General Info

URL

http://150.co.il/showmypc.exe

Full analysis
https://app.any.run/tasks/c0bc8332-5d5b-45f1-aca8-65a08870e860
Verdict
Malicious activity
Analysis date
2/11/2019, 10:27:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • smpcview.exe (PID: 2296)
  • tvnserver.exe (PID: 3372)
  • tvnserver.exe (PID: 2324)
  • tvnserver.exe (PID: 3376)
  • SMPCSetup.exe (PID: 3664)
  • SMPCSetup.exe (PID: 2488)
  • tvnserver.exe (PID: 4068)
  • showmypc.exe (PID: 568)
  • spcplink.exe (PID: 1516)
Registers / Runs the DLL via REGSVR32.EXE
  • SMPCSetup.exe (PID: 3664)
Starts NET.EXE for service management
  • SMPCSetup.exe (PID: 3664)
  • SMPCSetup.exe (PID: 2488)
Loads dropped or rewritten executable
  • regsvr32.exe (PID: 2176)
  • SMPCSetup.exe (PID: 2488)
  • SMPCSetup.exe (PID: 3664)
  • showmypc.exe (PID: 568)
Changes the autorun value in the registry
  • tvnserver.exe (PID: 4068)
Changes settings of System certificates
  • smpcview.exe (PID: 2296)
  • SMPCSetup.exe (PID: 3664)
Downloads executable files from the Internet
  • chrome.exe (PID: 3000)
Application launched itself
  • tvnserver.exe (PID: 3376)
  • SMPCSetup.exe (PID: 2488)
Adds / modifies Windows certificates
  • SMPCSetup.exe (PID: 3664)
  • smpcview.exe (PID: 2296)
Creates files in the user directory
  • SMPCSetup.exe (PID: 3664)
Reads Environment values
  • SMPCSetup.exe (PID: 3664)
  • SMPCSetup.exe (PID: 2488)
Reads internet explorer settings
  • SMPCSetup.exe (PID: 3664)
  • SMPCSetup.exe (PID: 2488)
Uses NETSH.EXE for network configuration
  • SMPCSetup.exe (PID: 2488)
  • SMPCSetup.exe (PID: 3664)
Reads Internet Cache Settings
  • SMPCSetup.exe (PID: 3664)
Executable content was dropped or overwritten
  • SMPCSetup.exe (PID: 3664)
  • showmypc.exe (PID: 568)
  • chrome.exe (PID: 3000)
Creates COM task schedule object
  • regsvr32.exe (PID: 2176)
Creates files in the program directory
  • SMPCSetup.exe (PID: 3664)
Reads settings of System Certificates
  • SMPCSetup.exe (PID: 3664)
  • smpcview.exe (PID: 2296)
  • SMPCSetup.exe (PID: 2488)
  • chrome.exe (PID: 3000)
Creates files in the user directory
  • chrome.exe (PID: 3000)
Changes settings of System certificates
  • chrome.exe (PID: 3000)
Application launched itself
  • chrome.exe (PID: 3000)
Reads Internet Cache Settings
  • chrome.exe (PID: 3000)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
105
Monitored processes
49
Malicious processes
6
Suspicious processes
1

Behavior graph

+
download and start start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs showmypc.exe smpcsetup.exe smpcsetup.exe net.exe no specs net1.exe no specs netsh.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs netsh.exe no specs regsvr32.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs spcplink.exe net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs tvnserver.exe net.exe no specs net1.exe no specs tvnserver.exe no specs chrome.exe no specs tvnserver.exe no specs smpcview.exe tvnserver.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3000
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://150.co.il/showmypc.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\showmypc.exe
c:\windows\system32\credssp.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll

PID
3724
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f3500b0,0x6f3500c0,0x6f3500cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2952
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3004 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2124
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D047695F52D4E5A856185BA6D38AF85B --mojo-platform-channel-handle=980 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2864
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --service-pipe-token=B9455384F4EF6E8F385C1B9E92958DF9 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=B9455384F4EF6E8F385C1B9E92958DF9 --renderer-client-id=4 --mojo-platform-channel-handle=1900 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3364
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --service-pipe-token=1C9CF2F27D76A879A500118763E4F912 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1C9CF2F27D76A879A500118763E4F912 --renderer-client-id=3 --mojo-platform-channel-handle=2096 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3216
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=464CF8C24B1BCE1CCE71D1253CBEF0B3 --mojo-platform-channel-handle=4012 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
568
CMD
"C:\Users\admin\Downloads\showmypc.exe"
Path
C:\Users\admin\Downloads\showmypc.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\showmypc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nspb20d.tmp\md5dll.dll
c:\users\admin\appdata\local\temp\nspb20d.tmp\system.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\smpcsetup.exe
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netutils.dll

PID
2488
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe
Indicators
Parent process
showmypc.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ShowMyPC
Description
ShowMyPC
Version
7.0.0.1
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc\smpcsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\xdmessaging.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\accessibility\44a4ab91e8e11c7cb95343e2d9ffe621\accessibility.ni.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\net.exe
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll

PID
3664
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe
Indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
ShowMyPC
Description
ShowMyPC
Version
7.0.0.1
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc\smpcsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\xdmessaging.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\accessibility\44a4ab91e8e11c7cb95343e2d9ffe621\accessibility.ni.dll
c:\windows\system32\credssp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mlang.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll
c:\windows\system32\jscript.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\interop.wodvpncomlib.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\wodvpn.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\spcplink.exe
c:\program files\showmypcservice\tvnserver.exe
c:\users\admin\appdata\local\temp\showmypc\-showmypc\tvnserver.exe
c:\users\admin\appdata\local\temp\showmypc\-showmypc\smpcview.exe

