\plc4.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\msvcr71.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\plds4.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wship6.dll

PID
2124
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\certutil.exe" -A -n "WIZVERA CA" -t "TCu,Cuw,Tuw" -i wizvera_ca.crt -d sql:"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default"
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\certutil.exe
Indicators
No indicators
Parent process
wizcertutil.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\certutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\nssutil3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\plc4.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\msvcr120.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\plds4.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\smime3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\nss3.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\softokn3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\sqlite3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\freebl3.dll
c:\windows\system32\cryptbase.dll

PID
2208
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\certutil.exe" -A -n "WIZVERA1 CA" -t "TCu,Cuw,Tuw" -i wizvera1_ca.crt -d "C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default"
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\certutil.exe
Indicators
No indicators
Parent process
wizcertutil.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\certutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\smime3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\nss3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\softokn3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\plc4.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\msvcr71.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss\plds4.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wship6.dll

PID
1664
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\certutil.exe" -A -n "WIZVERA1 CA" -t "TCu,Cuw,Tuw" -i wizvera1_ca.crt -d sql:"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default"
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\certutil.exe
Indicators
No indicators
Parent process
wizcertutil.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\certutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\nssutil3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\plc4.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\msvcr120.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\plds4.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\smime3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\nss3.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\softokn3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\sqlite3.dll
c:\users\admin\appdata\local\temp\is-e0itj.tmp\nss_sql\freebl3.dll
c:\windows\system32\cryptbase.dll

PID
3120
CMD
"C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wpmsvcsetup.exe" /VERYSILENT
Path
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wpmsvcsetup.exe
Indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
WIZVERA
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\is-e0itj.tmp\wpmsvcsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-4fmko.tmp\wpmsvcsetup.tmp

PID
1480
CMD
"C:\Users\admin\AppData\Local\Temp\is-4FMKO.tmp\wpmsvcsetup.tmp" /SL5="$601CC,1716141,54272,C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wpmsvcsetup.exe" /VERYSILENT
Path
C:\Users\admin\AppData\Local\Temp\is-4FMKO.tmp\wpmsvcsetup.tmp
Indicators
Parent process
wpmsvcsetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-4fmko.tmp\wpmsvcsetup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-20as5.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\program files\wizvera\common\wpmsvc\wizsvcutil.exe
c:\program files\wizvera\common\wpmsvc\wpmsvc.exe

PID
4084
CMD
"C:\Windows\system32\sc.exe" stop WizveraPMSvc
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
wpmsvcsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
1060
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3016
CMD
"C:\Program Files\Wizvera\Common\wpmsvc\WizSvcUtil.exe" -fw add
Path
C:\Program Files\Wizvera\Common\wpmsvc\WizSvcUtil.exe
Indicators
Parent process
wpmsvcsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
1, 0, 0, 3
Modules
Image
c:\program files\wizvera\common\wpmsvc\wizsvcutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
3228
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall show rule name="Wizvera-Veraport-G3-in" dir=in
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
WizSvcUtil.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3676
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Wizvera-Veraport-G3-in" dir=in program="C:\Program Files\Wizvera\Veraport20\veraport.exe" action=allow
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
WizSvcUtil.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
572
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall show rule name="Wizvera-Veraport-G3-out" dir=out
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
WizSvcUtil.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3044
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Wizvera-Veraport-G3-out" dir=out program="C:\Program Files\Wizvera\Veraport20\veraport.exe" action=allow
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
WizSvcUtil.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3436
CMD
"C:\Windows\system32\sc.exe" config WizveraPMSvc start= auto
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
wpmsvcsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
1060
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3000
CMD
"C:\Program Files\Wizvera\Common\wpmsvc\wpmsvc.exe" /i
Path
C:\Program Files\Wizvera\Common\wpmsvc\wpmsvc.exe
Indicators
Parent process
wpmsvcsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
WIZVERA
Description
Wizvera process manager service
Version
1, 0, 4, 0
Modules
Image
c:\program files\wizvera\common\wpmsvc\wpmsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll

PID
1652
CMD
"C:\Windows\system32\sc.exe" start WizveraPMSvc
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
wpmsvcsetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\certutil.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\conhost.exe
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

PID
640
CMD
"C:\Program Files\Wizvera\Common\wpmsvc\wpmsvc.exe"
Path
C:\Program Files\Wizvera\Common\wpmsvc\wpmsvc.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
WIZVERA
Description
Wizvera process manager service
Version
1, 0, 4, 0
Modules
Image
c:\program files\wizvera\common\wpmsvc\wpmsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\program files\wizvera\veraport20\veraport.exe

PID
3792
CMD
"C:\Program Files\Wizvera\Veraport20\veraport.exe" wizvera-veraport://exec/x86/16105/
Path
C:\Program Files\Wizvera\Veraport20\veraport.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Version:
Company
WIZVERA
Description
Veraport Handler
Version
3, 7, 3, 4
Modules
Image
c:\program files\wizvera\veraport20\veraport.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll

PID
476
CMD
"C:\Windows\system32\sc.exe" start WizveraPMSvc
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
1779574982-107-0_1.veraport-g3-sha2.tmp
User
admin
Integrity Level
HIGH
Exit code
1056
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Registry activity

Total events
1189
Read events
848
Write events
326
Delete events
15

Modification events

PID
Process
Operation
Key
Name
Value
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_CURRENT_USER\Software\Wizvera\Veraport20
Version
3,7,3,4
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_CURRENT_USER\Software\Wizvera\Veraport20
Install
C:\Program Files\Wizvera\Veraport20
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_CURRENT_USER\Software\Wizvera\Veraport20
Veraportmain
Veraportmain20.exe
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
{477D5B9A-6479-44F8-9718-9340119B0308}
2
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
{477D5B9A-6479-44F8-9718-9340119B0308}
2
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20
Path
C:\Program Files\Wizvera\Veraport20\npveraport20.dll
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20
ProductName
Veraport20 Plugin
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20
Vender
Wizvera
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20
Version
3,7,3,4
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20
Description
Veraport20 Plugin
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20\MimeTypes\application/x-veraport20-plugin
Empty
'Empty'
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20\MimeTypes\application/x-veraport20-plugin\clsid\*
*
'true'
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wizvera.com/npVeraport20\MimeTypes\application/x-veraport20-plugin\codebaseurl\*
*
'true'
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wizvera-veraport
URL:veraport protocol
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wizvera-veraport
DefaultIcon
veraport.exe,1
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wizvera-veraport
URL Protocol
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wizvera-veraport\shell\open\command
"C:\Program Files\Wizvera\Veraport20\veraport.exe" "%1"
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
wizvera-veraport
"C:\Program Files\Wizvera\Veraport20\veraport.exe" wizvera-veraport://exec/x86/16105/
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\veraport.exe
CWDIllegalInDllSearch
4294967295
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\veraportmain20.exe
CWDIllegalInDllSearch
4294967295
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
Inno Setup: Setup Version
5.4.3 (a)
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
Inno Setup: App Path
C:\Program Files\Wizvera\Veraport20
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
InstallLocation
C:\Program Files\Wizvera\Veraport20\
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
Inno Setup: Icon Group
Veraport
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
Inno Setup: User
admin
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
Inno Setup: Language
en
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
DisplayName
Veraport20(Security module management) G3 - 3,7,3,4
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
DisplayIcon
C:\Program Files\Wizvera\Veraport20\veraportmain20.exe
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
UninstallString
"C:\Program Files\Wizvera\Veraport20\unins000.exe"
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
QuietUninstallString
"C:\Program Files\Wizvera\Veraport20\unins000.exe" /SILENT
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
DisplayVersion
3,7,3,4
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
Publisher
Wizvera
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
URLInfoAbout
http://www.wizvera.com
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
HelpLink
http://www.wizvera.com
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
URLUpdateInfo
http://www.wizvera.com
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
NoModify
1
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
NoRepair
1
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
InstallDate
20190515
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1
EstimatedSize
20822
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl.1
Veraport20Ctl Class
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl.1\CLSID
{477D5B9A-6479-44F8-9718-9340119B0308}
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl
Veraport20Ctl Class
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl\CLSID
{477D5B9A-6479-44F8-9718-9340119B0308}
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl\CurVer
veraport20.Veraport20Ctl.1
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
Veraport20Ctl Class
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\ProgID
veraport20.Veraport20Ctl.1
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\VersionIndependentProgID
veraport20.Veraport20Ctl
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\InprocServer32
C:\Program Files\Wizvera\Veraport20\veraport20.dll
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\InprocServer32
ThreadingModel
Apartment
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
AppID
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Elevation
Enabled
1
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
LocalizedString
@C:\Program Files\Wizvera\Veraport20\veraport20.dll,-101
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\ToolboxBitmap32
C:\Program Files\Wizvera\Veraport20\veraport20.dll, 103
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\MiscStatus
0
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\MiscStatus\1
131473
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\TypeLib
{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Version
1.0
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}\1.0
veraport20 1.0 Çü½Ä ¶óÀ̺귯¸®
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}\1.0\FLAGS
0
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}\1.0\0\win32
C:\Program Files\Wizvera\Veraport20\veraport20.dll
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}\1.0\HELPDIR
C:\Program Files\Wizvera\Veraport20
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D913D1E4-A4B3-4826-A81E-C4CE32FACFDE}
IVeraport20Ctl
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D913D1E4-A4B3-4826-A81E-C4CE32FACFDE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D913D1E4-A4B3-4826-A81E-C4CE32FACFDE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D913D1E4-A4B3-4826-A81E-C4CE32FACFDE}\TypeLib
{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}
3432
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D913D1E4-A4B3-4826-A81E-C4CE32FACFDE}\TypeLib
