Malware analysis SecurityTaskManager_Setup.exe Malicious activity

Add for printing

File name:	SecurityTaskManager_Setup.exe
Full analysis:	https://app.any.run/tasks/eee2ab10-eaca-4ab9-b7c1-18f50450bf1d
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email. Malware Trends Tracker >>>
Analysis date:	November 16, 2019, 15:39:13
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	trojan loader
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	444439BC44C476297D7F631A152CE638
SHA1:	820FCB951D1AC8C2FDA1A1AE790F52EB1F8EDF2E
SHA256:	BC2D5417A6BF47D53C20C280F6E4B1A3E00DC0B6BBD3E26B2E591FD2F2DC4CC3
SSDEEP:	49152:4s+HgXcROcfipeyNcRmyQLCUOE+N+2JLKmltavtaKhGiD79l+90U:4s+9ROcapelxQLGEjscg6939l+V

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 8.0.7601.17514 undefined
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - setup.exe (PID: 2388)
  - TaskMan.exe (PID: 3096)
  - u[1].exe (PID: 2800)
  - ups[1].exe (PID: 2172)
  - upsupx[1].exe (PID: 884)
  - TaskMan.exe (PID: 3836)
- Loads dropped or rewritten executable
  - ctfmon.exe (PID: 708)
  - explorer.exe (PID: 352)
  - TaskMan.exe (PID: 3096)
  - TaskMan.exe (PID: 3836)
- Downloads executable files from the Internet
  - iexplore.exe (PID: 2340)
  - upsupx[1].exe (PID: 884)
- Downloads executable files from IP
  - iexplore.exe (PID: 2340)
- Runs PING.EXE for delay simulation
  - cmd.exe (PID: 2344)
  - cmd.exe (PID: 2356)
  - cmd.exe (PID: 3328)
  - cmd.exe (PID: 3968)
- Loads the Task Scheduler COM API
  - TaskMan.exe (PID: 3096)
  - TaskMan.exe (PID: 3836)
SUSPICIOUS
- Creates a software uninstall entry
  - setup.exe (PID: 2388)
- Executable content was dropped or overwritten
  - setup.exe (PID: 2388)
  - SecurityTaskManager_Setup.exe (PID: 2744)
  - iexplore.exe (PID: 2340)
  - iexplore.exe (PID: 3976)
  - TaskMan.exe (PID: 3096)
  - upsupx[1].exe (PID: 884)
- Creates files in the program directory
  - setup.exe (PID: 2388)
  - TaskMan.exe (PID: 3096)
  - upsupx[1].exe (PID: 884)
- Executed via COM
  - explorer.exe (PID: 3172)
- Creates files in the user directory
  - TaskMan.exe (PID: 3096)
  - TaskMan.exe (PID: 3836)
- Starts Internet Explorer
  - explorer.exe (PID: 352)
- Starts SC.EXE for service management
  - cmd.exe (PID: 2356)
  - cmd.exe (PID: 2344)
  - cmd.exe (PID: 3328)
  - cmd.exe (PID: 3968)
- Starts CMD.EXE for commands execution
  - u[1].exe (PID: 2800)
  - ups[1].exe (PID: 2172)
- Starts CMD.EXE for self-deleting
  - u[1].exe (PID: 2800)
  - ups[1].exe (PID: 2172)
- Reads Internet Cache Settings
  - explorer.exe (PID: 352)
  - TaskMan.exe (PID: 3096)
- Connects to unusual port
  - u[1].exe (PID: 2800)
  - upsupx[1].exe (PID: 884)
- Searches for installed software
  - TaskMan.exe (PID: 3096)
INFO
- Reads settings of System Certificates
  - TaskMan.exe (PID: 3096)
- Application launched itself
  - iexplore.exe (PID: 3976)
- Reads Internet Cache Settings
  - iexplore.exe (PID: 2340)
  - iexplore.exe (PID: 3976)
- Changes internet zones settings
  - iexplore.exe (PID: 3976)
- Reads internet explorer settings
  - iexplore.exe (PID: 2340)
- Creates files in the user directory
  - iexplore.exe (PID: 3976)
- Reads the hosts file
  - TaskMan.exe (PID: 3096)
  - TaskMan.exe (PID: 3836)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (32.1)
.exe	\|	Win64 Executable (generic) (28.5)
.exe	\|	Winzip Win32 self-extracting archive (generic) (23.7)
.dll	\|	Win32 Dynamic Link Library (generic) (6.7)
.exe	\|	Win32 Executable (generic) (4.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2009:02:24 16:50:34+01:00
PEType:	PE32
LinkerVersion:	8
CodeSize:	77824
InitializedDataSize:	65536
UninitializedDataSize:	-
EntryPoint:	0xaf1e
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	4
Subsystem:	Windows GUI