PID
3632
CMD
"C:\Windows\System32\net.exe" stop winvnc4
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\net1.exe

PID
3324
CMD
C:\Windows\system32\net1 stop winvnc4
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3400
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2192
CMD
"C:\Windows\System32\net.exe" stop uvnc_service
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
2700
CMD
C:\Windows\system32\net1 stop uvnc_service
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3048
CMD
"C:\Windows\System32\net.exe" stop tvnserver
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
2996
CMD
C:\Windows\system32\net1 stop tvnserver
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
2244
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2176
CMD
"C:\Windows\System32\regsvr32.exe" "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll" /s
Path
C:\Windows\System32\regsvr32.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc\wodvpn.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\ws2_32.dll

PID
3668
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe" "ShowMyPCAuto" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
1008
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe" "ShowMyPCAuto" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3040
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCAuto" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3988
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCAuto" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2672
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCAuto" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3248
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3744
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCAuto" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
1728
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2604
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe" "ShowMyPCtvnservertemp" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2580
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe" "ShowMyPCtvnservertemp" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3300
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCtvnservertemp" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3804
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCtvnservertemp" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3080
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCtvnservertemp" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3472
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCtvnservertemp" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
1516
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\spcplink.exe" -C -4 -ssh -2 -P 443 -N -R 18698:localhost:6900 -L 18699:download3.showmypc.com:80 -R 18702:localhost:18702 -smpi df7452852a7e [email protected]
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\spcplink.exe
Indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
ShowMyPC
Description
ShowMyPC
Version
Release 2509
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc\spcplink.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll

PID
3492
CMD
"C:\Windows\System32\net.exe" stop winvnc4
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
2900
CMD
C:\Windows\system32\net1 stop winvnc4
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3112
CMD
"C:\Windows\System32\net.exe" stop uvnc_service
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
1012
CMD
C:\Windows\system32\net1 stop uvnc_service
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
4048
CMD
"C:\Windows\System32\net.exe" stop tvnserver
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
2916
CMD
C:\Windows\system32\net1 stop tvnserver
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
4068
CMD
"C:\Program Files\ShowMyPCService\tvnserver.exe" -reinstall -silent
Path
C:\Program Files\ShowMyPCService\tvnserver.exe
Indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
GlavSoft LLC.
Description
TightVNC Server
Version
2, 8, 5, 0
Modules
Image
c:\program files\showmypcservice\tvnserver.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
4092
CMD
"C:\Windows\System32\net.exe" start tvnserver
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
2756
CMD
C:\Windows\system32\net1 start tvnserver
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3376
CMD
"C:\Program Files\ShowMyPCService\tvnserver.exe" -service
Path
C:\Program Files\ShowMyPCService\tvnserver.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
GlavSoft LLC.
Description
TightVNC Server
Version
2, 8, 5, 0
Modules
Image
c:\program files\showmypcservice\tvnserver.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\apphelp.dll

PID
2872
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=2203705B053A62241527CA8B830EECA3 --mojo-platform-channel-handle=2752 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3372
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe" -controlservice
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
GlavSoft LLC.
Description
TightVNC Server
Version
2, 8, 5, 0
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc\tvnserver.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll

PID
2296
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\smpcview.exe" smpcview.cfg
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\smpcview.exe
Indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
ShowMyPC
Description
ShowMyPC
Version
6.0.1.17
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc\smpcview.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorsec.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.web\da5da08245467818759aa44c4eb948e1\system.web.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll

PID
2324
CMD
"C:\Program Files\ShowMyPCService\tvnserver.exe" -desktopserver -logdir "C:\Windows\system32\config\systemprofile\AppData\Roaming\TightVNC" -loglevel 0 -shmemname Global\hfuranqntaqeycmbftfm
Path
C:\Program Files\ShowMyPCService\tvnserver.exe
Indicators
No indicators
Parent process
tvnserver.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
GlavSoft LLC.
Description
TightVNC Server
Version
2, 8, 5, 0
Modules
Image
c:\program files\showmypcservice\tvnserver.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll

PID
1168
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=51A7732C4E7F040A34A171274E68CDC0 --mojo-platform-channel-handle=796 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
3424
Read events
2399
Write events
1024
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3000
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194350855987625
3000
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307020001000B0009001B002E00360200000000
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Blob
030000000100000014000000B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47140000000100000014000000299160FF8A4DFAEBF9A66AB8CFF9E64BBD49CE12040000000100000010000000AA374CC00BED2E1EA691EF415B808FE10F00000001000000300000004805A7E23D6C8FF5E149F197B744BCB2346E73F19A48835A2F64129183981109256B75EA371A331746D01FD4E135AB6E190000000100000010000000B54FC222B2F6CB8E7643EB21269C363618000000010000001000000082218FFB91733E64136BE5719F57C3A12000000001000000E4050000308205E0308203C8A00302010202102E7C87CC0E934A52FE94FD1CB7CD34AF300D06092A864886F70D01010C0500308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F72697479301E170D3133303530393030303030305A170D3238303530383233353935395A307D310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312330210603550403131A434F4D4F444F2052534120436F6465205369676E696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100A69890637791347F8AD1DDE9673111EBCC1EFD311DB3B962573F93BC5BE39F1E243211276BBC5191A7CF9E9E25B35F81A8180F1D1E20300EFB617B8609B3E3FDA2689D1C2C9DBF72E3E475A0E535238EC98AEE1A0C64C7D842A17BB552034B3AB08E234B4B63E02294377BD579900A1418512CE6FEC112F01C3F61610A8CA2DCF6C330AACD28187548C1795A08CDBB8C558CF7D476903A33465073985CF4854A6B0F80DD5ED6BDFDA92FC025F5F978D78D5F10C244553C903C3146CB70AE07A90AE3AFC1016F901A23E25F38DBC6085D47B38341F02E003714B912AA799252CD870F7BD86229A47E30BD1BB58C72B448F2E3E821F95E4C62798B02069F7FD50B0203010001A38201513082014D301F0603551D23041830168014BBAF7E023DFAA6F13C848EADEE3898ECD93232D4301D0603551D0E04160414299160FF8A4DFAEBF9A66AB8CFF9E64BBD49CE12300E0603551D0F0101FF04040302018630120603551D130101FF040830060101FF02010030130603551D25040C300A06082B0601050507030330110603551D20040A300830060604551D2000304C0603551D1F044530433041A03FA03D863B687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F434F4D4F444F52534143657274696669636174696F6E417574686F726974792E63726C307106082B0601050507010104653063303B06082B06010505073002862F687474703A2F2F6372742E636F6D6F646F63612E636F6D2F434F4D4F444F525341416464547275737443412E637274302406082B060105050730018618687474703A2F2F6F6373702E636F6D6F646F63612E636F6D300D06092A864886F70D01010C05000382020100023F0239C3EEF8CA3B89DE0C6D4DB1F14E924FAFC2382C04CCC56311AB0963AFABA2D7023FCC6F19C33DD61A0894FF25D8A988A72B101AE09BB107221A511C3AD4E1E909BFE62474AF1E7B16316E23EF54512D5202E27508054CF1B751E15100C687F66CEE104476576AF1DF586B21AA49D47C374EBDFFB67554401836576711CD4F02E4FEF3DAFC7517DBECB7F7650923491F435783EA7E207761C84DF2BB654DA8F7854507AF7A6927659029408BDF7B3A51398CA81F7079AD6D4220A2CF0C6C038C4CCD730794E75A8E3A04BAA2A17C1FCB633A15A7D4151BA7524732A9F4BF6447D1AA1F534E323073C26FB778829D5CFF46BB6B221D880BF81BAA34A6FC8CF5DD7F658C8C315731D036EC47A1CFCB8BA8EF1C1858C50677CA4B9B51AF4C084A7A8FE2A352E28E8ECC26E4B2D8E538C2A8EDC6819C356BA958614A0A97B44B42B6559DBE99E7706D59F86D2A0C7F19605F0C9A886C30AC520990161BFF2B9DDBD020CA89EA287E328E19DF7B48331ED765F8AEC9F8831493767D64D08ECEBE357DFF72314D9F9EBD1E6C2FA88F0C0650FB8C27B376C9F4E6D7C334E28C87218661FEBF5574E12177030A686CBBE4C9A9E6CF5925EB7CEC450E796668E822CDB8EF98854D96113C098AD07FBC282813FB6ACA548D925CCDC26598069ECE485BD4B5379346417C07DDCFFA43EFBA6761FF7D49E0BB307D5C80E3E616394BA7
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Blob
030000000100000014000000F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0140000000100000014000000BBAF7E023DFAA6F13C848EADEE3898ECD93232D40400000001000000100000001EDAF9AE99CE2920667D0E9A8B3F8C9C0F00000001000000300000007CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D19000000010000001000000082218FFB91733E64136BE5719F57C3A118000000010000001000000045ED9BBC5E43D3B9ECD63C060DB78E5C200000000100000078050000308205743082045CA00302010202102766EE56EB49F38EABD770A2FC84DE22300D06092A864886F70D01010C0500306F310B300906035504061302534531143012060355040A130B416464547275737420414231263024060355040B131D41646454727573742045787465726E616C20545450204E6574776F726B312230200603550403131941646454727573742045787465726E616C20434120526F6F74301E170D3030303533303130343833385A170D3230303533303130343833385A308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010091E85492D20A56B1AC0D24DDC5CF446774992B37A37D23700071BC53DFC4FA2A128F4B7F1056BD9F7072B7617FC94B0F17A73DE3B00461EEFF1197C7F4863E0AFA3E5CF993E6347AD9146BE79CB385A0827A76AF7190D7ECFD0DFA9C6CFADFB082F4147EF9BEC4A62F4F7F997FB5FC674372BD0C00D689EB6B2CD3ED8F981C14AB7EE5E36EFCD8A8E49224DA436B62B855FDEAC1BC6CB68BF30E8D9AE49B6C6999F878483045D5ADE10D3C4560FC32965127BC67C3CA2EB66BEA46C7C720A0B11F65DE4808BAA44EA9F283463784EBE8CC814843674E722A9B5CBD4C1B288A5C227BB4AB98D9EEE05183C309464E6D3E99FA9517DA7C3357413C8D51ED0BB65CAF2C631ADF57C83FBCE95DC49BAF4599E2A35A24B4BAA9563DCF6FAAFF4958BEF0A8FFF4B8ADE937FBBAB8F40B3AF9E843421E89D884CB13F1D9BBE18960B88C2856AC141D9C0AE771EBCF0EDD3DA996A148BD3CF7AFB50D224CC01181EC563BF6D3A2E25BB7B204225295809369E88E4C65F191032D707402EA8B671529695202BBD7DF506A5546BFA0A328617F70D0C3A2AA2C21AA47CE289C064576BF821827B4D5AEB4CB50E66BF44C867130E9A6DF1686E0D8FF40DDFBD042887FA3333A2E5C1E41118163CE18716B2BECA68AB7315C3A6A47E0C37959D6201AAFF26A98AA72BC574AD24B9DBB10FCB04C41E5ED1D3D5E289D9CCCBFB351DAA747E584530203010001A381F43081F1301F0603551D23041830168014ADBD987A34B426F7FAC42654EF03BDE024CB541A301D0603551D0E04160414BBAF7E023DFAA6F13C848EADEE3898ECD93232D4300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF30110603551D20040A300830060604551D200030440603551D1F043D303B3039A037A0358633687474703A2F2F63726C2E7573657274727573742E636F6D2F416464547275737445787465726E616C4341526F6F742E63726C303506082B0601050507010104293027302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C0500038201010064BF83F15F9A85D0CDB8A129570DE85AF7D1E93EF276046EF15270BB1E3CFF4D0D746ACC818225D3C3A02A5D4CF5BA8BA16DC4540975C7E3270E5D847937401377F5B4AC1CD03BAB1712D6EF34187E2BE979D3AB57450CAF28FAD0DBE5509588BBDF8557697D92D852CA7381BF1CF3E6B86E661105B31E942D7F91959259F14CCEA391714C7C470C3B0B19F6A1B16C863E5CAAC42E82CBF90796BA484D90F294C8A973A2EB067B239DDEA2F34D559F7A6145981868C75E406B23F5797AEF8CB56B8BB76F46F47BF13D4B04D89380595AE041241DB28F15605847DBEF6E46FD15F5D95F9AB3DBD8B8E440B3CD9739AE85BB1D8EBCDC879BD1A6EFF13B6F10386F
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
C40AAD3BECC1D401
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2952
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3000-13194350855050125
259
568
showmypc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
568
showmypc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2488
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2488
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2488
SMPCSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
EnableFileTracing
0
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
EnableConsoleTracing
0
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
FileTracingMask
4294901760
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
ConsoleTracingMask
4294901760
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
MaxFileSize
1048576
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
FileDirectory
%windir%\tracing
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
EnableFileTracing
0
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
EnableConsoleTracing
0
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
FileTracingMask
4294901760
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
ConsoleTracingMask
4294901760
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
MaxFileSize
1048576
2488
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
FileDirectory
%windir%\tracing
2488
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2488
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3664
SMPCSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
SmpcTest
12816
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePrefix
DOMStore
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheLimit
1000
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheOptions
8
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheRepair
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
24
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\showmypc.com
24
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
49
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\showmypc.com
49
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\TightVNC\Server
FileTransferEnabled
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\TightVNC\Server
EnableFileTransfers
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\TightVNC\Server
BlockRemoteInput
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\TightVNC\Server
BlockLocalInput
0
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
FileTransferEnabled
0
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
EnableFileTransfers
0
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
BlockRemoteInput
0
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
BlockLocalInput
0
3664
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\ORL\WinVNC3
InputsEnabled
1
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
RfbPort
6900
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
Password
F2D150744D013878
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
AllowLoopback
1
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
AlwaysShared
1
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
PollingInterval
300
3664
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
RunControLInterface
1
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
3400
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
2244
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom.1
wodVPNCom Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom.1\CLSID
{459C65ED-AA9C-4CF1-9A24-7685505F919A}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom
wodVPNCom Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom\CLSID
{459C65ED-AA9C-4CF1-9A24-7685505F919A}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom\CurVer
WeOnlyDo.wodVPNCom.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}
wodVPNCom Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\ProgID
WeOnlyDo.wodVPNCom.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\VersionIndependentProgID
WeOnlyDo.wodVPNCom
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\InprocServer32
ThreadingModel
Apartment
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels.1
VPNChannels Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels.1\CLSID
{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels
VPNChannels Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels\CLSID
{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}
VPNChannels Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\ProgID
WeOnlyDo.VPNChannels.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\VersionIndependentProgID
WeOnlyDo.VPNChannels
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel.1
VPNChannel Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel.1\CLSID
{15DD3BF6-5A11-4407-8399-A19AC10C65D0}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel
VPNChannel Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel\CLSID
{15DD3BF6-5A11-4407-8399-A19AC10C65D0}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}
VPNChannel Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\ProgID
WeOnlyDo.VPNChannel.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\VersionIndependentProgID
WeOnlyDo.VPNChannel
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser.1
VPNUser Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser.1\CLSID
{7E092B5C-795B-46BC-886A-DFFBBBC9A117}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser
VPNUser Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser\CLSID
{7E092B5C-795B-46BC-886A-DFFBBBC9A117}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}
VPNUser Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\ProgID
WeOnlyDo.VPNUser.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\VersionIndependentProgID
WeOnlyDo.VPNUser
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers.1
VPNUsers Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers.1\CLSID
{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers
VPNUsers Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers\CLSID
{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}
