General Info

File name

b3855e11e45a5e799f71.zip

Full analysis
https://app.any.run/tasks/346f164b-f19e-462e-a387-92a6cf0c5ec2
Verdict
Malicious activity
Analysis date
10/9/2019, 18:34:53
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
No indicators

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

81ef543890e3d18950340527943820ab

SHA1

60f88d06871b168125234d4b1c5b3a8e9e5767df

SHA256

a5b626796243f67ced114a6abf420aa724d14e136283f380447b0055be685060

SSDEEP

1536:0Lz5gv0YFGagfZN1UrtlwgC2XfAQYeXv3CEpjd3bTiqJ4QuGE1A9bC:koi1oXwD2XwePCEppaqR41IbC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe (PID: 2448)
  • b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe (PID: 2368)
Creates files in the program directory
  • b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe (PID: 2448)
Manual execution by user
  • b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe (PID: 2448)
  • b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe (PID: 2368)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
788
ZipBitFlag:
0x0001
ZipCompression:
Deflated
ZipModifyDate:
2019:10:09 16:34:11
ZipCRC:
0x7521e2b2
ZipCompressedSize:
74765
ZipUncompressedSize:
159744
ZipFileName:
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.bin

Screenshots

Processes

Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start winrar.exe no specs b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2772
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\b3855e11e45a5e799f71.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2448
CMD
"C:\Users\admin\Desktop\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe"
Path
C:\Users\admin\Desktop\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Azhi.Net
Description
飞鸽传书
Version
2.06
Modules
Image
c:\users\admin\desktop\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll

PID
2368
CMD
"C:\Users\admin\Desktop\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe"
Path
C:\Users\admin\Desktop\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Azhi.Net
Description
飞鸽传书
Version
2.06
Modules
Image
c:\users\admin\desktop\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
614
Read events
426
Write events
188
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2772
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\b3855e11e45a5e799f71.zip
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2772
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
Ver2.05
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
NoBeep
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ListGet
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ListGetMSec
3000
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
RetryMSec2
1500
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
RetryMax
3
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
RecvMaxNT
100
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
NoErase
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
Debug
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
NoPopup
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
OpenCheck
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
AllowSendList
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
FileTransOpt
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ResolveOpt
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
EncryptNum
20
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ViewMax
8388608
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
TransMax
65536
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
TcpbufMax
262144
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
AbsenceSave
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
AbsenceCheck
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
AbsenceMax
8
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr0
ÓÐʲ»ÔÚ
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead0
ÊÂ
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr1
³Ô·¹È¥ÁË
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead1
²Í
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr2
ÕýÔÚ¿ª»á
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead2
ȇ
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr3
ÕýÔÚ»á¿Í
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead3
¿Í
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr4
Íâ³ö°ìÊÂ
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead4
Íâ
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr5
»Ø¼ÒÈ¥ÁË
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead5
¼Ò
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr6
È¥²ÞËùÁË
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead6
Ðê
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceStr7
ÇëÎð´òÈÅ
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
AbsenceHead7
¾²
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
PasswordStr
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
PasswdLogCheck
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
DelayTime
500
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
QuoteCheck
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
SecretCheck
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
IPAddrCheck
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
OneClickPopup
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
AbnormalButton
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
DialUpCheck
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
NickNameCheck
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
AbsenceNonPopup
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
NickNameStr
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
GroupNameStr
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
Lang
s\admin\Ap
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
Sort
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
UpdateTime
10
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
KeepHostTime
15552000
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
MsgMinimize
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ExtendEntry
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ControlIME
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
GlidLine
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ColumnItems
1767332927
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
QuoteStr
>
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
HotKeyCheck
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
HotKeyModify
3
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
HotKeySend
83
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
HotKeyRecv
82
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
HotKeyMisc
68
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
LogCheck
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
LogFile
C:\Users\admin\Desktop\ipmsg.log
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
SoundFile
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
Icon
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
RevIcon
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
lastOpen
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
lastSave
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendNickName
97
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendUserName
90
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendAbsence
16
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendPriority
21
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendGroupName
88
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendHostName
58
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendIPAddr
110
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
0
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
1
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
2
2
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
3
3
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
4
4
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
5
5
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
6
6
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendXdiff
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendYdiff
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendMidYdiff
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendSavePos
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendXpos
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
SendYpos
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
RecvXdiff
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
RecvYdiff
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
RecvSavePos
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
RecvXpos
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
RecvYpos
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Height
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Width
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Escapement
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Orientation
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Weight
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Italic
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
UnderLine
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
StrikeOut
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
CharSet
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
OutPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
ClipPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
Quality
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
PitchAndFamily
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
FaceName
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Height
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Width
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Escapement
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Orientation
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Weight
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Italic
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
UnderLine
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
StrikeOut
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
CharSet
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
OutPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
ClipPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
Quality
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
PitchAndFamily
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
FaceName
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Height
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Width
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Escapement
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Orientation
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Weight
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Italic
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
UnderLine
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
StrikeOut
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
CharSet
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
OutPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
ClipPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
Quality
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
PitchAndFamily
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
FaceName
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Height
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Width
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Escapement
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Orientation
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Weight
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Italic
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
UnderLine
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
StrikeOut
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
CharSet
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
OutPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
ClipPrecision
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
Quality
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
PitchAndFamily
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
FaceName
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
DefaultUrl
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
ShellExec
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
HTTP
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
HTTPS
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
FTP
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
FILE
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
TELNET
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Priority
PriorityMax
5
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Priority
PriorityReject
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
FindMax2
12
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
FindAll
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
0
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
1
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
2
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
3
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
4
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
5
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
6
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
7
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
8
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
9
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
10
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
11
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
PrivBlob
3F8C35CB3EAA80566B3CC992DA3435CC94B7F95C86A9996B1581220C7922E32B4B98764CDF88442776881072412F1D94FD3A07F2DF38CD80E233B5878640FF09E509E09EC5E53A1A14ED3F1921C7FE9A88098BD791691956FC1B042C591057D719F9DC382EDADA1C33D500B177D1410FBA50379446084B5DBC5EEAE4BF8F66E13E670DE13FD33904D019C55C7389BCE312EBA67BD88D2DDDA3156C8421C6D395FB2F015BECA93ACDF9B03617756F0EA8B1F2C08AF3B1B311247ED36A0F98108B4470EDAB45F9C6983168E4B9EBB20143517DFD9EFF27FE9AC15B205564A6FFCDF46150500ABC604DC9BCF6AE5B27950FBB8D1480D2ADCED5F6FCD079BE1E329997246FEA8BBE590E288999C33A96691E56A7467E550FBF16C8195DECE752D2CB08DB7EDF09E7C47F344BA98EBBC1B510053EA3CC577CB62254806E8ED27EC304FDF9F7374EEFCF285396FC3106FDD993B52701E59C028ECE93E574AAD8DEC2904C73A7096455E09568E60F8590580D9946B8EECE2DFF58C1CC2ABFD2D99AE49B7B1990234E76DACB3D33BE7ADCD66409CB74F5117683DF78E7FE603433E90630B3A05CC98DB0AB9EF2ED29D97255FA05930FBE2DB39B51983B684A8E6F9878BBAF829E0A732AC2FB14EEEFB34442F6EF0AFF344C38A01CE627C81FC2632C514CE9EEC1C48B6B94C87AAF8ACCE2452B573DD3EF13F716BF104C816E8C5F78481D4219C04085F636DA80051E2ECF48F9C2B5EFF87E013315AE4CD880602FB70E27C685601739F50E9FF7FB47755C72A48330C3BA3F86511E3AF93F080DD29A57FBA43E6AAA4DA038FAB759C8B6777EA51BA26C1C4E706E8504
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
PrivEncryptSeed
01000000D08C9DDF0115D1118C7A00C04FC297EB010000009B3DA425C20F3447B18E0B2852380B99040000000C000000690070006D007300670000001066000000010000200000009BCB0F5F0D667593A943D0C964BD9CD6BAD75DE0256E140257C08D978FC0B6C4000000000E800000000200002000000030EE67E2ED9872733F77A81705E406BEF85772DBDCBF28F0CC0A1AF54587B9FF200000004FC417CE81B7AF2C8E61FC9BC7D1D073C6B3A8A51234EFF5CDFCFB703549378840000000C72A36A31FBADA244E0F907D226C11297BA03FE8ADACAF752918018CA65D8359D09AEA32A75BD99A7251E6F949E28791ACA9AC2DF92AC4460625EE21685BE4F9
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
write
HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
PrivEncryptType
2

Files activity

Executable files
0
Suspicious files
4
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c0c73cf483daf02707d115bb631954d_90059c37-1320-41a4-b58d-2b75a9850d2f
binary
MD5: efd2e04a66f4f528c6fbd2fef997bead
SHA256: 523e29b838cc62536487864105b44ed51afe2e1ca6a75d04c2c8b4d80315afe3
2448
b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.exe
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa84eda69c22c802f2b957e48c095994_90059c37-1320-41a4-b58d-2b75a9850d2f
binary
MD5: b123b7397fdd72215fe5e3416d057128
SHA256: b21c9cd08cf7657837a6211ae2d80c7a8f2565cd2671525e928ce5b7d184b08a
2772
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2772.41866\b3855e11e45a5e799f7160737a044ee3194e17d9bdacf8a353fc10c68a0b8b74.bin
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.