Version
1.0
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Control
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Elevation
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Implemented Categories
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\InprocServer32
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\MiscStatus\1
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\MiscStatus
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\ProgID
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Programmable
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\ToolboxBitmap32
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\TypeLib
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Version
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\VersionIndependentProgID
2584
wizveraregsvr.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl.1
Veraport20Ctl Class
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl.1\CLSID
{477D5B9A-6479-44F8-9718-9340119B0308}
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl
Veraport20Ctl Class
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl\CLSID
{477D5B9A-6479-44F8-9718-9340119B0308}
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\veraport20.Veraport20Ctl\CurVer
veraport20.Veraport20Ctl.1
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
Veraport20Ctl Class
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\ProgID
veraport20.Veraport20Ctl.1
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\VersionIndependentProgID
veraport20.Veraport20Ctl
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\InprocServer32
C:\Program Files\Wizvera\Veraport20\veraport20.dll
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\InprocServer32
ThreadingModel
Apartment
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
AppID
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Elevation
Enabled
1
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}
LocalizedString
@C:\Program Files\Wizvera\Veraport20\veraport20.dll,-101
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\ToolboxBitmap32
C:\Program Files\Wizvera\Veraport20\veraport20.dll, 103
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\MiscStatus
0
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\MiscStatus\1
131473
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\TypeLib
{FC9D3F26-BCA4-413A-A265-D8371C2CFEB8}
2584
wizveraregsvr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D5B9A-6479-44F8-9718-9340119B0308}\Version
1.0
2136
wizcertutil.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DB6C6959B07C983885DB55740DCD226BB95C187A
Blob
030000000100000014000000DB6C6959B07C983885DB55740DCD226BB95C187A2000000001000000210300003082031D30820205A0030201020209009503CDB19397B563300D06092A864886F70D01010B05003034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A56455241204341301E170D3134313231383032303935305A170D3334313231333032303935305A3034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A5645524120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C2741F9B67207DB5D95C8EECD89C79E83A1DB2C1753AFA4EE25C19D6B3EA34D502606A68259DC5526EF275B27F494AE9CA7D96D68641C737D61FBDF577D267FB3F9FEA6288253A75BA5F0073C4DE7BC786EEE525279BE45098B6A92CF0BCDA70D5DC749280DDCA9A4B7EDE4F324666822878AC50F1A16477D1423E1FAF2A93EBA92B6F8F0DC0C2BDFB07B53B4BE3616CA27B45FA6E8E5B447F9C907C6622945999CDA11029F48C85011D9C3682ADE6383F17066F3D4E9011FAFAA80F1AF80134A87627C42C4723E56DBD912C72E21C8E2E8DDC5E427B59DDBAC5A35D0B1D4B3C47ED8DC6AD12B7AD18393E16CD4D616BE27D32BBB55D6F66186601B6041FF37B0203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E04160414DD6CE22A761353DC7DECFB51035526933F9EA5F8300D06092A864886F70D01010B05000382010100C1B152625A41357BC6F91C50C2C45EBC1B67C3E7666D3C1DB2B229E1F76EF0F393AAC7448A83DFC4150810F2C2B118CF8372AB237A06A55353F83BB26A7CC5A0DCA681D8A36172ABB282C8EB58F13F3D76CE587B3A4BCF0A218F0F56D815DD657E302DDF1C6595EA28ECEE7F90A53EAD31257E4DC62012E7B5E8A03A33B654AD74DFF7ECD8D9D1046007DD3591A70A963B1953CFE173BDD86E58903DF50D9DBBC92EA0EC68A160245617E72B497EB08C01089D68D10378EC7F2D82DE92204A070A3755455CE8231AA42EA0D885244FCD104AED3F4034FE7D0866DBCE1A013BB8822A0B4E8F87332346234BAB10D3AE1CA96647F9F67E6694FD584D1589CF8DF9
2136
wizcertutil.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C95409513E5EC0F1C36F0469A9570D530177B7CF
Blob
030000000100000014000000C95409513E5EC0F1C36F0469A9570D530177B7CF2000000001000000230300003082031F30820207A003020102020900F1EFEA683ED7FC92300D06092A864886F70D01010505003035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A5645524131204341301E170D3135303333303035353835365A170D3335303332353035353835365A3035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A564552413120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100BA18D3ECB6F3B3477E2F4C694CEBB0FFEED05FD4CA44ACFF03588F783DDE24272B45A9F7A3088A621AF367729A7177CE80ECBC82E8EA51B9C703F03AEBC10B5757C61EB47D3108E69FB43C74CA58B467603F3623CB206A19C0F010FD7A15D3528F9F436CB4B34997AAF5D67D4210C9C166662345C78F9CCF00654A8CBBC42E01454CA74551038205A4E4FA345222AC6A6D2452F6BA62864E915E480641F014CC35930AD53D53935728FBC4C27F3F1925B140DF76761F29D60E3BCDFBC28BC7D87F6F7314A97478BC23626FF5F3623021A6A96AC7D80F6F59780F83BCD998EB7FB0B547AF9EC5F93C5E6A80A9A928C8191A3C1BAC5791CEC730A31C8C8173A0790203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E0416041446C6926C38BC0510A41E3B8571A08BF8C1ABE3B0300D06092A864886F70D010105050003820101000386FEEBEB18D32740A3074492D14355565AFE8F6675DD28F922CE7536F1925C2FA3443F24AEDBC2BC6BA3DC340A23EB00C4711A5A15F13EFA2B54D699E2A5CB13FA3AFBFFEA959E04FC8BB3BF6DA44FB67608886DF4C236CB779C25BCB002A369D146EEDE17D2441A7267B3C14B016A0C803192EB620F35F4EEB4CC158706D56A17EB5F78A7B5E988BDCB11CBB942DEE48F71C2BFE6273A432B1331064C5D24A39E163DB21E120DF43D95F865CA730D6AADCFB97A50467BF3A542196FA5B3C96DA9D1AEBEC3E1EED2A2D20A7949230C6050184F6213846FA6CF60BF00339A031032C12C4E7B20BEEC3E4D9CE4638AC7AA6D85AFCA4BCF1699937205F32572AA
2136
wizcertutil.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2136
wizcertutil.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpmsvc.exe
CWDIllegalInDllSearch
4294967295
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
Inno Setup: Setup Version
5.4.3 (a)
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
Inno Setup: App Path
C:\Program Files\Wizvera\Common\wpmsvc
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
InstallLocation
C:\Program Files\Wizvera\Common\wpmsvc\
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
Inno Setup: Icon Group
Wizvera\wpmsvc
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
Inno Setup: User
admin
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
Inno Setup: Language
english
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
DisplayName
WIZVERA Process Manager 1,0,4,0
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
UninstallString
"C:\Program Files\Wizvera\Common\wpmsvc\unins000.exe"
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
QuietUninstallString
"C:\Program Files\Wizvera\Common\wpmsvc\unins000.exe" /SILENT
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
DisplayVersion
1,0,4,0
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
Publisher
WIZVERA
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
URLInfoAbout
http://www.wizvera.com
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
HelpLink
http://www.wizvera.com
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
URLUpdateInfo
http://www.wizvera.com
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
NoModify
1
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
NoRepair
1
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
InstallDate
20190515
1480
wpmsvcsetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
EstimatedSize
2362
3016
WizSvcUtil.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3016
WizSvcUtil.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
3228
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
3676
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
572
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3044
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
640
wpmsvc.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DB6C6959B07C983885DB55740DCD226BB95C187A
Blob
0F00000001000000200000009ED449BE629B7714FBD348C074C930B66E98005349E6C148FDB79C1B66C86475030000000100000014000000DB6C6959B07C983885DB55740DCD226BB95C187A2000000001000000210300003082031D30820205A0030201020209009503CDB19397B563300D06092A864886F70D01010B05003034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A56455241204341301E170D3134313231383032303935305A170D3334313231333032303935305A3034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A5645524120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C2741F9B67207DB5D95C8EECD89C79E83A1DB2C1753AFA4EE25C19D6B3EA34D502606A68259DC5526EF275B27F494AE9CA7D96D68641C737D61FBDF577D267FB3F9FEA6288253A75BA5F0073C4DE7BC786EEE525279BE45098B6A92CF0BCDA70D5DC749280DDCA9A4B7EDE4F324666822878AC50F1A16477D1423E1FAF2A93EBA92B6F8F0DC0C2BDFB07B53B4BE3616CA27B45FA6E8E5B447F9C907C6622945999CDA11029F48C85011D9C3682ADE6383F17066F3D4E9011FAFAA80F1AF80134A87627C42C4723E56DBD912C72E21C8E2E8DDC5E427B59DDBAC5A35D0B1D4B3C47ED8DC6AD12B7AD18393E16CD4D616BE27D32BBB55D6F66186601B6041FF37B0203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E04160414DD6CE22A761353DC7DECFB51035526933F9EA5F8300D06092A864886F70D01010B05000382010100C1B152625A41357BC6F91C50C2C45EBC1B67C3E7666D3C1DB2B229E1F76EF0F393AAC7448A83DFC4150810F2C2B118CF8372AB237A06A55353F83BB26A7CC5A0DCA681D8A36172ABB282C8EB58F13F3D76CE587B3A4BCF0A218F0F56D815DD657E302DDF1C6595EA28ECEE7F90A53EAD31257E4DC62012E7B5E8A03A33B654AD74DFF7ECD8D9D1046007DD3591A70A963B1953CFE173BDD86E58903DF50D9DBBC92EA0EC68A160245617E72B497EB08C01089D68D10378EC7F2D82DE92204A070A3755455CE8231AA42EA0D885244FCD104AED3F4034FE7D0866DBCE1A013BB8822A0B4E8F87332346234BAB10D3AE1CA96647F9F67E6694FD584D1589CF8DF9
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C95409513E5EC0F1C36F0469A9570D530177B7CF
Blob
0F0000000100000014000000ABF669063C98F7331F59E8126C260DA69F9EA54F030000000100000014000000C95409513E5EC0F1C36F0469A9570D530177B7CF2000000001000000230300003082031F30820207A003020102020900F1EFEA683ED7FC92300D06092A864886F70D01010505003035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A5645524131204341301E170D3135303333303035353835365A170D3335303332353035353835365A3035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A564552413120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100BA18D3ECB6F3B3477E2F4C694CEBB0FFEED05FD4CA44ACFF03588F783DDE24272B45A9F7A3088A621AF367729A7177CE80ECBC82E8EA51B9C703F03AEBC10B5757C61EB47D3108E69FB43C74CA58B467603F3623CB206A19C0F010FD7A15D3528F9F436CB4B34997AAF5D67D4210C9C166662345C78F9CCF00654A8CBBC42E01454CA74551038205A4E4FA345222AC6A6D2452F6BA62864E915E480641F014CC35930AD53D53935728FBC4C27F3F1925B140DF76761F29D60E3BCDFBC28BC7D87F6F7314A97478BC23626FF5F3623021A6A96AC7D80F6F59780F83BCD998EB7FB0B547AF9EC5F93C5E6A80A9A928C8191A3C1BAC5791CEC730A31C8C8173A0790203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E0416041446C6926C38BC0510A41E3B8571A08BF8C1ABE3B0300D06092A864886F70D010105050003820101000386FEEBEB18D32740A3074492D14355565AFE8F6675DD28F922CE7536F1925C2FA3443F24AEDBC2BC6BA3DC340A23EB00C4711A5A15F13EFA2B54D699E2A5CB13FA3AFBFFEA959E04FC8BB3BF6DA44FB67608886DF4C236CB779C25BCB002A369D146EEDE17D2441A7267B3C14B016A0C803192EB620F35F4EEB4CC158706D56A17EB5F78A7B5E988BDCB11CBB942DEE48F71C2BFE6273A432B1331064C5D24A39E163DB21E120DF43D95F865CA730D6AADCFB97A50467BF3A542196FA5B3C96DA9D1AEBEC3E1EED2A2D20A7949230C6050184F6213846FA6CF60BF00339A031032C12C4E7B20BEEC3E4D9CE4638AC7AA6D85AFCA4BCF1699937205F32572AA
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DB6C6959B07C983885DB55740DCD226BB95C187A
Blob
140000000100000014000000DD6CE22A761353DC7DECFB51035526933F9EA5F8030000000100000014000000DB6C6959B07C983885DB55740DCD226BB95C187A0F00000001000000200000009ED449BE629B7714FBD348C074C930B66E98005349E6C148FDB79C1B66C864752000000001000000210300003082031D30820205A0030201020209009503CDB19397B563300D06092A864886F70D01010B05003034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A56455241204341301E170D3134313231383032303935305A170D3334313231333032303935305A3034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A5645524120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C2741F9B67207DB5D95C8EECD89C79E83A1DB2C1753AFA4EE25C19D6B3EA34D502606A68259DC5526EF275B27F494AE9CA7D96D68641C737D61FBDF577D267FB3F9FEA6288253A75BA5F0073C4DE7BC786EEE525279BE45098B6A92CF0BCDA70D5DC749280DDCA9A4B7EDE4F324666822878AC50F1A16477D1423E1FAF2A93EBA92B6F8F0DC0C2BDFB07B53B4BE3616CA27B45FA6E8E5B447F9C907C6622945999CDA11029F48C85011D9C3682ADE6383F17066F3D4E9011FAFAA80F1AF80134A87627C42C4723E56DBD912C72E21C8E2E8DDC5E427B59DDBAC5A35D0B1D4B3C47ED8DC6AD12B7AD18393E16CD4D616BE27D32BBB55D6F66186601B6041FF37B0203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E04160414DD6CE22A761353DC7DECFB51035526933F9EA5F8300D06092A864886F70D01010B05000382010100C1B152625A41357BC6F91C50C2C45EBC1B67C3E7666D3C1DB2B229E1F76EF0F393AAC7448A83DFC4150810F2C2B118CF8372AB237A06A55353F83BB26A7CC5A0DCA681D8A36172ABB282C8EB58F13F3D76CE587B3A4BCF0A218F0F56D815DD657E302DDF1C6595EA28ECEE7F90A53EAD31257E4DC62012E7B5E8A03A33B654AD74DFF7ECD8D9D1046007DD3591A70A963B1953CFE173BDD86E58903DF50D9DBBC92EA0EC68A160245617E72B497EB08C01089D68D10378EC7F2D82DE92204A070A3755455CE8231AA42EA0D885244FCD104AED3F4034FE7D0866DBCE1A013BB8822A0B4E8F87332346234BAB10D3AE1CA96647F9F67E6694FD584D1589CF8DF9
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C95409513E5EC0F1C36F0469A9570D530177B7CF
Blob
14000000010000001400000046C6926C38BC0510A41E3B8571A08BF8C1ABE3B0030000000100000014000000C95409513E5EC0F1C36F0469A9570D530177B7CF0F0000000100000014000000ABF669063C98F7331F59E8126C260DA69F9EA54F2000000001000000230300003082031F30820207A003020102020900F1EFEA683ED7FC92300D06092A864886F70D01010505003035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A5645524131204341301E170D3135303333303035353835365A170D3335303332353035353835365A3035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A564552413120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100BA18D3ECB6F3B3477E2F4C694CEBB0FFEED05FD4CA44ACFF03588F783DDE24272B45A9F7A3088A621AF367729A7177CE80ECBC82E8EA51B9C703F03AEBC10B5757C61EB47D3108E69FB43C74CA58B467603F3623CB206A19C0F010FD7A15D3528F9F436CB4B34997AAF5D67D4210C9C166662345C78F9CCF00654A8CBBC42E01454CA74551038205A4E4FA345222AC6A6D2452F6BA62864E915E480641F014CC35930AD53D53935728FBC4C27F3F1925B140DF76761F29D60E3BCDFBC28BC7D87F6F7314A97478BC23626FF5F3623021A6A96AC7D80F6F59780F83BCD998EB7FB0B547AF9EC5F93C5E6A80A9A928C8191A3C1BAC5791CEC730A31C8C8173A0790203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E0416041446C6926C38BC0510A41E3B8571A08BF8C1ABE3B0300D06092A864886F70D010105050003820101000386FEEBEB18D32740A3074492D14355565AFE8F6675DD28F922CE7536F1925C2FA3443F24AEDBC2BC6BA3DC340A23EB00C4711A5A15F13EFA2B54D699E2A5CB13FA3AFBFFEA959E04FC8BB3BF6DA44FB67608886DF4C236CB779C25BCB002A369D146EEDE17D2441A7267B3C14B016A0C803192EB620F35F4EEB4CC158706D56A17EB5F78A7B5E988BDCB11CBB942DEE48F71C2BFE6273A432B1331064C5D24A39E163DB21E120DF43D95F865CA730D6AADCFB97A50467BF3A542196FA5B3C96DA9D1AEBEC3E1EED2A2D20A7949230C6050184F6213846FA6CF60BF00339A031032C12C4E7B20BEEC3E4D9CE4638AC7AA6D85AFCA4BCF1699937205F32572AA
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DB6C6959B07C983885DB55740DCD226BB95C187A
Blob
190000000100000010000000AD4B110F027201408C51BD92BACA90B00F00000001000000200000009ED449BE629B7714FBD348C074C930B66E98005349E6C148FDB79C1B66C86475030000000100000014000000DB6C6959B07C983885DB55740DCD226BB95C187A140000000100000014000000DD6CE22A761353DC7DECFB51035526933F9EA5F82000000001000000210300003082031D30820205A0030201020209009503CDB19397B563300D06092A864886F70D01010B05003034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A56455241204341301E170D3134313231383032303935305A170D3334313231333032303935305A3034310B3009060355040613024B523110300E060355040A130757495A56455241311330110603550403130A57495A5645524120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C2741F9B67207DB5D95C8EECD89C79E83A1DB2C1753AFA4EE25C19D6B3EA34D502606A68259DC5526EF275B27F494AE9CA7D96D68641C737D61FBDF577D267FB3F9FEA6288253A75BA5F0073C4DE7BC786EEE525279BE45098B6A92CF0BCDA70D5DC749280DDCA9A4B7EDE4F324666822878AC50F1A16477D1423E1FAF2A93EBA92B6F8F0DC0C2BDFB07B53B4BE3616CA27B45FA6E8E5B447F9C907C6622945999CDA11029F48C85011D9C3682ADE6383F17066F3D4E9011FAFAA80F1AF80134A87627C42C4723E56DBD912C72E21C8E2E8DDC5E427B59DDBAC5A35D0B1D4B3C47ED8DC6AD12B7AD18393E16CD4D616BE27D32BBB55D6F66186601B6041FF37B0203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E04160414DD6CE22A761353DC7DECFB51035526933F9EA5F8300D06092A864886F70D01010B05000382010100C1B152625A41357BC6F91C50C2C45EBC1B67C3E7666D3C1DB2B229E1F76EF0F393AAC7448A83DFC4150810F2C2B118CF8372AB237A06A55353F83BB26A7CC5A0DCA681D8A36172ABB282C8EB58F13F3D76CE587B3A4BCF0A218F0F56D815DD657E302DDF1C6595EA28ECEE7F90A53EAD31257E4DC62012E7B5E8A03A33B654AD74DFF7ECD8D9D1046007DD3591A70A963B1953CFE173BDD86E58903DF50D9DBBC92EA0EC68A160245617E72B497EB08C01089D68D10378EC7F2D82DE92204A070A3755455CE8231AA42EA0D885244FCD104AED3F4034FE7D0866DBCE1A013BB8822A0B4E8F87332346234BAB10D3AE1CA96647F9F67E6694FD584D1589CF8DF9
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C95409513E5EC0F1C36F0469A9570D530177B7CF
Blob
1900000001000000100000006BE19ED1E0B349F60D92A65FE7D26D390F0000000100000014000000ABF669063C98F7331F59E8126C260DA69F9EA54F030000000100000014000000C95409513E5EC0F1C36F0469A9570D530177B7CF14000000010000001400000046C6926C38BC0510A41E3B8571A08BF8C1ABE3B02000000001000000230300003082031F30820207A003020102020900F1EFEA683ED7FC92300D06092A864886F70D01010505003035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A5645524131204341301E170D3135303333303035353835365A170D3335303332353035353835365A3035310B3009060355040613024B523110300E060355040A130757495A56455241311430120603550403130B57495A564552413120434130820122300D06092A864886F70D01010105000382010F003082010A0282010100BA18D3ECB6F3B3477E2F4C694CEBB0FFEED05FD4CA44ACFF03588F783DDE24272B45A9F7A3088A621AF367729A7177CE80ECBC82E8EA51B9C703F03AEBC10B5757C61EB47D3108E69FB43C74CA58B467603F3623CB206A19C0F010FD7A15D3528F9F436CB4B34997AAF5D67D4210C9C166662345C78F9CCF00654A8CBBC42E01454CA74551038205A4E4FA345222AC6A6D2452F6BA62864E915E480641F014CC35930AD53D53935728FBC4C27F3F1925B140DF76761F29D60E3BCDFBC28BC7D87F6F7314A97478BC23626FF5F3623021A6A96AC7D80F6F59780F83BCD998EB7FB0B547AF9EC5F93C5E6A80A9A928C8191A3C1BAC5791CEC730A31C8C8173A0790203010001A3323030300F0603551D130101FF040530030101FF301D0603551D0E0416041446C6926C38BC0510A41E3B8571A08BF8C1ABE3B0300D06092A864886F70D010105050003820101000386FEEBEB18D32740A3074492D14355565AFE8F6675DD28F922CE7536F1925C2FA3443F24AEDBC2BC6BA3DC340A23EB00C4711A5A15F13EFA2B54D699E2A5CB13FA3AFBFFEA959E04FC8BB3BF6DA44FB67608886DF4C236CB779C25BCB002A369D146EEDE17D2441A7267B3C14B016A0C803192EB620F35F4EEB4CC158706D56A17EB5F78A7B5E988BDCB11CBB942DEE48F71C2BFE6273A432B1331064C5D24A39E163DB21E120DF43D95F865CA730D6AADCFB97A50467BF3A542196FA5B3C96DA9D1AEBEC3E1EED2A2D20A7949230C6050184F6213846FA6CF60BF00339A031032C12C4E7B20BEEC3E4D9CE4638AC7AA6D85AFCA4BCF1699937205F32572AA
640
wpmsvc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3792
veraport.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3792
veraport.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyOverride
127.0.0.1:16105;127.0.0.1:16106;

Files activity

Executable files
48
Suspicious files
5
Text files
8
Unknown types
6

Dropped files

PID
Process
Filename
Type
1708
1779574982-107-0_1.veraport-g3-sha2.exe
C:\Users\admin\AppData\Local\Temp\is-UG99I.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp
executable
MD5: 67c5a4f36e1c91a3b85e440edd7ad026
SHA256: 99c299d6565ab53d9af66e0146737dc0ecfbc52ecf4740825b552db0cc4210c6
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\sqlite3.dll
executable
MD5: 3a58690aff7051bb18ea9d764a450551
SHA256: d2d0b729837574d2eb6adac4f819bc4f8534ac9a43b17663942b2401a02db02a
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\veraport20.dll
executable
MD5: 8f555d1637c49ddac23ce0eec6de7e2b
SHA256: b45ea6b32eb59848d69bafbe50d4394bf38ce33c2b6e466aef8b7cf2299d448c
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\swft32.dll
executable
MD5: 266e3ae5e9348ea1effe91f70e81b980
SHA256: 70291f6dc4e88967f54f8bf8ec814110ec7ec5dbe1fc4e07fda51ca8188d80af
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\unins000.exe
executable
MD5: 48daf9bb9dff43c76f7ede31487da9aa
SHA256: 6947faadf16d1e862e5de4771c1f45709294174433f7e9d393c4347a4a96460f
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\veraportmain20.exe
executable
MD5: 1a456abb366777397539b5450ee40d41
SHA256: 512e3210f81452a22667da83b42d48c1563b041ab3c46daa57f33108655c4b36
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\veraport20unloader.exe
executable
MD5: 165495a166cf45f50aee7bc0d4246f35
SHA256: 69d83f3e5a622e3f2e0d8c2fa22466304b20b1b85a35af038efa86045c4e08bd
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\certutil.exe
executable
MD5: f8da06687fb47ca2c355c38ca2766262
SHA256: 64ad18f4d9bef01b86e39ca1e774dfa37db46bc8267453c418dd7f723d6d014c
3120
wpmsvcsetup.exe
C:\Users\admin\AppData\Local\Temp\is-4FMKO.tmp\wpmsvcsetup.tmp
executable
MD5: 67c5a4f36e1c91a3b85e440edd7ad026
SHA256: 99c299d6565ab53d9af66e0146737dc0ecfbc52ecf4740825b552db0cc4210c6
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\smime3.dll
executable
MD5: 94624bbab23a92e0a5f90cce9a5a340d
SHA256: b0104ea7aaa257b111982bd0763c1c47fff76bd70249f84dcad834d50444df1a
1480
wpmsvcsetup.tmp
C:\Users\admin\AppData\Local\Temp\is-20AS5.tmp\_isetup\_RegDLL.tmp
executable
MD5: 0ee914c6f0bb93996c75941e1ad629c6
SHA256: 4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\softokn3.dll
executable
MD5: b2ad88dd7b83b62695b764d1dadfc15d
SHA256: 80984e8751d01e0bb1be9d2449402b9c90dd80f795cabddd50b720be8059e037
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\nspr4.dll
executable
MD5: bd0e897dbc2dcc0cf1287ffd7c734cf0
SHA256: 2d2096447b366d6640f2670edb474ab208d8d85b5650db5e80cc985d1189f911
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\veraport20unloader.exe
executable
MD5: 165495a166cf45f50aee7bc0d4246f35
SHA256: 69d83f3e5a622e3f2e0d8c2fa22466304b20b1b85a35af038efa86045c4e08bd
1480
wpmsvcsetup.tmp
C:\Users\admin\AppData\Local\Temp\is-20AS5.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\ssl3.dll
executable
MD5: 55fc1eb1359afda427cf8cf7fc840cf2
SHA256: 77e642601d600b8dda1fc64e4cc8d556fc53217df933122c487ec43c1f60e2de
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\nssutil3.dll
executable
MD5: c19416e9cf9e571068ca14276c6e0620
SHA256: ba9341807b42e90bb0380d51a83d3d6a0de7d57b6820a8b0cbe5e36e978860fa
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\npveraport20.dll
executable
MD5: 52536e4178d4a5b554b32571a68442ea
SHA256: 6da6449793c2d73f7dc08cf0451964f6304afd75c9c146b586f88fa8623d5b60
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\_isetup\_RegDLL.tmp
executable
MD5: 0ee914c6f0bb93996c75941e1ad629c6
SHA256: 4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\ssl3.dll
executable
MD5: 0b329ebdfc21d16e3f6ed48a13e483a8
SHA256: 6c312ed66071ea4d5a140665bac552bb6c0f697a2dd47f84b490dcd1afb93e1b
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\plc4.dll
executable
MD5: 88b4df8d7d536a195f866b70c48ed534
SHA256: 09f01488a002915b8472a4e82adb7a3e8cb43bd77db347b0178eae614f846a0a
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\wizveraregsvr.exe
executable
MD5: 6992cf67a04ef4e56805b9c126192c57
SHA256: d7a6968bd20ac73d2134e966f9a9f923fd65379bc8dabdca179c08c99cb37446
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\unins000.exe
executable
MD5: 82c616dbd19c52748861918ecc6a0ac6
SHA256: 8c3baa1c35c207c7416b9f182385cbb09b570aac8990ff18366cfec3bea7b492
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\smime3.dll
executable
MD5: 031a02aadf62df41f8558a18e5d280a9
SHA256: 99f21b76ef9fd0b3842fc5c3de62bd9f5c0fe554b0f9b25fa75055c07b3a71f2
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\plds4.dll
executable
MD5: b7ed50495d311cf6e7ad247968dd2079
SHA256: 20166e281b31ae60672b9d87cb69fcba0c38cc5e18a8ba081c5601ccfab7589f
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\mozillafinder.exe
executable
MD5: 907bc93c23aa44fc0b915f4d779dbb85
SHA256: 07059630bf80273ace214517165496a266b37e4a46211777a32cee090c318c48
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\plc4.dll
executable
MD5: a92fb57b8c875df18efe4d22041fe4a1
SHA256: dd1b461e36803f4182e009db962d1f58181725e82e28d6f0c4aa8774e5af6a69
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\msvcr120.dll
executable
MD5: 034ccadc1c073e4216e9466b720f9849
SHA256: 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\veraport.exe
executable
MD5: fde51d7e4c3a37a04c7bc1086beb986a
SHA256: 7c917bf0280f6e1684d268b856c81c940a1dc0fdc5de51c6e9654ca52bd8eba4
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\WizSvcUtil.exe
executable
MD5: 04077878dd222beb2a7f774c488b12c6
SHA256: 473866af41182b9995193fed751898b6dcf15dcfff5370c0b82aed8c623749c3
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\nssckbi.dll
executable
MD5: 629476b321638c9ee3e4e5606075277c
SHA256: c10c7a8700d6a1538e28ade7f72e6b77b7efc234228bb746e59637bbb2d919b7
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\nss3.dll
executable
MD5: 54f3932864eed803bd1cb82df43f0c76
SHA256: 96e068e6162a98d212b57c86b14fc539f1bbdccd363f68efd8cdfecc90c699d3
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\plds4.dll
executable
MD5: c1d41c933445ece136b075054ceca505
SHA256: bbdb559858f7e0e4ab347816bfee8679d788bf2548fad6b15bb509153fffe189
1592
1779574982-107-0_1.veraport-g3-sha2.exe
C:\Users\admin\AppData\Local\Temp\is-0DQI6.tmp\1779574982-107-0_1.veraport-g3-sha2.tmp
executable
MD5: 67c5a4f36e1c91a3b85e440edd7ad026
SHA256: 99c299d6565ab53d9af66e0146737dc0ecfbc52ecf4740825b552db0cc4210c6
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\nss3.dll
executable
MD5: 09cacf1074663b90a88c2345f42425ff
SHA256: 775aac71a08eb6780098c8b080ab910ebb1d62635356e294bc8ff24c98e24357
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\nssckbi.dll
executable
MD5: 40483977b63ff6382ba0e4fb03198c8b
SHA256: bfa1de077f19afc7b21feb41891b4200a40b4dda114f483d4eb92ff7a375926d
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\nspr4.dll
executable
MD5: 4290f101800094ec7b8443cc9be8a27d
SHA256: 115891a18b53cbcb92850a6592ebd49657c61564bdfc980defd31a162fa48835
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\wpmsvc.exe
executable
MD5: d7474573ebe57acc7897f3face902456
SHA256: 8cf19856889552a3c3b20ef860cfa8e95d53ce4067b4ac0f762845b4557a3d3c
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wpmsvcsetup.exe
executable
MD5: b89adfde19bac70c6ddf77be274a3f76
SHA256: aa68749fbf813868b6352662c0bb12bf6233404b8fba5aff63e9639e85143394
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\nssdbm3.dll
executable
MD5: 8cc6a31974a175a65d6c090feed39f42
SHA256: f64111faa9966d7b7859c6467bedbd64559284b049f55ffadc54dfc50a3a4264
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wizcertutil.exe
executable
MD5: 420903eec8e9ea648779298506f5bb58
SHA256: 3b62968c3c9cc26acaa1f76f51a2f1ad456755e8ea2dd12b3a0e53ceb539f178
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\msvcrt.dll
executable
MD5: c391fc68282a000cdf953f8b6b55d2ef
SHA256: 1cb0dab84545d9fdea5a7865a1e7132ceac91decf8b100285b63098d7b09e584
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\msvcr71.dll
executable
MD5: 86f1895ae8c5e8b17d99ece768a70732
SHA256: 8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\freebl3.dll
executable
MD5: f474dd91bb12f230209ec3163ce7e6c4
SHA256: f63b2cab4b77ac63a1beca66872a991e1f8233f2c513d42460dbf28c733b138c
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\fort32.dll
executable
MD5: 27ca976f6df591329fd6348a50b841c7
SHA256: 56d119b396a5b8e76482975c1c6c2d25f956240f9589ca60f2a21ce65e3ed246
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\certutil.exe
executable
MD5: a253cbbfbceee37dd90b999d26542038
SHA256: 74e798db83feaef2309b2faaa332e3d6fd02d732d1f545a505919e1d91059caa
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\softokn3.dll
executable
MD5: 6832b9a7ab871d81be42054f117b8299
SHA256: b1316e04b3bf464906f4e015d3e71b4e06a65cc6e59a20a96984ee1e862dcb0e
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\is-8HB5M.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-079K6.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-9IVER.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-79PFG.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-BK470.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-DM71H.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-RMBCO.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\README.md
text
MD5: 3a8245c6346bf3698246ea4528245a43
SHA256: cd8190312d3f8683312213d2a1204cab5e1222ab46addacda0d3f81b35161376
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-C5P9A.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-UPHBI.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-5VS36.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\Setup Log 2019-05-15 #001.txt
text
MD5: b677778dd55de3b7b49eed01d4ab1352
SHA256: daca8c72fdb12b877434212b0dc176f08a2b3a0cc5608e84c623d6f76305bf7b
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\LICENSE
text
MD5: 17c0970e8c7b6a6bd33e0c66fe6dc514
SHA256: 112f7b1a5c192dd892f2d2092df46109185ad9f5eb729eac9770f48c352887df
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-8AVQO.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-KO34G.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\COPYING
text
MD5: bddedb773e17c5704aca39eac9f71fa4
SHA256: 8d795aeac957c8b6556b2aca5e0a5a8b0b3254365d488bc62e280cb3255d441a
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-O88VG.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-ML6HN.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-0CB9Q.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-EJ5QN.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-UVHRS.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-UM600.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\is-I8UCN.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-ABRLB.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-H85CS.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\sha1\is-HJM7G.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\is-EDALL.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wizvera1_ca.crt
