General Info

URL

http://www.corp.att.com/agnc/wp-content/themes/agnc/windows/agnc.exe

Full analysis
https://app.any.run/tasks/a25784e3-30d9-4267-be28-29d8db7102ed
Verdict
Malicious activity
Analysis date
3/15/2019, 00:24:30
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • COMATCommandSDKServer.exe (PID: 2572)
  • COMWMBServer.exe (PID: 1244)
  • COMOptionSDKServer.exe (PID: 1556)
  • COMSIE~1.EXE (PID: 2536)
  • COMGobiSDKServer.exe (PID: 2696)
  • COMSierraCdmaSDKServer.exe (PID: 3612)
  • COMSierraGobiSDKServer.exe (PID: 3128)
  • COMSierraGSMSDKServer.exe (PID: 3440)
  • NetVC.exe (PID: 3580)
  • CellularPlugInController.exe (PID: 2864)
  • netcfgsvr.exe (PID: 2852)
  • NetClient.exe (PID: 2476)
  • NetAutoconnectFocusSvc.exe (PID: 3504)
  • NetLogSvc.exe (PID: 3812)
  • NetClientSvc.exe (PID: 3080)
  • NetVC.exe (PID: 2248)
  • SwiCardDetect.exe (PID: 2128)
  • agnc.exe (PID: 296)
  • agnc.exe (PID: 2372)
  • agnc.exe (PID: 3472)
Loads dropped or rewritten executable
  • COMWMBServer.exe (PID: 1244)
  • COMOptionSDKServer.exe (PID: 1556)
  • COMATCommandSDKServer.exe (PID: 2572)
  • COMSIE~1.EXE (PID: 2536)
  • COMGobiSDKServer.exe (PID: 2696)
  • COMSierraGobiSDKServer.exe (PID: 3128)
  • COMSierraCdmaSDKServer.exe (PID: 3612)
  • COMSierraGSMSDKServer.exe (PID: 3440)
  • CellularPlugInController.exe (PID: 2864)
  • netcfgsvr.exe (PID: 2852)
  • NetClient.exe (PID: 2476)
  • MSIEXEC.EXE (PID: 312)
  • NetLogSvc.exe (PID: 3812)
  • NetAutoconnectFocusSvc.exe (PID: 3504)
  • NetClientSvc.exe (PID: 3080)
  • SwiCardDetect.exe (PID: 2128)
Changes the autorun value in the registry
  • NetClient.exe (PID: 2476)
Registers / Runs the DLL via REGSVR32.EXE
  • msiexec.exe (PID: 3788)
Writes to a start menu file
  • msiexec.exe (PID: 3788)
Connects to server without host name
  • NetClient.exe (PID: 2476)
Reads Environment values
  • CellularPlugInController.exe (PID: 2864)
  • NetClient.exe (PID: 2476)
  • NetClientSvc.exe (PID: 3080)
Reads internet explorer settings
  • NetClient.exe (PID: 2476)
Reads Internet Cache Settings
  • NetClient.exe (PID: 2476)
Creates files in the Windows directory
  • CellularPlugInController.exe (PID: 2864)
  • SwiCardDetect.exe (PID: 2128)
  • MsiExec.exe (PID: 3560)
  • DrvInst.exe (PID: 3772)
  • DrvInst.exe (PID: 2036)
  • DrvInst.exe (PID: 3120)
  • msiexec.exe (PID: 3788)
Creates files in the program directory
  • NetLogSvc.exe (PID: 3812)
Creates files in the driver directory
  • MsiExec.exe (PID: 3560)
  • DrvInst.exe (PID: 3772)
  • DrvInst.exe (PID: 3120)
  • DrvInst.exe (PID: 2036)
Creates or modifies windows services
  • DrvInst.exe (PID: 3772)
Executable content was dropped or overwritten
  • DrvInst.exe (PID: 3120)
  • DrvInst.exe (PID: 3772)
  • DrvInst.exe (PID: 2036)
  • MsiExec.exe (PID: 3560)
  • MsiExec.exe (PID: 3716)
  • MSIEXEC.EXE (PID: 312)
  • chrome.exe (PID: 3228)
  • msiexec.exe (PID: 3788)
Removes files from Windows directory
  • MsiExec.exe (PID: 3560)
  • DrvInst.exe (PID: 3772)
  • DrvInst.exe (PID: 2036)
  • DrvInst.exe (PID: 3120)
Creates COM task schedule object
  • MsiExec.exe (PID: 3560)
  • msiexec.exe (PID: 3788)
Starts Microsoft Installer
  • agnc.exe (PID: 3472)
Dropped object may contain Bitcoin addresses
  • msiexec.exe (PID: 3788)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 3716)
  • MsiExec.exe (PID: 3560)
  • MsiExec.exe (PID: 2708)
Creates a software uninstall entry
  • msiexec.exe (PID: 3788)
Application launched itself
  • msiexec.exe (PID: 3788)
  • chrome.exe (PID: 3228)
  • iexplore.exe (PID: 2960)
Searches for installed software
  • msiexec.exe (PID: 3788)
Reads Internet Cache Settings
  • chrome.exe (PID: 3228)
  • iexplore.exe (PID: 3244)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 292)
Changes internet zones settings
  • iexplore.exe (PID: 2960)
Reads internet explorer settings
  • iexplore.exe (PID: 3244)
Creates files in the program directory
  • msiexec.exe (PID: 3788)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
87
Monitored processes
49
Malicious processes
18
Suspicious processes
8