VPNUsers Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\ProgID
WeOnlyDo.VPNUsers.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\VersionIndependentProgID
WeOnlyDo.VPNUsers
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay.1
VPNRelay Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay.1\CLSID
{3C198C98-0E27-40E4-972C-FDC656EC30D7}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay
VPNRelay Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay\CLSID
{3C198C98-0E27-40E4-972C-FDC656EC30D7}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}
VPNRelay Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\ProgID
WeOnlyDo.VPNRelay.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\VersionIndependentProgID
WeOnlyDo.VPNRelay
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays.1
VPNRelays Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays.1\CLSID
{B0B8CDD6-8AAA-4426-82E9-9455140124A1}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays
VPNRelays Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays\CLSID
{B0B8CDD6-8AAA-4426-82E9-9455140124A1}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}
VPNRelays Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\ProgID
WeOnlyDo.VPNRelays.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\VersionIndependentProgID
WeOnlyDo.VPNRelays
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator.1
VPNMediator Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator.1\CLSID
{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator
VPNMediator Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator\CLSID
{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}
VPNMediator Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\ProgID
WeOnlyDo.VPNMediator.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\VersionIndependentProgID
WeOnlyDo.VPNMediator
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces.1
VPNInterfaces Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces.1\CLSID
{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces
VPNInterfaces Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces\CLSID
{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}
VPNInterfaces Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\ProgID
WeOnlyDo.VPNInterfaces.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\VersionIndependentProgID
WeOnlyDo.VPNInterfaces
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface.1
VPNInterface Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface.1\CLSID
{09DF1DCA-C076-498A-8370-AD6F878B6C6A}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface
VPNInterface Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface\CLSID
{09DF1DCA-C076-498A-8370-AD6F878B6C6A}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}
VPNInterface Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\ProgID
WeOnlyDo.VPNInterface.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\VersionIndependentProgID
WeOnlyDo.VPNInterface
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler.1
TCPHandler Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler.1\CLSID
{9D101D9C-18CC-4E78-8D78-389E48478FCA}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler
TCPHandler Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler\CLSID
{9D101D9C-18CC-4E78-8D78-389E48478FCA}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}
TCPHandler Class
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\ProgID
WeOnlyDo.TCPHandler.1
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\VersionIndependentProgID
WeOnlyDo.TCPHandler
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\InprocServer32
ThreadingModel
both
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0
WeOnlyDo! COM VPN Component
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0\FLAGS
0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0\0\win32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}
_IwodVPNComEvents
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}
IVPNChannel
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}
IVPNUsers
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}
IVPNUser
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}
IVPNRelay
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}
IVPNChannels
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}
IVPNRelays
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}
IVPNMediator
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}
IVPNInterfaces
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}
IVPNInterface
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}
ITCPHandler
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}
IwodVPNCom
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\TypeLib
Version
1.0
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}
IwodVPNNotify
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
2176
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\TypeLib
Version
1.0
3668
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1008
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3040
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3988
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2672
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3248
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3744
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1728
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2604
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2580
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3300
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3804
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3080
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3472
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4068
tvnserver.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
tvncontrol
"C:\Program Files\ShowMyPCService\tvnserver.exe" -controlservice -slave
3376
tvnserver.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\tvnserver
CategoryCount
0
3376
tvnserver.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\tvnserver
CategoryMessageFile
C:\Program Files\ShowMyPCService\tvnserver.exe
3376
tvnserver.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\tvnserver
EventMessageFile
C:\Program Files\ShowMyPCService\tvnserver.exe
3376
tvnserver.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\tvnserver
ParameterMessageFile
C:\Program Files\ShowMyPCService\tvnserver.exe
3376
tvnserver.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\tvnserver
TypesSupported
7
2872
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2296
smpcview.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASAPI32
EnableFileTracing
0
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASAPI32
EnableConsoleTracing
0
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASAPI32
FileTracingMask
4294901760
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASAPI32
ConsoleTracingMask
4294901760
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASAPI32
MaxFileSize
1048576
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASAPI32
FileDirectory
%windir%\tracing
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASMANCS
EnableFileTracing
0
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASMANCS
EnableConsoleTracing
0
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASMANCS
FileTracingMask
4294901760
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASMANCS
ConsoleTracingMask
4294901760
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASMANCS
MaxFileSize
1048576
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\smpcview_RASMANCS
FileDirectory
%windir%\tracing
2296
smpcview.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Blob
03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B814000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE04000000010000001000000096C25031BC0DC35CFBA723731E1B41400F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF5618000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
2296
smpcview.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Blob
14000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF560F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1204000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B82000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
2296
smpcview.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Blob
04000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B80F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A12190000000100000010000000CE63BDC595635C1C37B040B4E554BF5618000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE2000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
2296
smpcview.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Blob
0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE18000000010000001000000021D008B47B7A2A81C8435903DED424C9190000000100000010000000CE63BDC595635C1C37B040B4E554BF5603000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B41402000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
2296
smpcview.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Blob
190000000100000010000000CE63BDC595635C1C37B040B4E554BF5604000000010000001000000096C25031BC0DC35CFBA723731E1B414003000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B818000000010000001000000021D008B47B7A2A81C8435903DED424C914000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE0F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A122000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
2296
smpcview.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Blob
18000000010000001000000021D008B47B7A2A81C8435903DED424C90F0000000100000020000000F9FF37F02E632CB7387025C07E57908A3D371B7C95D8CDD0390DE231ED943A1214000000010000001400000040C2BD278ECC348330A233D7FB6CB3F0B42C80CE03000000010000001400000027AC9369FAF25207BB2627CEFACCBE4EF9C319B804000000010000001000000096C25031BC0DC35CFBA723731E1B4140190000000100000010000000CE63BDC595635C1C37B040B4E554BF562000000001000000D4040000308204D0308203B8A003020102020107300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3131303530333037303030305A170D3331303530333037303030305A3081B4310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E312D302B060355040B1324687474703A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F313330310603550403132A476F2044616464792053656375726520436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100B9E0CB10D4AF76BDD49362EB3064B881086CC304D962178E2FFF3E65CF8FCE62E63C521CDA16454B55AB786B63836290CE0F696C99C81A148B4CCC4533EA88DC9EA3AF2BFE80619D7957C4CF2EF43F303C5D47FC9A16BCC3379641518E114B54F828BED08CBEF030381EF3B026F86647636DDE7126478F384753D1461DB4E3DC00EA45ACBDBC71D9AA6F00DBDBCD303A794F5F4C47F81DEF5BC2C49D603BB1B24391D8A4334EEAB3D6274FAD258AA5C6F4D5D0A6AE7405645788B54455D42D2A3A3EF8B8BDE9320A029464C4163A50F14AAEE77933AF0C20077FE8DF0439C269026C6352FA77C11BC87487C8B993185054354B694EBC3BD3492E1FDCC1D252FB0203010001A382011A30820116300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E0416041440C2BD278ECC348330A233D7FB6CB3F0B42C80CE301F0603551D230418301680143A9A8507106728B6EFF6BD05416E20C194DA0FDE303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F30350603551D1F042E302C302AA028A0268624687474703A2F2F63726C2E676F64616464792E636F6D2F6764726F6F742D67322E63726C30460603551D20043F303D303B0604551D20003033303106082B06010505070201162568747470733A2F2F63657274732E676F64616464792E636F6D2F7265706F7369746F72792F300D06092A864886F70D01010B05000382010100087E6C9310C838B896A9904BFFA15F4F04EF6C3E9C8806C9508FA673F757311BBEBCE42FDBF8BAD35BE0B4E7E679620E0CA2D76A637331B5F5A848A43B082DA25D90D7B47C254F115630C4B6449D7B2C9DE55EE6EF0C61AABFE42A1BEE849EB8837DC143CE44A713700D911FF4C813AD8360D9D872A873241EB5AC220ECA17896258441BAB892501000FCDC41B62DB51B4D30F512A9BF4BC73FC76CE36A4CDD9D82CEAAE9BF52AB290D14D75188A3F8A4190237D5B4BFEA403589B46B2C3606083F87D5041CEC2A190C3BBEF022FD21554EE4415D90AAEA78A33EDB12D763626DC04EB9FF7611F15DC876FEE469628ADA1267D0A09A72E04A38DBCF8BC043001
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B
Blob
0F00000001000000200000003560E45B41E46B8F36537025D1D5BC02D9652A10645B0EFF69E8B6A52191F335090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B06010505070308060A2B0601040182370A030406082B0601050507030606082B060105050703070B000000010000005200000047006F00200044006100640064007900200052006F006F007400200043006500720074006900660069006300610074006500200041007500740068006F00720069007400790020001320200047003200000053000000010000002500000030233021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C062000000010000002000000045140B3247EB9CC8C5B4F0D7B53091F73292089E6E5A63E2749DD3ACA9198EDA1400000001000000140000003A9A8507106728B6EFF6BD05416E20C194DA0FDE1D000000010000001000000070253FBCBDE32A014D38C1993098AD9903000000010000001400000047BEABC922EAE80E78783462A79F45C254FDE68B2000000001000000C9030000308203C5308202ADA003020102020100300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3039303930313030303030305A170D3337313233313233353935395A308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BF716208F1FA5934F71BC918A3F7804958E9228313A6C52043013B84F1E685499F27EAF6841B4EA0B4DB7098C73201B1053E074EEEF4FA4F2F593022E7AB19566BE28007FCF316758039517BE5F935B6744EA98D8213E4B63FA90383FAA2BE8A156A7FDE0BC3B6191405CAEAC3A804943B467C320DF3006622C88D696D368C1118B7D3B21C60B438FA028CCED3DD4607DE0A3EEB5D7CC87CFBB02B53A4926269512505611A44818C2CA9439623DFAC3A819A0E29C51CA9E95D1EB69E9E300A39CEF18880FB4B5DCC32EC85624325340256270191B43B702A3F6EB1E89C88017D9FD4F9DB536D609DBF2CE758ABB85F46FCCEC41B033C09EB49315C6946B3E0470203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604143A9A8507106728B6EFF6BD05416E20C194DA0FDE300D06092A864886F70D01010B0500038201010099DB5D79D5F99759670361F17E3B0631752DA1208E4F6587B4F7A69CBCD8E92FD0DB5AEECF748C73B43842DA057BF80275B8FDA5B1D7AEF6D7DE13CB53107E8A46D197FAB72E2B11AB90B02780F9E89F5AE9379FABE4DF6CB385179D3DD9244F799135D65F04EB8083AB9A022DB510F4D890C7047340ED7225A0A99FEC9EAB68129957C68F123A09A4BD44FD061537C19BE432A3ED38E8D864F32C7E14FC02EA9FCDFF076817DB2290382D7A8DD154F169E35F33CA7A3D7B0AE3CA7F5F39E5E275BAC5761833CE2CF02F4CADF7B1E7CE4FA8C49B4A5406C57F7DD5080FE21CFE7E17B8AC5EF6D416B243090C4DF6A76BB4998465CA7A88E2E244BE5CF7EA1CF5
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B
Blob
19000000010000001000000021D008B47B7A2A81C8435903DED424C903000000010000001400000047BEABC922EAE80E78783462A79F45C254FDE68B1D000000010000001000000070253FBCBDE32A014D38C1993098AD991400000001000000140000003A9A8507106728B6EFF6BD05416E20C194DA0FDE62000000010000002000000045140B3247EB9CC8C5B4F0D7B53091F73292089E6E5A63E2749DD3ACA9198EDA53000000010000002500000030233021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C00B000000010000005200000047006F00200044006100640064007900200052006F006F007400200043006500720074006900660069006300610074006500200041007500740068006F007200690074007900200013202000470032000000090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B06010505070308060A2B0601040182370A030406082B0601050507030606082B060105050703070F00000001000000200000003560E45B41E46B8F36537025D1D5BC02D9652A10645B0EFF69E8B6A52191F3352000000001000000C9030000308203C5308202ADA003020102020100300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3039303930313030303030305A170D3337313233313233353935395A308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BF716208F1FA5934F71BC918A3F7804958E9228313A6C52043013B84F1E685499F27EAF6841B4EA0B4DB7098C73201B1053E074EEEF4FA4F2F593022E7AB19566BE28007FCF316758039517BE5F935B6744EA98D8213E4B63FA90383FAA2BE8A156A7FDE0BC3B6191405CAEAC3A804943B467C320DF3006622C88D696D368C1118B7D3B21C60B438FA028CCED3DD4607DE0A3EEB5D7CC87CFBB02B53A4926269512505611A44818C2CA9439623DFAC3A819A0E29C51CA9E95D1EB69E9E300A39CEF18880FB4B5DCC32EC85624325340256270191B43B702A3F6EB1E89C88017D9FD4F9DB536D609DBF2CE758ABB85F46FCCEC41B033C09EB49315C6946B3E0470203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604143A9A8507106728B6EFF6BD05416E20C194DA0FDE300D06092A864886F70D01010B0500038201010099DB5D79D5F99759670361F17E3B0631752DA1208E4F6587B4F7A69CBCD8E92FD0DB5AEECF748C73B43842DA057BF80275B8FDA5B1D7AEF6D7DE13CB53107E8A46D197FAB72E2B11AB90B02780F9E89F5AE9379FABE4DF6CB385179D3DD9244F799135D65F04EB8083AB9A022DB510F4D890C7047340ED7225A0A99FEC9EAB68129957C68F123A09A4BD44FD061537C19BE432A3ED38E8D864F32C7E14FC02EA9FCDFF076817DB2290382D7A8DD154F169E35F33CA7A3D7B0AE3CA7F5F39E5E275BAC5761833CE2CF02F4CADF7B1E7CE4FA8C49B4A5406C57F7DD5080FE21CFE7E17B8AC5EF6D416B243090C4DF6A76BB4998465CA7A88E2E244BE5CF7EA1CF5
2296
smpcview.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B
Blob
040000000100000010000000803ABC22C1E6FB8D9B3B274A321B9A010F00000001000000200000003560E45B41E46B8F36537025D1D5BC02D9652A10645B0EFF69E8B6A52191F335090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B06010505070308060A2B0601040182370A030406082B0601050507030606082B060105050703070B000000010000005200000047006F00200044006100640064007900200052006F006F007400200043006500720074006900660069006300610074006500200041007500740068006F00720069007400790020001320200047003200000053000000010000002500000030233021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C062000000010000002000000045140B3247EB9CC8C5B4F0D7B53091F73292089E6E5A63E2749DD3ACA9198EDA1400000001000000140000003A9A8507106728B6EFF6BD05416E20C194DA0FDE1D000000010000001000000070253FBCBDE32A014D38C1993098AD9903000000010000001400000047BEABC922EAE80E78783462A79F45C254FDE68B19000000010000001000000021D008B47B7A2A81C8435903DED424C92000000001000000C9030000308203C5308202ADA003020102020100300D06092A864886F70D01010B0500308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D204732301E170D3039303930313030303030305A170D3337313233313233353935395A308183310B30090603550406130255533110300E060355040813074172697A6F6E61311330110603550407130A53636F74747364616C65311A3018060355040A1311476F44616464792E636F6D2C20496E632E3131302F06035504031328476F20446164647920526F6F7420436572746966696361746520417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BF716208F1FA5934F71BC918A3F7804958E9228313A6C52043013B84F1E685499F27EAF6841B4EA0B4DB7098C73201B1053E074EEEF4FA4F2F593022E7AB19566BE28007FCF316758039517BE5F935B6744EA98D8213E4B63FA90383FAA2BE8A156A7FDE0BC3B6191405CAEAC3A804943B467C320DF3006622C88D696D368C1118B7D3B21C60B438FA028CCED3DD4607DE0A3EEB5D7CC87CFBB02B53A4926269512505611A44818C2CA9439623DFAC3A819A0E29C51CA9E95D1EB69E9E300A39CEF18880FB4B5DCC32EC85624325340256270191B43B702A3F6EB1E89C88017D9FD4F9DB536D609DBF2CE758ABB85F46FCCEC41B033C09EB49315C6946B3E0470203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604143A9A8507106728B6EFF6BD05416E20C194DA0FDE300D06092A864886F70D01010B0500038201010099DB5D79D5F99759670361F17E3B0631752DA1208E4F6587B4F7A69CBCD8E92FD0DB5AEECF748C73B43842DA057BF80275B8FDA5B1D7AEF6D7DE13CB53107E8A46D197FAB72E2B11AB90B02780F9E89F5AE9379FABE4DF6CB385179D3DD9244F799135D65F04EB8083AB9A022DB510F4D890C7047340ED7225A0A99FEC9EAB68129957C68F123A09A4BD44FD061537C19BE432A3ED38E8D864F32C7E14FC02EA9FCDFF076817DB2290382D7A8DD154F169E35F33CA7A3D7B0AE3CA7F5F39E5E275BAC5761833CE2CF02F4CADF7B1E7CE4FA8C49B4A5406C57F7DD5080FE21CFE7E17B8AC5EF6D416B243090C4DF6A76BB4998465CA7A88E2E244BE5CF7EA1CF5