text
MD5: a7d360f44fe9daabe38403915750673f
SHA256: 74f9ac62139d973f56174d990d718e5080b537b4440814853ca30f039a74c9e7
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\wizvera_ca.crt
text
MD5: 911f5bc76279b3d6effddf2dd23d4c6b
SHA256: d7dd53670d398b043478fb75f6eae3d7b8df67c18074ac61fb8f4c94ae0324a0
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-KK6AK.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-03B4K.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-CJ2IG.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-4F27A.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\sha1\wizvera_ca.crt
text
MD5: a7d360f44fe9daabe38403915750673f
SHA256: 74f9ac62139d973f56174d990d718e5080b537b4440814853ca30f039a74c9e7
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-MHH8U.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss_sql\is-KHE4D.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-2S6BA.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\unins000.dat
dat
MD5: 531f409422ef3d716c597808daf78ce0
SHA256: 0f83a6977cef9ebe5b95b33a749cc52a1add17b2798b9a2d9b7ab34d82626905
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-R1O37.tmp
––
MD5:  ––
SHA256:  ––
3440
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\secmod.db
binary
MD5: b0a8b3a8f3530832a4c972341a6245fd
SHA256: 974436a1c60becbee5cfbcf76f83bbdfb3ed5bdec41a67a219813f61c88e5006
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-6FRF8.tmp
––
MD5:  ––
SHA256:  ––
3440
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key3.db
binary
MD5: 80c5dfb3227ecc076282876a42cbafa2
SHA256: d149d2a047ae5f49c164841c27eb963e0d607d90cf4d8647dffcc0e53dba3dfd
3440
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert8.db
binary
MD5: cb4e3cbb0457c58338e336fb2f1448d9
SHA256: 16e7323c41b66471391d716c99c1cac47b5df606d215082db09f2b4fb21033a1
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-I1EVT.tmp
––
MD5:  ––
SHA256:  ––
2124
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db-journal
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\cacert.cer
text
MD5: 501e479367afb2db621f702fe9f909ff
SHA256: ba4fb35144f89331e5886f136628d7886b13ab26f873969a88cf7900ecc6c097
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-ESQ63.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\nss\is-AO92P.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\is-O5BMV.tmp
––
MD5:  ––
SHA256:  ––
2124
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
sqlite
MD5: 6d75b801a60c25ffd8b6fe20fb035067
SHA256: dc01ada60042e485ba5b73e03b24e846fd84a7d28c42439a7b18832c153905cd
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-TTR6R.tmp
––
MD5:  ––
SHA256:  ––
2124
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Users\admin\AppData\Local\Temp\is-E0ITJ.tmp\is-S7B79.tmp
––
MD5:  ––
SHA256:  ––
2124
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 4a902d17bbc8656f3d79731e815141e8
SHA256: 97c579b167422c21321b5fd0aec3b4e4959db3fa3fdfb0ecba40741a43a06443
2208
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert8.db
binary
MD5: 2ff923d1ae091ccd706192622ecd6287
SHA256: 1a4211abdbadeb00c9dba6f48eee1e6fd77107ca20a9f9df624086b1ebb5411a
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-B290D.tmp
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-2BRKM.tmp
––
MD5:  ––
SHA256:  ––
2208
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key3.db
binary
MD5: 80c5dfb3227ecc076282876a42cbafa2
SHA256: d149d2a047ae5f49c164841c27eb963e0d607d90cf4d8647dffcc0e53dba3dfd
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-00SF0.tmp
––
MD5:  ––
SHA256:  ––
1664
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db-journal
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-BS5V4.tmp
––
MD5:  ––
SHA256:  ––
1664
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
sqlite
MD5: ca8b31322133f7c507ac2a490aa098f4
SHA256: cf4b462f90e2654a3b89b1fefe32844dcfdab3f31a6dd4e30f8ee8104491d881
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-0ABVC.tmp
––
MD5:  ––
SHA256:  ––
1664
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
4068
1779574982-107-0_1.veraport-g3-sha2.tmp
C:\Program Files\Wizvera\Veraport20\is-AUK2M.tmp
––
MD5:  ––
SHA256:  ––
1664
certutil.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: db09d5725e6e60572749a27432a5a4ef
SHA256: b172a4b30df5b4285e3d157fef786b192b27af7edce6a4a8801665d0220428f6
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\is-UG1VH.tmp
––
MD5:  ––
SHA256:  ––
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\is-A303H.tmp
––
MD5:  ––
SHA256:  ––
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\is-7IJNT.tmp
––
MD5:  ––
SHA256:  ––
1480
wpmsvcsetup.tmp
C:\Program Files\Wizvera\Common\wpmsvc\unins000.dat
dat
MD5: 7194e099f954572e9cda7d41c5ab2f62
SHA256: 8ff71205f50fd6a377bf3d24133462283b86ed914e1f3e37b25f4e00ec3154f8

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

Process Message
wpmsvc.exe %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------
wpmsvc.exe %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------
wpmsvc.exe %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------