Behavior graph

+
start drop and start drop and start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs agnc.exe no specs agnc.exe agnc.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs drvinst.exe no specs msiexec.exe msiexec.exe regsvr32.exe no specs drvinst.exe drvinst.exe drvinst.exe netvc.exe no specs rundll32.exe no specs swicarddetect.exe no specs netclientsvc.exe no specs netautoconnectfocussvc.exe no specs netlogsvc.exe explorer.exe no specs netclient.exe netcfgsvr.exe no specs netvc.exe no specs cellularplugincontroller.exe comsierragsmsdkserver.exe no specs comsierracdmasdkserver.exe no specs comgobisdkserver.exe no specs comsierragobisdkserver.exe no specs comsie~1.exe no specs comoptionsdkserver.exe no specs comatcommandsdkserver.exe no specs comwmbserver.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2960
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll

PID
3244
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2960 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll

PID
3228
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\agnc.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll

PID
4068
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6e8000b0,0x6e8000c0,0x6e8000cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3368
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3224 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2600
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=4DE2CD9408DB6E6CBF725CCB09DAA35B --mojo-platform-channel-handle=952 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3628
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --service-pipe-token=49588E8557F1D01EE7635FD5C5F568C3 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=49588E8557F1D01EE7635FD5C5F568C3 --renderer-client-id=5 --mojo-platform-channel-handle=1756 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2240
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --service-pipe-token=6E65F2F0D56CF7B65F073A119A824B28 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6E65F2F0D56CF7B65F073A119A824B28 --renderer-client-id=3 --mojo-platform-channel-handle=2052 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3172
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=9E1B86A3AACFFD973E5336645B70E999 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9E1B86A3AACFFD973E5336645B70E999 --renderer-client-id=6 --mojo-platform-channel-handle=3476 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3088
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=A0AA07DB4EDC0A77B4A356EE5F2506DF --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A0AA07DB4EDC0A77B4A356EE5F2506DF --renderer-client-id=7 --mojo-platform-channel-handle=3724 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2760
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=F26AA2777907D7E05C52694A8B072AAB --mojo-platform-channel-handle=3776 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2216
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=2396435E0D7CBC7B54F6B00580119E8B --mojo-platform-channel-handle=3896 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3692
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=DA224B2149847508320332AE86107F4D --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=DA224B2149847508320332AE86107F4D --renderer-client-id=10 --mojo-platform-channel-handle=3876 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

