Malware analysis kpcusb.rar Malicious activity | ANY.RUN

Add for printing

File name:	kpcusb.rar
Full analysis:	https://app.any.run/tasks/0448a5a4-b099-4eb3-8204-779f031976cb
Verdict:	Malicious activity
Analysis date:	October 05, 2023, 19:28:30
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-rar
File info:	RAR archive data, v4, os: Win32
MD5:	845BEBF26723BF52C4AC7317FB20A308
SHA1:	C0AF0358A570472B3BAE5C7099344FED9EFB3BC5
SHA256:	B8473BCFF6968936BDE526E993C70045D3176FE2E001BC88C706F9AAF9A74698
SSDEEP:	98304:901egM2PhmFolGAKVjB5bOgzMxEOXBjtndx7FtWd8k+9LQCz3xsOvRMcS3OrIPXQ:V0OhfUUK9P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - Setup.exe (PID: 1952)
  - Setup.exe (PID: 2268)
  - setup_server_ung.exe (PID: 3640)
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 3104)
  - activator.exe (PID: 2556)
  - UsbService.exe (PID: 2444)
  - activator.exe (PID: 3112)
  - UsbService.exe (PID: 1324)
  - UsbConfig.exe (PID: 1836)
  - activator.exe (PID: 1600)
  - activator.exe (PID: 3232)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3820)
  - UsbService.exe (PID: 2452)
  - activator.exe (PID: 2924)
  - UsbService.exe (PID: 2128)
  - UsbConfig.exe (PID: 3548)
- Drops the executable file immediately after the start
  - Setup.exe (PID: 1952)
  - Setup.exe (PID: 2268)
  - Setup.tmp (PID: 1080)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 3044)
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 1940)
- Loads dropped or rewritten executable
  - Setup.tmp (PID: 1080)
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 3104)
  - UsbService.exe (PID: 1324)
  - UsbConfig.exe (PID: 1836)
  - UsbService.exe (PID: 2452)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3820)
  - UsbConfig.exe (PID: 3548)
  - UsbService.exe (PID: 2128)
- Creates a writable file the system directory
  - drvinst.exe (PID: 3044)
  - drvinst.exe (PID: 2352)
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 1940)
SUSPICIOUS
- Start notepad (likely ransomware note)
  - WinRAR.exe (PID: 2780)
- Application launched itself
  - WinRAR.exe (PID: 1620)
- Reads the Windows owner or organization settings
  - Setup.tmp (PID: 1080)
- Drops a system driver (possible attempt to evade defenses)
  - Setup.tmp (PID: 1080)
  - drvinst.exe (PID: 3044)
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 1940)
- Creates files in the driver directory
  - drvinst.exe (PID: 3044)
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 1940)
- Reads settings of System Certificates
  - setup_server_ung.exe (PID: 3640)
  - UsbConfig.exe (PID: 1836)
- Reads security settings of Internet Explorer
  - setup_server_ung.exe (PID: 3640)
  - UsbConfig.exe (PID: 1836)
- Checks Windows Trust Settings
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 3044)
  - drvinst.exe (PID: 1940)
  - drvinst.exe (PID: 3952)
  - drvinst.exe (PID: 3692)
  - UsbConfig.exe (PID: 1836)
- Executes as Windows Service
  - UsbService.exe (PID: 3104)
  - UsbService.exe (PID: 1324)
  - UsbService.exe (PID: 2452)
  - UsbService.exe (PID: 2128)
- Uses NETSH.EXE to add a firewall rule or allowed programs
  - Setup.tmp (PID: 1080)
- Reads the BIOS version
  - UsbService.exe (PID: 3104)
  - UsbService.exe (PID: 1324)
  - UsbService.exe (PID: 2452)
  - UsbService.exe (PID: 2128)
- Reads the Internet Settings
  - Setup.tmp (PID: 3572)
  - UsbConfig.exe (PID: 1836)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3820)
  - UsbConfig.exe (PID: 3548)
- Reads the history of recent RDP connections
  - UsbConfig.exe (PID: 1836)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3548)
  - UsbConfig.exe (PID: 3820)
- Searches for installed software
  - UsbConfig.exe (PID: 1836)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3820)
  - UsbConfig.exe (PID: 3548)
- Reads Microsoft Outlook installation path
  - UsbConfig.exe (PID: 1836)
- Reads Internet Explorer settings
  - UsbConfig.exe (PID: 1836)
INFO
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 1620)
  - WinRAR.exe (PID: 2780)
- Checks supported languages
  - Setup.exe (PID: 1952)
  - Setup.tmp (PID: 3572)
  - Setup.exe (PID: 2268)
  - Setup.tmp (PID: 1080)
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 3044)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 1940)
  - drvinst.exe (PID: 3952)
  - drvinst.exe (PID: 3692)
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 3104)
  - activator.exe (PID: 2556)
  - UsbService.exe (PID: 2444)
  - activator.exe (PID: 3112)
  - UsbService.exe (PID: 1324)
  - UsbConfig.exe (PID: 1836)
  - activator.exe (PID: 1600)
  - activator.exe (PID: 3232)
  - UsbService.exe (PID: 2452)
  - UsbConfig.exe (PID: 2808)
  - activator.exe (PID: 2924)
  - UsbService.exe (PID: 2128)
  - UsbConfig.exe (PID: 3548)
  - UsbConfig.exe (PID: 3820)
- Manual execution by a user
  - Setup.exe (PID: 1952)
  - activator.exe (PID: 2556)
  - activator.exe (PID: 3112)
  - UsbConfig.exe (PID: 1836)
  - activator.exe (PID: 1600)
  - activator.exe (PID: 3232)
  - UsbConfig.exe (PID: 2808)
  - activator.exe (PID: 2924)
  - UsbConfig.exe (PID: 3820)
  - UsbConfig.exe (PID: 3548)
- Create files in a temporary directory
  - Setup.exe (PID: 1952)
  - Setup.exe (PID: 2268)
  - Setup.tmp (PID: 1080)
  - setup_server_ung.exe (PID: 3640)
- Application was dropped or rewritten from another process
  - Setup.tmp (PID: 3572)
  - Setup.tmp (PID: 1080)
- Reads the computer name
  - Setup.tmp (PID: 3572)
  - Setup.tmp (PID: 1080)
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 3044)
  - drvinst.exe (PID: 1940)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 3952)
  - drvinst.exe (PID: 3692)
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 2444)
  - UsbService.exe (PID: 3104)
  - activator.exe (PID: 2556)
  - activator.exe (PID: 3112)
  - UsbService.exe (PID: 1324)
  - UsbConfig.exe (PID: 1836)
  - activator.exe (PID: 1600)
  - activator.exe (PID: 3232)
  - UsbService.exe (PID: 2452)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3820)
  - activator.exe (PID: 2924)
  - UsbService.exe (PID: 2128)
  - UsbConfig.exe (PID: 3548)
- Reads the machine GUID from the registry
  - setup_server_ung.exe (PID: 3640)
  - drvinst.exe (PID: 3044)
  - drvinst.exe (PID: 2352)
  - drvinst.exe (PID: 1940)
  - drvinst.exe (PID: 3692)
  - drvinst.exe (PID: 3952)
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 3104)
  - UsbService.exe (PID: 1324)
  - UsbConfig.exe (PID: 1836)
  - UsbConfig.exe (PID: 2808)
  - UsbService.exe (PID: 2452)
  - UsbConfig.exe (PID: 3820)
  - UsbConfig.exe (PID: 3548)
  - UsbService.exe (PID: 2128)
- Creates files in the program directory
  - Setup.tmp (PID: 1080)
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 3104)
  - UsbConfig.exe (PID: 1836)
  - UsbService.exe (PID: 2128)
- Application launched itself
  - msedge.exe (PID: 1248)
- Reads CPU info
  - UsbService.exe (PID: 3076)
  - UsbService.exe (PID: 3104)
  - UsbService.exe (PID: 1324)
  - UsbService.exe (PID: 2452)
  - UsbService.exe (PID: 2128)
- Checks proxy server information
  - UsbConfig.exe (PID: 1836)
  - UsbConfig.exe (PID: 2808)
  - UsbConfig.exe (PID: 3820)
  - UsbConfig.exe (PID: 3548)
- Creates files or folders in the user directory
  - UsbConfig.exe (PID: 1836)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.rar	\|	RAR compressed archive (v-4.x) (58.3)
.rar	\|	RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize:	4200
UncompressedSize:	4133
OperatingSystem:	Win32
ModifyDate:	2017:07:06 03:15:18
PackingMethod:	Stored
ArchivedFileName:	USB.Network.Gate.8.0.1828.KaranPC\Fix.rar

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

113

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

316

"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=u2ec_gui dir=in action=allow program="C:\Program Files\Eltima Software\USB Network Gate\UsbConfig.exe" enable=yes

C:\Windows\System32\netsh.exe

—

Setup.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Network Command Shell

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\netsh.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll

568

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2600 --field-trial-handle=1260,i,15012726745634134634,11619640724734280192,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll

1080

"C:\Users\admin\AppData\Local\Temp\is-SHQIV.tmp\Setup.tmp" /SL5="$B01C6,5036889,121344,C:\Users\admin\Desktop\Setup.exe" /SPAWNWND=$90210 /NOTIFYWND=$C01E8

C:\Users\admin\AppData\Local\Temp\is-SHQIV.tmp\Setup.tmp

—

Setup.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-shqiv.tmp\setup.tmp
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1244

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1668 --field-trial-handle=1260,i,15012726745634134634,11619640724734280192,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1248

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://wiki.eltima.com/user-guides/usb-to-ethernet/guide.html

C:\Program Files\Microsoft\Edge\Application\msedge.exe

Setup.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1324

"C:\Program Files\Eltima Software\USB Network Gate\UsbService.exe"

C:\Program Files\Eltima Software\USB Network Gate\UsbService.exe

services.exe

User:

SYSTEM

Company:

ELTIMA Software

Integrity Level:

SYSTEM

Description:

USB Network Gate

Exit code:

Version:

8.0.1828

Modules

Images
c:\program files\eltima software\usb network gate\usbservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\oleaut32.dll

1372

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3624 --field-trial-handle=1260,i,15012726745634134634,11619640724734280192,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll

1600

"C:\Users\admin\Desktop\activator.exe"

C:\Users\admin\Desktop\activator.exe

explorer.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\activator.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

1620

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\kpcusb.rar"

C:\Program Files\WinRAR\WinRAR.exe

—

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\windows\system32\ntdll.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll

1836

"C:\Program Files\Eltima Software\USB Network Gate\UsbConfig.exe"

C:\Program Files\Eltima Software\USB Network Gate\UsbConfig.exe

explorer.exe

User:

admin

Company:

ELTIMA Software

Integrity Level:

MEDIUM

Description:

USB Network Gate

Exit code:

Version:

8.0.1828

Modules

Images
c:\program files\eltima software\usb network gate\usbconfig.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\program files\eltima software\usb network gate\u2ec.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

Add for printing

Total events

45 242

Read events

43 803

Write events

1 428

Delete events

Modification events


(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1620) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1

Add for printing

Executable files

Suspicious files

150

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1620	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa1620.11615\USB.Network.Gate.8.0.1828.KaranPC\Setup.exe		executable
		MD5:DB61757F26A5261296F368520DFBC9E1	SHA256:B3C6E9F324CF5CA0AC8B550976EA5B21D4DDA46181D78A08FD058708E2FFDC1C
2780	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa2780.12619\activator.exe		executable
		MD5:6D235F68577264478CA310C7E662D1B3	SHA256:B2E08C0185108BA59299ACA1444DD648AB808EF2B35CBC4802DB053C59900665
2780	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DIa2780.12137\Instructions.txt		text
		MD5:78156DC2D58479CD5FB72FF9E4C9AAC1	SHA256:31181BEFB79E0896B8A07F5941D0BFFB888377451A60DBBC234603828CA2A0BA
2780	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa2780.12619\Instructions.txt		text
		MD5:78156DC2D58479CD5FB72FF9E4C9AAC1	SHA256:31181BEFB79E0896B8A07F5941D0BFFB888377451A60DBBC234603828CA2A0BA
2268	Setup.exe	C:\Users\admin\AppData\Local\Temp\is-SHQIV.tmp\Setup.tmp		executable
		MD5:38A673F6766CC4BB4A264B22A86E7E50	SHA256:C176EB364E20D562E6B3EBBF18D8DD0776DDBA3305789CAC35DFD99A1E55C4E3
1080	Setup.tmp	C:\Program Files\Eltima Software\USB Network Gate\is-5ITSQ.tmp		executable
		MD5:D646556C3D86B4AE6E9CFF6E0DA99942	SHA256:565531023771C93D419F258D2D7B1F2383051005ADB1E6F38C516D78F8D7E10A
1620	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DIa1620.11876\Fix.rar		compressed
		MD5:76C74252FE6D65F92389AB9EADC1597A	SHA256:CCC403D141DBA5BC195FF317996A24D250447E4D39793DDE9F446C7301C98DE6
1952	Setup.exe	C:\Users\admin\AppData\Local\Temp\is-VG75I.tmp\Setup.tmp		executable
		MD5:38A673F6766CC4BB4A264B22A86E7E50	SHA256:C176EB364E20D562E6B3EBBF18D8DD0776DDBA3305789CAC35DFD99A1E55C4E3
1080	Setup.tmp	C:\Program Files\Eltima Software\USB Network Gate\u2ec.dll		executable
		MD5:3977ED63EA8F45D3DFEB2ACFD3376C0F	SHA256:332F3351B8A6166B09D935107D012160705DBC247CCDF196A012BF8E08DD4281
1080	Setup.tmp	C:\Program Files\Eltima Software\USB Network Gate\is-UPKOB.tmp		executable
		MD5:22ACF667F98930FEACAB0980842AD875	SHA256:604CB3BD5452B5D8559DE5FD1BC4EC462E78C79B0F107611E4E097527460290E

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1836	UsbConfig.exe	GET	200	104.18.14.101:80	http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCtIh0dpytErEenyEZraUQP	unknown	binary	472 b	unknown
1836	UsbConfig.exe	GET	301	46.4.194.4:80	http://eltima.com/download/usb2ethernet-update/settings.xml	unknown	html	268 b	unknown
1836	UsbConfig.exe	GET	200	104.18.14.101:80	http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D	unknown	binary	1.42 Kb	unknown
2360	msedge.exe	GET	301	46.4.194.2:80	http://wiki.eltima.com/user-guides/usb-to-ethernet/guide.html	unknown	html	270 b	unknown
1836	UsbConfig.exe	GET	200	104.18.15.101:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	unknown	binary	2.18 Kb	unknown
1836	UsbConfig.exe	GET	301	46.4.194.4:80	http://eltima.com/download/usb2ethernet-update/settings.xml	unknown	html	268 b	unknown
1836	UsbConfig.exe	GET	301	46.4.194.4:80	http://eltima.com/download/usb2ethernet-update/settings.xml	unknown	html	268 b	unknown
1836	UsbConfig.exe	GET	301	46.4.194.4:80	http://eltima.com/download/usb2ethernet-update/settings.xml	unknown	html	268 b	unknown
1836	UsbConfig.exe	GET	301	46.4.194.4:80	http://eltima.com/download/usb2ethernet-update/settings.xml	unknown	html	268 b	unknown
1836	UsbConfig.exe	GET	301	46.4.194.4:80	http://eltima.com/download/usb2ethernet-update/settings.xml	unknown	html	268 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
2656	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
3076	UsbService.exe	78.46.96.38:443	appstatico.eltima.com	Hetzner Online GmbH	DE	unknown
3104	UsbService.exe	188.40.191.126:443	activate.eltima.com	Hetzner Online GmbH	DE	unknown
3104	UsbService.exe	78.46.96.38:443	appstatico.eltima.com	Hetzner Online GmbH	DE	unknown
1248	msedge.exe	239.255.255.250:1900	—	—	—	whitelisted
2360	msedge.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
2360	msedge.exe	46.4.194.2:80	wiki.eltima.com	Hetzner Online GmbH	DE	unknown
2360	msedge.exe	204.79.197.239:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown

DNS requests

Domain	IP	Reputation
appstatico.eltima.com	78.46.96.38	unknown
activate.eltima.com	188.40.191.126	unknown
wiki.eltima.com	46.4.194.2	unknown
config.edge.skype.com	13.107.42.16	whitelisted
edge.microsoft.com	204.79.197.239 13.107.21.239	whitelisted
nav-edge.smartscreen.microsoft.com	20.103.180.120	whitelisted
data-edge.smartscreen.microsoft.com	20.31.251.109	whitelisted
electronicassist.freshdesk.com	184.72.189.255 52.3.125.17 34.239.36.222 54.158.184.166 52.73.240.25	unknown
assets8.freshdesk.com	52.222.225.5	unknown
assets6.freshdesk.com	52.222.225.5	unknown

Threats

PID	Process	Class	Message
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)
1836	UsbConfig.exe	Possibly Unwanted Program Detected	ET USER_AGENTS Suspicious User Agent (Autoupdate)

Add for printing

No debug info

General Info

kpcusb.rar

845BEBF26723BF52C4AC7317FB20A308

C0AF0358A570472B3BAE5C7099344FED9EFB3BC5

B8473BCFF6968936BDE526E993C70045D3176FE2E001BC88C706F9AAF9A74698

98304:901egM2PhmFolGAKVjB5bOgzMxEOXBjtndx7FtWd8k+9LQCz3xsOvRMcS3OrIPXQ:V0OhfUUK9P

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Drops the executable file immediately after the start

Loads dropped or rewritten executable

Creates a writable file the system directory

SUSPICIOUS

Start notepad (likely ransomware note)

Application launched itself

Reads the Windows owner or organization settings

Drops a system driver (possible attempt to evade defenses)

Creates files in the driver directory

Reads settings of System Certificates

Reads security settings of Internet Explorer

Checks Windows Trust Settings

Executes as Windows Service

Uses NETSH.EXE to add a firewall rule or allowed programs

Reads the BIOS version

Reads the Internet Settings

Reads the history of recent RDP connections

Searches for installed software

Reads Microsoft Outlook installation path

Reads Internet Explorer settings

INFO

Drops the executable file immediately after the start

Checks supported languages

Manual execution by a user

Create files in a temporary directory

Application was dropped or rewritten from another process

Reads the computer name

Reads the machine GUID from the registry

Creates files in the program directory

Application launched itself

Reads CPU info

Checks proxy server information

Creates files or folders in the user directory

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity