Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 24, 2021, 7:29 p.m. | June 24, 2021, 7:37 p.m. |
-
syzs03_1000219144.exe "C:\Users\test22\AppData\Local\Temp\syzs03_1000219144.exe"
7204 -
-
SZipMd5Tool.exe "C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNRmjoOeDFIU5CO2Dtdam5NuGOQd0hM6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2IqgS -2596b1ef9f0a=27
3140 -
SZipMd5Tool.exe "C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNEm2oNeDFFUiCN22tMa25ZuTOldjhZ6SIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Iq=S -2596b1ef9f0a=27
9204-
SZipMd5Tool.exe "C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNgm1oYejFcU4CZ2Dthaj5ZujOZdmhN6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Iq=S -2596b1ef9f0a=27
5632
-
-
-
Fastpdf_setup_ver21042017.420.1.1.1.exe "C:\Users\test22\AppData\Local\Temp\Fastpdf_setup_ver21042017.420.1.1.1.exe"
7664-
-
fastpdf_ext_process.exe "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" /action:install
8020
-
-
-
fastpdf_ext_process.exe "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" /action:install
8864
-
-
-
fastpdf_ext_process.exe "C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe" /action:install
8840
-
-
fastpdf.exe "C:\Program Files (x86)\fastpdf\fastpdf.exe" -refreshdesktop=1
1456 -
fastpdf.exe "C:\Program Files (x86)\fastpdf\fastpdf.exe" -associate=1
1272
-
-
leishenzip_247915520_tiangua_001.exe "C:\Users\test22\AppData\Local\Temp\leishenzip_247915520_tiangua_001.exe"
5960-
regsvr32.exe regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\雷神压缩\ThorShell64.dll
7672 -
regsvr32.exe regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\雷神压缩\ThorHelp64.dll
7312 -
regsvr32.exe regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\雷神压缩\ThorService.dll
3004 -
-
regsvr32.exe /s C:\Users\test22\AppData\Roaming\雷神压缩\ThorShell64.dll
8488
-
-
-
regsvr32.exe /s C:\Users\test22\AppData\Roaming\雷神压缩\ThorHelp64.dll
5340
-
-
ThorFileManager.exe "C:\Users\test22\AppData\Roaming\雷神压缩\ThorFileManager.exe" --register_application
8224 -
ThorReport.exe "C:\Users\test22\AppData\Roaming\雷神压缩\ThorReport.exe"
7696
-
-
-
SZipMd5Tool.exe "C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCWNYmzoMeWFUU0CM2Dtga35YuzOEd3hN6CIB20FaUT10MxhIaCtAGtPOMDxEPyeMSm2ET0QMbW2FqhSNiGtFdl6IoCU0j1HZsj4ZsmYNu2YI25oZFmfYXybYnmgMH9ZUXGJlPhUbemG9CT8YJ3JJ7h3caCk5NlZeLG9Uu=y -2596b1ef9f0a=27
1036-
regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Users\test22\AppData\Local\ShiningZip\ZipCnu64.dll"
4340-
regsvr32.exe /s "C:\Users\test22\AppData\Local\ShiningZip\ZipCnu64.dll"
3056
-
-
SZipMd5Tool.exe "C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe" -e61475c863c7=27 -c9c0eef9ccd6=LCTNgm1oYejFcU4CZ2Dthaj5ZujOZdmhN6yIA2tFMUj1IMyhYaTtQG4PNMmxNPkeMSz2NTkQPbT2Aq=S -2596b1ef9f0a=27
1808
-
-
-
WMIC.exe wmic bios get SerialNumber
4744 -
WMIC.exe wmic bios get SerialNumber
6848 -
-
kzip_casual64.exe "C:\Program Files (x86)\k52zip\kzip_casual64.exe" --worker=kzip_ext --register
7792 -
kzip_main.exe "C:\Program Files (x86)\k52zip\kzip_main.exe" -action:assext
2980 -
krecommend.exe "C:\Program Files (x86)\k52zip\krecommend.exe" /product:11 /type:1 /sence:1
6216
-
-
abckantu_2722097895_shouheng_001.exe C:\Users\test22\AppData\Local\Temp\abckantu_2722097895_shouheng_001.exe
5112-
regsvr32.exe regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\PhotoViewer\ShellExt64.dll
2796 -
regsvr32.exe regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\PhotoViewer\PVShellExt64.dll
6172 -
regsvr32.exe regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\PhotoViewer\Checker.dll
3784
-
IP Address | Status | Action |
---|---|---|
106.75.135.138 | Active | Moloch |
119.206.200.181 | Active | Moloch |
125.77.167.183 | Active | Moloch |
106.75.31.186 | Active | Moloch |
111.230.117.40 | Active | Moloch |
111.230.160.42 | Active | Moloch |
119.206.200.180 | Active | Moloch |
119.36.226.154 | Active | Moloch |
119.36.33.98 | Active | Moloch |
119.39.80.117 | Active | Moloch |
119.6.229.138 | Active | Moloch |
119.63.197.151 | Active | Moloch |
120.52.95.242 | Active | Moloch |
123.56.69.34 | Active | Moloch |