Files activity

Executable files
20
Suspicious files
54
Text files
101
Unknown types
11

Dropped files

PID
Process
Filename
Type
3000
chrome.exe
C:\Users\admin\Downloads\showmypc.exe
executable
MD5: f679765a90a55507191083244a27f79e
SHA256: 1407fe497c2f46b9134d5e8e7da3011ea9c3fcf5ecf9d015b55480547efe5c34
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\sas.dll
executable
MD5: 60c3820c4f56c77e3e8bece9d7a51842
SHA256: c2904b2822b3c1b003a72f84d42ffbfdefd253f322c99b77cf8a950f37c716e6
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\tvnserver.exe
executable
MD5: 213b6a40435cd04c1d917e1ea4207797
SHA256: e476f355f14065897a7d0f62a077929b2432506e72eb2d4a0694f2b9b58f8fe2
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\smvnview.exe
executable
MD5: 410255d4814ad933e787018332ed001e
SHA256: 12b85a2b855696c62f960a664af9cf27eab0c0db50748a9df69848835d0845e9
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\spcplink.exe
executable
MD5: 6976795457400d3fff2460dad46aed4e
SHA256: d1579d15781ee471075891c6d693c821bb33ebda2af063be7899da647683c091
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\screenhooks.dll
executable
MD5: 362ba3b724eb94eef488f6865d1b54e6
SHA256: c92512c7d0319fff8d773558e5a2ac77ebbd74452f03482ab3b68b782ad161ce
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\smpcview.exe
executable
MD5: eefa3b39cf14a5677b350c04ea2c2956
SHA256: 4221571d8da8d217a1bb0754e5fdb3bab1ea49820da4811b7ca93a8a7d80b00d
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\nspB20D.tmp\System.dll
executable
MD5: 56a321bd011112ec5d8a32b2f6fd3231
SHA256: bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
3664
SMPCSetup.exe
C:\Program Files\ShowMyPCService\screenhooks.dll
executable
MD5: 362ba3b724eb94eef488f6865d1b54e6
SHA256: c92512c7d0319fff8d773558e5a2ac77ebbd74452f03482ab3b68b782ad161ce
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\smpcvc.exe
executable
MD5: 0ceb92bc938674df03d1ad51f8ece6e1
SHA256: 07afdc7bf69ed49391b52e15ac08fcae5744af1d19207251d4c8e14d7b4ab5cf
3664
SMPCSetup.exe
C:\Program Files\ShowMyPCService\sas.dll
executable
MD5: 60c3820c4f56c77e3e8bece9d7a51842
SHA256: c2904b2822b3c1b003a72f84d42ffbfdefd253f322c99b77cf8a950f37c716e6
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\smwg.exe
executable
MD5: 3495a488908e69ff4aa941bbadafb1d8
SHA256: edc196a33ef2ad79a927579a1890ef08de8fb5f80e31a0561d2f725ddc602441
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\nspB20D.tmp\md5dll.dll
executable
MD5: 7059f133ea2316b9e7e39094a52a8c34
SHA256: 32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\XDMessaging.dll
executable
MD5: e468eb5116950f766dc30198d10737f2
SHA256: d32a62c1ba93d25731a55e9f8f0e182fa86c64c2db0c1bdee3c186a0e766fb0e
3664
SMPCSetup.exe
C:\Program Files\ShowMyPCService\tvnserver.exe
executable
MD5: 213b6a40435cd04c1d917e1ea4207797
SHA256: e476f355f14065897a7d0f62a077929b2432506e72eb2d4a0694f2b9b58f8fe2
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\DiffieHellman.dll
executable
MD5: 234b9052ad2010604bcae98c39672888
SHA256: ec0a21d25d627fb48d8ce3045f2cc0750e828c935106b7869c0ab6af9fde6328
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\wodVPN.dll
executable
MD5: 496123666f3871ab793fc03c3f838649
SHA256: fadb708757fd256ca47e2da03a4187920c597afc682319ca21a0fc843b7784f0
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\Org.Mentalis.Security.dll
executable
MD5: 9353734293fb3f871f50a97a76fa9f9f
SHA256: 31023504169f50d7ac3aabc89ff77392ef0d792d6d0235212d9be2ae2f6b7fc1
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\Interop.WODVPNCOMLib.dll
executable
MD5: e89091fa6cec6cb16ba9e1cfbd14787b
SHA256: c622e113ef7f3f02aa93f31e35358ded5995da4cadfc1e21bef3f0f86dbf477c
568
showmypc.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-showmypc\SMPCSetup.exe
executable
MD5: cd0b2a80f45c9886e01c3538556595f3
SHA256: baf4f78cf901fee556264456071b58b792a374c396e0d99d7a34fa5cbfda3c09
3664
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\jquery-1.11.2.min[1].js
text
MD5: 5790ead7ad3ba27397aedfa3d263b867
SHA256: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2E66.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2E78.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Cab2E77.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: bb377df27a55c05bb3793cd1e125c869
SHA256: 3c4ec495f17d21cc236bc7238bc02728bd945c07157fbf875cac340269afc207
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Cab2E65.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2E16.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Cab2E15.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2DF3.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2E05.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Cab2E04.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Cab2DF2.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2DE1.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Cab2DD1.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2D22.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\Local\Temp\Tar2D24.tmp
––
MD5:  ––
SHA256:  ––
2296
smpcview.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A4B782275DC1682E4DC39E697A49B151