General Info

File name

FreeCommanderPortable_2009.02b.paf.exe

Full analysis
https://app.any.run/tasks/76276656-05bd-4a4d-8aba-668bd989ef1e
Verdict
Malicious activity
Analysis date
8/13/2019, 15:19:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

08d4d0d14385cd6827f7887f5f191e47

SHA1

8d67013febb7cbd3657e2f7937f4b24377e5bc5b

SHA256

826b6217a5616f9b5fdfcae63bab187039de32444e7a47901547aace75213463

SSDEEP

49152:KVBTD6qGTdprmVI5LzKXkF9/lpAPXsCI4uFB92WswWzLtKICQ/jmlxyLPj55zb:KV56qGTdprPICOsPVGWsgIrjmlAL77

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • FreeCommanderPortable.exe (PID: 2380)
  • FreeCommanderPortable_2009.02b.paf.exe (PID: 1700)
  • SearchProtocolHost.exe (PID: 592)
Application was dropped or rewritten from another process
  • FreeCommander.exe (PID: 2104)
  • FreeCommanderPortable.exe (PID: 2380)
Uses RUNDLL32.EXE to load library
  • FreeCommander.exe (PID: 2104)
Executable content was dropped or overwritten
  • FreeCommanderPortable.exe (PID: 2380)
  • FreeCommanderPortable_2009.02b.paf.exe (PID: 1700)
Manual execution by user
  • FreeCommanderPortable.exe (PID: 2380)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2010:04:10 14:19:31+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
25600
InitializedDataSize:
431104
UninitializedDataSize:
16896
EntryPoint:
0x354b
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
2009.2.0.417
ProductVersionNumber:
2009.2.0.417
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
For additional details, visit PortableApps.com
CompanyName:
PortableApps.com
FileDescription:
FreeCommander 2009 Portable
FileVersion:
2009.2.0.417
InternalName:
FreeCommander 2009 Portable
LegalCopyright:
PortableApps.com Installer Copyright 2007-2010 PortableApps.com.
LegalTrademarks:
PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFileName:
FreeCommanderPortable_2009.02b.paf.exe
PortableAppscomAppID:
FreeCommanderPortable
PortableAppscomFormatVersion:
2
PortableAppscomInstallerVersion:
2.0.4.0
ProductName:
FreeCommander 2009 Portable
ProductVersion:
2009.2.0.417
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
10-Apr-2010 12:19:31
Detected languages
English - United States
Comments:
For additional details, visit PortableApps.com
CompanyName:
PortableApps.com
FileDescription:
FreeCommander 2009 Portable
FileVersion:
2009.2.0.417
InternalName:
FreeCommander 2009 Portable
LegalCopyright:
PortableApps.com Installer Copyright 2007-2010 PortableApps.com.
LegalTrademarks:
PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFilename:
FreeCommanderPortable_2009.02b.paf.exe
PortableApps.comAppID:
FreeCommanderPortable
PortableApps.comFormatVersion:
2.0
PortableApps.comInstallerVersion:
2.0.4.0
ProductName:
FreeCommander 2009 Portable
ProductVersion:
2009.2.0.417
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
10-Apr-2010 12:19:31
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000063A2 0x00006400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.48045
.rdata 0x00008000 0x000018F2 0x00001A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.88829
.data 0x0000A000 0x0006669C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.42988
.ndata 0x00071000 0x000B5000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00126000 0x0001AFC0 0x0001B000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.17197
Resources
1

2

3

4

5

6

7

103

105

106

109

111

203

205

206

209

211

303

305

306

309

311

403

405

406

409

411

503

505

506

509

511

603

605

606

609

611

703

705

706

709

711

803

805

806

809

811

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
41
Monitored processes
6
Malicious processes
2
Suspicious processes
1

Behavior graph

+
start freecommanderportable_2009.02b.paf.exe searchprotocolhost.exe no specs freecommanderportable.exe freecommander.exe notepad.exe no specs rundll32.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
592
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\freecommanderportable\app\freecommander\unrar.dll
c:\windows\system32\notepad.exe
c:\users\admin\desktop\freecommanderportable\app\freecommander\freecommander.exe
c:\users\admin\desktop\freecommanderportable\app\freecommander\fccontextmenu64.exe
c:\users\admin\desktop\freecommanderportable\app\freecommander\fcicons.dll
c:\users\admin\desktop\freecommanderportable\app\freecommander\delzip179.dll
c:\windows\system32\ieframe.dll
c:\users\admin\desktop\freecommanderportable\freecommanderportable.exe
c:\windows\system32\netutils.dll

PID
1700
CMD
"C:\Users\admin\AppData\Local\Temp\FreeCommanderPortable_2009.02b.paf.exe"
Path
C:\Users\admin\AppData\Local\Temp\FreeCommanderPortable_2009.02b.paf.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
PortableApps.com
Description
FreeCommander 2009 Portable
Version
2009.2.0.417
Modules
Image
c:\users\admin\appdata\local\temp\freecommanderportable_2009.02b.paf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsud7fc.tmp\langdll.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nsud7fc.tmp\system.dll
c:\users\admin\appdata\local\temp\nsud7fc.tmp\findprocdll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsud7fc.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\networkexplorer.dll
c:\users\admin\appdata\local\temp\nsud7fc.tmp\w7tbp.dll

PID
2380
CMD
"C:\Users\admin\Desktop\FreeCommanderPortable\FreeCommanderPortable.exe"
Path
C:\Users\admin\Desktop\FreeCommanderPortable\FreeCommanderPortable.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Marek Jasinski & contributors
Description
FreeCommander 2009 Portable
Version
2009.2.0.417
Modules
Image
c:\users\admin\desktop\freecommanderportable\freecommanderportable.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nse56df.tmp\findprocdll.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nse56df.tmp\newadvsplash.dll
c:\windows\system32\winmm.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\users\admin\desktop\freecommanderportable\app\freecommander\freecommander.exe
c:\windows\system32\mssprxy.dll

PID
2104
CMD
"C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FreeCommander.exe" -i="C:\Users\admin\Desktop\FreeCommanderPortable\Data\settings\FreeCommander.ini"
Path
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FreeCommander.exe
Indicators
Parent process
FreeCommanderPortable.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Marek Jasinski - www.FreeCommander.com
Description
Freeware file manager for windows
Version
2009.2.0.417
Modules
Image
c:\users\admin\desktop\freecommanderportable\app\freecommander\freecommander.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\acppage.dll
c:\windows\system32\twext.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\userenv.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\windows\system32\linkinfo.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wfs.exe
c:\windows\system32\wfsr.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\notepad.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\rundll32.exe
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\hhctrl.ocx

PID
364
CMD
"C:\Windows\System32\NOTEPAD.EXE" C:\autoexec.bat
Path
C:\Windows\System32\NOTEPAD.EXE
Indicators
No indicators
Parent process
FreeCommander.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

PID
2736
CMD
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Program Files\Windows Sidebar\sbdrop.dll
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
FreeCommander.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
1364
Read events
1328
Write events
36
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
592
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
592
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
592
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
@C:\Windows\System32\ieframe.dll,-912
HTML Document
1700
FreeCommanderPortable_2009.02b.paf.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
1700
FreeCommanderPortable_2009.02b.paf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Browse For Folder Width
318
1700
FreeCommanderPortable_2009.02b.paf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Browse For Folder Height
288
2380
FreeCommanderPortable.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2380
FreeCommanderPortable.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2104
FreeCommander.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2104
FreeCommander.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@C:\Windows\System32\acppage.dll,-6002
Windows Batch File
2104
FreeCommander.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2104
FreeCommander.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2104
FreeCommander.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
364
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosX
110
364
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosY
110
364
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDX
960
364
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDY
501