PID
2312
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=B0C1C1EE75C0770384AEFA55A207B9A1 --mojo-platform-channel-handle=3824 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3280
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=DBF472143670792F8E16B6BCF7E60A99 --mojo-platform-channel-handle=512 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3608
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=852,12880393318024985150,387484032312687251,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=DD90E272B40C38326BE802A499A8A260 --mojo-platform-channel-handle=2140 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2372
CMD
"C:\Users\admin\Downloads\agnc.exe"
Path
C:\Users\admin\Downloads\agnc.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
AT&T
Description
Installer for the AT&T Global Network Client
Version
9.9.1.222
Modules
Image
c:\users\admin\downloads\agnc.exe
c:\systemroot\system32\ntdll.dll

PID
296
CMD
"C:\Users\admin\Downloads\agnc.exe"
Path
C:\Users\admin\Downloads\agnc.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AT&T
Description
Installer for the AT&T Global Network Client
Version
9.9.1.222
Modules
Image
c:\users\admin\downloads\agnc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\{5ff5251e-930b-47be-a747-9d0f0b53652b}\agnc.exe

PID
3472
CMD
C:\Users\admin\AppData\Local\Temp\{5FF5251E-930B-47BE-A747-9D0F0B53652B}\agnc.exe /q"C:\Users\admin\Downloads\agnc.exe" /tempdisk1folder"C:\Users\admin\AppData\Local\Temp\{5FF5251E-930B-47BE-A747-9D0F0B53652B}" /IS_temp
Path
C:\Users\admin\AppData\Local\Temp\{5FF5251E-930B-47BE-A747-9D0F0B53652B}\agnc.exe
Indicators
No indicators
Parent process
agnc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AT&T
Description
Installer for the AT&T Global Network Client
Version
9.9.1.222
Modules
Image
c:\users\admin\appdata\local\temp\{5ff5251e-930b-47be-a747-9d0f0b53652b}\agnc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\msi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msiexec.exe

PID
312
CMD
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\admin\AppData\Local\Downloaded Installations\{971A2C4B-EE73-4B92-B681-42D253556B13}\agnc.msi" /l*v C:\Users\admin\AppData\Local\Temp\agnc_install.log TRANSFORMS="C:\Users\admin\AppData\Local\Downloaded Installations\{971A2C4B-EE73-4B92-B681-42D253556B13}\1033.MST" SETUPEXEDIR="C:\Users\admin\Downloads" SETUPEXENAME="agnc.exe"
Path
C:\Windows\system32\MSIEXEC.EXE
Indicators
Parent process
agnc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mfcm140u.dll
c:\windows\system32\mfcm140.dll
c:\windows\system32\mfc140u.dll
c:\windows\system32\mfc140.dll
c:\windows\system32\vccorlib140.dll
c:\windows\system32\concrt140.dll
c:\windows\system32\msvcp140_2.dll
c:\windows\system32\msvcp140_1.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp100.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll
c:\program files\at&t global network client\netfp.dll
c:\program files\at&t global network client\nettpap.dll
c:\program files\at&t global network client\netclientsvcproxystub.dll
c:\program files\at&t global network client\netclientsvc.exe
c:\program files\at&t global network client\netautoconnectfocussvc.exe
c:\program files\at&t global network client\netcfgsvr.exe
c:\program files\at&t global network client\netlogsvc.exe
c:\program files\at&t global network client\agnwindowsclientcomadapterserver.dll
c:\program files\at&t global network client\proxystub.dll
c:\program files\at&t global network client\agn.windows.client.infrastructure.dll
c:\program files\at&t global network client\agn.windows.client.model.dll
c:\program files\at&t global network client\highdpitest.dll
c:\program files\at&t global network client\interop.agnwindowsclientcomadapterserverlib.dll
c:\program files\at&t global network client\interop.netlogsvclib.dll
c:\program files\at&t global network client\ionic.zip.dll
c:\program files\at&t global network client\microsoft.expression.interactions.dll
c:\program files\at&t global network client\netclient.exe
c:\program files\at&t global network client\netclientdll.dll
c:\program files\at&t global network client\netclientlauncher.exe
c:\program files\at&t global network client\netcommon.dll
c:\windows\system32\netcrypt.dll
c:\program files\at&t global network client\nethelp.exe
c:\program files\at&t global network client\netlp.dll
c:\program files\at&t global network client\netlogviewer.exe
c:\program files\at&t global network client\netmove.exe
c:\program files\at&t global network client\netsp.exe
c:\program files\at&t global network client\netsw.dll
c:\program files\at&t global network client\nettrace.exe
c:\program files\at&t global network client\sqlite.interop.dll
c:\program files\at&t global network client\system.data.sqlite.linq.dll
c:\program files\at&t global network client\system.data.sqlite.dll
c:\program files\at&t global network client\system.windows.controls.datavisualization.toolkit.dll
c:\program files\at&t global network client\system.windows.interactivity.dll
c:\program files\at&t global network client\updates.exe
c:\program files\at&t global network client\wpftoolkit.extended.dll
c:\program files\at&t global network client\wpftoolkit.dll
c:\program files\at&t global network client\sqlite3.dll
c:\program files\at&t global network client\agnfilt\agnfilt.sys
c:\program files\at&t global network client\avpnnic\avpnnic.sys
c:\program files\at&t global network client\netfw.exe
c:\program files\at&t global network client\fr\netcellular.resources.dll
c:\program files\at&t global network client\fr\netcfgsvr.resources.dll
c:\program files\at&t global network client\fr\netclient.resources.dll
c:\program files\at&t global network client\fr\netclientdll.resources.dll
c:\program files\at&t global network client\fr\netclientsvc.resources.dll
c:\program files\at&t global network client\fr\netfp.resources.dll
c:\program files\at&t global network client\fr\netfw.resources.dll
c:\program files\at&t global network client\fr\nethelp.resources.dll
c:\program files\at&t global network client\fr\netlp.resources.dll
c:\program files\at&t global network client\fr\netlpe.resources.dll
c:\program files\at&t global network client\fr\netlogviewer.resources.dll
c:\program files\at&t global network client\fr\netsp.resources.dll
c:\program files\at&t global network client\fr\netssl.resources.dll
c:\program files\at&t global network client\fr\netsw.resources.dll
c:\program files\at&t global network client\fr\nettrace.resources.dll
c:\program files\at&t global network client\fr\netvpn.resources.dll
c:\program files\at&t global network client\fr\updates.resources.dll
c:\program files\at&t global network client\de\netcellular.resources.dll
c:\program files\at&t global network client\de\netcfgsvr.resources.dll
c:\program files\at&t global network client\de\netclient.resources.dll
c:\program files\at&t global network client\de\netclientdll.resources.dll
c:\program files\at&t global network client\de\netclientsvc.resources.dll
c:\program files\at&t global network client\de\netfp.resources.dll
c:\program files\at&t global network client\de\netfw.resources.dll
c:\program files\at&t global network client\de\nethelp.resources.dll
c:\program files\at&t global network client\de\netlp.resources.dll
c:\program files\at&t global network client\de\netlpe.resources.dll
c:\program files\at&t global network client\de\netlogviewer.resources.dll
c:\program files\at&t global network client\de\netsp.resources.dll
c:\program files\at&t global network client\de\netssl.resources.dll
c:\program files\at&t global network client\de\netsw.resources.dll
c:\program files\at&t global network client\de\nettrace.resources.dll
c:\program files\at&t global network client\de\netvpn.resources.dll
c:\program files\at&t global network client\de\updates.resources.dll
c:\program files\at&t global network client\skin\netskin.style
c:\program files\at&t global network client\skin\winxp.royale.cjstyles
c:\program files\at&t global network client\es\netcellular.resources.dll
c:\program files\at&t global network client\es\netcfgsvr.resources.dll
c:\program files\at&t global network client\es\netclient.resources.dll
c:\program files\at&t global network client\es\netclientdll.resources.dll
c:\program files\at&t global network client\es\netclientsvc.resources.dll
c:\program files\at&t global network client\es\netfp.resources.dll
c:\program files\at&t global network client\es\netfw.resources.dll
c:\program files\at&t global network client\es\nethelp.resources.dll
c:\program files\at&t global network client\es\netlp.resources.dll
c:\program files\at&t global network client\es\netlpe.resources.dll
c:\program files\at&t global network client\es\netlogviewer.resources.dll
c:\program files\at&t global network client\es\netsp.resources.dll
c:\program files\at&t global network client\es\netssl.resources.dll
c:\program files\at&t global network client\es\netsw.resources.dll
c:\program files\at&t global network client\es\nettrace.resources.dll
c:\program files\at&t global network client\es\netvpn.resources.dll
c:\program files\at&t global network client\es\updates.resources.dll
c:\program files\at&t global network client\netssl.dll
c:\program files\at&t global network client\netvc.exe
c:\program files\at&t global network client\netvchelper.dll
c:\program files\at&t global network client\netvpn.dll
c:\program files\at&t global network client\atcommandsdk\atcommandsdk.dll
c:\program files\at&t global network client\atcommandsdk\comatcommandsdkserver.exe
c:\program files\at&t global network client\optionsdk\comoptionsdkserver.exe
c:\program files\at&t global network client\cellularplugincontroller\cellularplugincontroller.exe
c:\program files\at&t global network client\gobisdk\gobisdk.dll
c:\program files\at&t global network client\hpqpm.dll
c:\program files\at&t global network client\netcellular.dll
c:\program files\at&t global network client\optionsdk\optionsdk.dll
c:\program files\at&t global network client\sierracdmasdk\sierracdmasdk.dll
c:\program files\at&t global network client\atcommandsdk\rim_serial.dll
c:\program files\at&t global network client\cellularplugincontroller\swicarddetectx.dll
c:\program files\at&t global network client\gobisdk\comgobisdkserver.exe
c:\program files\at&t global network client\gobisdk\qcwwan.dll
c:\program files\at&t global network client\gobisdk\qcwwan2k.dll
c:\program files\at&t global network client\sierracdmasdk\comsierracdmasdkserver.exe
c:\program files\at&t global network client\sierracdmasdk\swiapiinterface.dll
c:\program files\at&t global network client\sierracdmasdk\swiapiinterfacecdma.dll
c:\program files\at&t global network client\sierracdmasdk\swiapimux.exe
c:\program files\at&t global network client\sierracdmasdk\swiapimuxcdma.exe
c:\program files\at&t global network client\sierracdmasdk\swicarddetect.dll
c:\program files\at&t global network client\sierracdmasdk\swicarddetectcdma.dll
c:\program files\at&t global network client\sierragsmsdk\comsierragsmsdkserver.exe
c:\program files\at&t global network client\sierragsmsdk\swiapiinterfacex.dll
c:\program files\at&t global network client\sierragsmsdk\swiapimuxx.exe
c:\program files\at&t global network client\sierragsmsdk\swicarddetectx.dll
c:\program files\at&t global network client\turnonsierradevice.exe
c:\program files\at&t global network client\sierraembgobisdk\comsierraembgobisdkserver.exe
c:\program files\at&t global network client\sierraembgobisdk\gobiapi.dll
c:\program files\at&t global network client\sierragobisdk\comsierragobisdkserver.exe
c:\program files\at&t global network client\sierragobisdk\gobiapi.dll
c:\program files\at&t global network client\sierragobisdk\sierragobisdk.dll
c:\program files\at&t global network client\sierragobisdk\swimbnconnector.dll
c:\program files\at&t global network client\wmb\comwmbserver.exe
c:\program files\at&t global network client\wmb\wmbsdk.dll
c:\program files\at&t global network client\sierragsmsdk\sierragsmsdk.dll
c:\program files\at&t global network client\sierraembgobisdk\sierraembgobisdk.dll
c:\program files\sierra wireless inc\common\swicarddetect.exe
c:\program files\sierra wireless inc\common\cd_ext.dll
c:\program files\sierra wireless inc\common\swiapiinterfacex.dll
c:\program files\sierra wireless inc\common\swiapimuxx.exe
c:\program files\sierra wireless inc\common\swicarddetectx.dll
c:\program files\at&t global network client\netlpe.dll
c:\program files\at&t global network client\libwaadbrowser.dll
c:\program files\at&t global network client\libwaresource.dll
c:\program files\at&t global network client\oesisendpointassessmenttool.exe
c:\program files\at&t global network client\wadiagnose.exe
c:\program files\at&t global network client\libwaaddon.dll
c:\program files\at&t global network client\libwaapi.dll
c:\program files\at&t global network client\libwaheap.dll
c:\program files\at&t global network client\libwautils.dll
c:\program files\at&t global network client\libwadeviceinfo.dll
c:\program files\at&t global network client\libwacollector.dll
c:\program files\at&t global network client\libwainfection.dll
c:\program files\at&t global network client\wa_3rd_party_host_32.exe
c:\program files\at&t global network client\libwanetscan.dll
c:\program files\at&t global network client\libwaremoval.dll
c:\program files\at&t global network client\libwavmodapi.dll
c:\program files\at&t global network client\libwalocal.dll

PID
3788
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mfcm140u.dll
c:\windows\system32\mfcm140.dll
c:\windows\system32\mfc140u.dll
c:\windows\system32\mfc140.dll
c:\windows\system32\vccorlib140.dll
c:\windows\system32\concrt140.dll
c:\windows\system32\msvcp140_2.dll
c:\windows\system32\msvcp140_1.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp100.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\at&t global network client\netclient.exe
c:\windows\system32\regsvr32.exe
c:\program files\at&t global network client\netvc.exe

PID
2708
CMD
C:\Windows\system32\MsiExec.exe -Embedding 9F1C0E5FB276C0242D27B6D033F36E71 C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\msieefe.tmp
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\msief8b.tmp
c:\windows\system32\msimg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\msifac7.tmp
c:\users\admin\appdata\local\temp\msifae8.tmp

PID
292
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3484
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000003F0" "000005C0"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
3716
CMD
C:\Windows\system32\MsiExec.exe -Embedding 2F86270031E1FC51E48571DFDBB68E47
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dispex.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\installer\msi6d27.tmp
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\{d3d52181-509b-45cc-8ee3-ece25ab39474}\isrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\{d3d52181-509b-45cc-8ee3-ece25ab39474}\_isres_0x0409.dll
c:\windows\installer\msi6f99.tmp
c:\users\admin\appdata\local\temp\{ad844372-c72c-44b0-8af0-97bebdba4bfd}\isrt.dll
c:\users\admin\appdata\local\temp\{ad844372-c72c-44b0-8af0-97bebdba4bfd}\_isres_0x0409.dll
c:\windows\installer\msi70c3.tmp
c:\windows\system32\msimg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\wshom.ocx
c:\windows\installer\msi719e.tmp
c:\windows\installer\msi73a3.tmp
c:\users\admin\appdata\local\temp\{4988a4ec-23c9-42fe-8ce1-153e35b3ea40}\isrt.dll
c:\users\admin\appdata\local\temp\{4988a4ec-23c9-42fe-8ce1-153e35b3ea40}\_isres_0x0409.dll
c:\windows\installer\msi745f.tmp
c:\users\admin\appdata\local\temp\{2d4f2056-c0d6-4a56-8225-f7d7aa10fe71}\isrt.dll
c:\users\admin\appdata\local\temp\{2d4f2056-c0d6-4a56-8225-f7d7aa10fe71}\_isres_0x0409.dll
c:\windows\installer\msi7599.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msxml6.dll
c:\windows\installer\msi7750.tmp
c:\windows\installer\msi7aad.tmp
c:\windows\system32\newdev.dll
c:\windows\system32\devrtl.dll
c:\windows\installer\msi7b0c.tmp
c:\windows\installer\msi7b5b.tmp
c:\windows\installer\msi7b9a.tmp
c:\users\admin\appdata\local\temp\{c07f06b0-5f3c-43b0-92df-596680420253}\isrt.dll
c:\users\admin\appdata\local\temp\{c07f06b0-5f3c-43b0-92df-596680420253}\_isres_0x0409.dll
c:\windows\installer\msi3360.tmp
c:\windows\installer\msi33a0.tmp

PID
3560
CMD
C:\Windows\system32\MsiExec.exe -Embedding 6334A72229ADDFD9DBC253F9A303150A M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\scrrun.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dispex.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\installer\msi8418.tmp
c:\windows\system32\newdev.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\slc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\installer\msi8467.tmp
c:\windows\installer\msi8497.tmp
c:\windows\installer\msi84a8.tmp
c:\windows\installer\msi9969.tmp
c:\windows\installer\msiba02.tmp
c:\windows\system32\wsock32.dll
c:\windows\installer\msibba9.tmp
c:\program files\at&t global network client\proxystub.dll
c:\windows\installer\msibc17.tmp
c:\windows\system32\drvstore.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\installer\msic427.tmp
c:\windows\installer\msiccf2.tmp
c:\windows\system32\nci.dll
c:\windows\system32\wlaninst.dll
c:\windows\system32\wwaninst.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\installer\msie4d0.tmp
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\mprmsg.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshnetbs.dll
c:\windows\system32\firewallapi.dll
c:\windows\installer\msi1bdf.tmp

PID
3096
CMD
C:\Windows\system32\regsvr32.exe /s blaze.ocx
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
3
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2036
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{60a3cb41-1f6e-056f-a5d2-4033135de324}\avpnnic.inf" "0" "67e6067df" "000005C0" "WinSta0\Default" "00000538" "208" "C:\Program Files\AT&T Global Network Client\avpnnic"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll

PID
3120
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{206b08de-7394-4732-dbe0-732a24a82b6f}\agnfilt.inf" "0" "65bb8b523" "00000538" "WinSta0\Default" "000005C8" "208" "C:\Program Files\AT&T Global Network Client\agnfilt"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll

PID
3772
CMD
DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "avpnnic.inf:ATT.NTx86.6.1:avpnnic.ndi:9.8.1.3000:att_avpnnic" "67d407023" "000005C8" "000005CC" "000005F4"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nci.dll
c:\windows\system32\wlaninst.dll
c:\windows\system32\wwaninst.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\mprmsg.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshnetbs.dll

PID
2248
CMD
"C:\Program Files\AT&T Global Network Client\NetVC.exe" -disableduringinstall att_avpnnic
Path
C:\Program Files\AT&T Global Network Client\NetVC.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AT&T
Description
AT&T Global Network VPN Config Tool
Version
8.7.0.3000
Modules
Image
c:\program files\at&t global network client\netvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nci.dll
c:\windows\system32\wlaninst.dll
c:\windows\system32\wwaninst.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
792
CMD
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
Path
C:\Windows\System32\rundll32.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2128
CMD
"C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe"
Path
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Sierra Wireless, Inc.
Description
Sierra Wireless Inc Card Detect Service
Version
11.3.1302.0
Modules
Image
c:\program files\sierra wireless inc\common\swicarddetect.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\slc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\sierra wireless inc\common\cd_ext.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll

PID
3080
CMD
"C:\Program Files\AT&T Global Network Client\NetClientSvc.exe"
Path
C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AT&T
Description
AT&T Global Network Client Service
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\netclientsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\msi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sxs.dll
c:\program files\at&t global network client\netclientsvcproxystub.dll

PID
3504
CMD
"C:\Program Files\AT&T Global Network Client\NetAutoconnectFocusSvc.exe"
Path
C:\Program Files\AT&T Global Network Client\NetAutoconnectFocusSvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AT&T
Description
AT&T Global Network Client Autoconnect Focus Service
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\netautoconnectfocussvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\mfc140u.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\mfc140enu.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
3812
CMD
"C:\Program Files\AT&T Global Network Client\NetLogSvc.exe"
Path
C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AT&T
Description
Network client logging service
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\netlogsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\profapi.dll

PID
2508
CMD
C:\Windows\explorer.exe
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
agnc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll

PID
2476
CMD
"C:\Program Files\AT&T Global Network Client\NetClient.exe"
Path
C:\Program Files\AT&T Global Network Client\NetClient.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
AT&T
Description
AT&T Global Network Client
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\netclient.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\program files\at&t global network client\agn.windows.client.infrastructure.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\at&t global network client\interop.netlogsvclib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sxs.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\program files\at&t global network client\agn.windows.client.model.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\program files\at&t global network client\interop.agnwindowsclientcomadapterserverlib.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\program files\at&t global network client\wpftoolkit.extended.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fveui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\01bed42723486eb478a5b3e2557173db\presentationframework.classic.ni.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\mscms.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\icm32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\program files\at&t global network client\wpftoolkit.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\7e77d1835b49fa80598b5c47eaedccfc\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\program files\at&t global network client\system.data.sqlite.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\032f5fa875be86b577722ddeeee2e51c\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\at&t global network client\sqlite.interop.dll
c:\windows\system32\msvcr100.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data.entity\f7a73b9f647611027b2ec6695971af82\system.data.entity.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.transactions\e7044d177c8e852b85908d2702898ec8\system.transactions.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.transactions\v4.0_4.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\msi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.ente96d83b35#\0b139f45e599394f70beccec6e1fc39c\system.enterpriseservices.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.enterpriseservices\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.enterpriseservices.wrapper.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.ente96d83b35#\0b139f45e599394f70beccec6e1fc39c\system.enterpriseservices.wrapper.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\at&t global network client\agnwindowsclientcomadapterserver.dll
c:\program files\at&t global network client\netclientdll.dll
c:\windows\system32\netcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\mfc140u.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winscard.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mfc140enu.dll
c:\program files\at&t global network client\netvpn.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\0261f24b2fd53085823ea90b359d71ee\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio4b37ff64#\ec80a2cdcf0a749cf0fbcad633b29253\presentationframework-systemxmllinq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\33d15f16d20849f7c46d19b7bc7f4273\presentationframework-systemxml.ni.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\at&t global network client\proxystub.dll
c:\windows\system32\drivers\agnfilt.sys
c:\windows\system32\drivers\avpnnic.sys
c:\program files\at&t global network client\libwaapi.dll
c:\program files\at&t global network client\netlpe.dll
c:\program files\at&t global network client\libwaheap.dll
c:\program files\at&t global network client\libwautils.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\program files\at&t global network client\nettpap.dll
c:\windows\system32\icmp.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll

PID
2852
CMD
"C:\Program Files\AT&T Global Network Client\netcfgsvr.exe"
Path
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AT&T
Description
Network configuration service
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\netcfgsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\at&t global network client\hpqpm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\version.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\msi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\at&t global network client\proxystub.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\slc.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\program files\at&t global network client\netvc.exe
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wintrust.dll

PID
3580
CMD
"C:\Program Files\AT&T Global Network Client\NetVC.exe" -disableclear att_avpnnic"
Path
C:\Program Files\AT&T Global Network Client\NetVC.exe
Indicators
No indicators
Parent process
netcfgsvr.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
AT&T
Description
AT&T Global Network VPN Config Tool
Version
8.7.0.3000
Modules
Image
c:\program files\at&t global network client\netvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\slc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nci.dll
c:\windows\system32\wlaninst.dll
c:\windows\system32\wwaninst.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
2864
CMD
"C:\Program Files\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe" -Embedding
Path
C:\Program Files\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
AT&T
Description
AT&T Global Network Client Cellular Plugin Controller
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\cellularplugincontroller\cellularplugincontroller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\program files\at&t global network client\cellularplugincontroller\swicarddetectx.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wintrust.dll

PID
3440
CMD
"C:\Program Files\AT&T Global Network Client\SierraGsmSDK\COMSierraGSMSDKServer.exe" -Embedding
Path
C:\Program Files\AT&T Global Network Client\SierraGsmSDK\COMSierraGSMSDKServer.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
AT&T
Description
Sierra GSM COM Server
Version
9.9.1.222
Modules
Image
c:\program files\at&t global network client\sierragsmsdk\comsierragsmsdkserver.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll