General Info

File name

msc.exe

Full analysis
https://app.any.run/tasks/2ef04e58-bf11-45a7-a6f4-b3d35f7fbdca
Verdict
Malicious activity
Analysis date
4/15/2019, 03:38:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

6e29d31df34039682cc74d6667281077

SHA1

8754b67952b2b7867195cc83de08783e31c0b632

SHA256

8c275b3d4f5a1f30d54ae7370f24f3d7cb0569aa0260b96da5018a58aa490f37

SSDEEP

24576:nnzABXFT5Nkp28OTkjPz+ynIAtuf+zsQ5jhozX3XSQ54Gli7vateD1Ax:nzukUZwb+ynttuf+zsAoB4ai7vUepA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • msclientae.exe (PID: 3368)
  • runfile.exe (PID: 880)
  • MakeLink.exe (PID: 2256)
  • myconnectionpc[1].exe (PID: 2352)
  • MakeLink.exe (PID: 3516)
  • msclientpe.exe (PID: 1256)
  • runfile.exe (PID: 3044)
Loads dropped or rewritten executable
  • java.exe (PID: 2488)
  • java.exe (PID: 2176)
  • java.exe (PID: 2664)
  • java.exe (PID: 2468)
  • java.exe (PID: 588)
  • java.exe (PID: 2780)
Downloads executable files from the Internet
  • iexplore.exe (PID: 2328)
Executable content was dropped or overwritten
  • java.exe (PID: 3648)
  • java.exe (PID: 280)
  • iexplore.exe (PID: 2328)
  • java.exe (PID: 2664)
  • java.exe (PID: 2312)
  • java.exe (PID: 2616)
  • java.exe (PID: 2780)
Uses IPCONFIG.EXE to discover IP address
  • java.exe (PID: 2488)
Creates a software uninstall entry
  • java.exe (PID: 2664)
  • java.exe (PID: 2780)
Creates files in the program directory
  • MakeLink.exe (PID: 2256)
  • java.exe (PID: 2664)
  • MakeLink.exe (PID: 3516)
  • java.exe (PID: 2780)
Starts Internet Explorer
  • java.exe (PID: 2468)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2328)
Creates files in the user directory
  • iexplore.exe (PID: 2328)
Reads internet explorer settings
  • iexplore.exe (PID: 2328)
Changes internet zones settings
  • iexplore.exe (PID: 2940)
Application launched itself
  • iexplore.exe (PID: 2940)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2005:12:19 19:55:35+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
6656
InitializedDataSize:
5632
UninitializedDataSize:
null
EntryPoint:
0x26c8
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Dec-2005 18:55:35
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
19-Dec-2005 18:55:35
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000185C 0x00001A00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.99769
.rdata 0x00003000 0x0000062A 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.11709
.data 0x00004000 0x000005A4 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.36038
.rsrc 0x00005000 0x00000608 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.97556
Resources
1

234

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

    MSVCRT.dll

Exports

    No exports.

Screenshots

Processes

Total processes
60
Monitored processes
22
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start drop and start drop and start download and start drop and start msc.exe no specs msc.exe java.exe makelink.exe no specs runfile.exe no specs java.exe java.exe no specs msclientpe.exe no specs java.exe java.exe no specs iexplore.exe iexplore.exe myconnectionpc[1].exe no specs java.exe makelink.exe no specs runfile.exe no specs java.exe java.exe no specs msclientae.exe no specs java.exe java.exe ipconfig.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2992
CMD
"C:\Users\admin\AppData\Local\Temp\msc.exe"
Path
C:\Users\admin\AppData\Local\Temp\msc.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\msc.exe
c:\systemroot\system32\ntdll.dll

PID
352
CMD
"C:\Users\admin\AppData\Local\Temp\msc.exe"
Path
C:\Users\admin\AppData\Local\Temp\msc.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\msc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
2780
CMD
java -mx256m jexepackboot ER "C:\Users\admin\AppData\Local\Temp\msc.exe" "C:\Users\admin\AppData\Local\Temp\X433160"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
msc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\x433160\jwin32v8.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\x433160\makelink.exe
c:\program files\myconnection pc lite edition\runfile.exe

PID
3516
CMD
"C:\Users\admin\AppData\Local\Temp\X433160\MakeLink" C:\Users\admin\AppData\Local\Temp\X433160\makelinks.txt
Path
C:\Users\admin\AppData\Local\Temp\X433160\MakeLink.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\x433160\makelink.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
3044
CMD
"C:\Program Files\MyConnection PC Lite Edition\runfile.exe" -Q* /install
Path
C:\Program Files\MyConnection PC Lite Edition\runfile.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\myconnection pc lite edition\runfile.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
2616
CMD
java -mx256m jexepackboot E "C:\Program Files\MyConnection PC Lite Edition\runfile.exe" "C:\Users\admin\AppData\Local\Temp\X438BE4" "/install"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
runfile.exe
User
admin
Integrity Level
HIGH
Exit code
12345
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll

PID
588
CMD
java -mx256m jexepackboot R "C:\Program Files\MyConnection PC Lite Edition\runfile.exe" "C:\Users\admin\AppData\Local\Temp\X438BE4" "/install"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
No indicators
Parent process
runfile.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\x438be4\vwwin32v12.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\program files\myconnection pc lite edition\msclientpe.exe

PID
1256
CMD
"C:\Program Files\MyConnection PC Lite Edition\msclientpe.exe"
Path
C:\Program Files\MyConnection PC Lite Edition\msclientpe.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\myconnection pc lite edition\msclientpe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
2312
CMD
java -mx256m jexepackboot E "C:\Program Files\MyConnection PC Lite Edition\msclientpe.exe" "C:\Users\admin\AppData\Local\Temp\X4394E8"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
msclientpe.exe
User
admin
Integrity Level
HIGH
Exit code
12345
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll

PID
2468
CMD
java -mx256m jexepackboot R "C:\Program Files\MyConnection PC Lite Edition\msclientpe.exe" "C:\Users\admin\AppData\Local\Temp\X4394E8"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
No indicators
Parent process
msclientpe.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\x4394e8\mswin32v15.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

PID
2940
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
2328
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2940 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\msi.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\myconnectionpc[1].exe
c:\windows\system32\wintrust.dll

PID
2352
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\myconnectionpc[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\myconnectionpc[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\myconnectionpc[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
2664
CMD
java -mx256m jexepackboot ER "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\myconnectionpc[1].exe" "C:\Users\admin\AppData\Local\Temp\X449930"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
myconnectionpc[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\x449930\jwin32v8.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\x449930\makelink.exe
c:\program files\myconnection pc\runfile.exe

PID
2256
CMD
"C:\Users\admin\AppData\Local\Temp\X449930\MakeLink" C:\Users\admin\AppData\Local\Temp\X449930\makelinks.txt
Path
C:\Users\admin\AppData\Local\Temp\X449930\MakeLink.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\x449930\makelink.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
880
CMD
"C:\Program Files\MyConnection PC\runfile.exe" -Q* /install
Path
C:\Program Files\MyConnection PC\runfile.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\myconnection pc\runfile.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
280
CMD
java -mx256m jexepackboot E "C:\Program Files\MyConnection PC\runfile.exe" "C:\Users\admin\AppData\Local\Temp\X44E370" "/install"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
runfile.exe
User
admin
Integrity Level
HIGH
Exit code
12345
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll

PID
2176
CMD
java -mx256m jexepackboot R "C:\Program Files\MyConnection PC\runfile.exe" "C:\Users\admin\AppData\Local\Temp\X44E370" "/install"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
No indicators
Parent process
runfile.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\x44e370\vwwin32v12.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\program files\myconnection pc\msclientae.exe

PID
3368
CMD
"C:\Program Files\MyConnection PC\msclientae.exe"
Path
C:\Program Files\MyConnection PC\msclientae.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\program files\myconnection pc\msclientae.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
3648
CMD
java -mx256m jexepackboot E "C:\Program Files\MyConnection PC\msclientae.exe" "C:\Users\admin\AppData\Local\Temp\X44FD28"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
msclientae.exe
User
admin
Integrity Level
HIGH
Exit code
12345
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll

PID
2488
CMD
java -mx256m jexepackboot R "C:\Program Files\MyConnection PC\msclientae.exe" "C:\Users\admin\AppData\Local\Temp\X44FD28"
Path
C:\ProgramData\Oracle\Java\javapath\java.exe
Indicators
Parent process
msclientae.exe
User
admin
Integrity Level
HIGH
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\x44fd28\mswin32v15.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\program files\java\jre1.8.0_92\bin\t2k.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\java\jre1.8.0_92\bin\dcpr.dll
c:\windows\system32\ipconfig.exe

PID
3852
CMD
ipconfig.exe /all
Path
C:\Windows\system32\ipconfig.exe
Indicators
No indicators
Parent process
java.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
IP Configuration Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ipconfig.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qagent.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll

Registry activity

Total events
1219
Read events
1131
Write events
88
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040001000F00010026003800D101
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
20
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F00010026003800F001
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
80
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040001000F000100260038003E02
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
37
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2328
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
0904
2328
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041520190416
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CachePrefix
:2019041520190416:
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CacheLimit
8192
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CacheOptions
11
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CacheRepair
0
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040001000F00010027000800C90100000000
2328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2780
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
java.exe
2780
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msclientpe.exe
C:\Program Files\MyConnection PC Lite Edition\msclientpe.exe
2780
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msclientpe.exe
Path
C:\Program Files\MyConnection PC Lite Edition
2780
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyConnection PC Lite Edition
DisplayName
MyConnection PC Lite Edition
2780
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyConnection PC Lite Edition
UninstallString
"C:\Program Files\MyConnection PC Lite Edition\Uninstall.exe" "C:\Program Files\MyConnection PC Lite Edition"
588
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
588
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2468
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
java.exe
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{3AFADDDB-5F1F-11E9-B63D-5254004A04AF}
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040001000F000100260038002501
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040001000F000100260038002501
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
825697FE2BF3D401
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
DCB899FE2BF3D401
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2664
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
java.exe
2664
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msclientae.exe
C:\Program Files\MyConnection PC\msclientae.exe
2664
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msclientae.exe
Path
C:\Program Files\MyConnection PC
2664
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyConnection PC
DisplayName
MyConnection PC
2664
java.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyConnection PC
UninstallString
"C:\Program Files\MyConnection PC\Uninstall.exe" "C:\Program Files\MyConnection PC"
2176
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2176
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2488
java.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
java.exe

Files activity

Executable files
21
Suspicious files
7
Text files
236
Unknown types
25

Dropped files

PID
Process
Filename
Type
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\MakeLink.exe
executable
MD5: 61c2c167ac821487c6ee506b7bdd9f10
SHA256: 740658ec880397cd4b96dd8fd9b12e94c6c4f643a85965ea89fca573e406dd02
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\msclientpe.exe
executable
MD5: 62d7e0c23c71ac4ef90e052b6379112f
SHA256: 5e1feca8ea75f28ff559e0478e4b72819fafc733d6ce1411bc8e690206e853e2
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\Uninstall.exe
executable
MD5: b4fca8a5b1b357bf9e2b7a279827b8b4
SHA256: acd3a51dde4e1822b4ca2bccb0968cfa307bb94d8eb0575350aaa18696157ab4
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\runfile.exe
executable
MD5: a06dda493373fe4e07b2f719384b438e
SHA256: 359c9a830a45f50e8997b8b33344cd0a7c045cdc42b57c57b7bfbb2edf265781
2616
java.exe
C:\Users\admin\AppData\Local\Temp\X438BE4\vwwin32v12.dll
executable
MD5: a932941790e6ab4660b8db5693d829c4
SHA256: 578981e17ec59e85e2fa1ade886d694f1a0ac696f64f5526deeda497ad0dcd66
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\runfile.exe
executable
MD5: a06dda493373fe4e07b2f719384b438e
SHA256: 359c9a830a45f50e8997b8b33344cd0a7c045cdc42b57c57b7bfbb2edf265781
2664
java.exe
C:\Program Files\MyConnection PC\msclientae.exe
executable
MD5: cddfe47d9cb57d33819c901e1d5aac1a
SHA256: 6a2752ba8b72432b0b5e665e6f60e9f05854dface35dc4a0355588110bfcacdb
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\msclientpe.exe
executable
MD5: 62d7e0c23c71ac4ef90e052b6379112f
SHA256: 5e1feca8ea75f28ff559e0478e4b72819fafc733d6ce1411bc8e690206e853e2
2664
java.exe
C:\Program Files\MyConnection PC\runfile.exe
executable
MD5: 478a7e5f04422340317ffa35fd877200
SHA256: 2248c9b32669de70b4964dcad75e150f098319866681daf9743c22102173abef
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\Uninstall.exe
executable
MD5: b4fca8a5b1b357bf9e2b7a279827b8b4
SHA256: acd3a51dde4e1822b4ca2bccb0968cfa307bb94d8eb0575350aaa18696157ab4
2312
java.exe
C:\Users\admin\AppData\Local\Temp\X4394E8\mswin32v15.dll
executable
MD5: b0c2a6f970a95740d9f369b170bf3368
SHA256: 5571d77cc136a5e35cd68a052fe7b5646ec68d7e79d14f97e5c9443061825b33
280
java.exe
C:\Users\admin\AppData\Local\Temp\X44E370\vwwin32v12.dll
executable
MD5: a932941790e6ab4660b8db5693d829c4
SHA256: 578981e17ec59e85e2fa1ade886d694f1a0ac696f64f5526deeda497ad0dcd66
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\runfile.exe
executable
MD5: 478a7e5f04422340317ffa35fd877200
SHA256: 2248c9b32669de70b4964dcad75e150f098319866681daf9743c22102173abef
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\jwin32v8.dll
executable
MD5: 6c213f6dfa2d3a4e5187ec97d3f89878
SHA256: a3d01d7d138a918be744c0e2ef624eaab315951f2890345d851de2cb6f3bdc83
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\jwin32v8.dll
executable
MD5: 6c213f6dfa2d3a4e5187ec97d3f89878
SHA256: a3d01d7d138a918be744c0e2ef624eaab315951f2890345d851de2cb6f3bdc83
3648
java.exe
C:\Users\admin\AppData\Local\Temp\X44FD28\mswin32v15.dll
executable
MD5: b0c2a6f970a95740d9f369b170bf3368
SHA256: 5571d77cc136a5e35cd68a052fe7b5646ec68d7e79d14f97e5c9443061825b33
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\MakeLink.exe
executable
MD5: 61c2c167ac821487c6ee506b7bdd9f10
SHA256: 740658ec880397cd4b96dd8fd9b12e94c6c4f643a85965ea89fca573e406dd02
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\myconnectionpc[1].exe
executable
MD5: b5f774de19773cdf2919262b23129e28
SHA256: 886cf9c517cd73b5d4b5b85564638ea5fd7931733eb676da628f1b006c1a489f
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\Uninstall.exe
executable
MD5: b4fca8a5b1b357bf9e2b7a279827b8b4
SHA256: acd3a51dde4e1822b4ca2bccb0968cfa307bb94d8eb0575350aaa18696157ab4
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\msclientae.exe
executable
MD5: cddfe47d9cb57d33819c901e1d5aac1a
SHA256: 6a2752ba8b72432b0b5e665e6f60e9f05854dface35dc4a0355588110bfcacdb
2664
java.exe
C:\Program Files\MyConnection PC\Uninstall.exe
executable
MD5: b4fca8a5b1b357bf9e2b7a279827b8b4
SHA256: acd3a51dde4e1822b4ca2bccb0968cfa307bb94d8eb0575350aaa18696157ab4
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\bottomborder[1].gif
image
MD5: 3c9d01720adb8c21aa41575865b99593
SHA256: a451cadd4a190f699c1966c259731592e18b79e2eb070ff57cdf1e4f4d052f5f
2488
java.exe
C:\Users\admin\MyConnection PC\8BC3C92EE46BB05186D5D97EEFF2941A173D8F7F\myspeed.ini
text
MD5: f56f777c5fd3d66729b4a5383a3a066d
SHA256: ab9969f2d5eac8e3128c4a90945bb221ed75180dbcee29a7f18b3bed403fd13a
280
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 046c5acda6b6dfc3fd6371d37a033fe7
SHA256: 43e185936940e026faceebedc7985c4a6478b6df9bc3d0a01f1b983c16fb9867
880
runfile.exe
C:\Users\admin\AppData\Local\Temp\X44E370\jexepackboot.class
class
MD5: eec36e37cea2a02ed0ad4d29f4402293
SHA256: 5189cd87e4d46dab11e7e204bde8adaf9226346c7428085fe182a380764a882e
2664
java.exe
C:\Program Files\MyConnection PC\uninstall.lst
text
MD5: e72c1cd6812e01b62e7418a8845bdc59
SHA256: 1da6c56899d40940ed31a45c8c0ce1e1975b48b3af13142ae3ce21b154b33efe
2256
MakeLink.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyConnection PC\Uninstall.lnk
lnk
MD5: e338235e0bfa956ed7e2b57ab982e373
SHA256: e5b6b35099383a01ee56fa7d1e7cba6dfa309f9ae1f7aa786d9d0c92b7f270a2
2256
MakeLink.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyConnection PC\MyConnection PC.lnk
lnk
MD5: 4172c1b7aea6a543f9d065b3caf93bb8
SHA256: e1a1ecb3352c1ff6acee045673489448ead2094e8004495a17eb9cdf196b0cf9
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\makelinks.txt
text
MD5: c607e44ae660044c865d4188f16dcb24
SHA256: e976560ca0016c50c03e1050f83e184ab67b1e36fa2e0faed0bb248c9955915c
2664
java.exe
C:\Users\admin\MyConnection PC-Path
text
MD5: 3551159e39680f2706d12ab97020c019
SHA256: 408837cf47c8efc94a7c6051e3f2f0837d6caba66cc527db6464e395ba0e50bc
2488
java.exe
C:\Users\admin\MyConnection PC\8BC3C92EE46BB05186D5D97EEFF2941A173D8F7F\cid.bin
text
MD5: 0e82008619d7bec7f6b9cdb5a734da76
SHA256: 20481df27c7f3f64fd08f86e15422278c34b42b3f421a5ac54784dd7ef2da651
2664
java.exe
C:\Program Files\MyConnection PC\images\welcome.gif
image
MD5: e20c0b993143f0d4fd5bfe59e29d0c21
SHA256: ccf7a7288f261ca3405cbca2ffd28ad10e58c7aa3527b9993a56b4df884156c5
2488
java.exe
C:\Users\admin\AppData\Local\Temp\X44FD28\Jz.Ky.Tx
abr
MD5: 6d0bb00954ceb7fbee436bb55a8397a9
SHA256: cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3
2664
java.exe
C:\Program Files\MyConnection PC\license.html
html
MD5: 8ff8d45474fa93387732372ebddd6c95
SHA256: bd8815acf5169209fc878f01d7ee62c907e09455a0ba62ea1e3fe71beebef8c1
2488
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 30edb65a15e16c003011c209e023049f
SHA256: df5b6df08e589d5a643ea81a26f6d66e467e7bc9da9fee647c4f95e4621ea3c5
2664
java.exe
C:\Program Files\MyConnection PC\images\stop.gif
image
MD5: ac34b99878f9421911e5ce3d37c16779
SHA256: 5b1c8b03c7d9a583cd240fa5eac7d64bef66eb394f52bb5c5fc736535f09986e
2664
java.exe
C:\Program Files\MyConnection PC\images\simplevoip.png
image
MD5: 3798001d7cb16203c294b05437ec4ded
SHA256: d687784a6f1f0bcbc98ad7e0ad13eded8c6cbe9bf32c37cc1b0b2adb8d668340
2664
java.exe
C:\Program Files\MyConnection PC\images\simplespeed.png
image
MD5: eb5b594f524b8c138dbb689064801404
SHA256: 6794841832c74376d9b4e9b3879bbc59b9315f0f078a0a83a172f8b7d079f1bc
2664
java.exe
C:\Program Files\MyConnection PC\images\vrlogolarge.gif
image
MD5: 8e3dde9c342e48364ad55bee8786ba48
SHA256: 68eb368f16b1862c3adba112715e2f6029644b92e6f6efb01bd1aa3fa4029de4
2664
java.exe
C:\Program Files\MyConnection PC\images\smallreport.gif
image
MD5: f6a29a4dc3936d346cb4e49817e84267
SHA256: 8326972acaa1e65a1132af5b3671cbe93f4dbe39e108be30ee3945013b9495e1
2664
java.exe
C:\Program Files\MyConnection PC\images\timevar.png
image
MD5: 2139b6bc69be2eaa00ab48a98c297288
SHA256: a4af1e92debbaace25283062bd403d2add936606679b2da21213434532c82522
2664
java.exe
C:\Program Files\MyConnection PC\images\speedquality.png
image
MD5: 301796b9d81e2ae191a943207f214e5c
SHA256: 5adefa9a14398931e2164bd68f298a7cc78567845b23076734c91ec696e68e59
2664
java.exe
C:\Program Files\MyConnection PC\images\trace.png
image
MD5: b6d8e5c57b4b762b0c8135349986bc87
SHA256: 563f6dca330ed2c2dbb51a14bbe53528def6fce84e76e4693c547052a861f18e
2664
java.exe
C:\Program Files\MyConnection PC\images\voip.png
image
MD5: 1117491107e43c17167e5a34f98a8b46
SHA256: 429e31fd5fc24870f8564f293b85c2e662b9145f489fdec13e6b5d94933e085f
2664
java.exe
C:\Program Files\MyConnection PC\images\table.gif
image
MD5: acb53c5c0cb3cc713b26904d8c24ca85
SHA256: 5e9df453136b63ef95ad95042ffdafb4d45347b44bca717b1f882e6ed68dea89
2664
java.exe
C:\Program Files\MyConnection PC\images\speedtest.gif
image
MD5: 96123ef1968efa74b93869753fa59a1a
SHA256: 3d99c0a4422af10139c92af46409645fe28fcac080adb37c1852efd0f06c45b6
2664
java.exe
C:\Program Files\MyConnection PC\images\overview.png
image
MD5: 3e2a5b12613b4203835c9620ee1fc166
SHA256: de98f7f1472ece373fb9dac53cab031bd7d7bc27b1f1a2f166fe7da604c266d2
2664
java.exe
C:\Program Files\MyConnection PC\images\panelrestore.gif
image
MD5: ab6efc97aa68abf652827c278b948894
SHA256: 93173ff8aeb8cf3b6950bb0391d911e196967a979ec60d4e376c262e37f6f5f0
2664
java.exe
C:\Program Files\MyConnection PC\images\route.png
image
MD5: cf87eb15819866cc0d8d290f596e7281
SHA256: 0a86fd9f431dcbd47e862d73aecf0d1f314723dd4637c7bd3cad844b6c6d3529
2664
java.exe
C:\Program Files\MyConnection PC\images\report.gif
image
MD5: d461854a48810c248845a5dfe8110c2f
SHA256: 3d8eba88839261a573865823fed21f7b8d16d5c989b0dbb335b3332bd6dfed8b
2664
java.exe
C:\Program Files\MyConnection PC\images\managed.png
image
MD5: 999256f6ae9d8cfebadcf2cc711f1792
SHA256: b04543f0a3ac9a125b3b69ebb2419faa7a8e8d5d30f23d4efbf8a6274b77cd04
2664
java.exe
C:\Program Files\MyConnection PC\images\logospin.gif
image
MD5: 8d380e8de43bba4db712a30d009cb615
SHA256: 989cf522e7620bf48e8360fb6fbb9d6158acd9f3f30e8898762e4029edd8956d
2664
java.exe
C:\Program Files\MyConnection PC\images\panelclose.gif
image
MD5: a62894062bcb2a0d5aae92d20848395d
SHA256: 1e362bd22a88c719e4f52936796d4d2b20bcda3de1768bf28007d3e53a353c50
2664
java.exe
C:\Program Files\MyConnection PC\images\export.gif
image
MD5: ddb1c33971895e892dc653081c601e0e
SHA256: 9956bc1faec1f26ad83f5242c95ee1c8c67c41a2e335185a57e206559c25ad54
2664
java.exe
C:\Program Files\MyConnection PC\images\helpmainqmark.gif
image
MD5: 737203b616db99313d58b173a463f554
SHA256: 3ddeac7291774a1223c60f052da809c6cb8f7c330c0f7d85cd429083c6a6d1bd
2664
java.exe
C:\Program Files\MyConnection PC\images\go.gif
image
MD5: 6efdecec4f00d1502efb3bcc253b00c7
SHA256: 8d70de209078c37ca723b0d15124dcd11b136e28b05d068cd7e9ff76894d27a3
2664
java.exe
C:\Program Files\MyConnection PC\images\graph.gif
image
MD5: e02f8d91bd7022fcaac649e1c662d194
SHA256: 732239ff6b2728bd26c798b690893cf7faa7b51b51c424998dde958015eaf939
2664
java.exe
C:\Program Files\MyConnection PC\images\info.png
image
MD5: 34a548b6b372fa4c5c80f95375bb5e12
SHA256: b06272be879ddd8365f645c68855d5f66cccc7c3704cf78fc422f3f4c95a90c5
2664
java.exe
C:\Program Files\MyConnection PC\images\helpqmark.gif
image
MD5: b2b7e1142dd4af4c34744a3be60486fa
SHA256: 50000edf37addd9c23d3582242020b8f471bb518c5e70d9a589b0cadd9a645d5
2664
java.exe
C:\Program Files\MyConnection PC\images\icon16.png
image
MD5: 5fc9be843c88fa3101d668678e2cd1fd
SHA256: 7c72440ef4af36c91a36081540efb97cdd280dcdeb952ff03a3fdab15452cf9a
2664
java.exe
C:\Program Files\MyConnection PC\images\icon64.png
image
MD5: 9e577a34b6d2536dac57d47c9e5aa2fb
SHA256: ca531415a803ee52ae84299f403a2819af209283c25f51c585857ff195f8b7f1
2664
java.exe
C:\Program Files\MyConnection PC\images\forcedidle.png
image
MD5: e3f6aee6c7da6c10a481edd8cfef313b
SHA256: 6e91907eef0a66db4991ea16bc4fcabd595f82a6371b8e90f582ae7f44d9d9d1
2664
java.exe
C:\Program Files\MyConnection PC\images\dashboard.gif
image
MD5: b332954f71b76811f37298b74595e5c0
SHA256: aaba86ff93477b7f628a72ba8175b01e22aa319278254c2e4a7d048fdddbaf33
2664
java.exe
C:\Program Files\MyConnection PC\images\dashview.gif
image
MD5: 01f4e02cf81c05b6448bdf3384ad7f24
SHA256: 91361cc9dd2ff9b541890acd1e6fad596f0a3393867144f89b28e79ab066f8ba
2664
java.exe
C:\Program Files\MyConnection PC\images\error.gif
image
MD5: 6e84a0a678de0d4e0c177af85f9206b5
SHA256: 0089ad9bf10e88bc01bbbfaeb79513af4310a66797557403017d45e2cfbd99c9
2664
java.exe
C:\Program Files\MyConnection PC\images\email.gif
image
MD5: 3dc9a2334be94605f30393820c71ba55
SHA256: abae4bc890304b19bdcd78c6bfd0516ae7b7bbb8da59eb420c72cc68f17212ac
2664
java.exe
C:\Program Files\MyConnection PC\images\errormo.gif
image
MD5: 71fbc2cb48a08f7019d8aef7d9d74537
SHA256: 39e5923e6495e8face698cda23d91ccc34f03662991f3100ea5671ad252d6196
2664
java.exe
C:\Program Files\MyConnection PC\images\capspeed.png
image
MD5: b475052d529b4362c014ad3cdea2a83c
SHA256: d221b5c0b8522f3e2b9df0c520e82a2324744615187e1d888671074c1e3f4daf
2664
java.exe
C:\Program Files\MyConnection PC\images\boxvoip.gif
image
MD5: b91c6daaf5ffee60d6f18573f811f1fa
SHA256: c8a68edf94448f8dcdef13a3adb3d672b8ce85cbddc534d16b76a03049998db6
2664
java.exe
C:\Program Files\MyConnection PC\images\cols.gif
image
MD5: 6519ed40932e09582d487f6f79a04237
SHA256: a9e9442a63b8311fc3bfb47fd111a9d6fcac2d761c566ed0253fee42ebde3659
2664
java.exe
C:\Program Files\MyConnection PC\images\classicview.gif
image
MD5: 96123ef1968efa74b93869753fa59a1a
SHA256: 3d99c0a4422af10139c92af46409645fe28fcac080adb37c1852efd0f06c45b6
2664
java.exe
C:\Program Files\MyConnection PC\images\boxbus.gif
image
MD5: 003de4b1117e11fd67e482ba9ef59064
SHA256: 0e077a5198f01c8a93ffd7d23aa6d8ef74dc6d868b9bdbe56220bca46bf5ffc9
2664
java.exe
C:\Program Files\MyConnection PC\images\box.gif
image
MD5: 23d45c4644bd54e332ad16cfbe46965c
SHA256: ac3149104b576be880d22d3d6c8c557dd754580366882f58b5bf56bb7c074a9c
2664
java.exe
C:\Program Files\MyConnection PC\images\boxbplus.gif
image
MD5: fced62ada3316a19d147fa4abe4d3b25
SHA256: 473f86d0dbaf232150053e1129b066f525b556296db7b2cd07c0daa8227733f4
2664
java.exe
C:\Program Files\MyConnection PC\images\boxadv.gif
image
MD5: bc3bfdb8b52be8eebdf1a2d7d537acd4
SHA256: dbb7b594a4a3b6901189f8df6dc6ae116f6f913a1082331e34ceaee0dccbf0cd
2664
java.exe
C:\Program Files\MyConnection PC\images\bighelp.png
image
MD5: 6fabd0b73af26ab1a3495802d8e3988d
SHA256: 40488afbf88d461a0b8373aa75eed802ed00a85a95fd7db5080b3a65be6b373c
2664
java.exe
C:\Program Files\MyConnection PC\images\appspeed.png
image
MD5: 9ffa59fac67307b3c01cfafdf76b638a
SHA256: 9b89402fc008806cd178c05ce1338bf491d704172a6f6a6e88dcc92ff6ac9263
2664
java.exe
C:\Program Files\MyConnection PC\images\bar.gif
image
MD5: f1d8bdfc50205b893834a3919414cf8f
SHA256: b5101197581b47175a1ca5e0603fecb34cca5f8c74e0a09d7baac6d1896269f0
2664
java.exe
C:\Program Files\MyConnection PC\images\back.gif
image
MD5: 32a00e6f98d5e4329e3751009e0a173d
SHA256: ba55aed9e958163ef7fa7d5bd69f129f0acfa4c970545bb36a19719ae1ce6163
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\Jz.Ky.Tx
abr
MD5: 6d0bb00954ceb7fbee436bb55a8397a9
SHA256: cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3
3648
java.exe
C:\Users\admin\AppData\Local\Temp\X44FD28\java.jar
compressed
MD5: e4f75ef5a892632562d46bbee8b33a86
SHA256: 45f8eae6e8024c2c47b97b205d7987e74a9a0b5cf75aad388365f464d572cfe5
2488
java.exe
C:\Users\admin\vw\CO9C4VE3BNK4JUK4ZHY0U01BWJX4D09
text
MD5: 26949870b77ce8bccb1d4f5fc079094b
SHA256: f5db610185e114293b32ec41c3b680cdbdc69c591249b5f40dc2f6eeac76df4a
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\voip.png
image
MD5: 1117491107e43c17167e5a34f98a8b46
SHA256: 429e31fd5fc24870f8564f293b85c2e662b9145f489fdec13e6b5d94933e085f
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\email.gif
image
MD5: 3dc9a2334be94605f30393820c71ba55
SHA256: abae4bc890304b19bdcd78c6bfd0516ae7b7bbb8da59eb420c72cc68f17212ac
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\report.gif
image
MD5: d461854a48810c248845a5dfe8110c2f
SHA256: 3d8eba88839261a573865823fed21f7b8d16d5c989b0dbb335b3332bd6dfed8b
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\classicview.gif
image
MD5: 96123ef1968efa74b93869753fa59a1a
SHA256: 3d99c0a4422af10139c92af46409645fe28fcac080adb37c1852efd0f06c45b6
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\logospin.gif
image
MD5: 8d380e8de43bba4db712a30d009cb615
SHA256: 989cf522e7620bf48e8360fb6fbb9d6158acd9f3f30e8898762e4029edd8956d
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\go.gif
image
MD5: 6efdecec4f00d1502efb3bcc253b00c7
SHA256: 8d70de209078c37ca723b0d15124dcd11b136e28b05d068cd7e9ff76894d27a3
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\forcedidle.png
image
MD5: e3f6aee6c7da6c10a481edd8cfef313b
SHA256: 6e91907eef0a66db4991ea16bc4fcabd595f82a6371b8e90f582ae7f44d9d9d1
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\dashview.gif
image
MD5: 01f4e02cf81c05b6448bdf3384ad7f24
SHA256: 91361cc9dd2ff9b541890acd1e6fad596f0a3393867144f89b28e79ab066f8ba
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\errormo.gif
image
MD5: 71fbc2cb48a08f7019d8aef7d9d74537
SHA256: 39e5923e6495e8face698cda23d91ccc34f03662991f3100ea5671ad252d6196
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\table.gif
image
MD5: acb53c5c0cb3cc713b26904d8c24ca85
SHA256: 5e9df453136b63ef95ad95042ffdafb4d45347b44bca717b1f882e6ed68dea89
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\stop.gif
image
MD5: ac34b99878f9421911e5ce3d37c16779
SHA256: 5b1c8b03c7d9a583cd240fa5eac7d64bef66eb394f52bb5c5fc736535f09986e
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\simplespeed.png
image
MD5: eb5b594f524b8c138dbb689064801404
SHA256: 6794841832c74376d9b4e9b3879bbc59b9315f0f078a0a83a172f8b7d079f1bc
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\timevar.png
image
MD5: 2139b6bc69be2eaa00ab48a98c297288
SHA256: a4af1e92debbaace25283062bd403d2add936606679b2da21213434532c82522
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\simplevoip.png
image
MD5: 3798001d7cb16203c294b05437ec4ded
SHA256: d687784a6f1f0bcbc98ad7e0ad13eded8c6cbe9bf32c37cc1b0b2adb8d668340
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\graph.gif
image
MD5: e02f8d91bd7022fcaac649e1c662d194
SHA256: 732239ff6b2728bd26c798b690893cf7faa7b51b51c424998dde958015eaf939
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\panelclose.gif
image
MD5: a62894062bcb2a0d5aae92d20848395d
SHA256: 1e362bd22a88c719e4f52936796d4d2b20bcda3de1768bf28007d3e53a353c50
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\welcome.gif
image
MD5: e20c0b993143f0d4fd5bfe59e29d0c21
SHA256: ccf7a7288f261ca3405cbca2ffd28ad10e58c7aa3527b9993a56b4df884156c5
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\error.gif
image
MD5: 6e84a0a678de0d4e0c177af85f9206b5
SHA256: 0089ad9bf10e88bc01bbbfaeb79513af4310a66797557403017d45e2cfbd99c9
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\managed.png
image
MD5: 999256f6ae9d8cfebadcf2cc711f1792
SHA256: b04543f0a3ac9a125b3b69ebb2419faa7a8e8d5d30f23d4efbf8a6274b77cd04
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\helpmainqmark.gif
image
MD5: 737203b616db99313d58b173a463f554
SHA256: 3ddeac7291774a1223c60f052da809c6cb8f7c330c0f7d85cd429083c6a6d1bd
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\icon16.png
image
MD5: 5fc9be843c88fa3101d668678e2cd1fd
SHA256: 7c72440ef4af36c91a36081540efb97cdd280dcdeb952ff03a3fdab15452cf9a
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\route.png
image
MD5: cf87eb15819866cc0d8d290f596e7281
SHA256: 0a86fd9f431dcbd47e862d73aecf0d1f314723dd4637c7bd3cad844b6c6d3529
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\speedquality.png
image
MD5: 301796b9d81e2ae191a943207f214e5c
SHA256: 5adefa9a14398931e2164bd68f298a7cc78567845b23076734c91ec696e68e59
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\panelrestore.gif
image
MD5: ab6efc97aa68abf652827c278b948894
SHA256: 93173ff8aeb8cf3b6950bb0391d911e196967a979ec60d4e376c262e37f6f5f0
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\export.gif
image
MD5: ddb1c33971895e892dc653081c601e0e
SHA256: 9956bc1faec1f26ad83f5242c95ee1c8c67c41a2e335185a57e206559c25ad54
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\dashboard.gif
image
MD5: b332954f71b76811f37298b74595e5c0
SHA256: aaba86ff93477b7f628a72ba8175b01e22aa319278254c2e4a7d048fdddbaf33
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\trace.png
image
MD5: b6d8e5c57b4b762b0c8135349986bc87
SHA256: 563f6dca330ed2c2dbb51a14bbe53528def6fce84e76e4693c547052a861f18e
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\boxbplus.gif
image
MD5: fced62ada3316a19d147fa4abe4d3b25
SHA256: 473f86d0dbaf232150053e1129b066f525b556296db7b2cd07c0daa8227733f4
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\info.png
image
MD5: 34a548b6b372fa4c5c80f95375bb5e12
SHA256: b06272be879ddd8365f645c68855d5f66cccc7c3704cf78fc422f3f4c95a90c5
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\license.html
html
MD5: 8ff8d45474fa93387732372ebddd6c95
SHA256: bd8815acf5169209fc878f01d7ee62c907e09455a0ba62ea1e3fe71beebef8c1
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\overview.png
image
MD5: 3e2a5b12613b4203835c9620ee1fc166
SHA256: de98f7f1472ece373fb9dac53cab031bd7d7bc27b1f1a2f166fe7da604c266d2
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\speedtest.gif
image
MD5: 96123ef1968efa74b93869753fa59a1a
SHA256: 3d99c0a4422af10139c92af46409645fe28fcac080adb37c1852efd0f06c45b6
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\smallreport.gif
image
MD5: f6a29a4dc3936d346cb4e49817e84267
SHA256: 8326972acaa1e65a1132af5b3671cbe93f4dbe39e108be30ee3945013b9495e1
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\icon64.png
image
MD5: 9e577a34b6d2536dac57d47c9e5aa2fb
SHA256: ca531415a803ee52ae84299f403a2819af209283c25f51c585857ff195f8b7f1
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\bar.gif
image
MD5: f1d8bdfc50205b893834a3919414cf8f
SHA256: b5101197581b47175a1ca5e0603fecb34cca5f8c74e0a09d7baac6d1896269f0
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\helpqmark.gif
image
MD5: b2b7e1142dd4af4c34744a3be60486fa
SHA256: 50000edf37addd9c23d3582242020b8f471bb518c5e70d9a589b0cadd9a645d5
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\appspeed.png
image
MD5: 9ffa59fac67307b3c01cfafdf76b638a
SHA256: 9b89402fc008806cd178c05ce1338bf491d704172a6f6a6e88dcc92ff6ac9263
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\back.gif
image
MD5: 32a00e6f98d5e4329e3751009e0a173d
SHA256: ba55aed9e958163ef7fa7d5bd69f129f0acfa4c970545bb36a19719ae1ce6163
3648
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 30edb65a15e16c003011c209e023049f
SHA256: df5b6df08e589d5a643ea81a26f6d66e467e7bc9da9fee647c4f95e4621ea3c5
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\boxbus.gif
image
MD5: 003de4b1117e11fd67e482ba9ef59064
SHA256: 0e077a5198f01c8a93ffd7d23aa6d8ef74dc6d868b9bdbe56220bca46bf5ffc9
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\box.gif
image
MD5: 23d45c4644bd54e332ad16cfbe46965c
SHA256: ac3149104b576be880d22d3d6c8c557dd754580366882f58b5bf56bb7c074a9c
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\vrlogolarge.gif
image
MD5: 8e3dde9c342e48364ad55bee8786ba48
SHA256: 68eb368f16b1862c3adba112715e2f6029644b92e6f6efb01bd1aa3fa4029de4
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\boxvoip.gif
image
MD5: b91c6daaf5ffee60d6f18573f811f1fa
SHA256: c8a68edf94448f8dcdef13a3adb3d672b8ce85cbddc534d16b76a03049998db6
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\bighelp.png
image
MD5: 6fabd0b73af26ab1a3495802d8e3988d
SHA256: 40488afbf88d461a0b8373aa75eed802ed00a85a95fd7db5080b3a65be6b373c
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\boxadv.gif
image
MD5: bc3bfdb8b52be8eebdf1a2d7d537acd4
SHA256: dbb7b594a4a3b6901189f8df6dc6ae116f6f913a1082331e34ceaee0dccbf0cd
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\cols.gif
image
MD5: 6519ed40932e09582d487f6f79a04237
SHA256: a9e9442a63b8311fc3bfb47fd111a9d6fcac2d761c566ed0253fee42ebde3659
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\src\images\capspeed.png
image
MD5: b475052d529b4362c014ad3cdea2a83c
SHA256: d221b5c0b8522f3e2b9df0c520e82a2324744615187e1d888671074c1e3f4daf
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\install.ini
text
MD5: 69113406a3dbd03ab0a54b311bf4c3ca
SHA256: 4a1d946e5bd9ddf43f26c3d25ad0c757a37e5b77c047bcd02d50f4a7fbcd2cfe
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\packlist.txt
text
MD5: 3aabbede4df26fd372f6ac261d843143
SHA256: 8177a7790d3fe9f14a4bc78b6af4ae32e1f1577ba4e6c33452d496e39022e0a3
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3AFADDDB-5F1F-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\LicenseAgreement.class
class
MD5: 4b5933a6927997f56f7b4623cac4be5f
SHA256: 26c6d5ea64f4fc3ae29530f27e7c0337545e5e974001e60288a5e214056e1cd2
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\Win32.class
class
MD5: 9b299f75002e0026cba02f210287a8de
SHA256: 6e8a613be31eade2ec96cfb34bf766cf79cf15d25191efd3dcf77445bf144d23
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\InstallProgram.class
class
MD5: de2285f6ab634a218f84f800745fe976
SHA256: 2551d118b491ff1b7ead4a5b50ba9226198e188364e4ccdf38dd52112b7de524
2664
java.exe
C:\Users\admin\AppData\Local\Temp\X449930\MessageBox.class
class
MD5: a78fc2f749d70ca7f2ef8664ddeda18e
SHA256: 096b10f1b702895ad69681746f9f5195fbd1e41e8f0c973bcdfaa00b9ced725f
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF3BBB67ADDBC50A22.TMP
––
MD5:  ––
SHA256:  ––
2664
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: a4914e9c1fbd01dcf60da727681cd27f
SHA256: d80f543e7ebf25c025c24bf82b730d24504c98add148dc5e52c399fc2c2b97f2
2352
myconnectionpc[1].exe
C:\Users\admin\AppData\Local\Temp\X449930\jexepackboot.class
––
MD5:  ––
SHA256:  ––
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\myconnectionpc[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2328
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: d5bfc8a1762da1b57027c316183cb835
SHA256: c8efa3ae989248793fb3224b6dc91c3dfe22f314f54409bb6bb72f3aae906b3f
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\arrow[1].png
image
MD5: 22f56eabd6ba41c459979c33d93f58f5
SHA256: 8cb9d2d052d17db00bc27b84d10ee26325e42761840ca82ca5e7f63d840aca89
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\download[1].html
html
MD5: 8116fd30df24b40c85df97a3ffae77b5
SHA256: 41a39c3f8ba20d9aaee1d39405243c5a6be7b78dee9a1c51ef38d26b95829134
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\indexm[1].html
html
MD5: 4702915766b77b439a8edf51faf44a03
SHA256: 9e1ddcba1aaa95659014d002b167bc147b4f3b26ef0702ee67a31f037a34e931
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
image
MD5: 3d984df0a99846ebe9a1965f06a39166
SHA256: d97f2a27e8e960ab605e570e4475a96c9ac4037d20b36d438160a26128760acd
2780
java.exe
C:\Users\admin\x.log
text
MD5: 7d3b188d5a9282b88369047c4286bc06
SHA256: 7415ade835df1f7de1f704dee98b7fb12bbcca950964bc51563093017c1ce82c
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041520190416\index.dat
dat
MD5: 36761fc26e20435a1572431731b57eb8
SHA256: f55495ccf235dec1ce7b789738ac955b37daa20d86393784b6c355ae62f0e348
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\borderbottomright[1].gif
image
MD5: 8aae68128a9d478511cac8b7a41efff0
SHA256: 532cf99fdd573421388c825dcb2bd97f3cbfbcebb1db0550b9dcdb3de7553148
352
msc.exe
C:\Users\admin\AppData\Local\Temp\X433160\jexepackboot.class
class
MD5: eec36e37cea2a02ed0ad4d29f4402293
SHA256: 5189cd87e4d46dab11e7e204bde8adaf9226346c7428085fe182a380764a882e
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\bottomleftborder[1].gif
image
MD5: 43854439e0ef1d358d3e5b2f8f33be38
SHA256: 127f66350014551770bc61188bdd8b7a897776aee9c4681c9e84008eb17f0402
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\mainpageimage[1].png
image
MD5: bb96d2398bcc822b836d8d6a677e744d
SHA256: ed4aa3fbeee31f1350ae379afe571dcf19e0f683da46da3e0cea5b04d0e41521
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\rightborder[1].gif
image
MD5: 1adf05a1d1c061964dd7328b9dbe5867
SHA256: bdf0680f7d81ebcdfc3f009689d75a78e21640edd8877cc0283c430bd27c246f
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\leftborder[1].gif
image
MD5: 03912c351cf5f9d14e136e7481f094ed
SHA256: 0e53935083dd570c14fcbf5a615f6655f6139c78b7e5f1eca808ac73702b6402
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\bordertopright[1].gif
image
MD5: 2e762e20588e1ab88ea120142ebc794d
SHA256: 0e89299d5dd575e2b2cca8dce913dd8b77cf3bdf4dcd663210bfbaaae53fef05
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bottombar[1].gif
image
MD5: 4181c932b5b84d22c0bc9d561dbac122
SHA256: 1e37904c1da606477d8652e2bc442102daaa964d59cfddced15cda09ac3130f3
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\topborder[1].gif
image
MD5: bf7a6dfc4ddc40ae2bc82cce477878d6
SHA256: 04954ec4f189a273d059d5760cc9bdcf2b99ec868ab5d0a7cfa31ff519c4abdf
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\t_logo-a[1].png
image
MD5: ecc3d2597712c37664e32411ca15a007
SHA256: 8c9b1ef099ef10701ce321584dc47b86bffbacdeb9537178e932b6dd3997e7e4
2328
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: 0d64d000d5a8d39d998ead92ef0af8b5
SHA256: 388cf6e2fb4b9cc286b135845f72fd9e1101d4d88315532b3a6eff13b99260b6
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\closequotes[1].png
image
MD5: 654f6ee49c1e28564342ea0100fc4811
SHA256: 1bf875f0a91001274603e6e83ec4d955799c544056b31ebb5b1a117328f68817
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bordertopleft[1].gif
image
MD5: 53cce71912ae7b3f18d9819ac16c24bf
SHA256: f086c15e486fcdf2d7ea532189b3248924e689ecd33a9e31d127ab46a138a977
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\openquotes[1].png
image
MD5: 87637817b885e4349b9a106fe05b9c3d
SHA256: e8bcc489cd505e11b3cd860f1db86c838c2d80101dd1606b3e4f373dbf7a4469
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\logo[1].gif
image
MD5: c6aef5caf88b2dc4fc901ec198a4c253
SHA256: bb248dcce6265dfe3582ef744c5dfea5200c9cbfba6f7ab3eb331f2b79df8545
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\mainbg[1].png
image
MD5: 58b27abd0afb88df69373754b49caf5a
SHA256: 061a09159d89e1672a594cd9d03fb73f0003dad5f5800ac824289c540dc5665b
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\pagebg[1].gif
image
MD5: 76e7c5263cc26c86b626c902789157f8
SHA256: 8eaf79acd441b1cc9f477d38a0b0cd56b268ca48eff677db72ca9604fcb0ea51
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\quicklinks[1].js
html
MD5: a2301c9280e3b5f71142551f4c80d3de
SHA256: bb6a881247064235f9e1fc2762ba75e52bcf5ba15f9155f8db27c0696e74ba67
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\cr[1].js
text
MD5: 45a7d99fb59a150ce466c12da61d1dee
SHA256: d4032adfdd0694351d54194fbbbce81120b11811909f99c5e131bde5b96a8100
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\styles_mcs2[1].css
text
MD5: 409f0d3c987dbe137bb43f9832b99c5b
SHA256: 180829004b77ebac3a98f72c5bf31515fa869d9205408d8fd9bb5df699842f13
2328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\liteexpired[1].html
html
MD5: 5bad57c8e38e91c50e560ccf6611b0e5
SHA256: 0df4f7c10832c75939841b8aef05caf7ed393e7572077fcb02a79a440eac73d8
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2468
java.exe
C:\Users\admin\MyConnection PC\12CBEF7865DB5FFCCE13FD31E44F0E382B70CEB5\logs\console2019-04-15.LOG
text
MD5: 5bfc10cdef370a6df9b119f176b209eb
SHA256: 3e4b4f2b02ced2342017d6b9fb56506f6f7a9cc7d68677a064e8d5ce6bd67f83
2468
java.exe
C:\Users\admin\MyConnection PC\12CBEF7865DB5FFCCE13FD31E44F0E382B70CEB5\cid.bin
text
MD5: 4fc95c600dce87169ef9286892b76bbc
SHA256: ca8ee424ecd1f72f4459a1a0c34188980b5426ede75184955fdfa1633271c4f6
2468
java.exe
C:\Users\admin\vw\1Z3KS5NX0SDQEERK85IT1ZVJ35XGMDP
text
MD5: 9623dddfab8223c1a07836d25843c986
SHA256: 05fe5f2a2c083b7355682702fc2771698a7d30f9b60740970bf6eeb541b96efc
2468
java.exe
C:\Users\admin\vw\CATM5J0LB9ZTMQXO4PNI4OA9Z5JF4R9
text
MD5: 9623dddfab8223c1a07836d25843c986
SHA256: 05fe5f2a2c083b7355682702fc2771698a7d30f9b60740970bf6eeb541b96efc
2468
java.exe
C:\Users\admin\AppData\Local\Temp\X4394E8\Jz.Ky.Tx
abr
MD5: 6d0bb00954ceb7fbee436bb55a8397a9
SHA256: cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3
2468
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: e27aef984f0015045350a6638bcde3ed
SHA256: d60289617da09b508d525a091820274660d0133562a852e12500cbf2989702c7
3368
msclientae.exe
C:\Users\admin\AppData\Local\Temp\X44FD28\jexepackboot.class
class
MD5: eec36e37cea2a02ed0ad4d29f4402293
SHA256: 5189cd87e4d46dab11e7e204bde8adaf9226346c7428085fe182a380764a882e
2312
java.exe
C:\Users\admin\AppData\Local\Temp\X4394E8\java.jar
compressed
MD5: 99bad3e0cd2a4e222e071ffba6ada952
SHA256: 518fbe1d9b3c57fe63182e61ceda39bd9506699a2e5a99d2b59ef96d999cafc8
2312
java.exe
C:\Users\admin\AppData\Local\Temp\X4394E8\verinfo.kv
binary
MD5: 8bdc471c87b285dc0da7bf6a9d041b58
SHA256: 7516c03b306ed09d5e7d60b966471d5a2fc0222d20a234d82fb33c7cc3a75e9b
2312
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 57354c0ecd2c008e6d5e2649fa65aa41
SHA256: 926c19547148c292cb91f095f71b505f2801c2ed9b332adb39b6a80b0fe0d261
1256
msclientpe.exe
C:\Users\admin\AppData\Local\Temp\X4394E8\jexepackboot.class
class
MD5: eec36e37cea2a02ed0ad4d29f4402293
SHA256: 5189cd87e4d46dab11e7e204bde8adaf9226346c7428085fe182a380764a882e
588
java.exe
C:\Users\admin\AppData\Local\Temp\X438BE4\Jz.Ky.Tx
abr
MD5: 6d0bb00954ceb7fbee436bb55a8397a9
SHA256: cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3
588
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 9c192679ff183a52868408e7ec9e709d
SHA256: 29c971dc2bf95165bce3e9f3a5132b4b3269f1b894f2e835046866064737e3f6
2616
java.exe
C:\Users\admin\AppData\Local\Temp\X438BE4\java.jar
compressed
MD5: 8e048f33caa8d3d1de0b28f84f3ee9f8
SHA256: f89907ed28e0eb845e460b591bd464b586946e2987b147c1b8a25b0b339fe53d
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AFADDDC-5F1F-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2616
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 5be0197f9dd046b543bf53ed11c22005
SHA256: f4a35567c2ab38a9164ad9ce0ee5b92503cb1da10a50e7b326ffb9fcb171d789
3044
runfile.exe
C:\Users\admin\AppData\Local\Temp\X438BE4\jexepackboot.class
class
MD5: eec36e37cea2a02ed0ad4d29f4402293
SHA256: 5189cd87e4d46dab11e7e204bde8adaf9226346c7428085fe182a380764a882e
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\uninstall.lst
text
MD5: f0ece93e0f3d41d531a26644e09eac06
SHA256: 2db9d8c11033b1e2c44943da7746da790cd28501a13f73235c8002748f008e87
3516
MakeLink.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyConnection PC Lite Edition\MyConnection PC Lite Edition.lnk
lnk
MD5: 3a79a9747cbcadaf87e94be4987bdf9e
SHA256: ca3c0fcad408fb822e560ebe3d1b6ca8dbe0d89c119c0256727d34ef91786606
3516
MakeLink.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyConnection PC Lite Edition\Uninstall.lnk
lnk
MD5: cd605e51fad0de2bf0ed0a952734116e
SHA256: 7a6ff739307313cc943686b67ec7e17ccb0bd9d6b91061c94326337c2b234859
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF7CF21C5CAD8B134D.TMP
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{468872F6-5F1F-11E9-B63D-5254004A04AF}.dat
binary
MD5: bcdf346356f78a18a9cb505c16cc3c39
SHA256: 644cba5fcd1f3f3abdfb1c0a409a28d370af39932407497b6cdf70cf3de33d0d
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{468872F5-5F1F-11E9-B63D-5254004A04AF}.dat
binary
MD5: 94f768d30367f66cf1ac29b1d2e8de5f
SHA256: 490dc927d9287cf34f349010315254230ec175ad20b2121e8f8da7c405709cca
2780
java.exe
C:\Users\admin\MyConnection PC Lite Edition-Path
text
MD5: c72fa92919d8cc245b8c986e022fb117
SHA256: 82a344c73545e6fd6d19d05a3d45d404f419078c15eb21aef9289d645453721f
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\makelinks.txt
text
MD5: 3eb2c754fb1d028b68b742bb1f1a3726
SHA256: 5aa57acfe91cf80935a5332b13c4d5f63a7ed53d43af9555f1fdb5c3a9c3f348
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\simplespeed.png
image
MD5: eb5b594f524b8c138dbb689064801404
SHA256: 6794841832c74376d9b4e9b3879bbc59b9315f0f078a0a83a172f8b7d079f1bc
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\welcome.gif
image
MD5: e20c0b993143f0d4fd5bfe59e29d0c21
SHA256: ccf7a7288f261ca3405cbca2ffd28ad10e58c7aa3527b9993a56b4df884156c5
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\speedquality.png
image
MD5: 301796b9d81e2ae191a943207f214e5c
SHA256: 5adefa9a14398931e2164bd68f298a7cc78567845b23076734c91ec696e68e59
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\license.html
html
MD5: 8ff8d45474fa93387732372ebddd6c95
SHA256: bd8815acf5169209fc878f01d7ee62c907e09455a0ba62ea1e3fe71beebef8c1
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\stop.gif
image
MD5: ac34b99878f9421911e5ce3d37c16779
SHA256: 5b1c8b03c7d9a583cd240fa5eac7d64bef66eb394f52bb5c5fc736535f09986e
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\simplevoip.png
image
MD5: 3798001d7cb16203c294b05437ec4ded
SHA256: d687784a6f1f0bcbc98ad7e0ad13eded8c6cbe9bf32c37cc1b0b2adb8d668340
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\timevar.png
image
MD5: 2139b6bc69be2eaa00ab48a98c297288
SHA256: a4af1e92debbaace25283062bd403d2add936606679b2da21213434532c82522
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\smallreport.gif
image
MD5: f6a29a4dc3936d346cb4e49817e84267
SHA256: 8326972acaa1e65a1132af5b3671cbe93f4dbe39e108be30ee3945013b9495e1
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\route.png
image
MD5: cf87eb15819866cc0d8d290f596e7281
SHA256: 0a86fd9f431dcbd47e862d73aecf0d1f314723dd4637c7bd3cad844b6c6d3529
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\trace.png
image
MD5: b6d8e5c57b4b762b0c8135349986bc87
SHA256: 563f6dca330ed2c2dbb51a14bbe53528def6fce84e76e4693c547052a861f18e
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\voip.png
image
MD5: 1117491107e43c17167e5a34f98a8b46
SHA256: 429e31fd5fc24870f8564f293b85c2e662b9145f489fdec13e6b5d94933e085f
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\vrlogolarge.gif
image
MD5: 8e3dde9c342e48364ad55bee8786ba48
SHA256: 68eb368f16b1862c3adba112715e2f6029644b92e6f6efb01bd1aa3fa4029de4
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\managed.png
image
MD5: 999256f6ae9d8cfebadcf2cc711f1792
SHA256: b04543f0a3ac9a125b3b69ebb2419faa7a8e8d5d30f23d4efbf8a6274b77cd04
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\overview.png
image
MD5: 3e2a5b12613b4203835c9620ee1fc166
SHA256: de98f7f1472ece373fb9dac53cab031bd7d7bc27b1f1a2f166fe7da604c266d2
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\helpqmark.gif
image
MD5: b2b7e1142dd4af4c34744a3be60486fa
SHA256: 50000edf37addd9c23d3582242020b8f471bb518c5e70d9a589b0cadd9a645d5
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\logospin.gif
image
MD5: 8d380e8de43bba4db712a30d009cb615
SHA256: 989cf522e7620bf48e8360fb6fbb9d6158acd9f3f30e8898762e4029edd8956d
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\panelrestore.gif
image
MD5: ab6efc97aa68abf652827c278b948894
SHA256: 93173ff8aeb8cf3b6950bb0391d911e196967a979ec60d4e376c262e37f6f5f0
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\panelclose.gif
image
MD5: a62894062bcb2a0d5aae92d20848395d
SHA256: 1e362bd22a88c719e4f52936796d4d2b20bcda3de1768bf28007d3e53a353c50
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\report.gif
image
MD5: d461854a48810c248845a5dfe8110c2f
SHA256: 3d8eba88839261a573865823fed21f7b8d16d5c989b0dbb335b3332bd6dfed8b
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\icon64.png
image
MD5: 9e577a34b6d2536dac57d47c9e5aa2fb
SHA256: ca531415a803ee52ae84299f403a2819af209283c25f51c585857ff195f8b7f1
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\icon16.png
image
MD5: 5fc9be843c88fa3101d668678e2cd1fd
SHA256: 7c72440ef4af36c91a36081540efb97cdd280dcdeb952ff03a3fdab15452cf9a
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\info.png
image
MD5: 34a548b6b372fa4c5c80f95375bb5e12
SHA256: b06272be879ddd8365f645c68855d5f66cccc7c3704cf78fc422f3f4c95a90c5
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\helpmainqmark.gif
image
MD5: 737203b616db99313d58b173a463f554
SHA256: 3ddeac7291774a1223c60f052da809c6cb8f7c330c0f7d85cd429083c6a6d1bd
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\dashboard.gif
image
MD5: b332954f71b76811f37298b74595e5c0
SHA256: aaba86ff93477b7f628a72ba8175b01e22aa319278254c2e4a7d048fdddbaf33
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\forcedidle.png
image
MD5: e3f6aee6c7da6c10a481edd8cfef313b
SHA256: 6e91907eef0a66db4991ea16bc4fcabd595f82a6371b8e90f582ae7f44d9d9d1
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\go.gif
image
MD5: 6efdecec4f00d1502efb3bcc253b00c7
SHA256: 8d70de209078c37ca723b0d15124dcd11b136e28b05d068cd7e9ff76894d27a3
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\errormo.gif
image
MD5: 71fbc2cb48a08f7019d8aef7d9d74537
SHA256: 39e5923e6495e8face698cda23d91ccc34f03662991f3100ea5671ad252d6196
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\email.gif
image
MD5: 3dc9a2334be94605f30393820c71ba55
SHA256: abae4bc890304b19bdcd78c6bfd0516ae7b7bbb8da59eb420c72cc68f17212ac
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\cols.gif
image
MD5: 6519ed40932e09582d487f6f79a04237
SHA256: a9e9442a63b8311fc3bfb47fd111a9d6fcac2d761c566ed0253fee42ebde3659
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\error.gif
image
MD5: 6e84a0a678de0d4e0c177af85f9206b5
SHA256: 0089ad9bf10e88bc01bbbfaeb79513af4310a66797557403017d45e2cfbd99c9
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\graph.gif
image
MD5: e02f8d91bd7022fcaac649e1c662d194
SHA256: 732239ff6b2728bd26c798b690893cf7faa7b51b51c424998dde958015eaf939
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\export.gif
image
MD5: ddb1c33971895e892dc653081c601e0e
SHA256: 9956bc1faec1f26ad83f5242c95ee1c8c67c41a2e335185a57e206559c25ad54
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\classicview.gif
image
MD5: 96123ef1968efa74b93869753fa59a1a
SHA256: 3d99c0a4422af10139c92af46409645fe28fcac080adb37c1852efd0f06c45b6
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\dashview.gif
image
MD5: 01f4e02cf81c05b6448bdf3384ad7f24
SHA256: 91361cc9dd2ff9b541890acd1e6fad596f0a3393867144f89b28e79ab066f8ba
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\boxadv.gif
image
MD5: bc3bfdb8b52be8eebdf1a2d7d537acd4
SHA256: dbb7b594a4a3b6901189f8df6dc6ae116f6f913a1082331e34ceaee0dccbf0cd
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\capspeed.png
image
MD5: b475052d529b4362c014ad3cdea2a83c
SHA256: d221b5c0b8522f3e2b9df0c520e82a2324744615187e1d888671074c1e3f4daf
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\bighelp.png
image
MD5: 6fabd0b73af26ab1a3495802d8e3988d
SHA256: 40488afbf88d461a0b8373aa75eed802ed00a85a95fd7db5080b3a65be6b373c
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\box.gif
image
MD5: 23d45c4644bd54e332ad16cfbe46965c
SHA256: ac3149104b576be880d22d3d6c8c557dd754580366882f58b5bf56bb7c074a9c
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\boxvoip.gif
image
MD5: b91c6daaf5ffee60d6f18573f811f1fa
SHA256: c8a68edf94448f8dcdef13a3adb3d672b8ce85cbddc534d16b76a03049998db6
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\boxbus.gif
image
MD5: 003de4b1117e11fd67e482ba9ef59064
SHA256: 0e077a5198f01c8a93ffd7d23aa6d8ef74dc6d868b9bdbe56220bca46bf5ffc9
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\boxbplus.gif
image
MD5: fced62ada3316a19d147fa4abe4d3b25
SHA256: 473f86d0dbaf232150053e1129b066f525b556296db7b2cd07c0daa8227733f4
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\back.gif
image
MD5: 32a00e6f98d5e4329e3751009e0a173d
SHA256: ba55aed9e958163ef7fa7d5bd69f129f0acfa4c970545bb36a19719ae1ce6163
2780
java.exe
C:\Program Files\MyConnection PC Lite Edition\images\appspeed.png
image
MD5: 9ffa59fac67307b3c01cfafdf76b638a
SHA256: 9b89402fc008806cd178c05ce1338bf491d704172a6f6a6e88dcc92ff6ac9263
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\Jz.Ky.Tx
abr
MD5: 6d0bb00954ceb7fbee436bb55a8397a9
SHA256: cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD8173A0427C45E96.TMP
––
MD5:  ––
SHA256:  ––
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\icon64.png
image
MD5: 9e577a34b6d2536dac57d47c9e5aa2fb
SHA256: ca531415a803ee52ae84299f403a2819af209283c25f51c585857ff195f8b7f1
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\panelclose.gif
image
MD5: a62894062bcb2a0d5aae92d20848395d
SHA256: 1e362bd22a88c719e4f52936796d4d2b20bcda3de1768bf28007d3e53a353c50
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\trace.png
image
MD5: b6d8e5c57b4b762b0c8135349986bc87
SHA256: 563f6dca330ed2c2dbb51a14bbe53528def6fce84e76e4693c547052a861f18e
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\simplevoip.png
image
MD5: 3798001d7cb16203c294b05437ec4ded
SHA256: d687784a6f1f0bcbc98ad7e0ad13eded8c6cbe9bf32c37cc1b0b2adb8d668340
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\welcome.gif
image
MD5: e20c0b993143f0d4fd5bfe59e29d0c21
SHA256: ccf7a7288f261ca3405cbca2ffd28ad10e58c7aa3527b9993a56b4df884156c5
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\stop.gif
image
MD5: ac34b99878f9421911e5ce3d37c16779
SHA256: 5b1c8b03c7d9a583cd240fa5eac7d64bef66eb394f52bb5c5fc736535f09986e
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\license.html
html
MD5: 8ff8d45474fa93387732372ebddd6c95
SHA256: bd8815acf5169209fc878f01d7ee62c907e09455a0ba62ea1e3fe71beebef8c1
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\route.png
image
MD5: cf87eb15819866cc0d8d290f596e7281
SHA256: 0a86fd9f431dcbd47e862d73aecf0d1f314723dd4637c7bd3cad844b6c6d3529
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\smallreport.gif
image
MD5: f6a29a4dc3936d346cb4e49817e84267
SHA256: 8326972acaa1e65a1132af5b3671cbe93f4dbe39e108be30ee3945013b9495e1
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\voip.png
image
MD5: 1117491107e43c17167e5a34f98a8b46
SHA256: 429e31fd5fc24870f8564f293b85c2e662b9145f489fdec13e6b5d94933e085f
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\info.png
image
MD5: 34a548b6b372fa4c5c80f95375bb5e12
SHA256: b06272be879ddd8365f645c68855d5f66cccc7c3704cf78fc422f3f4c95a90c5
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\logospin.gif
image
MD5: 8d380e8de43bba4db712a30d009cb615
SHA256: 989cf522e7620bf48e8360fb6fbb9d6158acd9f3f30e8898762e4029edd8956d
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB68AB07D82828993.TMP
––
MD5:  ––
SHA256:  ––
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\timevar.png
image
MD5: 2139b6bc69be2eaa00ab48a98c297288
SHA256: a4af1e92debbaace25283062bd403d2add936606679b2da21213434532c82522
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\speedquality.png
image
MD5: 301796b9d81e2ae191a943207f214e5c
SHA256: 5adefa9a14398931e2164bd68f298a7cc78567845b23076734c91ec696e68e59
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\report.gif
image
MD5: d461854a48810c248845a5dfe8110c2f
SHA256: 3d8eba88839261a573865823fed21f7b8d16d5c989b0dbb335b3332bd6dfed8b
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\vrlogolarge.gif
image
MD5: 8e3dde9c342e48364ad55bee8786ba48
SHA256: 68eb368f16b1862c3adba112715e2f6029644b92e6f6efb01bd1aa3fa4029de4
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\overview.png
image
MD5: 3e2a5b12613b4203835c9620ee1fc166
SHA256: de98f7f1472ece373fb9dac53cab031bd7d7bc27b1f1a2f166fe7da604c266d2
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\managed.png
image
MD5: 999256f6ae9d8cfebadcf2cc711f1792
SHA256: b04543f0a3ac9a125b3b69ebb2419faa7a8e8d5d30f23d4efbf8a6274b77cd04
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\simplespeed.png
image
MD5: eb5b594f524b8c138dbb689064801404
SHA256: 6794841832c74376d9b4e9b3879bbc59b9315f0f078a0a83a172f8b7d079f1bc
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\panelrestore.gif
image
MD5: ab6efc97aa68abf652827c278b948894
SHA256: 93173ff8aeb8cf3b6950bb0391d911e196967a979ec60d4e376c262e37f6f5f0
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\dashboard.gif
image
MD5: b332954f71b76811f37298b74595e5c0
SHA256: aaba86ff93477b7f628a72ba8175b01e22aa319278254c2e4a7d048fdddbaf33
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\dashview.gif
image
MD5: 01f4e02cf81c05b6448bdf3384ad7f24
SHA256: 91361cc9dd2ff9b541890acd1e6fad596f0a3393867144f89b28e79ab066f8ba
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\appspeed.png
image
MD5: 9ffa59fac67307b3c01cfafdf76b638a
SHA256: 9b89402fc008806cd178c05ce1338bf491d704172a6f6a6e88dcc92ff6ac9263
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\graph.gif
image
MD5: e02f8d91bd7022fcaac649e1c662d194
SHA256: 732239ff6b2728bd26c798b690893cf7faa7b51b51c424998dde958015eaf939
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\capspeed.png
image
MD5: b475052d529b4362c014ad3cdea2a83c
SHA256: d221b5c0b8522f3e2b9df0c520e82a2324744615187e1d888671074c1e3f4daf
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\icon16.png
image
MD5: 5fc9be843c88fa3101d668678e2cd1fd
SHA256: 7c72440ef4af36c91a36081540efb97cdd280dcdeb952ff03a3fdab15452cf9a
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\back.gif
image
MD5: 32a00e6f98d5e4329e3751009e0a173d
SHA256: ba55aed9e958163ef7fa7d5bd69f129f0acfa4c970545bb36a19719ae1ce6163
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\boxvoip.gif
image
MD5: b91c6daaf5ffee60d6f18573f811f1fa
SHA256: c8a68edf94448f8dcdef13a3adb3d672b8ce85cbddc534d16b76a03049998db6
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\cols.gif
image
MD5: 6519ed40932e09582d487f6f79a04237
SHA256: a9e9442a63b8311fc3bfb47fd111a9d6fcac2d761c566ed0253fee42ebde3659
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\boxbus.gif
image
MD5: 003de4b1117e11fd67e482ba9ef59064
SHA256: 0e077a5198f01c8a93ffd7d23aa6d8ef74dc6d868b9bdbe56220bca46bf5ffc9
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\export.gif
image
MD5: ddb1c33971895e892dc653081c601e0e
SHA256: 9956bc1faec1f26ad83f5242c95ee1c8c67c41a2e335185a57e206559c25ad54
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\error.gif
image
MD5: 6e84a0a678de0d4e0c177af85f9206b5
SHA256: 0089ad9bf10e88bc01bbbfaeb79513af4310a66797557403017d45e2cfbd99c9
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\email.gif
image
MD5: 3dc9a2334be94605f30393820c71ba55
SHA256: abae4bc890304b19bdcd78c6bfd0516ae7b7bbb8da59eb420c72cc68f17212ac
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\forcedidle.png
image
MD5: e3f6aee6c7da6c10a481edd8cfef313b
SHA256: 6e91907eef0a66db4991ea16bc4fcabd595f82a6371b8e90f582ae7f44d9d9d1
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\helpqmark.gif
image
MD5: b2b7e1142dd4af4c34744a3be60486fa
SHA256: 50000edf37addd9c23d3582242020b8f471bb518c5e70d9a589b0cadd9a645d5
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\helpmainqmark.gif
image
MD5: 737203b616db99313d58b173a463f554
SHA256: 3ddeac7291774a1223c60f052da809c6cb8f7c330c0f7d85cd429083c6a6d1bd
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\classicview.gif
image
MD5: 96123ef1968efa74b93869753fa59a1a
SHA256: 3d99c0a4422af10139c92af46409645fe28fcac080adb37c1852efd0f06c45b6
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\box.gif
image
MD5: 23d45c4644bd54e332ad16cfbe46965c
SHA256: ac3149104b576be880d22d3d6c8c557dd754580366882f58b5bf56bb7c074a9c
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\go.gif
image
MD5: 6efdecec4f00d1502efb3bcc253b00c7
SHA256: 8d70de209078c37ca723b0d15124dcd11b136e28b05d068cd7e9ff76894d27a3
2176
java.exe
C:\Users\admin\AppData\Local\Temp\X44E370\Jz.Ky.Tx
abr
MD5: 6d0bb00954ceb7fbee436bb55a8397a9
SHA256: cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\errormo.gif
image
MD5: 71fbc2cb48a08f7019d8aef7d9d74537
SHA256: 39e5923e6495e8face698cda23d91ccc34f03662991f3100ea5671ad252d6196
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\boxadv.gif
image
MD5: bc3bfdb8b52be8eebdf1a2d7d537acd4
SHA256: dbb7b594a4a3b6901189f8df6dc6ae116f6f913a1082331e34ceaee0dccbf0cd
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\boxbplus.gif
image
MD5: fced62ada3316a19d147fa4abe4d3b25
SHA256: 473f86d0dbaf232150053e1129b066f525b556296db7b2cd07c0daa8227733f4
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\src\images\bighelp.png
image
MD5: 6fabd0b73af26ab1a3495802d8e3988d
SHA256: 40488afbf88d461a0b8373aa75eed802ed00a85a95fd7db5080b3a65be6b373c
2176
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 046c5acda6b6dfc3fd6371d37a033fe7
SHA256: 43e185936940e026faceebedc7985c4a6478b6df9bc3d0a01f1b983c16fb9867
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\InstallProgram.class
class
MD5: de2285f6ab634a218f84f800745fe976
SHA256: 2551d118b491ff1b7ead4a5b50ba9226198e188364e4ccdf38dd52112b7de524
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\install.ini
text
MD5: 360e4c1903b6a54d99d652e94938ca4d
SHA256: eeeb31dfbe8ea949d3fef85c143dbfb9579177c10e0d34f2dd15e601c5c5f60a
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\MessageBox.class
class
MD5: a78fc2f749d70ca7f2ef8664ddeda18e
SHA256: 096b10f1b702895ad69681746f9f5195fbd1e41e8f0c973bcdfaa00b9ced725f
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\Win32.class
class
MD5: 9b299f75002e0026cba02f210287a8de
SHA256: 6e8a613be31eade2ec96cfb34bf766cf79cf15d25191efd3dcf77445bf144d23
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\packlist.txt
text
MD5: ab73b8829c8eb0adc6776defa5a39832
SHA256: e0c2bd0cf1fdaf2b126cbb18247f22c009eb200729e8e0162a5ba286e012dbb0
2780
java.exe
C:\Users\admin\AppData\Local\Temp\X433160\LicenseAgreement.class
class
MD5: 4b5933a6927997f56f7b4623cac4be5f
SHA256: 26c6d5ea64f4fc3ae29530f27e7c0337545e5e974001e60288a5e214056e1cd2
280
java.exe
C:\Users\admin\AppData\Local\Temp\X44E370\java.jar
compressed
MD5: 8e048f33caa8d3d1de0b28f84f3ee9f8
SHA256: f89907ed28e0eb845e460b591bd464b586946e2987b147c1b8a25b0b339fe53d
2780
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: cc3ae79aba6ecf64927d4ed615d8a177
SHA256: b12f6e39e1b3133cab5add0a26d17837b02566dc38969a71be82fcf0ba07dffe
2488
java.exe
C:\Users\admin\MyConnection PC\8BC3C92EE46BB05186D5D97EEFF2941A173D8F7F\servers4.txt
text
MD5: 7c0aeab6ed5b598cc2f8c42874fc1c73
SHA256: e758be83291b25f8e7de7779488ecf95fe2c2b2be83b1b262eb1878727783543

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
32
TCP/UDP connections
15
DNS requests
10
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2940 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/liteexpired.html US
html
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/gcss/styles_mcs2.css US
text
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/gcss/js/cr.js US
text
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/js/quicklinks.js US
html
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/gimages/logo.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/pagebg.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/titlebg/mainbg.png US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/gimages/newimages/bottombar.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/openquotes.png US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/closequotes.png US
image
suspicious
2328 iexplore.exe GET 200 52.216.138.251:80 http://twitter-badges.s3.amazonaws.com/t_logo-a.png US
image
shared
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/mainpageimage.png US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/bordertopleft.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/topborder.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/bordertopright.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/leftborder.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/rightborder.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/bottomleftborder.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/bottomborder.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/test/borderbottomright.gif US
image
suspicious
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/favicon.ico US
image
suspicious
2328 iexplore.exe GET 302 38.100.141.76:80 http://dresdemo.visualware.com/vvv?r=531&s=1&d=1555292338043&x=vwprodmcpcmain US
html
suspicious
2328 iexplore.exe GET 200 38.100.141.80:80 http://www.visualware.com/indexm.html US
html
unknown
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/download.html US
html
suspicious
2328 iexplore.exe GET 302 38.100.141.80:80 http://www.visualware.com/js/versions.js US
html
unknown
2328 iexplore.exe GET 200 38.100.141.76:80 http://www.myconnectionpc.com/images/arrow.png US
image
suspicious
2328 iexplore.exe GET 302 38.100.141.76:80 http://dresdemo.visualware.com/vvv?r=132&s=1&d=1555292340747&x=vwprodmcpcdl US
html
suspicious
2328 iexplore.exe GET 200 38.96.140.83:80 http://download.visualware.com/pub/mc/myconnectionpc.exe US
executable
suspicious
2488 java.exe GET –– 38.100.141.110:80 http://update.visualware.com/hotlinks/Hotlinks?p=MSC&e=5&b=3461&v=40101&i=0&o=W&t=T&j=o-1.8.0_92 US
––
––
unknown
2488 java.exe GET 200 38.100.141.80:80 http://www.myspeed.com/msservers/msclient-e5-v4.txt?t=1555292357113 US
text
unknown
2488 java.exe GET 400 38.100.141.75:80 http://secure.visualware.com./crm/LiveUpdate?q=sUMQVzV3NqeAnt2gsW41Ev4JvY2wEKYgR3CmUixFRzp1S9MpZEXVPUdUsu613LyHwqUQtNBA3eUvbgB1uIffpUkD2OPMuYYDtk1YsD2VhSG5MK5QZYK3RJ71i9TXThunA US
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2940 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2328 iexplore.exe 38.100.141.76:80 Cogent Communications US suspicious
2328 iexplore.exe 52.216.138.251:80 Amazon.com, Inc. US shared
2328 iexplore.exe 38.100.141.80:80 Cogent Communications US unknown
2328 iexplore.exe 38.96.140.83:80 Cogent Communications US suspicious
2488 java.exe 38.100.141.80:80 Cogent Communications US unknown
2488 java.exe 38.100.141.110:80 Cogent Communications US unknown
2488 java.exe 38.100.141.75:80 Cogent Communications US unknown

DNS requests

Domain IP Reputation
www.myconnectionpc.com 38.100.141.76
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
twitter-badges.s3.amazonaws.com 52.216.138.251
shared
dresdemo.visualware.com 38.100.141.76
38.100.141.80
unknown
www.visualware.com 38.100.141.80
38.100.141.76
unknown
download.visualware.com 38.96.140.83
suspicious
www.myspeed.com 38.100.141.80
unknown
update.visualware.com 38.100.141.110
unknown
secure.visualware.com 38.100.141.75
unknown
sUMQVzV3NqeAnt2gsW41Ev4JvY2wEKYgR3CmUixFRzp.1S9MpZEXVPUdUsu613LyHwqUQtNBA3eUvbgB1uIffpU.kD2OPMuYYDtk1YsD2VhSG5MK5QZYK3RJ71i9TXThunA.LiveUpdate.crm.visualware.com 92.180.2.0
unknown

Threats

PID Process Class Message
2328 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.