123.57.234.67 | Active | Moloch |
139.199.214.236 | Active | Moloch |
163.171.198.117 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
180.97.251.192 | Active | Moloch |
202.122.145.86 | Active | Moloch |
211.152.132.122 | Active | Moloch |
211.159.130.100 | Active | Moloch |
211.159.130.115 | Active | Moloch |
211.91.160.215 | Active | Moloch |
36.248.43.220 | Active | Moloch |
42.56.79.236 | Active | Moloch |
49.233.242.159 | Active | Moloch |
61.172.205.219 | Active | Moloch |
47.95.193.173 | Active | Moloch |
59.110.159.69 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.102:49860 49.233.242.159:443 |
C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=*.lanshan.com | a8:d7:0b:b8:11:9b:5d:14:90:80:41:9d:82:44:17:2f:76:19:a6:a1 |
TLS 1.2 192.168.56.102:49863 42.56.79.236:443 |
C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=*.lanshan.com | a8:d7:0b:b8:11:9b:5d:14:90:80:41:9d:82:44:17:2f:76:19:a6:a1 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
section | .ndata |
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://xz.8dashi.com/qd/mastercfgoo.ini?v2021062544904 | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://down.gametoplist.top/60b5f24b88583/IMedia-553.exe | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://s.syzs.qq.com/channel/6/17100/syzs03_1000219144.exe | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://download.52pcfree.com/fastpdf/Fastpdf_setup_ver21042017.420.1.1.1.exe | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://down2.thorzip.muxin.fun/tiangua_2/leishenzip_247915520_tiangua_001.exe | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://dl.binghuokeji.cn/d/ghwuxPEi/FlashZip_2710.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://down2.thorzip.muxin.fun/60fffd6d5d24aa987a843c4d3a0980b4.data | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://api.mxgcat.wang/84e3aa4c7cb77c6933867ee34cb49c32.md5 | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://cdn-office.lanshan.com/package/tui/downloadtool/office/OfficeDownloaderInstall_0_100016_lanshan.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://api.mxgcat.wang/84e3aa4c7cb77c6933867ee34cb49c32.json | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://mxreport.whooyan.com/ | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://down.rxgif.cn/ddxm/Setup_10011.exe | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://union.juzizm.com/api/count/setup2 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/pkg/l1 | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://dn.earpan.com/store/pic_soft45181.exe | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i5 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://dbsu.cmcm.com/uv?t=1624564187 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i6 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s1 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i2 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://tj.rxgif.cn/api/logs | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://down.rxgif.cn/DBlink/LnockRarsly.exe | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s4 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/popup/p1 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://infoc0.duba.net/nep/v1/ | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://download.52pcfree.com/k52zip/k52zip20210520-220-21.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://tj.wdmuz.com/lc-spbj.php?uid=262f2de5d68b2fac5ccaac65dbf7853f&qid=null&softname=bangong&softid=shanzip&softver= | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://shdl.wdmuz.com/bjlc/87cbca115561d04afe4c965dd803098a.cdd?rand=85070 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://tj.wdmuz.com/pipil.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://kl.hnayg.com/zkactive/ctl/v2/qinfo.html?uid=74a6032aa894c3a537de6d362f685c90 | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://tj.rxgif.cn/api/live/server | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/l2 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://down1.thorzip.muxin.fun/report/queryinfo.xml | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://info.52pcfree.com/c/ | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://infoc2.duba.net/c/ | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s3 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/r1 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/r2 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://union.infoc.duba.net/nep/v1/ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://config.i.duba.net/rcmdsoft/11/1/sencecfg.dat | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://config.i.duba.net/rcmdsoft/db/kzip_install_pushdb02.zip | ||||||
suspicious_features | HTTP version 1.0 used | suspicious_request | GET http://down1.abckantu.com/shouheng_1/abckantu_2722097895_shouheng_001.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://down1.abckantu.com/11a9df7ff83a058afaadb5a09da594ae.data | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://report.uchiha.ltd/ |
request | GET http://xz.8dashi.com/qd/mastercfgoo.ini?v2021062544904 |
request | GET http://down.gametoplist.top/60b5f24b88583/IMedia-553.exe |
request | GET http://s.syzs.qq.com/channel/6/17100/syzs03_1000219144.exe |
request | GET http://download.52pcfree.com/fastpdf/Fastpdf_setup_ver21042017.420.1.1.1.exe |
request | GET http://down2.thorzip.muxin.fun/tiangua_2/leishenzip_247915520_tiangua_001.exe |
request | GET http://dl.binghuokeji.cn/d/ghwuxPEi/FlashZip_2710.exe |
request | GET http://down2.thorzip.muxin.fun/60fffd6d5d24aa987a843c4d3a0980b4.data |
request | GET http://api.mxgcat.wang/84e3aa4c7cb77c6933867ee34cb49c32.md5 |
request | GET http://cdn-office.lanshan.com/package/tui/downloadtool/office/OfficeDownloaderInstall_0_100016_lanshan.exe |
request | GET http://api.mxgcat.wang/84e3aa4c7cb77c6933867ee34cb49c32.json |
request | POST http://mxreport.whooyan.com/ |
request | GET http://down.rxgif.cn/ddxm/Setup_10011.exe |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/d&p=xLuKkTD7FYrn1KGf0d1pS8VsD0RJ%2BB/azLdXTIBJEaZEgoZX6k3g9qcj6f1izDRQaHEbdKVMY0KnIblHwcjmrg%3D%3D |
request | GET http://dl.binghuokeji.cn/img/tbmsc.jpg |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/i&p=SxInsX/RJYZFLz7ztyfMIDL%2BGa9IB3Wjc0bUqn3/WR3cqUoBQ1fPqp/GqBYrObWp/4LvN/YAJhMOXv%2BfLeFo3w%3D%3D |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/c&p=PHOja0XI6Hpo1VJzU/gs6k0Ptg8TIvoCwg%2Bx8C0Vu7iDJfI9mnwYtk%2BKuGb/ttx2TQpoRsLAIagyRsjWT58KK4i1X1%2BYNCfaVA3ifMdOA48%3D |
request | GET http://g.zapi.binghuokeji.cn/microtime/ |
request | POST http://union.juzizm.com/api/count/setup2 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/pkg/l1 |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/b&p=bySKbGTEED0if6D4enWJnWJTLowuVo4px%2BMb6fdzGdjzXRqdb9RUIhq0hUIjjfYK |
request | GET http://dn.earpan.com/store/pic_soft45181.exe |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i5 |
request | POST http://dbsu.cmcm.com/uv?t=1624564187 |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/r&p=bySKbGTEED0if6D4enWJnWJTLowuVo4px%2BMb6fdzGdjzXRqdb9RUIhq0hUIjjfYK |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i6 |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/b&p=VmyjhZ1V79QDl18vfKISlyjyKkbpyH4HuhPbyes/VOY8dEbsXOgBetY77HbUlW17 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s1 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i2 |
request | POST http://tj.rxgif.cn/api/logs |
request | GET http://tj.rxgif.cn/api/down/dd |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/u&p=VmyjhZ1V79QDl18vfKISlyjyKkbpyH4HuhPbyes/VOY8dEbsXOgBetY77HbUlW17 |
request | GET http://down.rxgif.cn/DBlink/LnockRarsly.exe |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s4 |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/pp/l&p=bySKbGTEED0if6D4enWJnQxZaCtGpyNwvR1%2BjP1o3N4fMVR0FYSSXYKpiwlwIdeg |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/pp/lf&p=bySKbGTEED0if6D4enWJnQxZaCtGpyNwvR1%2BjP1o3N4fMVR0FYSSXYKpiwlwIdeg |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/pp/tl&p=bySKbGTEED0if6D4enWJnWJTLowuVo4px%2BMb6fdzGdjzXRqdb9RUIhq0hUIjjfYK |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/popup/p1 |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/t&p=bySKbGTEED0if6D4enWJnWJTLowuVo4px%2BMb6fdzGdjzXRqdb9RUIhq0hUIjjfYK |
request | POST http://infoc0.duba.net/nep/v1/ |
request | GET http://download.52pcfree.com/k52zip/k52zip20210520-220-21.exe |
request | GET http://g.zapi.binghuokeji.cn/?r=/v3/cp/d&p=xLuKkTD7FYrn1KGf0d1pS4JsN/4dJva6ouBTswyspvZHobJcEPjUq0ampBCtF858ClIqSQQ5jhcq7JuelnnYNQ%3D%3D |
request | GET http://dl.binghuokeji.cn/img/mtcf.png |
request | GET http://dl.binghuokeji.cn/FlashZip/tsk_bjrj |
request | GET http://tj.wdmuz.com/lc-spbj.php?uid=262f2de5d68b2fac5ccaac65dbf7853f&qid=null&softname=bangong&softid=shanzip&softver= |
request | GET http://shdl.wdmuz.com/bjlc/87cbca115561d04afe4c965dd803098a.cdd?rand=85070 |
request | GET http://dl.binghuokeji.cn/d/imgs/syyng.png |
request | GET http://down.wdmuz.com/wy/wyp1.dat?48507900 |
request | HEAD http://down.wdmuz.com/wy/wyp1.dat |
request | GET http://tj.wdmuz.com/pipil.php |
request | GET http://kl.hnayg.com/zkactive/ctl/v2/qinfo.html?uid=74a6032aa894c3a537de6d362f685c90 |
request | POST http://mxreport.whooyan.com/ |
request | POST http://union.juzizm.com/api/count/setup2 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/pkg/l1 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i5 |
request | POST http://dbsu.cmcm.com/uv?t=1624564187 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i6 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s1 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/i2 |
request | POST http://tj.rxgif.cn/api/logs |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s4 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/popup/p1 |
request | POST http://infoc0.duba.net/nep/v1/ |
request | POST http://tj.rxgif.cn/api/live/server |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/l2 |
request | POST http://info.52pcfree.com/c/ |
request | POST http://infoc2.duba.net/c/ |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/s3 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/r1 |
request | POST http://p.zapi.binghuokeji.cn/?r=/v2/statistics/soft/r2 |
request | POST http://union.infoc.duba.net/nep/v1/ |
request | POST http://report.uchiha.ltd/ |
domain | down.gametoplist.top | description | Generic top level domain TLD |
regkey | .*Kingsoft |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-console-l1-1-0.dll |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-datetime-l1-1-0.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipService.exe |
file | C:\Program Files (x86)\fastpdf\msvcr100.dll |
file | C:\Program Files (x86)\fastpdf\imageformats\qicns.dll |
file | C:\Program Files (x86)\k52zip\kzip_ext64.dll |
file | C:\Program Files (x86)\fastpdf\aspose.slides.dll |
file | C:\Program Files (x86)\fastpdf\qt5network.dll |
file | C:\Program Files (x86)\fastpdf\kpdftoolutil.dll |
file | C:\Program Files (x86)\fastpdf\kinst.exe |
file | C:\Users\test22\AppData\Local\Temp\nshA618.tmp\NSISdl.dll |
file | C:\Program Files (x86)\fastpdf\fphelper.exe |
file | C:\Program Files (x86)\k52zip\update.exe |
file | C:\Program Files (x86)\k52zip\kinst.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipExplorer64.dll |
file | C:\Program Files (x86)\fastpdf\msvcp140.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe |
file | C:\Program Files (x86)\fastpdf\libegl.dll |
file | C:\Program Files (x86)\fastpdf\pdfconverter.exe |
file | C:\Program Files (x86)\fastpdf\api-ms-win-crt-convert-l1-1-0.dll |
file | C:\Program Files (x86)\k52zip\kfastpic\kfastpicutil64.dll |
file | C:\Program Files (x86)\fastpdf\api-ms-win-crt-time-l1-1-0.dll |
file | C:\Program Files (x86)\fastpdf\plugins\sqldrivers\qsqlite.dll |
file | C:\Program Files (x86)\fastpdf\kvipsdk.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipRetainSvr.dll |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-processthreads-l1-1-0.dll |
file | C:\Program Files (x86)\fastpdf\pdfupdate.exe |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-localization-l1-2-0.dll |
file | C:\Program Files (x86)\k52zip\api-ms-win-crt-string-l1-1-0.dll |
file | C:\Program Files (x86)\fastpdf\api-ms-win-core-file-l1-2-0.dll |
file | C:\Program Files (x86)\fastpdf\fpprotect.exe |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-memory-l1-1-0.dll |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-string-l1-1-0.dll |
file | C:\Program Files (x86)\k52zip\msvcp140.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\ZipCnu.dll |
file | C:\Users\test22\AppData\Local\LnockRarsly\LnockRarsly.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\雷神压缩\启动雷神压缩.lnk |
file | C:\Program Files (x86)\k52zip\api-ms-win-crt-math-l1-1-0.dll |
file | C:\Program Files (x86)\fastpdf\api-ms-win-crt-heap-l1-1-0.dll |
file | C:\Program Files (x86)\k52zip\ucrtbase.dll |
file | C:\Program Files (x86)\fastpdf\imageformats\qjpeg.dll |
file | C:\Program Files (x86)\fastpdf\imageformats\qwebp.dll |
file | C:\Program Files (x86)\fastpdf\msvcr80.dll |
file | C:\Program Files (x86)\k52zip\kdumprep.exe |
file | C:\Users\test22\AppData\Local\Temp\nshA618.tmp\NsisCrypt.dll |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-timezone-l1-1-0.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipConfig.exe |
file | C:\Program Files (x86)\k52zip\vccorlib140.dll |
file | C:\Program Files (x86)\fastpdf\msvcrt.dll |
file | C:\Program Files (x86)\k52zip\api-ms-win-core-synch-l1-2-0.dll |
file | C:\Users\Public\Desktop\网吧语音大师 8.5.lnk |
file | C:\Users\test22\Desktop\集成菜单.lnk |
file | C:\Users\Public\Desktop\电脑管家.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯QQ.lnk |
file | C:\Users\test22\Desktop\迅闪游戏菜单.lnk |
file | C:\Users\Public\Desktop\腾讯视频.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\雷神压缩\启动雷神压缩.lnk |
file | C:\Users\test22\Desktop\简单网管(EasyCafe).lnk |
file | C:\Users\test22\Desktop\驱动人生5.lnk |
file | C:\Users\test22\Desktop\网吧管理专家服务端2.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk |
file | C:\Users\Public\Desktop\集成菜单.lnk |
file | C:\Users\test22\Desktop\WPS文字.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴 사전.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\52好压\卸载52好压.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk |
file | C:\Users\Public\Desktop\网吧管理专家服务端2.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk |
file | C:\Users\Public\Desktop\360驱动大师.lnk |
file | C:\Users\Public\Desktop\闪压缩.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\暴风影音5.lnk |
file | C:\Users\Public\Desktop\迅闪游戏菜单.lnk |
file | C:\Users\Public\Desktop\QQ旋风.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk |
file | C:\Users\Public\Desktop\爱酷网吧电影 控制台.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\雷神压缩\启动雷神压缩.lnk |
file | C:\Users\test22\Desktop\易家乐好用平台.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\驱动人生5.lnk |
file | C:\Users\test22\Desktop\360安全卫士.lnk |
file | C:\Users\test22\Desktop\酷狗音乐.lnk |
file | C:\Users\test22\Desktop\QQ游戏.lnk |
file | C:\Users\test22\Desktop\QQ旋风.lnk |
file | C:\Users\Public\Desktop\核心服务端.lnk |
file | C:\Users\test22\Desktop\µãµã×ÀÃæ.lnk |
file | C:\Users\test22\Desktop\网吧语音大师 8.5.lnk |
file | C:\Users\test22\Desktop\QQ音乐.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全浏览器6.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全卫士.lnk |
file | C:\Users\Public\Desktop\360安全浏览器6.lnk |
file | C:\Users\test22\Desktop\启动迅雷7.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QQ浏览器.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\酷狗音乐.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\驱动精灵.lnk |
file | C:\Users\test22\Desktop\360安全浏览器6.lnk |
cmdline | regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\雷神压缩\ThorHelp64.dll |
cmdline | regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\雷神压缩\ThorService.dll |
cmdline | regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\PhotoViewer\ShellExt64.dll |
cmdline | regsvr32.exe /s C:\Users\test22\AppData\Roaming\雷神压缩\ThorHelp64.dll |
cmdline | regsvr32.exe /s "C:\Users\test22\AppData\Local\ShiningZip\ZipCnu64.dll" |
cmdline | regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\PhotoViewer\PVShellExt64.dll |
cmdline | regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\PhotoViewer\Checker.dll |
cmdline | regsvr32.exe /s /u C:\Users\test22\AppData\Roaming\雷神压缩\ThorShell64.dll |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Users\test22\AppData\Local\ShiningZip\ZipCnu64.dll" |
cmdline | regsvr32.exe /s C:\Users\test22\AppData\Roaming\雷神压缩\ThorShell64.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe |
file | C:\Program Files (x86)\fastpdf\fastpdf_ext_process.exe |
file | C:\Program Files (x86)\k52zip\krecommend.exe |
file | C:\Users\test22\AppData\Roaming\ClickDesktop\zmxzs.exe |
file | C:\Users\test22\AppData\Local\Temp\syzs03_1000219144.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\ShiningZip.exe |
file | C:\Users\test22\AppData\Local\Temp\nsaFCA9.tmp\INetC.dll |
file | C:\Users\test22\AppData\Local\Temp\leishenzip_247915520_tiangua_001.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipGUI.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipExplorer.dll |
file | C:\Users\test22\AppData\Local\Temp\Setup_10011.exe |
file | C:\Users\test22\AppData\Roaming\ClickDesktop\DuiLib.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\ShiningZip.dll |
file | C:\Users\test22\AppData\Roaming\ClickDesktop\AutoRemind.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\ZipCnu.dll |
file | C:\Users\test22\AppData\Roaming\ClickDesktop\uninst.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipUpdate.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipMPage.exe |
file | C:\Users\test22\AppData\Local\Temp\k52zip20210520-220-21.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipTray.exe |
file | C:\Users\test22\AppData\Local\Temp\FlashZip_2710.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipCode.dll |
file | C:\Users\test22\AppData\Local\Temp\Fastpdf_setup_ver21042017.420.1.1.1.exe |
file | C:\Users\test22\AppData\Local\Temp\abckantu_2722097895_shouheng_001.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipRetainSvr.dll |
file | C:\Users\test22\AppData\Local\Temp\nsaFCA9.tmp\NSISdl.dll |
file | C:\Users\test22\AppData\Local\LnockRarsly\LnockRarsly.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipService.exe |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipCore.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipConfig.exe |
file | C:\Users\test22\AppData\Local\Temp\OfficeDownloaderInstall_0_100016_lanshan.exe |
file | C:\Users\test22\AppData\Local\Temp\nsaFCA9.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\UnInstall.exe |
file | C:\Users\test22\AppData\Local\Temp\nsaFCA9.tmp\NsisCrypt.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipOverlayIcon.dll |
file | C:\Users\test22\AppData\Local\ShiningZip\SZipMd5Tool.exe |
wmi | SELECT * FROM Win32_VideoController |
wmi | SELECT * FROM Win32_OnBoardDevice |
wmi | SELECT * FROM Win32_NetworkAdapter WHERE (MACAddress IS NOT NULL) |
wmi | SELECT * FROM Win32_ComputerSystemProduct |
wmi | SELECT * FROM Win32_MemoryDevice |
wmi | SELECT * FROM Win32_UserAccount |
wmi | SELECT * FROM Win32_LogicalDisk WHERE (FileSystem IS NOT NULL) |
wmi | SELECT SerialNumber FROM Win32_BIOS |
wmi | SELECT * FROM Win32_BIOS |
wmi | SELECT * FROM Win32_DiskDrive WHERE MediaType LIKE 'Fixed hard disk%' |
wmi | SELECT * FROM Win32_SoundDevice |
wmi | SELECT * FROM Win32_DesktopMonitor |
wmi | SELECT * FROM Win32_Processor |
wmi | SELECT * FROM Win32_BaseBoard |
wmi | SELECT * FROM Win32_Keyboard |
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | sc create LnockRarsly binpath= "C:\Users\test22\AppData\Local\LnockRarsly\LnockRarsly.exe" DisplayName= "LnockRarsly Service" start= auto |
cmdline | sc description LnockRarsly "" |
cmdline | SC start LnockRarsly |
wmi | SELECT * FROM Win32_Processor |
wmi | SELECT * FROM Win32_LogicalDisk WHERE (FileSystem IS NOT NULL) |
wmi | SELECT SerialNumber FROM Win32_BIOS |
wmi | SELECT * FROM Win32_BIOS |
wmi | SELECT * FROM Win32_ComputerSystemProduct |
host | 172.217.25.14 |
registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString |
registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE |
service_name | FastPDFSvc | service_path | C:\Program Files (x86)\fastpdf\fpprotect.exe | ||||||
service_name | ThorZipVirtualCD | service_path | C:\Users\test22\AppData\Roaming\雷神压缩\ThorzipVirtualCD64.sys | ||||||
service_name | thorzip_update_service | service_path | C:\Users\test22\AppData\Local\Temp\%SystemRoot%\System32\svchost.exe -k thorzip_updatesvc | ||||||
reg_key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\thorzip_update_service\Parameters\ServiceDll | reg_value | C:\Users\test22\AppData\Roaming\雷神压缩\ThorService.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af4c9cd-825f-5677-8e7d-856f0e27270d}\InprocServer32\(Default) | reg_value | C:\Users\test22\AppData\Local\ShiningZip\SZipExplorer64.dll | ||||||
service_name | szpsrv | service_path | C:\Users\test22\AppData\Local\ShiningZip\SZipService.exe -3ba07688d9f4 | ||||||
service_name | szpsrvr | service_path | C:\Windows\SysWOW64\svchost.exe -k szpsrvrGroup | ||||||
reg_key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\szpsrvr\Parameters\ServiceDll | reg_value | C:\Users\test22\AppData\Roaming\zipstonh\SZipRetainSvr.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7660b6a6-0bf7-5252-be80-c2149103ef9c}\InprocServer32\(Default) | reg_value | C:\Windows\system32\SZipOverlayIcon64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4e71b1-07d9-568f-8838-8516212e1a8e}\InprocServer32\(Default) | reg_value | C:\Users\test22\AppData\Local\ShiningZip\SZipExplorer64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4e71b1-07d9-568f-8838-8516212e1a8e}\InprocServer32\(Default) | reg_value | C:\Users\test22\AppData\Local\ShiningZip\ZipCnu64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D7BB01-CD27-4D13-AE76-17BD82A461E5}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\fastpdf_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D7BB01-CD27-4D13-AE76-17BD82A461E5}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\fastpdf_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E3163A-D2B0-4C20-A859-1B420ECB881A}\InprocServer32\(Default) | reg_value | C:\Users\test22\AppData\Roaming\雷神压缩\ThorShell64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43154B4E-0C2B-41C9-844E-A422C994EE17}\InprocServer32\(Default) | reg_value | C:\Users\test22\AppData\Roaming\雷神压缩\ThorShell64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D7BB01-CD27-4D13-AE76-17BD82A461E5}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\fastpdf_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D7BB01-CD27-4D13-AE76-17BD82A461E5}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\fastpdf_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D7BB01-CD27-4D13-AE76-17BD82A461E5}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\fastpdf_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D7BB01-CD27-4D13-AE76-17BD82A461E5}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\fastpdf_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1005413-92D1-4B52-811C-37C5554BC0D2}\InprocServer32\(Default) | reg_value | C:\Users\test22\AppData\Roaming\雷神压缩\ThorHelp64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D26A5C8-E94B-44d3-A027-9DF32468F8E7}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\kpdfmenu64.dll | ||||||
service_name | kzipservice | service_path | C:\Program Files (x86)\k52zip\kzipservice.exe | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D26A5C8-E94B-44d3-A027-9DF32468F8E7}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\kpdfmenu64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D26A5C8-E94B-44d3-A027-9DF32468F8E7}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\fastpdf\kpdfmenu64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B4DFEAB-4A11-45B9-A2D9-E12ABCD71A4E}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\k52zip\kzip_ext64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1832224-9F22-4965-A6E8-E6A6E3C4FDF7}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\k52zip\kzip_ext64.dll | ||||||
file | C:\Windows\Tasks\ThorUpdate.job |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\krecommend.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\krecommend.exe |