Summary

Architecture:	IMAGE_FILE_MACHINE_I386
Subsystem:	IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:	24-Feb-2009 15:50:34
Detected languages:	English - United States

DOS Header

Magic number:	MZ
Bytes on last page of file:	0x0090
Pages in file:	0x0003
Relocations:	0x0000
Size of header:	0x0004
Min extra paragraphs:	0x0000
Max extra paragraphs:	0xFFFF
Initial SS value:	0x0000
Initial SP value:	0x00B8
Checksum:	0x0000
Initial IP value:	0x0000
Initial CS value:	0x0000
Overlay number:	0x0000
OEM identifier:	0x0000
OEM information:	0x0000
Address of NE header:	0x000000F0

PE Headers

Signature:	PE
Machine:	IMAGE_FILE_MACHINE_I386
Number of sections:	5
Time date stamp:	24-Feb-2009 15:50:34
Pointer to Symbol Table:	0x00000000
Number of symbols:	0
Size of Optional Header:	0x00E0
Characteristics:	IMAGE_FILE_32BIT_MACHINE IMAGE_FILE_EXECUTABLE_IMAGE IMAGE_FILE_RELOCS_STRIPPED

Sections

Name	Virtual Address	Virtual Size	Raw Size	Charateristics	Entropy
.text	0x00001000	0x00012775	0x00013000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.50181
.rdata	0x00014000	0x00003822	0x00004000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.98659
.data	0x00018000	0x0000E6E4	0x00002000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.97381
.rsrc	0x00027000	0x0000976C	0x0000A000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.54785
_winzip_	0x00031000	0x002BA000	0x002BA000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	7.99948

Resources

Title	Entropy	Size	Codepage	Language	Type
1	4.82954	989	Latin 1 / Western European	English - United States	RT_MANIFEST
2	4.03621	744	Latin 1 / Western European	English - United States	RT_ICON
3	3.14459	296	Latin 1 / Western European	English - United States	RT_ICON
4	5.56342	3752	Latin 1 / Western European	English - United States	RT_ICON
5	5.99214	2216	Latin 1 / Western European	English - United States	RT_ICON
6	3.69605	1384	Latin 1 / Western European	English - United States	RT_ICON
7	5.83382	9640	Latin 1 / Western European	English - United States	RT_ICON
8	6.01045	4264	Latin 1 / Western European	English - United States	RT_ICON
9	4.68735	1128	Latin 1 / Western European	English - United States	RT_ICON
63	3.18826	764	Latin 1 / Western European	English - United States	RT_STRING

Imports


COMCTL32.dll
GDI32.dll
KERNEL32.dll
SHELL32.dll
USER32.dll

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

352

C:\Windows\Explorer.EXE

C:\Windows\explorer.exe

—

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Explorer

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll

496

sc start xWinWpdSrv

C:\Windows\system32\sc.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

A tool to aid in developing services for WindowsNT

Exit code:

1060

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

708

C:\Windows\System32\ctfmon.exe

—

taskeng.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

CTF Loader

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

884

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\upsupx[1].exe"

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\upsupx[1].exe

iexplore.exe

User:

admin

Company:

TODO: <公司名>

Integrity Level:

MEDIUM

Description:

TODO: <文件说明>

Exit code:

Version:

1.0.0.8

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\upsupx[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\psapi.dll

940

ping 127.0.0.1 -n 10

C:\Windows\system32\PING.EXE

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

TCP/IP Ping Command

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll

1732

ping 127.0.0.1 -n 10

C:\Windows\system32\PING.EXE

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

TCP/IP Ping Command

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll

2112

sc start xWinWpdSrv

C:\Windows\system32\sc.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

A tool to aid in developing services for WindowsNT

Exit code:

1060

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

2172

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ups[1].exe"

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ups[1].exe

iexplore.exe

User:

admin

Company:

Orgs

Integrity Level:

MEDIUM

Description:

Exit code:

Version:

1.0.0.1

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jgrr2oyx\ups[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll

2340

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3976 CREDAT:71937

C:\Program Files\Internet Explorer\iexplore.exe

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Internet Explorer

Exit code:

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

2344

"C:\Windows\system32\cmd.exe" /c sc start xWinWpdSrv&ping 127.0.0.1 -n 10 && del C:\Users\admin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LH043OAM\U_1_~1.EXE >> NUL

C:\Windows\system32\cmd.exe

—

u[1].exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

Add for printing

Total events

5 287

Read events

4 830

Write events

447

Delete events

Modification events


(PID) Process:	(352) explorer.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(352) explorer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:	write	Name:	P:\Hfref\nqzva\Qrfxgbc\FrphevglGnfxZnantre_Frghc.rkr
Value: 000000000000000000000000B6010000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
(PID) Process:	(352) explorer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:	write	Name:	HRZR_PGYFRFFVBA
Value: 000000003200000037000000E0DE1200090000000D000000CC19050033003000380030003400360042003000410046003400410033003900430042000000460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0051007500690063006B0020004C00610075006E00630068005C0055007300650072002000500069006E006E006500000000000034FF01F832FF01D4E3E1013DA94A7600000000FBFFFF7FF8E3E101987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF000000000000000000000000534275066D42750653427506000000000000000000000000080000002E006C00E72F0A77A48EF37600000000AC032E0000002E00E72F0A77B08EF37603005B019604010000002E005B148D23020000006CE4E101B07F0A7744E5E1010000000058005A0044E5E1010200000010E5E101F2700A7791830A771C8FF37611000000B8453100B045310078192F00F8FD580600E500008F148D23B0E4E10182914A7600E5E101B4E4E10127954A7600000000CC90FF01DCE4E101CD944A76CC90FF0188E5E101408CFF01E1944A7600000000408CFF0188E5E101E4E4E101090000000D000000CC19050033003000380030003400360042003000410046003400410033003900430042000000460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0051007500690063006B0020004C00610075006E00630068005C0055007300650072002000500069006E006E006500000000000034FF01F832FF01D4E3E1013DA94A7600000000FBFFFF7FF8E3E101987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF000000000000000000000000534275066D42750653427506000000000000000000000000080000002E006C00E72F0A77A48EF37600000000AC032E0000002E00E72F0A77B08EF37603005B019604010000002E005B148D23020000006CE4E101B07F0A7744E5E1010000000058005A0044E5E1010200000010E5E101F2700A7791830A771C8FF37611000000B8453100B045310078192F00F8FD580600E500008F148D23B0E4E10182914A7600E5E101B4E4E10127954A7600000000CC90FF01DCE4E101CD944A76CC90FF0188E5E101408CFF01E1944A7600000000408CFF0188E5E101E4E4E101090000000D000000CC19050033003000380030003400360042003000410046003400410033003900430042000000460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E006500780065000000740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0051007500690063006B0020004C00610075006E00630068005C0055007300650072002000500069006E006E006500000000000034FF01F832FF01D4E3E1013DA94A7600000000FBFFFF7FF8E3E101987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF000000000000000000000000534275066D42750653427506000000000000000000000000080000002E006C00E72F0A77A48EF37600000000AC032E0000002E00E72F0A77B08EF37603005B019604010000002E005B148D23020000006CE4E101B07F0A7744E5E1010000000058005A0044E5E1010200000010E5E101F2700A7791830A771C8FF37611000000B8453100B045310078192F00F8FD580600E500008F148D23B0E4E10182914A7600E5E101B4E4E10127954A7600000000CC90FF01DCE4E101CD944A76CC90FF0188E5E101408CFF01E1944A7600000000408CFF0188E5E101E4E4E101
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	DisplayName
Value: Security Task Manager 2.3d
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	UninstallString
Value: C:\Program Files\Security Task Manager\Uninstal.exe
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	InstallLocation
Value: C:\Program Files\Security Task Manager\
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	UninstallPath
Value: C:\Program Files\Security Task Manager\
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	Publisher
Value: Neuber Software
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	VersionMajor
Value: 2
(PID) Process:	(2388) setup.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
Operation:	write	Name:	VersionMinor
Value: 3

