General Info

URL

https://download3.showmypc.com/ShowMyPC3520.exe

Full analysis
https://app.any.run/tasks/38c27271-5b10-47f9-9d3f-5a51256177a9
Verdict
Malicious activity
Analysis date
5/15/2019, 15:50:02
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • SMPCSetup.exe (PID: 3036)
  • ShowMyPC3520[1].exe (PID: 3044)
  • regsvr32.exe (PID: 760)
  • SMPCSetup.exe (PID: 3820)
Application was dropped or rewritten from another process
  • SMPCSetup.exe (PID: 3820)
  • SMPCSetup.exe (PID: 3036)
  • ShowMyPC3520[1].exe (PID: 3044)
Changes settings of System certificates
  • SMPCSetup.exe (PID: 3820)
Registers / Runs the DLL via REGSVR32.EXE
  • SMPCSetup.exe (PID: 3820)
Starts NET.EXE for service management
  • SMPCSetup.exe (PID: 3036)
Uses NETSH.EXE for network configuration
  • SMPCSetup.exe (PID: 3820)
  • SMPCSetup.exe (PID: 3036)
Reads internet explorer settings
  • SMPCSetup.exe (PID: 3036)
  • SMPCSetup.exe (PID: 3820)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 3272)
  • iexplore.exe (PID: 3096)
  • ShowMyPC3520[1].exe (PID: 3044)
Creates files in the user directory
  • SMPCSetup.exe (PID: 3820)
Reads Environment values
  • SMPCSetup.exe (PID: 3820)
  • SMPCSetup.exe (PID: 3036)
Application launched itself
  • SMPCSetup.exe (PID: 3036)
Creates COM task schedule object
  • regsvr32.exe (PID: 760)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3096)
Reads settings of System Certificates
  • SMPCSetup.exe (PID: 3036)
  • SMPCSetup.exe (PID: 3820)
Creates files in the user directory
  • iexplore.exe (PID: 3096)
Changes internet zones settings
  • iexplore.exe (PID: 3272)
Application launched itself
  • iexplore.exe (PID: 3272)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
81
Monitored processes
28
Malicious processes
5
Suspicious processes
0

Behavior graph

+
drop and start start drop and start iexplore.exe iexplore.exe showmypc3520[1].exe smpcsetup.exe smpcsetup.exe net.exe no specs netsh.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs netsh.exe no specs regsvr32.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3272
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" https://download3.showmypc.com/ShowMyPC3520.exe
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\h6qnmhe9\showmypc3520[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3096
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3272 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
3044
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\h6qnmhe9\showmypc3520[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsg1008.tmp\md5dll.dll
c:\users\admin\appdata\local\temp\nsg1008.tmp\system.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc3520[1]\smpcsetup.exe
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netutils.dll

PID
3036
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe
Indicators
Parent process
ShowMyPC3520[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ShowMyPC
Description
ShowMyPC
Version
7.0.0.1
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc3520[1]\smpcsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc3520[1]\xdmessaging.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\accessibility\44a4ab91e8e11c7cb95343e2d9ffe621\accessibility.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\net.exe
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll

PID
3820
CMD
"C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe
Indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
ShowMyPC
Description
ShowMyPC
Version
7.0.0.1
Modules
Image
c:\users\admin\appdata\local\temp\showmypc\-showmypc3520[1]\smpcsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc3520[1]\xdmessaging.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\accessibility\44a4ab91e8e11c7cb95343e2d9ffe621\accessibility.ni.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll

PID
3228
CMD
"C:\Windows\System32\net.exe" stop winvnc4
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\net1.exe
c:\windows\system32\apphelp.dll

PID
2336
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3428
CMD
C:\Windows\system32\net1 stop winvnc4
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
2416
CMD
"C:\Windows\System32\net.exe" stop uvnc_service
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
3124
CMD
C:\Windows\system32\net1 stop uvnc_service
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
236
CMD
"C:\Windows\System32\net.exe" stop tvnserver
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
2208
CMD
C:\Windows\system32\net1 stop tvnserver
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
952
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" "ShowMyPCAuto" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
760
CMD
"C:\Windows\System32\regsvr32.exe" "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll" /s
Path
C:\Windows\System32\regsvr32.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\showmypc\-showmypc3520[1]\wodvpn.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\ws2_32.dll

PID
3872
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2636
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCAuto" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
1380
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" "ShowMyPCAuto" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
692
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCAuto" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3216
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCAuto" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3972
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3536
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCAuto" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3020
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe" "ShowMyPCtvnservertemp" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3428
CMD
"C:\Windows\System32\netsh.exe" firewall delete allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\nsi.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\netsh.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3324
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCtvnservertemp" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
4052
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe" "ShowMyPCtvnservertemp" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3456
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCtvnservertemp" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2744
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall delete rule name="ShowMyPCtvnservertemp" program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe"
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2708
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="ShowMyPCtvnservertemp" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe" enable=yes
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
SMPCSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

Registry activity

Total events
2680
Read events
1727
Write events
952
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{6283C3D9-7718-11E9-A09E-5254004A04AF}
0
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F000D00320018007200
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F000D00320018007200
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000D00320018003D01
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
26
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000D00320018009A01
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
584
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000D0032001800AE03
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
72
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F000D0032001F00B00000000000
3096
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
3044
ShowMyPC3520[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3044
ShowMyPC3520[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3036
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3036
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3036
SMPCSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
EnableFileTracing
0
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
EnableConsoleTracing
0
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
FileTracingMask
4294901760
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
ConsoleTracingMask
4294901760
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
MaxFileSize
1048576
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASAPI32
FileDirectory
%windir%\tracing
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
EnableFileTracing
0
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
EnableConsoleTracing
0
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
FileTracingMask
4294901760
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
ConsoleTracingMask
4294901760
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
MaxFileSize
1048576
3036
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SMPCSetup_RASMANCS
FileDirectory
%windir%\tracing
3036
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3036
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3820
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3820
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3820
SMPCSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3820
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Blob
030000000100000014000000B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47140000000100000014000000299160FF8A4DFAEBF9A66AB8CFF9E64BBD49CE12040000000100000010000000AA374CC00BED2E1EA691EF415B808FE10F00000001000000300000004805A7E23D6C8FF5E149F197B744BCB2346E73F19A48835A2F64129183981109256B75EA371A331746D01FD4E135AB6E190000000100000010000000B54FC222B2F6CB8E7643EB21269C363618000000010000001000000082218FFB91733E64136BE5719F57C3A12000000001000000E4050000308205E0308203C8A00302010202102E7C87CC0E934A52FE94FD1CB7CD34AF300D06092A864886F70D01010C0500308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F72697479301E170D3133303530393030303030305A170D3238303530383233353935395A307D310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312330210603550403131A434F4D4F444F2052534120436F6465205369676E696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100A69890637791347F8AD1DDE9673111EBCC1EFD311DB3B962573F93BC5BE39F1E243211276BBC5191A7CF9E9E25B35F81A8180F1D1E20300EFB617B8609B3E3FDA2689D1C2C9DBF72E3E475A0E535238EC98AEE1A0C64C7D842A17BB552034B3AB08E234B4B63E02294377BD579900A1418512CE6FEC112F01C3F61610A8CA2DCF6C330AACD28187548C1795A08CDBB8C558CF7D476903A33465073985CF4854A6B0F80DD5ED6BDFDA92FC025F5F978D78D5F10C244553C903C3146CB70AE07A90AE3AFC1016F901A23E25F38DBC6085D47B38341F02E003714B912AA799252CD870F7BD86229A47E30BD1BB58C72B448F2E3E821F95E4C62798B02069F7FD50B0203010001A38201513082014D301F0603551D23041830168014BBAF7E023DFAA6F13C848EADEE3898ECD93232D4301D0603551D0E04160414299160FF8A4DFAEBF9A66AB8CFF9E64BBD49CE12300E0603551D0F0101FF04040302018630120603551D130101FF040830060101FF02010030130603551D25040C300A06082B0601050507030330110603551D20040A300830060604551D2000304C0603551D1F044530433041A03FA03D863B687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F434F4D4F444F52534143657274696669636174696F6E417574686F726974792E63726C307106082B0601050507010104653063303B06082B06010505073002862F687474703A2F2F6372742E636F6D6F646F63612E636F6D2F434F4D4F444F525341416464547275737443412E637274302406082B060105050730018618687474703A2F2F6F6373702E636F6D6F646F63612E636F6D300D06092A864886F70D01010C05000382020100023F0239C3EEF8CA3B89DE0C6D4DB1F14E924FAFC2382C04CCC56311AB0963AFABA2D7023FCC6F19C33DD61A0894FF25D8A988A72B101AE09BB107221A511C3AD4E1E909BFE62474AF1E7B16316E23EF54512D5202E27508054CF1B751E15100C687F66CEE104476576AF1DF586B21AA49D47C374EBDFFB67554401836576711CD4F02E4FEF3DAFC7517DBECB7F7650923491F435783EA7E207761C84DF2BB654DA8F7854507AF7A6927659029408BDF7B3A51398CA81F7079AD6D4220A2CF0C6C038C4CCD730794E75A8E3A04BAA2A17C1FCB633A15A7D4151BA7524732A9F4BF6447D1AA1F534E323073C26FB778829D5CFF46BB6B221D880BF81BAA34A6FC8CF5DD7F658C8C315731D036EC47A1CFCB8BA8EF1C1858C50677CA4B9B51AF4C084A7A8FE2A352E28E8ECC26E4B2D8E538C2A8EDC6819C356BA958614A0A97B44B42B6559DBE99E7706D59F86D2A0C7F19605F0C9A886C30AC520990161BFF2B9DDBD020CA89EA287E328E19DF7B48331ED765F8AEC9F8831493767D64D08ECEBE357DFF72314D9F9EBD1E6C2FA88F0C0650FB8C27B376C9F4E6D7C334E28C87218661FEBF5574E12177030A686CBBE4C9A9E6CF5925EB7CEC450E796668E822CDB8EF98854D96113C098AD07FBC282813FB6ACA548D925CCDC26598069ECE485BD4B5379346417C07DDCFFA43EFBA6761FF7D49E0BB307D5C80E3E616394BA7
3820
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Blob
030000000100000014000000F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0140000000100000014000000BBAF7E023DFAA6F13C848EADEE3898ECD93232D40400000001000000100000001EDAF9AE99CE2920667D0E9A8B3F8C9C0F00000001000000300000007CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D19000000010000001000000082218FFB91733E64136BE5719F57C3A118000000010000001000000045ED9BBC5E43D3B9ECD63C060DB78E5C200000000100000078050000308205743082045CA00302010202102766EE56EB49F38EABD770A2FC84DE22300D06092A864886F70D01010C0500306F310B300906035504061302534531143012060355040A130B416464547275737420414231263024060355040B131D41646454727573742045787465726E616C20545450204E6574776F726B312230200603550403131941646454727573742045787465726E616C20434120526F6F74301E170D3030303533303130343833385A170D3230303533303130343833385A308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010091E85492D20A56B1AC0D24DDC5CF446774992B37A37D23700071BC53DFC4FA2A128F4B7F1056BD9F7072B7617FC94B0F17A73DE3B00461EEFF1197C7F4863E0AFA3E5CF993E6347AD9146BE79CB385A0827A76AF7190D7ECFD0DFA9C6CFADFB082F4147EF9BEC4A62F4F7F997FB5FC674372BD0C00D689EB6B2CD3ED8F981C14AB7EE5E36EFCD8A8E49224DA436B62B855FDEAC1BC6CB68BF30E8D9AE49B6C6999F878483045D5ADE10D3C4560FC32965127BC67C3CA2EB66BEA46C7C720A0B11F65DE4808BAA44EA9F283463784EBE8CC814843674E722A9B5CBD4C1B288A5C227BB4AB98D9EEE05183C309464E6D3E99FA9517DA7C3357413C8D51ED0BB65CAF2C631ADF57C83FBCE95DC49BAF4599E2A35A24B4BAA9563DCF6FAAFF4958BEF0A8FFF4B8ADE937FBBAB8F40B3AF9E843421E89D884CB13F1D9BBE18960B88C2856AC141D9C0AE771EBCF0EDD3DA996A148BD3CF7AFB50D224CC01181EC563BF6D3A2E25BB7B204225295809369E88E4C65F191032D707402EA8B671529695202BBD7DF506A5546BFA0A328617F70D0C3A2AA2C21AA47CE289C064576BF821827B4D5AEB4CB50E66BF44C867130E9A6DF1686E0D8FF40DDFBD042887FA3333A2E5C1E41118163CE18716B2BECA68AB7315C3A6A47E0C37959D6201AAFF26A98AA72BC574AD24B9DBB10FCB04C41E5ED1D3D5E289D9CCCBFB351DAA747E584530203010001A381F43081F1301F0603551D23041830168014ADBD987A34B426F7FAC42654EF03BDE024CB541A301D0603551D0E04160414BBAF7E023DFAA6F13C848EADEE3898ECD93232D4300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF30110603551D20040A300830060604551D200030440603551D1F043D303B3039A037A0358633687474703A2F2F63726C2E7573657274727573742E636F6D2F416464547275737445787465726E616C4341526F6F742E63726C303506082B0601050507010104293027302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C0500038201010064BF83F15F9A85D0CDB8A129570DE85AF7D1E93EF276046EF15270BB1E3CFF4D0D746ACC818225D3C3A02A5D4CF5BA8BA16DC4540975C7E3270E5D847937401377F5B4AC1CD03BAB1712D6EF34187E2BE979D3AB57450CAF28FAD0DBE5509588BBDF8557697D92D852CA7381BF1CF3E6B86E661105B31E942D7F91959259F14CCEA391714C7C470C3B0B19F6A1B16C863E5CAAC42E82CBF90796BA484D90F294C8A973A2EB067B239DDEA2F34D559F7A6145981868C75E406B23F5797AEF8CB56B8BB76F46F47BF13D4B04D89380595AE041241DB28F15605847DBEF6E46FD15F5D95F9AB3DBD8B8E440B3CD9739AE85BB1D8EBCDC879BD1A6EFF13B6F10386F
3820
SMPCSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
SmpcTest
28782
3820
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3820
SMPCSetup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
2336
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
952
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom.1
wodVPNCom Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom.1\CLSID
{459C65ED-AA9C-4CF1-9A24-7685505F919A}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom
wodVPNCom Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom\CLSID
{459C65ED-AA9C-4CF1-9A24-7685505F919A}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.wodVPNCom\CurVer
WeOnlyDo.wodVPNCom.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}
wodVPNCom Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\ProgID
WeOnlyDo.wodVPNCom.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\VersionIndependentProgID
WeOnlyDo.wodVPNCom
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\InprocServer32
ThreadingModel
Apartment
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459C65ED-AA9C-4CF1-9A24-7685505F919A}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels.1
VPNChannels Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels.1\CLSID
{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels
VPNChannels Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannels\CLSID
{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}
VPNChannels Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\ProgID
WeOnlyDo.VPNChannels.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\VersionIndependentProgID
WeOnlyDo.VPNChannels
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC521C8-2792-43FE-9C91-CCA7E8ACBCC9}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel.1
VPNChannel Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel.1\CLSID
{15DD3BF6-5A11-4407-8399-A19AC10C65D0}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel
VPNChannel Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNChannel\CLSID
{15DD3BF6-5A11-4407-8399-A19AC10C65D0}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}
VPNChannel Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\ProgID
WeOnlyDo.VPNChannel.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\VersionIndependentProgID
WeOnlyDo.VPNChannel
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DD3BF6-5A11-4407-8399-A19AC10C65D0}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser.1
VPNUser Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser.1\CLSID
{7E092B5C-795B-46BC-886A-DFFBBBC9A117}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser
VPNUser Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUser\CLSID
{7E092B5C-795B-46BC-886A-DFFBBBC9A117}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}
VPNUser Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\ProgID
WeOnlyDo.VPNUser.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\VersionIndependentProgID
WeOnlyDo.VPNUser
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E092B5C-795B-46BC-886A-DFFBBBC9A117}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers.1
VPNUsers Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers.1\CLSID
{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers
VPNUsers Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNUsers\CLSID
{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}
VPNUsers Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\ProgID
WeOnlyDo.VPNUsers.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\VersionIndependentProgID
WeOnlyDo.VPNUsers
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C59A1D54-8CD7-4795-AEDD-F6F6E2DE1FE7}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay.1
VPNRelay Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay.1\CLSID
{3C198C98-0E27-40E4-972C-FDC656EC30D7}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay
VPNRelay Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelay\CLSID
{3C198C98-0E27-40E4-972C-FDC656EC30D7}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}
VPNRelay Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\ProgID
WeOnlyDo.VPNRelay.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\VersionIndependentProgID
WeOnlyDo.VPNRelay
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C198C98-0E27-40E4-972C-FDC656EC30D7}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays.1
VPNRelays Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays.1\CLSID
{B0B8CDD6-8AAA-4426-82E9-9455140124A1}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays
VPNRelays Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNRelays\CLSID
{B0B8CDD6-8AAA-4426-82E9-9455140124A1}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}
VPNRelays Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\ProgID
WeOnlyDo.VPNRelays.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\VersionIndependentProgID
WeOnlyDo.VPNRelays
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0B8CDD6-8AAA-4426-82E9-9455140124A1}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator.1
VPNMediator Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator.1\CLSID
{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator
VPNMediator Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNMediator\CLSID
{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}
VPNMediator Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\ProgID
WeOnlyDo.VPNMediator.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\VersionIndependentProgID
WeOnlyDo.VPNMediator
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B00A43-7A54-4A0F-B35D-B4334811FAA4}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces.1
VPNInterfaces Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces.1\CLSID
{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces
VPNInterfaces Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterfaces\CLSID
{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}
VPNInterfaces Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\ProgID
WeOnlyDo.VPNInterfaces.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\VersionIndependentProgID
WeOnlyDo.VPNInterfaces
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BE3886B-0C12-4D87-AC0B-09A5CE4E6BD6}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface.1
VPNInterface Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface.1\CLSID
{09DF1DCA-C076-498A-8370-AD6F878B6C6A}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface
VPNInterface Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.VPNInterface\CLSID
{09DF1DCA-C076-498A-8370-AD6F878B6C6A}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}
VPNInterface Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\ProgID
WeOnlyDo.VPNInterface.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\VersionIndependentProgID
WeOnlyDo.VPNInterface
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DF1DCA-C076-498A-8370-AD6F878B6C6A}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler.1
TCPHandler Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler.1\CLSID
{9D101D9C-18CC-4E78-8D78-389E48478FCA}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler
TCPHandler Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WeOnlyDo.TCPHandler\CLSID
{9D101D9C-18CC-4E78-8D78-389E48478FCA}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}
TCPHandler Class
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\ProgID
WeOnlyDo.TCPHandler.1
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\VersionIndependentProgID
WeOnlyDo.TCPHandler
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\InprocServer32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D101D9C-18CC-4E78-8D78-389E48478FCA}\InprocServer32
ThreadingModel
both
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0
WeOnlyDo! COM VPN Component
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0\FLAGS
0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0\0\win32
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}\1.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}
_IwodVPNComEvents
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3607E98A-C816-486C-AEC9-A64C8FDEAB6D}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}
IVPNChannel
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34FCE977-800B-47D3-AA58-E2B1ED957710}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}
IVPNUsers
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4060697F-931D-4D71-8864-D47557560740}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}
IVPNUser
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BA4C7B5-4941-4473-A1F5-187AD734C009}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}
IVPNRelay
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7A786AC-285C-4924-9E9F-2FBF97499299}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}
IVPNChannels
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BD84436-87A4-488E-968E-E07CAB0157F8}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}
IVPNRelays
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57144698-03FD-41B6-8479-73A8EB19DDA7}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}
IVPNMediator
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{902D4CE3-EA2D-4334-BD07-FCBCD0AFBDB1}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}
IVPNInterfaces
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A926488-E5E7-453D-8492-18A4B64804A5}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}
IVPNInterface
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D415168-980F-4B2C-BFF2-DB68EC60149D}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}
ITCPHandler
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CF1E24C-A9B6-45AF-8AED-13888061FB87}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}
IwodVPNCom
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8218469-6598-4D1A-83A4-7759F3740236}\TypeLib
Version
1.0
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}
IwodVPNNotify
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\TypeLib
{26818C76-2CAC-4C7E-9704-E3A037D4F3DB}
760
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1646101F-5EDD-456C-A734-E6E7456C7C1F}\TypeLib
Version
1.0
3872
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2636
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1380
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
692
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3216
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3972
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3536
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3020
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3428
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3324
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
4052
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3456
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2744
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2708
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US

Files activity

Executable files
18
Suspicious files
8
Text files
49
Unknown types
7

Dropped files

PID
Process
Filename
Type
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHNMSH6I\ShowMyPC3520[1].exe
executable
MD5: cbd6afba01e715b15fcedd953f24a286
SHA256: ea6ac32a9e4674b205d0f952848d72830e082e81cd9a811e93366fe4ac3c2040
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\tvnserver.exe
executable
MD5: 213b6a40435cd04c1d917e1ea4207797
SHA256: e476f355f14065897a7d0f62a077929b2432506e72eb2d4a0694f2b9b58f8fe2
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\smvnview.exe
executable
MD5: 410255d4814ad933e787018332ed001e
SHA256: 12b85a2b855696c62f960a664af9cf27eab0c0db50748a9df69848835d0845e9
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe
executable
MD5: 885de0364b125e3aa85005ea8222b06c
SHA256: 30c4485c4eca05e41eadf0c3e49dbf8ea8441f1334b7b8c7ad644b3c63824e4d
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\nsg1008.tmp\md5dll.dll
executable
MD5: 7059f133ea2316b9e7e39094a52a8c34
SHA256: 32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\smwg.exe
executable
MD5: 3495a488908e69ff4aa941bbadafb1d8
SHA256: edc196a33ef2ad79a927579a1890ef08de8fb5f80e31a0561d2f725ddc602441
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\nsg1008.tmp\System.dll
executable
MD5: 55a26d7800446f1373056064c64c3ce8
SHA256: 904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\XDMessaging.dll
executable
MD5: e468eb5116950f766dc30198d10737f2
SHA256: d32a62c1ba93d25731a55e9f8f0e182fa86c64c2db0c1bdee3c186a0e766fb0e
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\smpcvc.exe
executable
MD5: 0ceb92bc938674df03d1ad51f8ece6e1
SHA256: 07afdc7bf69ed49391b52e15ac08fcae5744af1d19207251d4c8e14d7b4ab5cf
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\spcplink.exe
executable
MD5: 03f463152de07831e89582092d297eb5
SHA256: 3f027d87b2a8793b904dab388cc4892bd02b530db62a92ac5094a4c304cd4dc3
3272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe
executable
MD5: cbd6afba01e715b15fcedd953f24a286
SHA256: ea6ac32a9e4674b205d0f952848d72830e082e81cd9a811e93366fe4ac3c2040
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\DiffieHellman.dll
executable
MD5: 234b9052ad2010604bcae98c39672888
SHA256: ec0a21d25d627fb48d8ce3045f2cc0750e828c935106b7869c0ab6af9fde6328
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\smpcview.exe
executable
MD5: eefa3b39cf14a5677b350c04ea2c2956
SHA256: 4221571d8da8d217a1bb0754e5fdb3bab1ea49820da4811b7ca93a8a7d80b00d
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\screenhooks.dll
executable
MD5: 362ba3b724eb94eef488f6865d1b54e6
SHA256: c92512c7d0319fff8d773558e5a2ac77ebbd74452f03482ab3b68b782ad161ce
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\sas.dll
executable
MD5: 60c3820c4f56c77e3e8bece9d7a51842
SHA256: c2904b2822b3c1b003a72f84d42ffbfdefd253f322c99b77cf8a950f37c716e6
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll
executable
MD5: 496123666f3871ab793fc03c3f838649
SHA256: fadb708757fd256ca47e2da03a4187920c597afc682319ca21a0fc843b7784f0
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\Interop.WODVPNCOMLib.dll
executable
MD5: e89091fa6cec6cb16ba9e1cfbd14787b
SHA256: c622e113ef7f3f02aa93f31e35358ded5995da4cadfc1e21bef3f0f86dbf477c
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\Org.Mentalis.Security.dll
executable
MD5: 9353734293fb3f871f50a97a76fa9f9f
SHA256: 31023504169f50d7ac3aabc89ff77392ef0d792d6d0235212d9be2ae2f6b7fc1
3272
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0DA40E0714A4BA30.TMP
––
MD5:  ––
SHA256:  ––
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\jquery-1.11.2.min[1].js
text
MD5: 5790ead7ad3ba27397aedfa3d263b867
SHA256: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ui.tabs[1].js
text
MD5: f07e6494dd1b6068a2d432af1ec208a8
SHA256: d08a8d6df2f891bf8a0dfc12155defdd455ab8bab5ab24af9161d9da832d2939
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ui.core[1].js
text
MD5: 7ba404374e3e38ebd3e869c444a10fcd
SHA256: a2f8db9f58b435bb37b29d1f856c621f952945d1ce256f86c1186ce733a46eaa
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ui.all[1].css
text
MD5: 1bd7585503b70c200bf0aa5d9a5763d2
SHA256: 1fb268b069aa0f46e8eae58c402cf1433eb24be31319b2a35cd275c82266bbaf
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\f[1].txt
text
MD5: 37daf457b61208e8fb3ed02ac7df2cf3
SHA256: 9d0e21ace908eadadd2d71fdba4b78bfdea15babea75d4b0bd71bb06ab50bc8c
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\about-us1[1].html
html
MD5: f1b110ea64c12d433b395baff702eee1
SHA256: 53dc00c758a89037a7905d41d8b2eff277d275b504eb0b0636d0d35317946465
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\ShowMyPC\SMPCSetup.exe_Url_gvbufe1lf1hqid3uextj3a31ndu5edq1\7.0.0.1\user.config
xml
MD5: 17e9d09ed6a4fc7c7329e272c9bc7cd3
SHA256: a4a93dc30976a47382e80a0f40178e68856f3b5c25d7b43d3e1a4c47577bf503
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\ShowMyPC\SMPCSetup.exe_Url_gvbufe1lf1hqid3uextj3a31ndu5edq1\7.0.0.1\o2aagz2n.newcfg
––
MD5:  ––
SHA256:  ––
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\ShowMyPC\SMPCSetup.exe_Url_gvbufe1lf1hqid3uextj3a31ndu5edq1\7.0.0.1\vxe0u55t.newcfg
––
MD5:  ––
SHA256:  ––
3820
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
binary
MD5: 58da83baaeaa8875c1eb4978faa7b443
SHA256: 57680a3bbb7847e55f43c556f05a920734e355c0c237f09b34c82be15d3a4505
3820
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928
der
MD5: 1edaf9ae99ce2920667d0e9a8b3f8c9c
SHA256: 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
3820
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D92C5B2C978310455CC3BB3E4574D7A
binary
MD5: 63c38c2483f1d5afc045b7d074f21664
SHA256: d436f7b85cf91f443af851b00e1a2e77024a10a4bf8c468f079ea25e11c911c2
3820
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D92C5B2C978310455CC3BB3E4574D7A
der
MD5: aa374cc00bed2e1ea691ef415b808fe1
SHA256: 5e6d2f88f617dc8b809aee712445a41b3cde26af874a221a9dc98ea1dc68e3d5
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\parproc
binary
MD5: c4ca4238a0b923820dcc509a6f75849b
SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\ShowMyPC\SMPCSetup.exe_Url_gvbufe1lf1hqid3uextj3a31ndu5edq1\7.0.0.1\user.config
xml
MD5: 17e9d09ed6a4fc7c7329e272c9bc7cd3
SHA256: a4a93dc30976a47382e80a0f40178e68856f3b5c25d7b43d3e1a4c47577bf503
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\ShowMyPC\SMPCSetup.exe_Url_gvbufe1lf1hqid3uextj3a31ndu5edq1\7.0.0.1\z2syiym0.newcfg
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\ShowMyPC\SMPCSetup.exe_Url_gvbufe1lf1hqid3uextj3a31ndu5edq1\7.0.0.1\aygf4w4j.newcfg
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 146b5dea03afec59c1c88887e5b0a20e
SHA256: 14cae837cc8748137835dad16de067e3ac695b709ab323c7048e69c44fa3dda3
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\Tar5A33.tmp
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 7eb117d4f238090940dbe43efbcdf1f4
SHA256: a45a77d256628943190f8aa0f4673496d11dba6bc3569796b6f733465fd005e4
3036
SMPCSetup.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 395bd57dd2edf677ecfc91b4d47e4646
SHA256: d0605a079d3b4929bf635544cbf733c564e83c269c0c82bca050c1ab1a4b7d52
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\Cab5A32.tmp
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\Tar5791.tmp
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\Cab5790.tmp
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\Tar577F.tmp
––
MD5:  ––
SHA256:  ––
3036
SMPCSetup.exe
C:\Users\admin\AppData\Local\Temp\Cab577E.tmp
––
MD5:  ––
SHA256:  ––
3272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6283C3D9-7718-11E9-A09E-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
3096
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: c8ae444de46d769f5fe0a11a5d3ecd22
SHA256: ea4c7dfd021d7c3a89180261a938dd96cd5acd0b4d4bc0d1280fb54ea232d79a
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\nsvECE.tmp
––
MD5:  ––
SHA256:  ––
3044
ShowMyPC3520[1].exe
C:\Users\admin\Desktop\ShowMyPC.lnk
lnk
MD5: 1c13a1be74774aba53631ec8d9df3f32
SHA256: 25fb05d734ce3067e42e8f1f0f9a886f13f14b9b49d5ef8d787071d0a76cd958
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\settings.ini
text
MD5: 4126a2f0f96b98b410ba4485d1aee404
SHA256: 437a1f35ac85ae82e72cc8e643dc591a387fa524b3b5cf64a2941fd7495b794d
3820
SMPCSetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: fe0a648d3bf8b5ebc31a731b0696beb4
SHA256: ae7f64c61ae838d8ae5a6400722bf111d18eb61cadc2ba552443dcc01d05ad6c
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\smpcview.exe.config
xml
MD5: 6f5f9d82cf78ecc5fafd9b68d5150328
SHA256: 800e9dd5d86cd73632e54373d2ccb3ac57587b0359186cdb3cc69b2c59960ee4
3820
SMPCSetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 1ecf0b41ea397c9ad75ece1453c04708
SHA256: be7c14ae5a794a777692c85dae8f2806130088bed28a4ba038c1da5790bcac4c
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\screen-sharing-hosted[1].png
image
MD5: f71805abe390484b601e9fc4bd942e6f
SHA256: 96d42cbe64204cafc120a2116cf5cd9c9acbb4157395b2b097b4f636d2c1d818
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\loading.html
html
MD5: b450032bc545154438743daecef0908e
SHA256: 3388da97dd4d38401c6eb562311ba0fbf9dd22ca6ea7d0cb177962b209bb392e
3820
SMPCSetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 75a0c116eaf71fbe0db838124751e991
SHA256: 9376bf6d5720e8a30320c3c817102b511117fd6b80e2b5de6937cacd7d5b2435
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\light-blue-dots[1].png
image
MD5: 603a58ac94302644f89d0d17c73c1f59
SHA256: c70a7fee0fd5c1482a877c669f6d0fb9dadfcc12a727aed085c5ecfe976241bf
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ga[1].js
text
MD5: e9372f0ebbcf71f851e3d321ef2a8e5a
SHA256: 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ic_computer_white_24dp_2x[1].png
image
MD5: 78504d994c22249f5bc58496949cdf62
SHA256: b34bc81d254161c647d8d8bfec3a3fb6e332a0bb1d2ac12ad22c41c15c65e22a
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\wodVPN.dll.manifest
xml
MD5: b673a591f171c07e6eaf39025a4d8094
SHA256: 79d4386d55cbccf009800ac86af4d5366ed2984eddee020db2ef96503ef040aa
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\remote-support[1].png
image
MD5: 937d338b0201a0f6e8d5d5a127db2110
SHA256: 84c5c51ee50785b7e7a47b382bf5592c3656841b461e54f52fcf106325f59c3f
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ui.datepicker[1].css
text
MD5: 4663a45272bc95a9e7999103b233fdf8
SHA256: 8a5ecb9cf9bac4f3aaec0b3914e21a22ca6dc0c6954060403ecd128fa2c6bbed
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ui.progressbar[1].css
text
MD5: c302fab2906c786b4cec8df7970e4cb2
SHA256: d89506da55296c74436bad6b1102808d548ccdd948f74ca5ef56225ca4cdfd4f
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\0c8dfn20lo0id.res
text
MD5: bfb125c53f3321f7b27f0e57bd7ea7e7
SHA256: 6ca721a64646bff432f192ec594f9443d20db8ca108ea834f4493e6ba8a30e49
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\mm2.res
text
MD5: f5f3ec013c648439dd3a5e3f3fd518b9
SHA256: e52b378bb5cfb59a9936161f340456238a98965c07dfd2f5f801a95d92441379
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ui.tabs[1].css
text
MD5: 9b89f005055f72900e73ca689d2d3ea2
SHA256: f8f9cd83046b79aff7eb532d8faa035afef77b3730d455c6378da4373cb2039a
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ui.slider[1].css
text
MD5: 224d478712aa7addc59a6891d5db9f9e
SHA256: d28b065c2a4961cff116c413a9685b204cdef3c7a8b1c83bc7fbf0d79383ed89
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe.manifest
xml
MD5: 0f8c955c50712fb93e31199d87fd0c46
SHA256: 1b3f507f6b1fb6ef1bd14933d807958cda1d20981bb6a173281ab587960ab479
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ui.accordion[1].css
text
MD5: f9f6dc314c99503d328869a447fd3ee0
SHA256: 0f2c4cd843457b0b4ab272f6db77f65c188cb981aa4d428ae44755fac557e2bf
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\SMPCSetup.exe.config
xml
MD5: 68a661718919e393495f4634d2b5a6e9
SHA256: 59dbe72ef36e44cdd26377333d833d0eef8b5297c42d50eae81ca79948cea3e5
3044
ShowMyPC3520[1].exe
C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520[1]\settings.ini
text
MD5: 64d3a6d1366f2864599d904e01c6cc9d
SHA256: adc989a4ab444c8153c1647ff8dc25cccb73b0ad554951350fbaa5b67bd12495
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ui.dialog[1].css
text
MD5: 1450ea3b2d0244a864357719557d5c5d
SHA256: 2caf08678792467c418012677dbaac7146502d40ea42bea3298b6333b3bc9106
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ui.resizable[1].css
text
MD5: a91b7528cbbf7d45d86571fe1a446e7f
SHA256: 1722db88e841f8beea77adba59f201748e6f20e5dc1f8ffbac899b82e7bbd366
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ui.core[1].css
text
MD5: 1f8b9323acc054d6e22907871e14a815
SHA256: 97b56716e5c103beac37ba76b57c31bd20e7285af04146948f9dc09974ee7ff4
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: a101fe7bbea191c36002a6862bb90de2
SHA256: 91e0c6e07a31e60e0a44a6a4988c54703fee142e0ae5383c1b935c0109768a57
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 68372a8e2683b40aa9761209006951cc
SHA256: ffe93e1dfc50d9c71b5adb4eeb235a23a12c9b2bd4374459d4b7b8630d16b0f5
3272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHNMSH6I\ShowMyPC3520[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ShowMyPC3520[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ui.theme[1].css
text
MD5: 22179f609ede2c15e6610ee0713ece41
SHA256: f212eef09c1ed7b41b83e436bdeceaab1b15174c50fb8bce07802c12d3c266c0
3820
SMPCSetup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ui.base[1].css
text
MD5: b68871675bce768f26116a0c32b3e26e
SHA256: 11173a9591b6930db8da5c50207a961da2fbc0e626a40b1c988a6ba035be329e
3272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{6283C3DA-7718-11E9-A09E-5254004A04AF}.dat
binary
MD5: 99492f4f3a337951e6e7e1bd967ebc10
SHA256: 0dc36c2bb8a4ddf57e3294e90b7c32e11a0471a31ba50e13f67bf11e4800c6d0
3272
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC4492A1A12EBCFB8.TMP
––
MD5:  ––
SHA256:  ––
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30ZY04Z2\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: d8fe4f57f29442b8f0a36c4cebdeff5c
SHA256: 19609177ea43a759b704c9ec3a01a50b3ab779b817359a0e1eecb346f724d519
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00G3HUBI\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHNMSH6I\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4D1WAOBG\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3820
SMPCSetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
26
TCP/UDP connections
13
DNS requests
8
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3036 SMPCSetup.exe GET 200 67.27.234.126:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3036 SMPCSetup.exe GET –– 35.239.221.136:80 http://showmypc.com/app/about-us1.html?pv=3520 US
––
––
suspicious
3820 SMPCSetup.exe GET 200 91.199.212.52:80 http://crt.comodoca.com/COMODORSACodeSigningCA.crt GB
der
whitelisted
3820 SMPCSetup.exe GET 200 91.199.212.52:80 http://crt.comodoca.com/COMODORSAAddTrustCA.crt GB
der
whitelisted
3820 SMPCSetup.exe GET 200 35.239.221.136:80 http://showmypc.com/app/about-us1.html?pv=3520 US
html
suspicious
3820 SMPCSetup.exe GET 200 172.217.16.130:80 http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js US
text
whitelisted
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.all.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/jquery-1.11.2.min.js US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/ui/ui.core.js US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/ui/ui.tabs.js US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.base.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.theme.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.core.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.resizable.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.accordion.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.dialog.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.slider.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.tabs.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.datepicker.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/js/themes/base/ui.progressbar.css US
text
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/images/ic_computer_white_24dp_2x.png US
image
shared
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/images/metro/remote-support.png US
image
shared
3820 SMPCSetup.exe GET 200 35.239.221.136:80 http://showmypc.com/images/light-blue-dots.png US
image
suspicious
3820 SMPCSetup.exe GET 200 172.217.16.142:80 http://www.google-analytics.com/ga.js US
text
whitelisted
3820 SMPCSetup.exe GET 200 52.216.176.61:80 http://s3.showmypc.com/images/metro/screen-sharing-hosted.png US
image
shared
3820 SMPCSetup.exe GET 200 172.217.16.142:80 http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=157848626&utmhn=showmypc.com&utmcs=utf-8&utmsr=1280x720&utmvp=569x260&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=26.0%20r0&utmhid=448207331&utmr=-&utmp=%2Fapp%2Fabout-us1.html%3Fpv%3D3520&utmht=1557928257942&utmac=UA-3896280-1&utmcc=__utma%3D253651531.566677557.1557928257.1557928257.1557928257.1%3B%2B__utmz%3D253651531.1557928257.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=201193497&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3096 iexplore.exe 35.239.221.136:443 US suspicious
3272 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
3036 SMPCSetup.exe 91.199.212.52:80 Comodo CA Ltd GB unknown
3036 SMPCSetup.exe 67.27.234.126:80 Level 3 Communications, Inc. US unknown
–– –– 35.239.221.136:80 US suspicious
3036 SMPCSetup.exe 35.239.221.136:443 US suspicious
3820 SMPCSetup.exe 91.199.212.52:80 Comodo CA Ltd GB unknown
3820 SMPCSetup.exe 35.239.221.136:443 US suspicious
3820 SMPCSetup.exe 35.239.221.136:80 US suspicious
3820 SMPCSetup.exe 52.216.176.61:80 Amazon.com, Inc. US unknown
3820 SMPCSetup.exe 172.217.16.130:80 Google Inc. US unknown
3820 SMPCSetup.exe 172.217.16.142:80 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
download3.showmypc.com 35.239.221.136
suspicious
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
crt.comodoca.com 91.199.212.52
whitelisted
www.download.windowsupdate.com 67.27.234.126
8.253.95.249
67.27.157.254
67.27.234.254
8.253.207.121
whitelisted
showmypc.com 35.239.221.136
suspicious
s3.showmypc.com 52.216.176.61
unknown
pagead2.googlesyndication.com 172.217.16.130
whitelisted
www.google-analytics.com 172.217.16.142
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.