Files activity

Executable files
15
Suspicious files
1
Text files
107
Unknown types
0

Dropped files

PID
Process
Filename
Type
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\LangDLL.dll
executable
MD5: 410a586735f45164c86bda363ad8446f
SHA256: b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FCSFJ.BIN
executable
MD5: 6621b9012163a6782ef7de97e6e2b340
SHA256: 3040d3d7973637cbfeae12c5904371815fc1f9a8d27c1b6c92e3f6cc2d514b60
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\DelZip179.dll
executable
MD5: 0902db9b2b9e08725067a7153ff1e5a9
SHA256: d5217e60f1d4f4f96e6a8dd8bd6e7e4aee4c7d6266b1eb7fe3360940e0809cbb
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\FreeCommanderPortable.exe
executable
MD5: 47a6ca03f79d3b615f0e3e7e6e0ecc14
SHA256: 54ab4632323c98a323763099014dbf976a511b43d0e687a65435a12ff5b6fea7
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\unrar.dll
executable
MD5: be65a68caf476e39ff62af6813d0198f
SHA256: f9c4ea596a6f922f8548c8c55c98edcaaeb9eba69f4df09487446f5d749b834a
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\InstallOptions.dll
executable
MD5: 67d8f4d5acdb722e9cb7a99570b3ded1
SHA256: fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
2380
FreeCommanderPortable.exe
C:\Users\admin\AppData\Local\Temp\nse56DF.tmp\FindProcDLL.dll
executable
MD5: 6f73b00aef6c49eac62128ef3eca677e
SHA256: 6eb09ce25c7fc62e44dc2f71761c6d60dd4b2d0c7d15e9651980525103aac0a9
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\FindProcDLL.dll
executable
MD5: 6f73b00aef6c49eac62128ef3eca677e
SHA256: 6eb09ce25c7fc62e44dc2f71761c6d60dd4b2d0c7d15e9651980525103aac0a9
2380
FreeCommanderPortable.exe
C:\Users\admin\AppData\Local\Temp\nse56DF.tmp\newadvsplash.dll
executable
MD5: 820888931d6e1ba0a64bb34975541cf5
SHA256: 3fd8d31400b0a59e801ed854ae38cececae49a8e3b5ba1f9df507f09b60864cf
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\System.dll
executable
MD5: 959ea64598b9a3e494c00e8fa793be7e
SHA256: 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FcContextMenu64.exe
executable
MD5: 452ca579f8da211d2f575efcf38a58a4
SHA256: 4040fe200ec854902a0591d050040a8794fd42a5a9d1b8966c7fee436920a5f4
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FCIcons.dll
executable
MD5: 2ade8d3388d94156103fd835f4528d0f
SHA256: 73f5719d7be773e610bd3a4844b1a544370fae0dde815f74cea5ecf58f2aa974
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FreeCommander.exe
executable
MD5: 0aed50e9e45690492e61820dcd9b14e2
SHA256: 3030967f50ce3847e8effd9f063ad4740d7ccc9d74e995903434cc1320120f6e
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\dzsfxus.bin
executable
MD5: a8c9c2374f138aabb56fb0fefd57728f
SHA256: 5aa07bd536e16b3ea85f523dab9a1a78c5824f81d9f950a662b5fff38a24b6ba
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\w7tbp.dll
executable
MD5: 9a3031cc4cef0dba236a28eecdf0afb5
SHA256: 53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\PortableApps.comInstallerCustom.nsh
text
MD5: cadf28c461c570a16b20f3b215a5a796
SHA256: 08a0f930a87d0c8ae02581a58347996850014ff7fce8063929a02c1ee7bfc989
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\InstallerWizard.nsi
text
MD5: 4fcb312c60707cdd2c2d1fa3333f7dec
SHA256: c2ec5cdd556d08e6a5c23c7e9cd82225203ee5f309881f1cd32527ddbd0f0b79
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\Readme.txt
text
MD5: a818102ab3c33bdf9fd968e9b1613572
SHA256: e540911ee96ae3e6464b95efcbc9452f1a7bb7a25402bcc60ec2b86133f585ef
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\FreeCommanderPortable.jpg
image
MD5: 87884f4ddfe962cf3cf6c49e4559a506
SHA256: 0f3c16b6d91730f4c89bfb03af03506979fc097a47e0cd1de3e402931c40e99a
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\InstallerWizardForm.ini
text
MD5: ced99c4d75fd1690a41cdbeda265ea7e
SHA256: 2a2d6b5b24dac9a14ee66268f1edd09e4585debbac1a8b03d26be3f299d99455
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\License.txt
text
MD5: dfb340fbcd40576fcc15069591f30a92
SHA256: eae2b033f0b0822913c076f36d498e51450c712b3229c1c83c7d12198fa097ee
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\ReadINIStrWithDefault.nsh
text
MD5: 8952eabf7d56341a653276f70c7e127d
SHA256: 5eda5103b427bb0f8cea17ac500854aedf4782dac5295b26db0e443c1c632215
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\FreeCommanderPortable.nsi
text
MD5: ee819ec56ac72e228b91ef5a3f51f06f
SHA256: 2cf12b5c96ff53010413b8b5ac3939077be4d89188cbb3599e12be92202a1a31
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\MoveFiles.nsh
text
MD5: 8c9ddbf5e91100f72579d98b91aa8cb0
SHA256: 010615ca9bfe9e1d2fe065de534f00fc83666579fa493d018c1157b8a0a1dc3f
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Help\images\help_background_footer.png
image
MD5: d0eeb20e14dc1666b25eabb09d577c97
SHA256: d8e160f4dad6d270f8344159b53ce9f6406b507a0f98bda4537f677375381454
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Help\images\help_logo_top.png
image
MD5: 0f2a5417691c1ffd10ce40adf827bc9b
SHA256: 4a27a63b219f98d9832ccd520d8348059257c5c793b810834f4035e669e5f4f9
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\FreeCommanderPortable.ini
text
MD5: 064269a25d3dd554f0549c2eec7d6cd2
SHA256: 2d9f570a0d7a5df78083faffca00f9cec22ccaf345043eadb75837b58c794a1b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Help\images\favicon.ico
image
MD5: 113b98d522257c087c8fe775affef88e
SHA256: 0809e94aecf5e7f00cb9aab844b453602c3450993847b3da87758ff7490eb711
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Help\images\donation_button.png
image
MD5: fb6cd9fc089f178efe8d01f72cea76de
SHA256: 4acbf7d3cfb016f590bcbee5cf81c8bfe3146e57a7bc48549b5c49fcf87858a6
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Help\images\help_background_header.png
image
MD5: 7032d711785e7d49fa0156fc1e760124
SHA256: 5c8af598e28f046d52bebb0e4b8d354aa1f5edddaf1c2a276be1c05f4711c905
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\AppSource.txt
text
MD5: 6fc5ad855f3e1fed856d0d9246ba8864
SHA256: e8a44a30d4ecee4ddcc696f20e7d9ca10bd3303a420a8c92636d3c10317a8370
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Help\images\fcMicrobanner.gif
image
MD5: 8d2e0502ae8f9fd026bc9e2de9dea5f4
SHA256: a3684ff84606c96549d08f2cfa93e43ef09cb2266a0dd045e245980d1f17a5cc
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Vietnamese.lng
text
MD5: 6a688e9699666b788531af8b469e4d8a
SHA256: c5c7d1c4109c363b01adf5ab8ef7512ca13f3f234fd671cd8353a449108efe0d
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Turkish.lng
text
MD5: 8af85eb3fd74f312d9b804cb8eb17b30
SHA256: 807330faf6d7d771bd8fbcfd98f6a0d0730532d96d89703311d59b3f5ac7f457
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Svenska.lng
text
MD5: 08176d791019ba039f8d12820fc0fff9
SHA256: 49d1ea588e7b8819690b9808a763d639b45a0378a50dd193ae5cdcd18224da25
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Ukrainian.lng
text
MD5: 22294796675e0a1fd4359a88b2327318
SHA256: a48a20030817ad085109058c5aa4583588f0ab6446569d423ea98c027879be2c
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Spanish-traditional.lng
text
MD5: d2e768b2ed33dd9e0dd9682a10399d41
SHA256: a978497c205f29bf6926d69cc783598471f22d766471c3843c8309280b786f9b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Spanish-Latinoamerica.lng
text
MD5: 9248891f5979c28cee6bdabcf8034003
SHA256: 0adb7bd743502f5ff45c1ac38348673c8a0b583409a0355acd4545f082b220d2
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Slovenian.lng
text
MD5: d1b4a6a598d0960014528139f757881d
SHA256: 5898ef6defbf1e98d83bd1a117bf7bfeaa0c8a334b9bd1fb7d19151c92a5ec0b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Spanish-mexico.lng
text
MD5: 9bf86c8eb2057025fd4a8555a3c07101
SHA256: 4256111c4c39698a8d1c3ddfb58fcdc2b23cff5cd545ab238c0f28bcff921bd9
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Srpski.lng
text
MD5: ddc79f6895e78a5a8c52d9a4d68d0e43
SHA256: 0d9b9fe2cf743eb4d8aace4df489f93b744cc5fb5acc0eccf29f1cd4f89949b7
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Polski.lng
text
MD5: 331d12c334e7e1de8ead4ed745ef9958
SHA256: a1f5075118ae858f73eccad88e2a3e1bf3773652064c2d8bf3f86fc3e3451659
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Slovak.lng
text
MD5: 0f8dc62ddddca8493d52cebcae32e0c0
SHA256: 4239f1e29d2612a36261677408e89594cfb09af2fedb80b4a1a94ce9583b74fd
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Romanian.lng
text
MD5: b43f95e006e53ab46143d2030f8b2477
SHA256: adb7441a2a40ec4c216fbb6f201b2255f8a8cec1682ce7e05db7beb096bf45f6
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Russian.lng
text
MD5: cfc7c96380e830b11dbeda19bc11e716
SHA256: a688fd2c52aa162d2ce15a534a55bef9b40283eb74848787e557a13047be9b0d
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Portuguese_brazil.lng
text
MD5: 0e83901306dd2061dcea76a6463151b8
SHA256: 18bbf2d89d34912d447fbba9962e756d491e20c0355fd09334bd7fd74bc80630
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Lithuanian.lng
text
MD5: 375de8d1de34d446907b5cdd55869546
SHA256: 0ba7ce52109b0360f3d7eb22c772e89ed463d921d3e5d5fae3f1cdae40364909
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Italian.lng
text
MD5: ff3d75cc6f1149777a663d53c5f748e6
SHA256: 47796e0df67616460e6be44942af0a88bf2d4fc50552f90f3cd36381c617e9f4
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Korean.lng
text
MD5: aa3314ef45ed4597b4962f43bd1ca81d
SHA256: 71bc42909e62c5602cf965b9c9f0246dbdcb0002c31022f2f89426c86d77c642
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Norsk.lng
text
MD5: 73aadac9aaf30313a51fd543d31db5c8
SHA256: 0288ff01a7ebc237553fbf940daa57dde0711d0cd49119dda3efa61755641720
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Hungarian.lng
text
MD5: f884fbaffed42981f54d5138c578bf31
SHA256: ab1bbda27bdfe7de7090255cb10b45721cbebbeba5e8e3ca86c01574ad93558e
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Hebrew.lng
text
MD5: 15c345bec33579d4e7cafb1b79b7da18
SHA256: ff8fa9f8f0b37fc8ee203fb3ca45091c74f1e18982629b40b8c7da001cd02ed1
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Greek.lng
text
MD5: 68f129d713f478777e601ac67b605b0d
SHA256: ae2144fdefc0e010caa48ef4d431349c9887c9a67f64d1bd0f9c82d0b07416d5
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Hrvatski.lng
text
MD5: 2addea78044fc7f23239bbfa34240a7e
SHA256: 5f06b9f38e4099d6a99c55cb782e57751e7113b4a31e91166c7fd9155e7ff0f5
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Indonesian_Banjar.lng
text
MD5: 5eaeddfa54127f47b29064ea0450cdba
SHA256: fd18ab2e62c5281dbb87f92b7085bf3846a8d81bf0980c66d6111eb9cc4125f1
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Indonesian.lng
text
MD5: e578039c2bfa89630fd4bdc96f4e9de4
SHA256: 8a5ca4a7f2e189ea489c89d73545fa6fc20e19c7a2d736e744ba51dca006e093
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\English.lng
text
MD5: 70cad5fe4c9b39aeb41a5e64b0ccbd96
SHA256: d874d2f67fe380b7cb32f176b123625917fc1b6cd751a8bb0e52cc2df69f4df7
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Galician.lng
text
MD5: e7f3f8982cbbe9a197ab8d30fcd3dbaf
SHA256: 974c3aa4af1a5102802c913580356f492bf78d8e56b360374622df0f1b91f1d1
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Estonian.lng
text
MD5: 9acec90c76c541914b9e9b1f047dc1d0
SHA256: 5c80560c2328e8dd4e038a41f1dd648d20b596aa8b5b691e62404807d31803e7
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Finnish.lng
text
MD5: 135f2bb9eb19e6ece5dbc33e306ac2ae
SHA256: a436f38b56207723fc36842fd42a50ffd8e5c2df8d44b96b7db3287fcdd358a4
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\French.lng
text
MD5: c6aae3e37c21236c18d290f6981d4dae
SHA256: fb98eec88376f22692e4c226b2e0075f8571878df1ed54f4e9155a2337ad8354
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Dansk.lng
text
MD5: d046a64629fdf6f827fa663efac40b62
SHA256: 60e7b9e937084232c63ae5f462e58e846314360696115624c96ac49ea7221328
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Dutch.lng
text
MD5: db9bacea8cbc0d8b618fa9097ca99980
SHA256: 5aa6cf6c124356d6d7e7e1be966951377e305a29cf2cc768981720615cd5097b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Czech.lng
text
MD5: 835f71518824c379f694ecb9e689558b
SHA256: ad1a580de6a7bcc2fd7d231c9ad1b88f1c9ec5386fa59a0e992280f0b2046fe3
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Deutsch.lng
text
MD5: 733ddbe0f79d3da20466cf32c2d5f58d
SHA256: 4ecf12bbdcc99d27971279eaabba13e851dda9b5d33843a7844e617718b16f4d
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Catalan.lng
text
MD5: 197be58cdc951cc8e0320bd1c4afea0f
SHA256: d2c14ade94454a5135f593f8e8f7bab2116255fd10c93c02be856211d806617c
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Chinese_t.lng
text
MD5: 65d0cd7a7bb679a33c00d65737b80df1
SHA256: 2369657f59955a71532423b431103bc3b625e37c0501a380b5487ac41e535133
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Chinese_s.lng
text
MD5: 3382e6e07e972f86ca2a33666a04d8a6
SHA256: f99e6965c53c4c532e9302f838fc20d7972bae3a198802466ef9a9b200c5fad6
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Bulgarian.lng
text
MD5: 9e7cc3bc46f382cd0fac578899185376
SHA256: 5e27513f3b91ae757ea5600fcbda6fbf4f65d46a566d2bd333ed10d425694936
2380
FreeCommanderPortable.exe
C:\Users\admin\AppData\Local\Temp\~DFC9F7AFBD598EDEA0.TMP
––
MD5:  ––
SHA256:  ––
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Belarusian.lng
text
MD5: 5f9acefe74b79d442bd88c4aab2a0a0e
SHA256: db320507e5c7e7f87e7b4dc0ceed9895e5edc5f480e5e89eb5dc3b6940fc5f9f
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\Arabic.lng
text
MD5: 50717bc04731bbe2c4707b8ab47a5303
SHA256: 986ea30e4b3fa00aec2a79ee3b202be8788b118b4cbfba69fa396c11088e6c58
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LNG\BrazilianPortuguese.lng
text
MD5: fa37d202b936a3257225ca08feece453
SHA256: 383be1fc5cd70e56619ecc830f2ea6730bf879444cd36553ae61507d2b7cef79
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\fc_info.dat
compressed
MD5: 5914ce77374aff8211f85b2405b5def0
SHA256: 4a0edfbd3186186e816e298df881151daefd5393daefd296f28d26c787bc24ba
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\ReadMe_fc2009de.txt
text
MD5: 7e7ba7a0409bf17b680335ea90c21a6f
SHA256: 1c9bf49388da472e7239d7cac22a43738825d99a83349be5786494eb16a90e8f
2380
FreeCommanderPortable.exe
C:\Users\admin\AppData\Local\Temp\nse56DF.tmp\splash.jpg
image
MD5: 87884f4ddfe962cf3cf6c49e4559a506
SHA256: 0f3c16b6d91730f4c89bfb03af03506979fc097a47e0cd1de3e402931c40e99a
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FreeCommander.md5
text
MD5: a808932ccf87956c7ade29ead9e15f86
SHA256: 1b89e66e300c78d7683c9cf67ccd6a1f36f3ebd04558be3931b16a04d54b4068
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\FreeCommander.exe.manifest
xml
MD5: e99085bad2d46e2de4840a7c736a4502
SHA256: f7b291a01035faa3e8bac7e9c51f7ca31312ef9231e7cbc5c5a66f1bdda36503
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\ReadMe_fC2009.txt
text
MD5: 50fd5cde9fba199e86213a97b33fed6c
SHA256: edb31f9d8362eb835ed4c67f53c1e4812bb6a7c8952d7103c8cb86092a6d8a55
2380
FreeCommanderPortable.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Data\settings\FreeCommander.ini
text
MD5: 4fde1d4495179363af6dc16166ebd926
SHA256: 3821fbf59650806a3478b69351bf3bfe3f2236d7587be817f8151e8d0352b4af
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\ReadMe_fc2009pl.txt
text
MD5: 6b28d09536328506a1889d67041f716f
SHA256: 5fff7f3b1a4ba10c8e3764aa95d3e8366b3f70e7978f92c21b5101384b9f44fc
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\LeiaMe_fC2009.txt
text
MD5: 7d7215a79817f63160c42cc4759a7742
SHA256: 6b914c3f7f3e8671e22c29ae4cd4b2038527f20fb0ec017a0d86013a9850ad13
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\FreeCommander\License.txt
text
MD5: d4cd1e97c3e9f5549df4396cb27becda
SHA256: bd3bd4e9d54c54ad501778eae7890ea0a411ea49db5a7f7d164eb5d03285ec01
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\ioSpecial.ini
––
MD5:  ––
SHA256:  ––
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nseD7EB.tmp
––
MD5:  ––
SHA256:  ––
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\ioSpecial.ini
text
MD5: 9c30118e0ea9ac9ec8bd8c59926d080e
SHA256: a4acacac834a195c195f4eb405c2891c49b34534144b39cb25feb3a21f5e564f
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Data\PortableApps.comInstaller\license.ini
text
MD5: db36c1ead29ba787daa9ea7a98bc27f7
SHA256: 1052bda69dda0c4a04ef3ef9465007026ca5737a2296e7539529871029024f42
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\AppInfo\appicon_128.png
image
MD5: 715921244f711fceba40a0460335dbf0
SHA256: 607098257b67b4ad48538c38808b1ac17ae7cbbf5a9538cfaff1f71c9c4f26d4
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\ReadMe.txt
text
MD5: bc2c0b6beb3cfd0dc66265ecc35ce355
SHA256: 31d0cdb7ceb6493b7d57e7643097d20998d22a544823a4d13f74889b29564367
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\AppInfo\appicon_16.png
image
MD5: f04e997d0cd19b8ce9c1b5bb0e29f0ba
SHA256: ad4dfcd681ec7c009e049bca83c487d53a972f1961f97445cf15ac8c4aa799e8
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\AppInfo\appicon_32.png
image
MD5: 6895a35c1246592ae98c1407e1073e52
SHA256: 72e5802381246ad883c1b49964e92c7225dfe1f2ca84a9fb45903ce14d896884
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\AppInfo\appinfo.ini
text
MD5: 0ccfb68426097596f71446a82aee8075
SHA256: 527f20d9ec80b7165f4ff530872a190f9d01c89035592016625a99a01efce93f
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\App\AppInfo\appicon.ico
image
MD5: 8d44957cf3e9d96e0c1a43da48899857
SHA256: 803580e0c366ddfdda4d8cfce3eda51e13f3955c846e158676f9b9e7312b203b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\help.html
html
MD5: 15c8c37b126bbd67687a90c8bc8d7e87
SHA256: 3ec9e29052c13505a7c5eaee86aaa06fac4c37fffd2303857bcb20c58d6a1435
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Data\settings\FreeCommander.ini.default
text
MD5: 4fde1d4495179363af6dc16166ebd926
SHA256: 3821fbf59650806a3478b69351bf3bfe3f2236d7587be817f8151e8d0352b4af
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Data\settings\settings_readme.txt
text
MD5: a57fb4ecb679869f2d5bdc064bc67619
SHA256: 46b14163ae00cdded58fb47d7c9ab5968c0e744f2be4bfda7b672f34ed4fb010
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\ioSpecial.ini
text
MD5: 03b237f9e9bd7be16405d039f26e4cfd
SHA256: 7495227da38cd4f954154d8d446d8624ee68eb85f8efc64ee348a62aba286213
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\ioSpecial.ini
text
MD5: d7b1db1b6d6645e093b25c277a25173f
SHA256: f35c029be44d2181fc2a46571d65f59eeea20d4e1a833bc4372dfc06170c27ae
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\header.bmp
image
MD5: 061bc09ce4ffa3bdb8ff54328eb3f96e
SHA256: 8e2b7fc831047b468b1a9fb5c72ef7207065c6bcab80bf67b9bcda4dc56fc1b6
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\modern-wizard.bmp
image
MD5: bfbdb79344343471ce6c787c64800f4b
SHA256: 47f9d4ea1e502216062b45b60130f88c668e81374306595f6e2009e28ae3c011
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\AppData\Local\Temp\nsuD7FC.tmp\modern-header.bmp
image
MD5: 13195b084d8bd190ac78dfd476fec84d
SHA256: dadd505374456051b072e5a34c29c0dbf8067ab8960c70a089c2fac1b59e311a
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\eula.rtf
text
MD5: 72469447a1f99854f6c98599cc9bc0ad
SHA256: bc27929021343622f5a69acb066027a3af0f74ad3c8fc03192de43bad516c45b
1700
FreeCommanderPortable_2009.02b.paf.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Other\Source\welcomefinish.bmp
image
MD5: 9ee92832c8b09767e3d5fcc6dba9fc01
SHA256: e8d3846cecfe1d4bf65a2fadb7c3b5bffbc49436ba55172ab5d001d2d1d9b49c
2104
FreeCommander.exe
C:\Users\admin\Desktop\FreeCommanderPortable\Data\settings\FreeCommander.ini
text
MD5: 04ed77a858f8ab41e51091ca20f0b421
SHA256: 76ae67708acb5bd705aa268e73e6c03c63ceb3dba7183fc1ed766cb007aa4c89

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

Process Message
FreeCommander.exe TDropFileSource.QueryInterface(IDataObject): 0 (1)
FreeCommander.exe TDropFileSource.QueryInterface(IDataObject): 0 (1)
FreeCommander.exe TDropFileSource.QueryInterface(IDataObject): 0 (1)
FreeCommander.exe TDropFileSource.QueryInterface(IDataObject): 0 (1)
FreeCommander.exe TDropFileSource.QueryInterface(IDataObject): 0 (1)
FreeCommander.exe TDropFileSource.QueryInterface(IDataObject): 0 (1)