General Info

URL

https://www.drivereasy.com/DriverEasy_Setup.exe

Full analysis
https://app.any.run/tasks/4dbbedf4-53e6-4e7c-830e-b9235819e4ae
Verdict
Malicious activity
Analysis date
12/2/2019, 18:51:05
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • DriverEasy_Setup[1].exe (PID: 1316)
  • DriverEasy_Setup[1].exe (PID: 1600)
  • DriverEasy.exe (PID: 2928)
  • Easeware.ConfigLanguageFromSetup.exe (PID: 4032)
  • Easeware.CheckScheduledScan.exe (PID: 600)
Loads the Task Scheduler DLL interface
  • Easeware.CheckScheduledScan.exe (PID: 600)
Loads dropped or rewritten executable
  • DriverEasy.exe (PID: 2928)
  • Easeware.ConfigLanguageFromSetup.exe (PID: 4032)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 1188)
  • DriverEasy_Setup[1].exe (PID: 1316)
  • DriverEasy_Setup[1].exe (PID: 1600)
  • iexplore.exe (PID: 2784)
  • DriverEasy_Setup[1].tmp (PID: 3396)
Reads the machine GUID from the registry
  • DriverEasy.exe (PID: 2928)
Starts Internet Explorer
  • DriverEasy_Setup[1].tmp (PID: 3396)
Creates files in the user directory
  • Easeware.ConfigLanguageFromSetup.exe (PID: 4032)
Reads Windows owner or organization settings
  • DriverEasy_Setup[1].tmp (PID: 3396)
Uses NETSH.EXE for network configuration
  • DriverEasy_Setup[1].tmp (PID: 3396)
Creates files in the Windows directory
  • Easeware.CheckScheduledScan.exe (PID: 600)
Reads the Windows organization settings
  • DriverEasy_Setup[1].tmp (PID: 3396)
Reads Environment values
  • DriverEasy.exe (PID: 2928)
Application was dropped or rewritten from another process
  • DriverEasy_Setup[1].tmp (PID: 3396)
  • DriverEasy_Setup[1].tmp (PID: 2892)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2784)
  • iexplore.exe (PID: 1188)
  • iexplore.exe (PID: 2728)
Application launched itself
  • iexplore.exe (PID: 1188)
  • iexplore.exe (PID: 2868)
Changes internet zones settings
  • iexplore.exe (PID: 1188)
  • iexplore.exe (PID: 2868)
Loads dropped or rewritten executable
  • DriverEasy_Setup[1].tmp (PID: 3396)
Creates a software uninstall entry
  • DriverEasy_Setup[1].tmp (PID: 3396)
Creates files in the program directory
  • DriverEasy_Setup[1].tmp (PID: 3396)
Reads settings of System Certificates
  • DriverEasy.exe (PID: 2928)
Reads internet explorer settings
  • iexplore.exe (PID: 2728)
Creates files in the user directory
  • iexplore.exe (PID: 2728)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
52
Monitored processes
12
Malicious processes
3
Suspicious processes
4

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe drivereasy_setup[1].exe drivereasy_setup[1].tmp no specs drivereasy_setup[1].exe drivereasy_setup[1].tmp easeware.checkscheduledscan.exe no specs easeware.configlanguagefromsetup.exe no specs drivereasy.exe iexplore.exe no specs iexplore.exe netsh.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1188
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\drivereasy_setup[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2784
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1188 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
1316
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Easeware
Description
Driver Easy Setup
Version
5.6.13.33482
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\drivereasy_setup[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-5kbqn.tmp\drivereasy_setup[1].tmp

PID
2892
CMD
"C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmp" /SL5="$301C2,4268077,997888,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe"
Path
C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmp
Indicators
No indicators
Parent process
DriverEasy_Setup[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-5kbqn.tmp\drivereasy_setup[1].tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\shdocvw.dll

PID
1600
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" /SPAWNWND=$3018A /NOTIFYWND=$301C2
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe
Indicators
Parent process
DriverEasy_Setup[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Easeware
Description
Driver Easy Setup
Version
5.6.13.33482
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\drivereasy_setup[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-0lndc.tmp\drivereasy_setup[1].tmp

PID
3396
CMD
"C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp" /SL5="$4016A,4268077,997888,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" /SPAWNWND=$3018A /NOTIFYWND=$301C2
Path
C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp
Indicators
Parent process
DriverEasy_Setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-0lndc.tmp\drivereasy_setup[1].tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\users\admin\appdata\local\temp\is-19agt.tmp\isxdl.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\users\admin\appdata\local\temp\is-19agt.tmp\botva2.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\users\admin\appdata\local\temp\is-19agt.tmp\innocallback.dll
c:\windows\system32\mscms.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\easeware\drivereasy\drivereasy.exe
c:\program files\easeware\drivereasy\unins000.exe
c:\program files\easeware\drivereasy\easeware.checkscheduledscan.exe
c:\program files\easeware\drivereasy\easeware.configlanguagefromsetup.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\program files\internet explorer\iexplore.exe