Add for printing

Executable files

Suspicious files

350

Text files

164

Unknown types

Dropped files

PID	Process	Filename		Type
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\liesmich.txt		text
		MD5:—	SHA256:—
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\readme.txt		text
		MD5:—	SHA256:—
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\leggimi.txt		text
		MD5:—	SHA256:—
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\TaskMan.exe		executable
		MD5:—	SHA256:—
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\file_id.diz		text
		MD5:85F533F1E1D0C11BE713C91F29BBAD54	SHA256:6FED71E2951B70F3E340A982B3D1A2914768D8C9691E6CFF465DED170944BA77
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\bestell.txt		text
		MD5:481325E02BD95664323A5299DA4F8BFE	SHA256:D9B135D7C0B39E38FEF169306599F3F8B1A82D701424892969EA8C5D6E790777
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\uninstal.exe		executable
		MD5:FA9F0F001EEAB09B8FADAB100AD60D7E	SHA256:709C6C2FB71F06AD8DAAE77E7AF11B3CEC059F25793D098D2254572A788EE120
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\manual_de.pdf		pdf
		MD5:17BBDF9FC220E9EFFACAA5A76CF4B688	SHA256:AF89A8B1030FAF760C16B66524F8A04188E49669FAA6F8123E2A4BF0ABAA75BC
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\SpyProDll.dll		executable
		MD5:642021C03975D907D65803AAE9EC3DEE	SHA256:0289FF37A7D4B6BD44AC96C714FE58329D4B1FDEA53F744AC3A5AE731236F87C
2744	SecurityTaskManager_Setup.exe	C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\manual_en.pdf		pdf
		MD5:F8DC026AC75362E1E5E41469CDDAE40C	SHA256:D97AAD84FC29C2B71FF9D07C645BB1B3DB779412F5673F5BD37B55520710CBCE

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
884	upsupx[1].exe	GET	—	185.112.156.92:80	http://185.112.156.92/downs.exe	HU	—	—	suspicious
884	upsupx[1].exe	GET	—	66.117.6.174:80	http://66.117.6.174/ups.rar	US	—	—	suspicious
884	upsupx[1].exe	GET	—	199.168.100.74:8074	http://199.168.100.74:8074/2.exe	US	—	—	malicious
2340	iexplore.exe	GET	200	173.247.239.186:80	http://173.247.239.186/u.exe	US	executable	37.5 Kb	malicious
884	upsupx[1].exe	GET	200	45.58.135.106:80	http://45.58.135.106/xpdown.dat	US	binary	128 b	malicious
2800	u[1].exe	GET	200	185.112.156.92:8092	http://185.112.156.92:8092/ups.html	HU	text	12 b	suspicious
884	upsupx[1].exe	GET	200	45.58.135.106:80	http://45.58.135.106/ok/64.html	US	text	13 b	malicious
884	upsupx[1].exe	GET	200	199.168.100.74:8074	http://199.168.100.74:8074/item.rar	US	executable	3.20 Mb	malicious
2172	ups[1].exe	GET	200	223.25.247.240:80	http://223.25.247.240/ok/ups.html	MY	text	12 b	unknown
2340	iexplore.exe	GET	200	173.247.239.186:80	http://173.247.239.186/upsupx.exe	US	executable	216 Kb	malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2172	ups[1].exe	223.25.247.240:80	—	Gigabit Hosting Sdn Bhd	MY	unknown
884	upsupx[1].exe	66.117.6.174:80	—	Corporate Colocation Inc.	US	suspicious
884	upsupx[1].exe	199.168.100.74:8074	—	DataShack, LC	US	malicious
884	upsupx[1].exe	45.58.135.106:80	—	Sharktech	US	malicious
884	upsupx[1].exe	185.112.156.92:80	—	DoclerWeb Kft.	HU	suspicious
3976	iexplore.exe	204.79.197.200:80	www.bing.com	Microsoft Corporation	US	whitelisted
2800	u[1].exe	185.112.156.92:8092	—	DoclerWeb Kft.	HU	suspicious
2340	iexplore.exe	173.247.239.186:80	—	Corporate Colocation Inc.	US	malicious

DNS requests

Domain	IP	Reputation
www.bing.com	204.79.197.200 13.107.21.200	whitelisted

Threats

PID	Process	Class	Message
2340	iexplore.exe	A Network Trojan was detected	ET INFO Executable Download from dotted-quad Host
2340	iexplore.exe	A Network Trojan was detected	ET TROJAN Single char EXE direct download likely trojan (multiple families)
2340	iexplore.exe	Potentially Bad Traffic	ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
2340	iexplore.exe	A Network Trojan was detected	ET INFO Executable Download from dotted-quad Host
2340	iexplore.exe	Potentially Bad Traffic	ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
2340	iexplore.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
2340	iexplore.exe	Potentially Bad Traffic	ET INFO SUSPICIOUS Dotted Quad Host MZ Response
2340	iexplore.exe	A Network Trojan was detected	ET INFO Executable Download from dotted-quad Host
2340	iexplore.exe	Potentially Bad Traffic	ET INFO SUSPICIOUS Dotted Quad Host MZ Response
884	upsupx[1].exe	A Network Trojan was detected	MALWARE [PTsecurity] Backdoor.Win32.Mocker

Add for printing

No debug info

General Info

SecurityTaskManager_Setup.exe

444439BC44C476297D7F631A152CE638

820FCB951D1AC8C2FDA1A1AE790F52EB1F8EDF2E

BC2D5417A6BF47D53C20C280F6E4B1A3E00DC0B6BBD3E26B2E591FD2F2DC4CC3

49152:4s+HgXcROcfipeyNcRmyQLCUOE+N+2JLKmltavtaKhGiD79l+90U:4s+9ROcapelxQLGEjscg6939l+V

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Loads dropped or rewritten executable

Downloads executable files from the Internet

Downloads executable files from IP

Runs PING.EXE for delay simulation

Loads the Task Scheduler COM API

SUSPICIOUS

Creates a software uninstall entry

Executable content was dropped or overwritten

Creates files in the program directory

Executed via COM

Creates files in the user directory

Starts Internet Explorer

Starts SC.EXE for service management

Starts CMD.EXE for commands execution

Starts CMD.EXE for self-deleting

Reads Internet Cache Settings

Connects to unusual port

Searches for installed software

INFO

Reads settings of System Certificates

Application launched itself

Reads Internet Cache Settings

Changes internet zones settings

Reads internet explorer settings

Creates files in the user directory

Reads the hosts file

Malware configuration

Static information

TRiD

EXIF

EXE

Summary

DOS Header

PE Headers

Sections

Resources

Imports

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity