General Info

File name

MW.zip

Full analysis
https://app.any.run/tasks/dbe2bae7-b026-414f-bc15-39e8d69cdeff
Verdict
Malicious activity
Analysis date
3/14/2019, 21:57:44
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
autoit
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

b62d33be0ceb7e65267333941a19710f

SHA1

292cc051fe0205cd00738e4d4eaa06ad4b33e89c

SHA256

b160a40f9b2ee0d821d1f3423eae452a096ebe6d755cdbdb6e388ce323dafb72

SSDEEP

12288:7yQo3SB2r/hlonASybLEsus8G+KetJlhiFD1cG:lkSYrWKIs8TuD17

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • GoogleChrome.exe (PID: 2348)
  • GoogleChrome.exe (PID: 2120)
  • GoogleChrome.exe (PID: 3092)
Changes the autorun value in the registry
  • GoogleChrome.exe (PID: 2120)
  • GoogleChrome.exe (PID: 2348)
Drop AutoIt3 executable file
  • GoogleChrome.exe (PID: 2120)
  • GoogleChrome.exe (PID: 2348)
  • GoogleChrome.exe (PID: 3092)
Writes to a desktop.ini file (may be used to cloak folders)
  • GoogleChrome.exe (PID: 2120)
  • GoogleChrome.exe (PID: 2348)
  • GoogleChrome.exe (PID: 3092)
Creates files in the program directory
  • GoogleChrome.exe (PID: 2348)
Executable content was dropped or overwritten
  • GoogleChrome.exe (PID: 2120)
  • GoogleChrome.exe (PID: 2348)
  • GoogleChrome.exe (PID: 3092)
Uses NETSH.EXE for network configuration
  • GoogleChrome.exe (PID: 2120)
  • GoogleChrome.exe (PID: 2348)
Connects to unusual port
  • GoogleChrome.exe (PID: 2348)
Starts CMD.EXE for commands execution
  • GoogleChrome.exe (PID: 3092)
Starts itself from another location
  • GoogleChrome.exe (PID: 3092)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2015:03:05 18:05:28
ZipCRC:
0x998989ad
ZipCompressedSize:
55483
ZipUncompressedSize:
55463
ZipFileName:
GoogleChrome.a3x

Screenshots

Processes

Total processes
40
Monitored processes
7
Malicious processes
3
Suspicious processes
1

Behavior graph

+
start drop and start winrar.exe no specs googlechrome.exe googlechrome.exe cmd.exe no specs googlechrome.exe netsh.exe no specs netsh.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2984
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MW.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3092
CMD
"C:\Users\admin\Desktop\GoogleChrome.exe"
Path
C:\Users\admin\Desktop\GoogleChrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AutoIt Team
Description
AutoIt v3 Script
Version
3, 3, 8, 1
Modules
Image
c:\users\admin\desktop\googlechrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\actxprxy.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\mssprxy.dll
c:\googlechrome\googlechrome.exe

PID
2348
CMD
"C:\GoogleChrome\GoogleChrome.exe" /AutoIt3ExecuteScript C:\GoogleChrome\GoogleChrome.a3x
Path
C:\GoogleChrome\GoogleChrome.exe
Indicators
Parent process
GoogleChrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
AutoIt Team
Description
AutoIt v3 Script
Version
3, 3, 8, 1
Modules
Image
c:\googlechrome\googlechrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cmd.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\sxs.dll

PID
2688
CMD
"C:\Windows\System32\cmd.exe" /c start C:\GoogleChrome/GoogleChrome.exe C:\GoogleChrome/GoogleChrome.a3x
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
GoogleChrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2120
CMD
C:\GoogleChrome/GoogleChrome.exe C:\GoogleChrome/GoogleChrome.a3x
Path
C:\GoogleChrome\GoogleChrome.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AutoIt Team
Description
AutoIt v3 Script
Version
3, 3, 8, 1
Modules
Image
c:\googlechrome\googlechrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cmd.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\netutils.dll

PID
3180
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\GoogleChrome\GoogleChrome.exe" "GoogleChrome.exe" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
GoogleChrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\credui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
2332
CMD
"C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\GoogleChrome\GoogleChrome.exe" "GoogleChrome.exe" ENABLE
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
GoogleChrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

Registry activity

Total events
1603
Read events
1366
Write events
237
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2984
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\MW.zip
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2984
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0000000001000000020000000700000006000000030000000500000004000000FFFFFFFF
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
2
47006F006F0067006C0065004300680072006F006D0065002E0065007800650000000000
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
020000000100000000000000FFFFFFFF
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\a3x
0
6A003200A7D800006546BC902000474F4F474C457E312E41335800004E0008000400EFBE6E4E46A76E4E46A72A0000005FDF000000000300000000000000000000000000000047006F006F0067006C0065004300680072006F006D0065002E0061003300780000001C000000
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\a3x
MRUListEx
00000000FFFFFFFF
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
6A003200A7D800006546BC902000474F4F474C457E312E41335800004E0008000400EFBE6E4E46A76E4E46A72A0000005FDF000000000300000000000000000000000000000047006F006F0067006C0065004300680072006F006D0065002E0061003300780000001C000000
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
2
47006F006F0067006C0065004300680072006F006D0065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080020000E0010000000000000000000000000000000000000100000000000000
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
020000000100000000000000FFFFFFFF
3092
GoogleChrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3092
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2348
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Google Chrome
C:\GoogleChrome\WindowsUpdate.lnk
2348
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeUpdate
C:\GoogleChrome\GoogleUpdate.lnk
2348
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeFlash
C:\GoogleChrome\GoogleChrome.exe /AutoIt3ExecuteScript C:\GoogleChrome\GoogleChrome.a3x
2348
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0
2120
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeUpdate
C:\GoogleChrome\GoogleUpdate.lnk
2120
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeFlash
C:\GoogleChrome\GoogleChrome.exe /AutoIt3ExecuteScript C:\GoogleChrome\GoogleChrome.a3x
2120
GoogleChrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
3180
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
2332
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
3
Suspicious files
0
Text files
30
Unknown types
21

Dropped files

PID
Process
Filename
Type
2120
GoogleChrome.exe
C:\MozillaFirefox\GoogleChrome.exe
executable
MD5: 71d8f6d5dc35517275bc38ebcc815f9f
SHA256: fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b
3092
GoogleChrome.exe
C:\GoogleChrome\GoogleChrome.exe
executable
MD5: 71d8f6d5dc35517275bc38ebcc815f9f
SHA256: fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b
2348
GoogleChrome.exe
C:\MozillaFirefox\GoogleChrome.exe
executable
MD5: 71d8f6d5dc35517275bc38ebcc815f9f
SHA256: fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b
2348
GoogleChrome.exe
C:\MozillaFirefox\printercarolina.jpg
image
MD5: 98199076c723975eff1b337de979ff97
SHA256: 95033ba877e83210f117f150bd278b4dd53c4ffd7fb2249d8b9fb71edcf40acf
2120
GoogleChrome.exe
C:\MozillaFirefox\MozillaFirefox.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2120
GoogleChrome.exe
C:\MozillaFirefox\My Music.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2348
GoogleChrome.exe
C:\MozillaFirefox\My Music.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2348
GoogleChrome.exe
C:\MozillaFirefox\MozillaFirefox.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2120
GoogleChrome.exe
C:\GoogleChrome\My Music.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2120
GoogleChrome.exe
C:\GoogleChrome\GoogleChrome.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2348
GoogleChrome.exe
C:\GoogleChrome\My Music.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2348
GoogleChrome.exe
C:\GoogleChrome\GoogleChrome.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2120
GoogleChrome.exe
C:\MozillaFirefox\stronganother.png
image
MD5: 1bed6e9e7ac64defe0630d3ed0c29f36
SHA256: 17224ef900ae5eac1e6cc40751e0c87b4db155494f74113e3fdf2009fc44bffd
2120
GoogleChrome.exe
C:\MozillaFirefox\WindowsUpdate.lnk
lnk
MD5: ab787a9aa4630cce04a25689d4e05641
SHA256: 034b159dae5e75c4c7bf8ecd0614170e5aa8377655777af9b066ee3abff48f99
2120
GoogleChrome.exe
C:\MozillaFirefox\riskquality.rtf
text
MD5: 8c5d1fa89e0ba5445ef9bc2a03444b1d
SHA256: 1bd4cdcf7e7262816934138a6e2c741cdf9f38bec715d2fcddd276b0e011a5c3
2120
GoogleChrome.exe
C:\MozillaFirefox\printercarolina.jpg
image
MD5: 98199076c723975eff1b337de979ff97
SHA256: 95033ba877e83210f117f150bd278b4dd53c4ffd7fb2249d8b9fb71edcf40acf
2120
GoogleChrome.exe
C:\ProgramData\My Music.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2120
GoogleChrome.exe
C:\MozillaFirefox\palmmodule.jpg
image
MD5: 5927633723a50adb4f2a6b38035aa30b
SHA256: d0952d5f534cdc5b1df5812361f82d784b05c0f1d65c7613de746282371e1e1f
2120
GoogleChrome.exe
C:\MozillaFirefox\menbuilt.rtf
text
MD5: e30e9f2efc771eebae5dc5aac0cf2bcb
SHA256: 44424ce8836384531ef827dc17fc0b6307271e3ecd6f48ce67f795b05d709a84
2120
GoogleChrome.exe
C:\MozillaFirefox\GoogleUpdate.lnk
lnk
MD5: a07bce00c3a4f3a825d7e3cdefab8fc6
SHA256: 448505d75118679bd24018baebf8ca1604f25ba0166152f2e406e9dd3603f99a
2120
GoogleChrome.exe
C:\MozillaFirefox\iibelieve.rtf
text
MD5: be02a4d6c89f3d068e9f9027f1653e09
SHA256: 30301c7f9bfcbf28071e3d40f2da5ef1d7e80d65594adf78c69a4d2b0fc33dc0
2120
GoogleChrome.exe
C:\MozillaFirefox\GoogleChrome.a3x
a3x
MD5: 6b2d901299179d2b5df81cb8c4ee35c9
SHA256: 9b42c396a67b56aabca4ce9d9cd9839cf290c72f90e4b577e4318786221d0757
2120
GoogleChrome.exe
C:\MozillaFirefox\commonterm.rtf
text
MD5: 17e0bc60921a1f413d4681ec8fab104a
SHA256: 12ac05694f9b300b0bf9846206bd71ccb92491b8bcc3e0e4b5bee1ecfec11d83
2120
GoogleChrome.exe
C:\MozillaFirefox\desktop.ini
text
MD5: 9e36cc3537ee9ee1e3b10fa4e761045b
SHA256: 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
2120
GoogleChrome.exe
C:\MozillaFirefox\clearasia.png
image
MD5: 3a116016cedea238837baa9ab60deacf
SHA256: d3748f60b140b9a7a6228e19c378530b880111163a6575edde4b4ceacd99d041
2120
GoogleChrome.exe
C:\MozillaFirefox\collectionplaying.rtf
text
MD5: c6cceb27f60d13be32fc71ccc7f42f16
SHA256: e1174d45ddbacab7392c44f42bbf2a4011f8cbd1c937dd7276f68531e03c509e
2348
GoogleChrome.exe
C:\MozillaFirefox\stronganother.png
image
MD5: 1bed6e9e7ac64defe0630d3ed0c29f36
SHA256: 17224ef900ae5eac1e6cc40751e0c87b4db155494f74113e3fdf2009fc44bffd
2348
GoogleChrome.exe
C:\MozillaFirefox\WindowsUpdate.lnk
lnk
MD5: ab787a9aa4630cce04a25689d4e05641
SHA256: 034b159dae5e75c4c7bf8ecd0614170e5aa8377655777af9b066ee3abff48f99
2984
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.9163\GoogleChrome.a3x
––
MD5:  ––
SHA256:  ––
2348
GoogleChrome.exe
C:\MozillaFirefox\riskquality.rtf
text
MD5: 8c5d1fa89e0ba5445ef9bc2a03444b1d
SHA256: 1bd4cdcf7e7262816934138a6e2c741cdf9f38bec715d2fcddd276b0e011a5c3
2348
GoogleChrome.exe
C:\MozillaFirefox\palmmodule.jpg
image
MD5: 5927633723a50adb4f2a6b38035aa30b
SHA256: d0952d5f534cdc5b1df5812361f82d784b05c0f1d65c7613de746282371e1e1f
2348
GoogleChrome.exe
C:\MozillaFirefox\menbuilt.rtf
text
MD5: e30e9f2efc771eebae5dc5aac0cf2bcb
SHA256: 44424ce8836384531ef827dc17fc0b6307271e3ecd6f48ce67f795b05d709a84
2348
GoogleChrome.exe
C:\MozillaFirefox\iibelieve.rtf
text
MD5: be02a4d6c89f3d068e9f9027f1653e09
SHA256: 30301c7f9bfcbf28071e3d40f2da5ef1d7e80d65594adf78c69a4d2b0fc33dc0
2348
GoogleChrome.exe
C:\MozillaFirefox\GoogleChrome.a3x
a3x
MD5: 6b2d901299179d2b5df81cb8c4ee35c9
SHA256: 9b42c396a67b56aabca4ce9d9cd9839cf290c72f90e4b577e4318786221d0757
2348
GoogleChrome.exe
C:\ProgramData\My Music.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
2348
GoogleChrome.exe
C:\MozillaFirefox\commonterm.rtf
text
MD5: 17e0bc60921a1f413d4681ec8fab104a
SHA256: 12ac05694f9b300b0bf9846206bd71ccb92491b8bcc3e0e4b5bee1ecfec11d83
2348
GoogleChrome.exe
C:\MozillaFirefox\GoogleUpdate.lnk
lnk
MD5: a07bce00c3a4f3a825d7e3cdefab8fc6
SHA256: 448505d75118679bd24018baebf8ca1604f25ba0166152f2e406e9dd3603f99a
2348
GoogleChrome.exe
C:\MozillaFirefox\collectionplaying.rtf
text
MD5: c6cceb27f60d13be32fc71ccc7f42f16
SHA256: e1174d45ddbacab7392c44f42bbf2a4011f8cbd1c937dd7276f68531e03c509e
2348
GoogleChrome.exe
C:\MozillaFirefox\desktop.ini
text
MD5: 9e36cc3537ee9ee1e3b10fa4e761045b
SHA256: 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
2348
GoogleChrome.exe
C:\MozillaFirefox\clearasia.png
image
MD5: 3a116016cedea238837baa9ab60deacf
SHA256: d3748f60b140b9a7a6228e19c378530b880111163a6575edde4b4ceacd99d041
2348
GoogleChrome.exe
C:\GoogleChrome\GoogleUpdate.lnk
lnk
MD5: a07bce00c3a4f3a825d7e3cdefab8fc6
SHA256: 448505d75118679bd24018baebf8ca1604f25ba0166152f2e406e9dd3603f99a
2348
GoogleChrome.exe
C:\GoogleChrome\WindowsUpdate.lnk
lnk
MD5: ab787a9aa4630cce04a25689d4e05641
SHA256: 034b159dae5e75c4c7bf8ecd0614170e5aa8377655777af9b066ee3abff48f99
3092
GoogleChrome.exe
C:\GoogleChrome\printercarolina.jpg
image
MD5: 98199076c723975eff1b337de979ff97
SHA256: 95033ba877e83210f117f150bd278b4dd53c4ffd7fb2249d8b9fb71edcf40acf
3092
GoogleChrome.exe
C:\GoogleChrome\stronganother.png
image
MD5: 1bed6e9e7ac64defe0630d3ed0c29f36
SHA256: 17224ef900ae5eac1e6cc40751e0c87b4db155494f74113e3fdf2009fc44bffd
3092
GoogleChrome.exe
C:\GoogleChrome\menbuilt.rtf
text
MD5: e30e9f2efc771eebae5dc5aac0cf2bcb
SHA256: 44424ce8836384531ef827dc17fc0b6307271e3ecd6f48ce67f795b05d709a84
3092
GoogleChrome.exe
C:\GoogleChrome\palmmodule.jpg
image
MD5: 5927633723a50adb4f2a6b38035aa30b
SHA256: d0952d5f534cdc5b1df5812361f82d784b05c0f1d65c7613de746282371e1e1f
3092
GoogleChrome.exe
C:\GoogleChrome\riskquality.rtf
text
MD5: 8c5d1fa89e0ba5445ef9bc2a03444b1d
SHA256: 1bd4cdcf7e7262816934138a6e2c741cdf9f38bec715d2fcddd276b0e011a5c3
3092
GoogleChrome.exe
C:\GoogleChrome\iibelieve.rtf
text
MD5: be02a4d6c89f3d068e9f9027f1653e09
SHA256: 30301c7f9bfcbf28071e3d40f2da5ef1d7e80d65594adf78c69a4d2b0fc33dc0
2348
GoogleChrome.exe
C:\ProgramData\ProgramData.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4
3092
GoogleChrome.exe
C:\GoogleChrome\collectionplaying.rtf
text
MD5: c6cceb27f60d13be32fc71ccc7f42f16
SHA256: e1174d45ddbacab7392c44f42bbf2a4011f8cbd1c937dd7276f68531e03c509e
3092
GoogleChrome.exe
C:\GoogleChrome\GoogleChrome.a3x
a3x
MD5: 6b2d901299179d2b5df81cb8c4ee35c9
SHA256: 9b42c396a67b56aabca4ce9d9cd9839cf290c72f90e4b577e4318786221d0757
3092
GoogleChrome.exe
C:\GoogleChrome\desktop.ini
text
MD5: 9e36cc3537ee9ee1e3b10fa4e761045b
SHA256: 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
3092
GoogleChrome.exe
C:\GoogleChrome\commonterm.rtf
text
MD5: 17e0bc60921a1f413d4681ec8fab104a
SHA256: 12ac05694f9b300b0bf9846206bd71ccb92491b8bcc3e0e4b5bee1ecfec11d83
3092
GoogleChrome.exe
C:\GoogleChrome\clearasia.png
image
MD5: 3a116016cedea238837baa9ab60deacf
SHA256: d3748f60b140b9a7a6228e19c378530b880111163a6575edde4b4ceacd99d041
2984
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.9163\GoogleChrome.exe
––
MD5:  ––
SHA256:  ––
2120
GoogleChrome.exe
C:\ProgramData\ProgramData.lnk
lnk
MD5: ee79faa4b27631500a558fcef3e9825b
SHA256: eda12d1aa275600ef629c8128f97526ae03751d5332074431c07a6d52418d3a4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
9
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2348 GoogleChrome.exe 195.22.4.21:1212 Claranet Ltd PT suspicious

DNS requests

Domain IP Reputation
dmad.info 195.22.4.21
unknown

Threats

No threats detected.

Debug output strings

No debug info.