PID
600
CMD
"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
Path
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
Indicators
No indicators
Parent process
DriverEasy_Setup[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Easeware
Description
Easeware.CheckScheduledScan
Version
1.0.1.0
Modules
Image
c:\program files\easeware\drivereasy\easeware.checkscheduledscan.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mstask.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\mpr.dll

PID
4032
CMD
"C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe" DriverEasy en
Path
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
Indicators
No indicators
Parent process
DriverEasy_Setup[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Easeware
Description
Easeware.ConfigLanguageFromSetup
Version
1.0.4.0
Modules
Image
c:\program files\easeware\drivereasy\easeware.configlanguagefromsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\program files\easeware\drivereasy\easeware.driver.core.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll

PID
2928
CMD
"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
Path
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Indicators
Parent process
DriverEasy_Setup[1].tmp
User
admin
Integrity Level
HIGH
Version:
Company
Easeware
Description
DriverEasy
Version
5.6.13
Modules
Image
c:\program files\easeware\drivereasy\drivereasy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\program files\easeware\drivereasy\easeware.driver.core.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\f52bfe40c54917622ed3abb98db8f90a\presentationframework-systemxml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\1e1a1bd97e618bc4934ee967bea27ae8\uiautomationtypes.ni.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\program files\easeware\drivereasy\easeware.driver.backup.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\e588691224a17737f3a164cc2d46c156\system.management.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\f68563fb25af65c25de37130ebcd576c\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio4b37ff64#\b204998e0b878089f7fd625612a35dfa\presentationframework-systemxmllinq.ni.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\powrprof.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio84a6349c#\d7f5c5b7ad6ae9510514a279c1cb5665\presentationframework-systemcore.ni.dll
c:\windows\system32\msctfui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winmm.dll

PID
2868
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
DriverEasy_Setup[1].tmp
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
2728
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2868 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
964
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Driver Easy" description="Allow Driver Easy Access Internet to Scan and Download Drivers." dir=out action=allow program="C:\Program Files\Easeware\DriverEasy\DriverEasy.exe" enable=yes profile=any
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
DriverEasy_Setup[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

Registry activity

Total events
2767
Read events
2523
Write events
241
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
1188
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019092020190921
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{59096A3B-152C-11EA-AB41-5254004A04AF}
0
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070C0001000200110033001500CF03
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070C0001000200110033001500CF03
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070C0001000200110033001600A300
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070C0001000200110033001600D100
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
41
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070C00010002001100330016001001
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
31
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070C0001000200110033002100BF0300000000
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
no
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120220191203
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120220191203
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120220191203
CachePrefix
:2019120220191203:
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120220191203
CacheLimit
8192
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120220191203
CacheOptions
11
1188
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120220191203
CacheRepair
0
2784
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120220191203
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120220191203
2784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120220191203
CachePrefix
:2019120220191203:
2784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120220191203
CacheLimit
8192
2784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120220191203
CacheOptions
11
2784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120220191203
CacheRepair
0
3396
DriverEasy_Setup[1].tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
440D0000B43A382439A9D501
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
DD8ED2E69E6BAF203AD8DF398A24152FAD1150E4930852A5BB12BB4BF4FE4CB9
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
2AEAFA62C50CF16EACA359C787AB68F980C83D8699F17AB5CC0EBAA36D33CDB2
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Setup Version
6.0.2 (u)
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: App Path
C:\Program Files\Easeware\DriverEasy
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
InstallLocation
C:\Program Files\Easeware\DriverEasy\
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Icon Group
Driver Easy
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: User
admin
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Selected Tasks
desktopicon,schedulescan
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Deselected Tasks
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Language
en
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
DisplayName
Driver Easy 5.6.13 (32-bit)
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
DisplayIcon
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
UninstallString
"C:\Program Files\Easeware\DriverEasy\unins000.exe"
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
QuietUninstallString
"C:\Program Files\Easeware\DriverEasy\unins000.exe" /SILENT
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
DisplayVersion
5.6.13
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Publisher
Easeware
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
URLInfoAbout
https://www.drivereasy.com/
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
HelpLink
https://www.drivereasy.com/
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
URLUpdateInfo
https://www.drivereasy.com/
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
NoModify
1
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
NoRepair
1
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
InstallDate
20191202
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
MajorVersion
5
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
MinorVersion
6
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
VersionMajor
5
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
VersionMinor
6
3396
DriverEasy_Setup[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
EstimatedSize
14351
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3396
DriverEasy_Setup[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2928
DriverEasy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DriverEasy.exe
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
EnableFileTracing
0
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
EnableConsoleTracing
0
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
FileTracingMask
4294901760
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
ConsoleTracingMask
4294901760
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
MaxFileSize
1048576
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
FileDirectory
%windir%\tracing
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
EnableFileTracing
0
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
EnableConsoleTracing
0
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
FileTracingMask
4294901760
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
ConsoleTracingMask
4294901760
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
MaxFileSize
1048576
2928
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
FileDirectory
%windir%\tracing
2928
DriverEasy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DriverEasy
version
5.6.13.33482 Free
2928
DriverEasy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DriverEasy
install_time
2019-12-02 17:52:11
2928
DriverEasy.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{773AF1FF-152C-11EA-AB41-5254004A04AF}
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070C0001000200110034000C000A02
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070C0001000200110034000C000A02
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
0AB1F23D39A9D501
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
37E2F33D39A9D501
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2868
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070C0001000200110034000C003303
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070C0001000200110034000C007103
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
51
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070C0001000200110034000C00A003
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
28
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2728
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2728
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe
2728
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1290246418
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2728
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070C0001000200110034000F00FA01
2728
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
964
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation

Files activity

Executable files
19
Suspicious files
3
Text files
82
Unknown types
15

Dropped files

PID
Process
Filename
Type
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe
executable
MD5: 692997612608ac134f18650f902770a3
SHA256: 88534080a4d86d01f71822f15c34dab4afd8294b45090d5f317d7daa3b051132
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\unins000.exe
executable
MD5: e5870bea881aa3e05d8ea39f8650d394
SHA256: 8280e55ad44b0d0b246a3737106e565442cb21bd07789f879ec014c564a2db23
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\innocallback.dll
executable
MD5: 1c55ae5ef9980e3b1028447da6105c75
SHA256: 6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\isxdl.dll
executable
MD5: 48ad1a1c893ce7bf456277a0a085ed01
SHA256: b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
executable
MD5: 34f36928f9530508b37994231e8e4855
SHA256: 0e8f289f08ad3d1c96cc95c79b634ae1893a1e588e65fd02dcb6148f0970a50a
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\7z\7z.dll
executable
MD5: 31c0aa42af83d5b8cf0cdec8a3361414
SHA256: 4e8c829c14adf49dc2d16f7f2e1aad3b04dbf8e9329e0d62f5ef214b55a8f0a2
1600
DriverEasy_Setup[1].exe
C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp
executable
MD5: e5870bea881aa3e05d8ea39f8650d394
SHA256: 8280e55ad44b0d0b246a3737106e565442cb21bd07789f879ec014c564a2db23
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\7z\7z86.dll
executable
MD5: 74613821c0da1a33acc195ceb4a3fbed
SHA256: 2d0f5f95d7592788eddfa4b059af464f19f29e080af0293f07e10da74fb726ad
1316
DriverEasy_Setup[1].exe
C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmp
executable
MD5: e5870bea881aa3e05d8ea39f8650d394
SHA256: 8280e55ad44b0d0b246a3737106e565442cb21bd07789f879ec014c564a2db23
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo.dll
executable
MD5: c13dc5a3f19f4aa1b982e5cd6e48369d
SHA256: 665cf542fa77b413ee7b657a4dacd92c2aec5382d6dfb81f3b6ca64a5d314a65
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\SevenZipSharp.dll
executable
MD5: 862b17b6d7fc0fe238766c514c7c51be
SHA256: 137a96971ed0739c48870eea4024dbc12888fa4bed8124f8644692999ed6e295
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJUD179F\DriverEasy_Setup[1].exe
executable
MD5: 692997612608ac134f18650f902770a3
SHA256: 88534080a4d86d01f71822f15c34dab4afd8294b45090d5f317d7daa3b051132
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
executable
MD5: 1f1ba1fefe2b17f02407921a89c5b4e8
SHA256: 81b4ebd234540bcf04402f8881280a646fc35f49b41125d09faf852305e9f61b
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll
executable
MD5: bf85d3941b24304dafb8ebbc3bd0f3dc
SHA256: d894046e5f9e67a8fd41a0bd03e3209b3add7879dbe95afa99ca223d472797f9
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Backup.dll
executable
MD5: b67d0644c967938f7acdb1ea123b5bf3
SHA256: 23f93be0f624b0bc9d39fa9aa0c675d390b697c48d01e5ac8a965058005a3948
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
executable
MD5: 06f6531eeee6c8756e751be642b037c5
SHA256: 99311c6bfa1233f38903f32df8936eefa486a83c6050ff6db85e23dc0927f3ea
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll
executable
MD5: 9afbb583d67092310340e708835a9b99
SHA256: cb6002e0ed684076f9c18fbea0553d49022aed76b4167c517432c50ff0308865
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Interop.WUApiLib.dll
executable
MD5: c7dfada67674640e2aa2a7e55f92766c
SHA256: d5224b5b73eef56c71e8217317bd8b15def4e6c9e34169c2af052afd4b26baff
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\botva2.dll
executable
MD5: 67965a5957a61867d661f05ae1f4773e
SHA256: 450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-HMDKV.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\analytics[1].js
text
MD5: b66b3b5d54e154c81a50880cdcd7e5f8
SHA256: dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\buy_norton_v2[1].jpg
image
MD5: bc83b0a96faa864e49631366e440350f
SHA256: aa805fae242d073ae67c973e35e42b70556696b70555f62e537b021d15a0df5d
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\AppEsteem_Seal_Logo[1].png
image
MD5: e400c8f4ac626b8974c2a36ccdf0d1de
SHA256: 39669f8d13ab17da4c1c2b9c6784ae54865002079e972742865cc18cbb05c527
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\global_buy_2checkout_wcu[1].js
text
MD5: 740639231a85d256d231ec900d41b73c
SHA256: 2f91e6e446d5f1c467d9054b8a8444d5733ee5ebffb0a732ca48333a05bf87ac
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\logo-win_comp[1].jpg
image
MD5: 562f46515661c8d02938279a19d01191
SHA256: 0f1534c9a91bc8bfca142d6949bc39736e4ee7343176e48e4e84718d3b728d82
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\device-drivers[1].jpg
image
MD5: 15bd9c492aff9c80efee13b675f896de
SHA256: c81c809ae9f6bcaa2a3c533487eaba4c809e62f03d45acc1f6ce240b0b04792d
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\avatar_1_01[1].jpg
image
MD5: 906251e6c1ecdd6062f10809c9ff214d
SHA256: 925ac3aba50d091288451951fd31542dc506e82b5f182b527dd4e44319070e81
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\map-top-countries[1].jpg
image
MD5: 0645378d2ec7a8c6c4f0135bcb8191de
SHA256: 28380ad1435c7bc0f6fbf965d45540be38f8e0daa65951b7033225345013ea74
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\icon-certified[1].jpg
image
MD5: 2f8c29a2686d5b0fa5e174925b201d0a
SHA256: 1eb388f57334a02c06949715335421617674cb342b456390b39317513c62c256
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\updateall[1].jpg
image
MD5: d13165879e0ef121b463b3473c69e936
SHA256: de57a1b7b359c82cfa49b37c20db905c1ed1e2f79da9c8c74a3925eab7ded6b8
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\logo-drivereasy[1].png
image
MD5: 6b3f22e2fe52121d0922664365bdf2f7
SHA256: 904bd8beeca2e93e7bad136fa973d459c399188e3fdc15b0a6b5585cb56eac22
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 5f4d4bc11d64b6cb605b7030c1997270
SHA256: 1d399c4617f5da6f7523d2816328c84de6e5cdf4325b2a40827c2d33d7ef0fd7
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\avatar_4[1].jpg
image
MD5: a3363055f3f8aa351473abb8df806c12
SHA256: 381bfeda239fcfa19a15bb1b25471b6230689a2d7514d93e9ebdf8c43f3089a0
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\skeleticons[1].eot
eot
MD5: 64184b622a4a5a1a8d5db4f2ab16519e
SHA256: b6af4c22129a4f2f330de92787162114da95d143d852925ec07ac3e102e953e4
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\noneed[1].jpg
image
MD5: bba7805aeeaeb2c99a854fc254a1570f
SHA256: 69cbafb13686794452e4f7d24fbb2bb8ad556e3fa0d673430d451d455a1ae106
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\buy_moneyback[1].png
image
MD5: 17b758b7feeb48552b1f339687d4e11e
SHA256: e7b741021f487cf75a69471fd9e6e29c9b5b44c72f4fd36ffd8634eb008e9c63
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\note-success[1].png
image
MD5: db5c0ea44ace809b37e7ad4eb83610a7
SHA256: a6b282bb7f55c6c5722a8580f6f89e84653d95668d42f1ba86aacfa8b5f2104f
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\pressapps-knowledge-base-public[1].js
text
MD5: 2bd6ea9e6917cf9d7f766ec992879722
SHA256: 01ae0d37454997401b6a1ccfbcf482808199f6e28ee8b89f8b213b29530daabb
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\jquery[1].js
text
MD5: f832e36068ab203a3f89b1795480d0d7
SHA256: 4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\style.min[1].css
text
MD5: 375bd65d60ff3c8723fccc343afb1b9b
SHA256: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\sk-icons[1].css
text
MD5: 63c99e126d9cf92b94d521a87a7cd858
SHA256: 85262169571ddaf28b539571c986aa8bc4d43a684b0f80281cd02452f8719292
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\block[1].css
text
MD5: df09ec45845a1fe40ee34b2f3c8046ee
SHA256: a8dcf2cb2ddaecc1cbd0971b3dfa64ed7aed3e9dbc33a238dc707e1f2747264e
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\pressapps-knowledge-base-public[1].css
text
MD5: 2b04b0cb5469397f37a433b11d59294a
SHA256: fadd4fd12a9a27eccf40f62342741827381be6729a87f1bee4de4cdf0c73351a
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\style[1].css
text
MD5: 7faef6b8dd1045c8cf158186ad72bec8
SHA256: 975addfd7b29ecf6734bc83a56de0190328e9dca57e41fc24cd4b75e81a3fa75
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\bootstrap[1].css
text
MD5: a2fb1d1ae1852ff05478f9486a8a0ce2
SHA256: 822cd019de74e5b058e082d780a0859fe7172f771337585dd71f89e25ed48704
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\screen[1].css
text
MD5: 1e7cb6ded82f975b74d78ce50f001853
SHA256: 991d72ca03b592c84fa9fb398f62016740f3e17f09f7f4769f761142c0250cfa
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\js[1]
text
MD5: a81f40c17de062dec1d404337119ac09
SHA256: 0b97701068c1b7315ec22c3c33461b11baa1504867b6fcffbb46685765d497a8
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: 245bff39aae2a794147eec715621fd9e
SHA256: 6967e081b8c5669f839198b0ddc679319129e56e71cf27f0733afefb6f365215
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\css[1].txt
text
MD5: 0c4f8a0eea30d85f2d67c2e4ce0c77d1
SHA256: a007cac6ac6ab4e92f72119288ab2f00f60d8b4346eb0da89b6f837c916f6323
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\html5[1].js
html
MD5: 5a98a86b5cb48c1506f338463259ce41
SHA256: 86fbfe313672eea1721475598ca81e520c6d1f788ec4ef7726c7af3cd987e560
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\why-choose-us[1].txt
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\why-choose-us[1].htm
html
MD5: c8c6d0b51c19a80a844b39503def9be2
SHA256: 5e78b745e85db0245ebc8979eee6fc42cdfcdd47cb4b8e325fc7afbfc368acd4
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: c383bec8cc38c5ef73728e9076e034ba
SHA256: 61084810801cdcd8e110f5324c98de1a286d495100bf1f13c929730030cbc6c6
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 7448fb2120b6ceb1a133d20b7ff30d25
SHA256: 24fce704f474fc7025cd6b3e5581894d6cf1f9488a4a299e0206079332673564
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2868
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
4032
Easeware.ConfigLanguageFromSetup.exe
C:\Users\admin\AppData\Roaming\Easeware\DriverEasy\settings.dat
xml
MD5: 19c3a18d8fb32b72bf4f8c674f843864
SHA256: 36c45e05ae759099536f42744a44b0d26b17725bc125b070cfce8b9145ea6ff4
600
Easeware.CheckScheduledScan.exe
C:\Windows\Tasks\Driver Easy Scheduled Scan.job
binary
MD5: e750dfea61940a1fc38de885b35e1524
SHA256: 10503b23512410aa19539d5979952363e163ad32849579b3ed97a5f368f7612e
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\unins000.dat
dat
MD5: 77f5fedf169d01b53a10164dab0b15e4
SHA256: 6cb77bd3378df17ffebcc0788289c4148e7f22bf24b00be1edffb68be8dc1803
3396
DriverEasy_Setup[1].tmp
C:\Users\Public\Desktop\Driver Easy.lnk
lnk
MD5: d9841efb05fd532b4436525969470bca
SHA256: 56cf18a45baf3d9270b3caacf0732d23797540196a7f9faa3836f1364bfe9d5f
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\unins000.msg
binary
MD5: b6040095c694d912594840b8c61112bb
SHA256: 66c00fa3986abd9c86e656677fbb3a8bfd4b096d7e96731e9f3bb26fb81d0fa7
3396
DriverEasy_Setup[1].tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk
lnk
MD5: 719cbe2a5ba3fd4a060451d3a8c747a5
SHA256: 52758b82a0ce5f28d062df4c3718cab5809e7398c2155d55543f5be8fdf27c27
3396
DriverEasy_Setup[1].tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk
lnk
MD5: a71146ed53369c56ee97346aaf7fc6bf
SHA256: a2d0e6a4f85845d372e461289afe0ea628a0f2846b7c5aeb6fe96464efd4e6f7
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\InstallDotNet.bat
text
MD5: 451e3d9f7282aa15b9530b11a80b8fb5
SHA256: 6abbcc8a924f507a1dd114d1bec4928efd164851ba485f62424d2c97891b583b
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
image
MD5: 0f0903a40ae1ecbcd888cf1bdb585571
SHA256: 951407854fdeb46c3a5aef9dcc2002cf469b1d31c2df8cbf98fda6f4e11a1928
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\is-7DDF1.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-RM8NV.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\base[1].js
text
MD5: e9a6ada14b2ee8cd4602d8938af3043b
SHA256: e1608c337b25cafdfff72252c3dda5d57219f7c865a50673c780790d3f0811ec
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-12347.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\KFOlCnqEu92Fr1MmEU9fBBc8[1].eot
eot
MD5: 03bb29d6722bf52f7fe88a6ed47d9e6e
SHA256: daa5d6292a35a6dc7e075436d0567dbe02515d5e886731fa5ca230e3d8fe26dd
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\7z\is-UBJUG.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\KFOjCnqEu92Fr1Mu51S7ACc6CsA[1].eot
eot
MD5: 3d24765047e383a80652f464d8d8dc34
SHA256: 54412faeb9ed658523d5bac0fdc02a6d59285621062fc5f4fdbecacca2c7dfc4
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\7z\is-R9IT0.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 54b955de6277880c46f631aa72c38648
SHA256: b5469f232ae7a52ebee2ad5979eb32e6b8acd9b038dd32d81955170264406a88
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Map.xml
xml
MD5: 460a9eff0642a72dbb604af28deb6605
SHA256: 6b9d7880c37c9bffc539ecfeb1b7be38299d2ad92faf3ed188118bd7976206b7
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-E4IUJ.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\www-embed-player[1].js
text
MD5: 87d517b50cb2d9e0a8cb701da81939ac
SHA256: 6fc1861996689089de205305912df469effac0a65006732df815421693255071
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-JJ6SC.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\KFOkCnqEu92Fr1Mu51xIIzY[1].eot
eot
MD5: f5c365f29f0193e60cf4927c7ce5b5b5
SHA256: 3e700198012f9480be89bd91e804640bcd3c3e9d9e7be7539393d6ba1b8363d6
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-7LGSC.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 8b784487440b27c5be047d924e88d80a
SHA256: 5272f5eb6a3e2f1a43dcd1b13beb3f9f0b499597a255eb420933e7874ba48370
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-F86V1.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\js[2]
text
MD5: e63429948ca8809a735dea0269e3dfa8
SHA256: 8b1141b2c9d98157a04164c99a976f79d85c421fe7311aaa8e4c254a4de95e12
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe.config
xml
MD5: 357195ceb812beb8702453e21728d0b1
SHA256: 12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-QN3I1.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-RPF2F.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe.config
xml
MD5: 357195ceb812beb8702453e21728d0b1
SHA256: 12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe.config
xml
MD5: 0550e282f7d6d76a0b757916257599e6
SHA256: 6847509084814f51bde2f3bfd9b689a52451b4d976c0850b057026f65c47d445
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\KFT_GXcV5KU[1].txt
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-NB5DD.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-GBC9E.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-HSB8M.tmp
––
MD5:  ––
SHA256:  ––
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\KFT_GXcV5KU[1].htm
html
MD5: aa3831882cfa9bcde7e40e6e72d4cbfe
SHA256: b075e4e08be511b6edccb93f45ce12ea9c684aa335f3bf3d23cb5b48b64aaded
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-K5S60.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\7zip_license.txt
text
MD5: 899a48828b85c4b0402ee7cf1f65b62b
SHA256: 20343526e04ce61eed2675282462e7080d305246f7807386621149c2025765d9
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\wcu-about-bg[1].jpg
image
MD5: b79b7283237fcf8ea0493a75ffcfebf4
SHA256: 3375e8b475759a0cf49c7a3bb8a9f66a33f79bf9b60bc9bf8b2dd3d611460c79
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-2MBKA.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Program Files\Easeware\DriverEasy\is-BV7RE.tmp
––
MD5:  ––
SHA256:  ––
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon_custom_up_hover.bmp
image
MD5: f7c42b90419faa060a2c572566c5187f
SHA256: 0fe60578b9ce8281cfa7ca946cdcc27d19f9d96f1d8144e6a841f38a587d5881
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\background_messagebox.png
image
MD5: 1549ea2cf00358fb791db13bcb773501
SHA256: d9cd2cee2f362d1388513d5da6031259ff9ce97e0f13a992c50077e8eaf33e54
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\button_minimize.png
image
MD5: 0327da652758a468b4a782e3392eb72b
SHA256: a1c151e746184ba06e9ff178b4134fc8763f64a53d017486cbfb5b2a9af36ca0
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\btn_browse_hover.bmp
image
MD5: 3b065325cd6fa7540e1667b37e4d95b5
SHA256: 74b4dc33550c3bead02dc9bcee3af2822dfe63f8c5239d42ce5b420da25423f7
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\btn_install.bmp
image
MD5: a26f91701137a55b7602242731f8ee65
SHA256: 5d51169829331cbba1ae020e08a99de2714803bbe277abf3235fa8c67b54eb19
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon-info_60x60.png
image
MD5: 1df20e390976ad57765f1449e07cfd72
SHA256: 7a07b728ebede2cf1b4e81a50b7f5f9beae0975d4909c889e0d650472016663b
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\btn_install_notclick.bmp
image
MD5: aedbde162857f71dba9bcbb8b35273b1
SHA256: 144fe14e213132d37fe5e3927912b4117c8a6789a3075e6ecdfea9154dde137e
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\btn_install_hover.bmp
image
MD5: fe1a861ae94c7008b250c1d1ab6977eb
SHA256: 8a2a09ac95f059c3de0da131223ed07a94dd9a7a3a95c77221d12b5b9c3d9543
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon_custom_down_hover.bmp
image
MD5: 7479fffe26db34b75fb6cba9485414f8
SHA256: 4922d18715d2fbd852c07c8506976857755a3574a6fddcc57d47492ecfb04920
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon_custom_down.bmp
image
MD5: 5364a733d3df6ffe2aaeac7ea868b835
SHA256: 6da5e640207cd3b84aef694d0ec01d8b0ccf05fe0676defe09a9e0e2584fafbe
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon_custom_up.bmp
image
MD5: 93649f9b062b8c4ab772865d46ffa393
SHA256: 16ff0dab2c78fa45b9472da68a1f37b4403ce71d4f0920aae5d2ac7fb00aa59e
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\btn_browse.bmp
image
MD5: a14d38bcad591c0f1a3cf9f5f77e3000
SHA256: 1642d5ba407ad652fae4a4d10a00fc1c0728d94a6ef75a8d0901a2b315f1677e
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\progressbar_foreground.png
image
MD5: 1432db7bb8b975c28f110a373d9efe94
SHA256: add59e97c665f0b2e91ed46a9e229320ca3b99f64fc09a54fd5456a8d906f82a
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\background_finish.png
image
MD5: d616086585f3450d847f32f3e6ad8317
SHA256: b0e957bf89342424da907d866ff5d1c614a4fd3a0603f4de9c57f606a360debb
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\background_welcome_more.png
image
MD5: a6d3e5688c82c04d29a0a9ee356e9a8b
SHA256: e940c5f6f7cad5ce4eb7a66e15f5604d4f4da5902b53a5259eb045775c93ee4c
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\background_welcome.png
image
MD5: f048154d9062a3c2f147b6380ce6f3ac
SHA256: 1d537619ea6508a383387d88e523522436e86dc72b929680e1552b10e44cf0f6
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\button_browse.png
image
MD5: c7c746fcc5542d734a3860b425ac6a1e
SHA256: 7cdac82567cdd9719a83bcb62c098c6d2b19d115f10e3db2b164b5f3b0ed1f89
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\progressbar_background.png
image
MD5: 8590e035e72584ca56eba6a9dfb23a33
SHA256: c5267ffea02e06c538c8be10b1b83513830d6390a069761d10a4b67d9e684f0b
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\button_close.png
image
MD5: 5f6a7af5eca52aa134a4a06832a5d005
SHA256: 7d9ef408ad2520d62d4389c957e105d3fabf14697d2846b77e4fc488fbb84535
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\checkbox_license.png
image
MD5: b66aff516f0d0b51ac1330ad38f0da68
SHA256: e76216c1183152853638f804170efebe8d061d11c30ea9bf9e6ed1a9fcc6afed
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon_uncustom.png
image
MD5: 5a7f3314fbd8a3db765394798bc8a9ce
SHA256: 2f67d842567176b42176784bb001ec63e3d84685fa35aebe5c23db20a969d427
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\background_installing.png
image
MD5: dd797aad2893785472aaa18ec9d131e0
SHA256: 33dfe9609b7aa20bc064a4f4429ccefba07ba951adc5ce2a8f994945e6a17b57
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\button_setup_or_next.png
image
MD5: b9e4b8247138afe12ae2157b20628de9
SHA256: 7877a7839c12c635271f4f03b980f80cb2cdd19b9c660e706edac85f2ca50022
3396
DriverEasy_Setup[1].tmp
C:\Users\admin\AppData\Local\Temp\is-19AGT.tmp\icon_custom.png
image
MD5: 39ab68a67302e28f0ae08ec418890d2e
SHA256: a22aa447e1f620098e969d56688e79cc4b3b729afe83a13468e86cd2927545df
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: ccbbf5e25d1025c686f4f09f970b8517
SHA256: 2bcbbd9def27e581a989b8dc80af8ad81b2049c859d6f8220dd3111c9eea1f6c
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\buy_banner_bg_v3[1].jpg
image
MD5: 7fd8545389041216ad65ddd0f8a811ed
SHA256: 3c00c4fb21e2d49bfe1cdb4d08e67638d4e89f4e477a6015a7a284c65cb610e0
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{59096A3B-152C-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
1188
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF7DE74E5054216962.TMP
––
MD5:  ––
SHA256:  ––
2784
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 2e62d420186773e65d76f8054e3586ad
SHA256: 5350698107e2a7a7af70cf3204755dee0902958e47b7c985c12ce510021fe6c1
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: dc651959aabfe8fab58e4b4e3bc558f7
SHA256: 74d099354ac9747094ab48f54569421392ba418a0cd80cc2b62cea92ada1138d
2728
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120220191203\index.dat
dat
MD5: d99a036d3eea93cbf6cf38f3ef553448
SHA256: ad2d96f4ca39abcc3378636145fad84083d62d745258a41d4d498bc445d48c22
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120220191203\index.dat
dat
MD5: e9aae0c454f20c7330d2ce24cd62b8e4
SHA256: a08a8e7eb5ec5b3e6321dd79962564acc4eec6eaaf7db2aa7ddf3e4bf4dd2b00
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJUD179F\DriverEasy_Setup[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\note-blockquote[1].png
image
MD5: 3e2a72d39f1c0a72a9387f33c2539b05
SHA256: 213cdb76bc35aaf9ddace9831854c5259976def5e2e3167dc6dda34d21f9fdc2
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\jquery.min[1].js
text
MD5: f832e36068ab203a3f89b1795480d0d7
SHA256: 4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{59096A3C-152C-11EA-AB41-5254004A04AF}.dat
binary
MD5: fd5d0f74547d3af5f3ab233f7abea6a6
SHA256: b104948a43cf0aeab51752612f545291ff535a04f7d4c0c767c8480ef0006d78
1188
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0201948ECDBE6DEA.TMP
––
MD5:  ––
SHA256:  ––
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 2291fedf2d3c85fcd3f341095e5fbf62
SHA256: a96be42b99f1976b4f9917dbedb86c3af5c16ac920048f2c8bd22ae7d04c56d7
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1188
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1188
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7D3FFPV6\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QZWCOFDY\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1Y1DF47Y\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2784
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJUD179F\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2728
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\www-player-vfl-sWJSq[1].css
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
31
DNS requests
15
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1188 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2928 DriverEasy.exe GET 200 2.16.106.201:80 http://cdn.drivereasy.com/version.html unknown
text
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1188 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2784 iexplore.exe 167.114.130.158:443 OVH SAS CA malicious
2784 iexplore.exe 2.16.106.201:80 Akamai International B.V. –– whitelisted
2928 DriverEasy.exe 172.217.16.142:443 Google Inc. US whitelisted
2728 iexplore.exe 167.114.130.158:443 OVH SAS CA malicious
2728 iexplore.exe 172.217.22.10:443 Google Inc. US whitelisted
2728 iexplore.exe 216.58.205.232:443 Google Inc. US whitelisted
2728 iexplore.exe 184.30.208.49:443 Akamai International B.V. NL unknown
2728 iexplore.exe 172.217.22.99:443 Google Inc. US whitelisted
2728 iexplore.exe 172.217.16.142:443 Google Inc. US whitelisted
2728 iexplore.exe 172.217.23.142:443 Google Inc. US whitelisted
2728 iexplore.exe 64.233.167.154:443 Google Inc. US whitelisted
2728 iexplore.exe 172.217.16.164:443 Google Inc. US whitelisted
2728 iexplore.exe 172.217.18.99:443 Google Inc. US whitelisted
2928 DriverEasy.exe 167.114.130.158:443 OVH SAS CA malicious
–– –– 2.16.106.201:80 Akamai International B.V. –– whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.drivereasy.com 167.114.130.158
malicious
cdn.drivereasy.com 2.16.106.201
2.16.106.187
suspicious
www.google-analytics.com 172.217.16.142
whitelisted
images.drivereasy.com 184.30.208.49
unknown
fonts.googleapis.com 172.217.22.10
whitelisted
www.googletagmanager.com 216.58.205.232
whitelisted
fonts.gstatic.com 172.217.22.99
whitelisted
www.youtube.com 172.217.23.142
172.217.18.14
172.217.18.174
216.58.206.14
216.58.207.46
216.58.207.78
172.217.23.110
172.217.16.142
216.58.208.46
172.217.16.174
172.217.22.46
172.217.22.78
172.217.22.110
172.217.16.206
172.217.21.206
172.217.23.174
whitelisted
s.ytimg.com 172.217.23.142
whitelisted
stats.g.doubleclick.net 64.233.167.154
64.233.167.157
64.233.167.155
64.233.167.156
whitelisted
www.google.com 172.217.16.164
whitelisted
www.google.lv 172.217.18.99
whitelisted

Threats

PID Process Class Message
2784 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.