General Info

File name

YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe

Full analysis
https://app.any.run/tasks/0b11fefd-2c0a-43eb-8957-a70b64145e11
Verdict
Malicious activity
Analysis date
11/8/2018, 14:04:57
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

mindspark

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

60f93ba3820d72789a905921635cd9f7

SHA1

1f4418578085942700b3bdfe97716f1ca51b099b

SHA256

185a14f3280bbf973860d9946f7c87189a135b5f1b9d3281fc7e93d3213f8027

SSDEEP

6144:jbUTp1Cl0EbBsb+jM+zsT8qEJEbrPBj3AQ6LvCdWYDbHIae+0U/aM4tp5iFw2EHi:jISuEuSfJ2aLLasspeuSLp5iefC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • svchost.exe (PID: 852)
  • SlimWare.Services.exe (PID: 2568)
  • csrss.exe (PID: 344)
  • explorer.exe (PID: 1604)
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
Downloads executable files from the Internet
  • SlimCleanerPlus.exe (PID: 184)
Application was dropped or rewritten from another process
  • SlimWare.Services.exe (PID: 2568)
  • DriverUpdate-setup.exe (PID: 2244)
  • SlimCleanerPlus.exe (PID: 184)
  • SlimCleanerPlus.exe (PID: 2728)
MINDSPARK was detected
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
Creates COM task schedule object
  • msiexec.exe (PID: 3160)
Reads Internet Cache Settings
  • explorer.exe (PID: 1604)
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
Changes IE settings (feature browser emulation)
  • MsiExec.exe (PID: 2208)
Executable content was dropped or overwritten
  • msiexec.exe (PID: 3160)
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
  • SlimCleanerPlus.exe (PID: 184)
Changes the autorun value in the registry
  • MsiExec.exe (PID: 2208)
Creates a software uninstall entry
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
Changes the started page of IE
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
Creates files in the user directory
  • YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe (PID: 1968)
Dropped object may contain Bitcoin addresses
  • msiexec.exe (PID: 3160)
Creates files in the program directory
  • msiexec.exe (PID: 3160)
Creates a software uninstall entry
  • msiexec.exe (PID: 3160)
Reads settings of System Certificates
  • iexplore.exe (PID: 1184)
  • iexplore.exe (PID: 2192)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2076)
  • iexplore.exe (PID: 2192)
  • iexplore.exe (PID: 2776)
  • iexplore.exe (PID: 1184)
  • iexplore.exe (PID: 1672)
Application launched itself
  • msiexec.exe (PID: 3160)
  • iexplore.exe (PID: 1184)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2192)
  • iexplore.exe (PID: 2776)
  • iexplore.exe (PID: 1672)
Reads internet explorer settings
  • iexplore.exe (PID: 2192)
  • iexplore.exe (PID: 1672)
  • iexplore.exe (PID: 2776)
Changes internet zones settings
  • iexplore.exe (PID: 1184)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2013:12:25 06:01:44+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25088
InitializedDataSize:
186368
UninitializedDataSize:
2048
EntryPoint:
0x3229
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.7.1.3000
ProductVersionNumber:
2.7.1.3000
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
ASCII
Comments:
http://www.mindspark.com
CompanyName:
Mindspark Interactive Network, Inc.
FileDescription:
YourTemplateFinder Setup
FileVersion:
2.7.1.3000
InternalName:
YourTemplateFinder
LegalCopyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName:
YourTemplateFinder
ProductVersion:
2.7.1.3000
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
25-Dec-2013 05:01:44
Detected languages
English - United States
Comments:
http://www.mindspark.com
CompanyName:
Mindspark Interactive Network, Inc.
FileDescription:
YourTemplateFinder Setup
FileVersion:
2.7.1.3000
InternalName:
YourTemplateFinder
LegalCopyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName:
YourTemplateFinder
ProductVersion:
2.7.1.3000
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
25-Dec-2013 05:01:44
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000606C 0x00006200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45707
.rdata 0x00008000 0x00001460 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.94596
.data 0x0000A000 0x0002AF98 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.79535
.ndata 0x00035000 0x00055000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0008A000 0x00003468 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.71636
Resources
1

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
50
Monitored processes
15
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start drop and start start download and start #MINDSPARK yourtemplatefinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe slimcleanerplus.exe no specs slimcleanerplus.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs driverupdate-setup.exe no specs msiexec.exe msiexec.exe slimware.services.exe no specs csrss.exe no specs svchost.exe explorer.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
344
CMD
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Path
C:\Windows\System32\csrss.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Client Server Runtime Process
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sxssrv.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\program files\slimware utilities\services\slimware.core.dll

PID
852
CMD
C:\Windows\system32\svchost.exe -k netsvcs
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\themeservice.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\slc.dll
c:\windows\system32\sens.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\authz.dll
c:\windows\system32\ubpm.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\credssp.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netjoin.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\browser.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\samcli.dll
c:\windows\system32\sscore.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\nci.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\propsys.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\appinfo.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\bitsigd.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\wer.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mpr.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\users\admin\appdata\local\temp\yourtemplatefinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
c:\users\admin\appdata\local\temp\nsha526.tmp\slimcleanerplus.exe
c:\windows\system32\mmcss.dll
c:\windows\system32\avrt.dll
c:\program files\slimware utilities\services\slimware.services.exe
c:\windows\installer\{91ffa1cf-08b8-4db7-88bc-a66da9a4d0ba}\icon.exe

PID
1604
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msls31.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winsta.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gameux.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\aclui.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\dsound.dll
c:\windows\system32\spinf.dll
c:\windows\system32\twext.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\netprofm.dll
c:\users\admin\appdata\local\temp\yourtemplatefinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
c:\windows\installer\{91ffa1cf-08b8-4db7-88bc-a66da9a4d0ba}\icon.exe
c:\windows\system32\xpsrchvw.exe
c:\windows\system32\wuapp.exe
c:\program files\windows media player\wmplayer.exe
c:\windows\ehome\ehshell.exe
c:\windows\system32\wfs.exe
c:\program files\dvd maker\dvdmaker.exe
c:\windows\system32\windowsanytimeupgradeui.exe
c:\program files\opera\opera.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\google\chrome\application\chrome.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\control.exe
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\sc_reader.ico
c:\program files\videolan\vlc\vlc.exe
c:\program files\filezilla ftp client\filezilla.exe
c:\program files\ccleaner\ccleaner.exe
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ie4uinit.exe
c:\windows\system32\shacct.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\program files\opera\opera.dll
c:\windows\system32\imageres.dll
c:\windows\system32\devicecenter.dll
c:\windows\system32\sud.dll
c:\windows\system32\unregmp2.exe
c:\windows\system32\miguiresource.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\outicon.exe
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\xlicons.exe

PID
1968
CMD
"C:\Users\admin\AppData\Local\Temp\YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe"
Path
C:\Users\admin\AppData\Local\Temp\YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mindspark Interactive Network, Inc.
Description
YourTemplateFinder Setup
Version
2.7.1.3000
Modules
Image
c:\users\admin\appdata\local\temp\yourtemplatefinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsha526.tmp\nsdialogs.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nsha526.tmp\system.dll
c:\windows\system32\riched20.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\users\admin\appdata\local\temp\nsha526.tmp\slimcleanerplus.exe
c:\windows\system32\mpr.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
2728
CMD
SI_MODE=toaster SI_DELAY=60 SI_LAUNCH=onreboot @P2_ORIGIN=^BNF^xpt136^TTAB02^gb @P2=^SW2^xdm110 @UL_STUBID=948b5cbfbd684cbeb043ab2c09ccd3ea
Path
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\SlimCleanerPlus.exe
Indicators
No indicators
Parent process
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
SlimWare Utilities Holdings, Inc.
Description
DriverUpdate SlimWare Downloader
Version
2.4.0
Modules
Image
c:\users\admin\appdata\local\temp\nsha526.tmp\slimcleanerplus.exe
c:\systemroot\system32\ntdll.dll

PID
184
CMD
"C:\Users\admin\AppData\Local\Temp\nshA526.tmp\SlimCleanerPlus.exe" SI_MODE=toaster SI_DELAY=60 SI_LAUNCH=onreboot @P2_ORIGIN=^BNF^xpt136^TTAB02^gb @P2=^SW2^xdm110 @UL_STUBID=948b5cbfbd684cbeb043ab2c09ccd3ea
Path
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\SlimCleanerPlus.exe
Indicators
Parent process
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SlimWare Utilities Holdings, Inc.
Description
DriverUpdate SlimWare Downloader
Version
2.4.0
Modules
Image
c:\users\admin\appdata\local\temp\nsha526.tmp\slimcleanerplus.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\driverupdate-setup.exe

PID
1184
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
2776
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1184 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\credssp.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv

PID
1672
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1184 CREDAT:203009
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll

PID
2192
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1184 CREDAT:203010
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
2076
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

PID
2244
CMD
"C:\Users\admin\AppData\Local\Temp\DriverUpdate-setup.exe" SI_MODE=toaster SI_DELAY=60 SI_LAUNCH=onreboot
Path
C:\Users\admin\AppData\Local\Temp\DriverUpdate-setup.exe
Indicators
No indicators
Parent process
SlimCleanerPlus.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SlimWare Utilities, Inc.
Description
SlimWare Installer
Version
2.3.1
Modules
Image
c:\users\admin\appdata\local\temp\driverupdate-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

PID
3160
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\propsys.dll

PID
2208
CMD
C:\Windows\system32\MsiExec.exe -Embedding D0DF5317A3F3C10329B286D71C421500
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msie6ec.tmp
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\psapi.dll
c:\windows\installer\msie920.tmp

PID
2568
CMD
"C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe"
Path
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
SlimWare Utilities Holdings, Inc.
Description
SlimWare.Services Service
Version
1.0.6
Modules
Image
c:\program files\slimware utilities\services\slimware.services.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\slimware utilities\services\bugsplat.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

Registry activity

Total events
3972
Read events
3422
Write events
537
Delete events
13

Modification events

PID
Process
Operation
Key
Name
Value
852
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000
RefCount
9
852
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000
RefCount
8
852
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000
_ObjectId_
B600000000000000
852
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000
_ObjectLru_
5E03000000000000
852
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000
_FileId_
F3E0000000000300
852
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000
_Usn_
C013C80200000000
852
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000
_UsnJournalId_
CAF752A8FD3DD301
1604
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
1604
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F
1604
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\LbheGrzcyngrSvaqre.948o5posoq684poro043no2p09ppq3rn.rkr
00000000000000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000320000002F8C1000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\LbheGrzcyngrSvaqre.948o5posoq684poro043no2p09ppq3rn.rkr
000000000000000000000000F0190000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000320000001FA61000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\LbheGrzcyngrSvaqre.948o5posoq684poro043no2p09ppq3rn.rkr
0000000000000000000000006D490000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000320000009CD51000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
0000000001000000020000009A590000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF7094AFE65A48D40100000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000330000009CD51000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\LbheGrzcyngrSvaqre.948o5posoq684poro043no2p09ppq3rn.rkr
0000000000000000000000000C540000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000330000003BE01000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\LbheGrzcyngrSvaqre.948o5posoq684poro043no2p09ppq3rn.rkr
0000000000000000010000000C540000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000340000003BE01000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
000000000100000002000000725D0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF7094AFE65A48D40100000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000260000003400000013E41000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\LbheGrzcyngrSvaqre.948o5posoq684poro043no2p09ppq3rn.rkr
00000000000000000100000035550000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000340000003CE51000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
000000000100000003000000725D0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF7094AFE65A48D40100000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000026000000350000003CE51000090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
LanguageList
en-US
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@"%windir%\System32\ie4uinit.exe",-732
Finds and displays information and Web sites on the Internet.
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\DeviceCenter.dll,-1000
Devices and Printers
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\sud.dll,-1
Default Programs
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\explorer.exe,-7021
Help and Support
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\System32\ie4uinit.exe,-731
Internet Explorer
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\unregmp2.exe,-4
Windows Media Player
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk
1
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk
1
1604
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\miguiresource.dll,-201
Task Scheduler
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
0000000001000000030000000EB40000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF7094AFE65A48D40100000000
1604
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000002600000035000000D83B1100090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000002FCA04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E006500780065000000740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7A24E800006751EA7AD8E728028291917524E828028CD800007351EA7AECE72802B69C917590D8D4034C06000004E8280200D4D40311000000F0443500E844350040B0C37504E8280220D4D40374E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASAPI32
EnableFileTracing
0
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASAPI32
EnableConsoleTracing
0
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASAPI32
FileTracingMask
4294901760
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASAPI32
ConsoleTracingMask
4294901760
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASAPI32
MaxFileSize
1048576
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASAPI32
FileDirectory
%windir%\tracing
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASMANCS
EnableFileTracing
0
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASMANCS
EnableConsoleTracing
0
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASMANCS
FileTracingMask
4294901760
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASMANCS
ConsoleTracingMask
4294901760
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASMANCS
MaxFileSize
1048576
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YourTemplateFinder_RASMANCS
FileDirectory
%windir%\tracing
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://hp.myway.com/yourtemplatefinder/ttab02/index.html?n=7849ED5D&p2=^BNF^xpt136^TTAB02^gb&ptb=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&si=001007013000826&coid=948b5cbfbd684cbeb043ab2c09ccd3ea
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\YourTemplateFinder
Start Page
http://hp.myway.com/yourtemplatefinder/ttab02/index.html?n=7849ED5D&p2=^BNF^xpt136^TTAB02^gb&ptb=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&si=001007013000826&coid=948b5cbfbd684cbeb043ab2c09ccd3ea
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourTemplateFinderTooltab Uninstall Internet Explorer
DisplayName
YourTemplateFinder Internet Explorer Homepage and New Tab
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourTemplateFinderTooltab Uninstall Internet Explorer
UninstallString
Rundll32.exe "C:\Users\admin\AppData\Local\YourTemplateFinderTooltab\TooltabExtension.dll" U uninstall:YourTemplateFinder
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourTemplateFinderTooltab Uninstall Internet Explorer
Publisher
Mindspark Interactive Network, Inc.
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourTemplateFinderTooltab Uninstall Internet Explorer
HelpLink
http://support.mindspark.com/
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourTemplateFinderTooltab Uninstall Internet Explorer
URLInfoAbout
http://support.mindspark.com/
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
write
HKEY_CURRENT_USER\Software\YourTemplateFinder
UnInstallSurveyUrl
http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&ptb=^BNF^xpt136^TTAB02^gb
184
SlimCleanerPlus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc
MachineID
8619E891A2FA2D41B1C2F8715923274A
184
SlimCleanerPlus.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
184
SlimCleanerPlus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\InstallerData
p2
^SW2^xdm110
184
SlimCleanerPlus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\InstallerData
secondOfferOrigin
^BNF^xpt136^TTAB02^gb
184
SlimCleanerPlus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\InstallerData
ul_stubid
948b5cbfbd684cbeb043ab2c09ccd3ea
184
SlimCleanerPlus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\InstallerData
ul_track
DU0155
184
SlimCleanerPlus.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\Registration
InstallationID
8E02AE67B9F0464CB6AFA49AC17AEE1A
1184
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
1184
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{216A9779-E357-11E8-BFAB-5254004AAD11}
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008000D00060029002500
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008000D00060029002500
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000D00060029009200
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000D0006002900B200
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
21
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000D0006002900C100
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
17
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000D0006002900B502
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000D0006002900D502
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
26
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000D0006002900F402
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
18
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4C0000004C0000006C030000A4020000
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
5
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000D0006002A001902
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000D0006002A004802
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
32
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
5
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000D0006002A006702
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
20
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B00040008000D0006002B00B200
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Type
1
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Flags
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
1
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E2070B00040008000D0006002B00A003
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
2
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E2070B00040008000D0006002C001500
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B00040008000D0006002C00D100
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C4A3DDE56377D401
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF62000000000000008203000058020000
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
6
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000D0007000600F900
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
6
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000D0007000600F900
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
25
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
6
1184
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000D00070006000901
1184
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
LanguageList
en-US
1184
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
1184
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1184
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
1184
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
1184
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2192
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
61
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
61
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
297
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
236
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
345
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
284
2192
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
443
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
159
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
929
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
645
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
988
2192
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
343
2244
DriverUpdate-setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
3160
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
3160
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F
3160
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3160
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3160
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
3160
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3160
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3160
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
580C000092ACC9E66377D401
3160
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
A2D7DCA9322CEC09ED967E0B578B1F466D44521731E2E071B32E9E6EAEA5DFF2
3160
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\5ee306.ipi
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\5ee307.rbs
30701411
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\5ee307.rbsLow
3895345344
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\513C2FCB818471C569E0FDA5A3BDE0E0
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\DriverUpdate.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42194C3DC88215C57AF047A1468C0C52
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\SlimWare.DriverUpdate.Services.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA31A15E960112C508A2BF280A5AF15D
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\SlimWare.Messaging.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8730FAEEF4356AE57901B5464C4B3A3C
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\SlimWare.PushNotification.Services.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9182F476578643550AFFF32CC6EC70A7
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\UninstallStub.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3F442702345E725FBFEC4A9FABA5BC3
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\Open-Source Licenses.txt
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34F23E3E5392468529F04A9FA6314512
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\lib-inappbrowser.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40D6AC1309CE4565587E09CF3AF5A0FA
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\InAppBrowserProxy.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66D733525E9A58F57966D7601ED64574
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\UnifiedLogger.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\698C8E94F9E19FD52A448DEDF67C8BFB
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\BsSndRpt.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\601E9206EEC8D2E5ABE66F2499D4B1D7
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\BugSplat.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3584B01D823AA13508B011BBA6BD624A
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\BugSplatRc.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5495805C52029135CA3898C4D31E1381
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\dbghelp-app.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE2B95E5EA141C156BBDC4F095406FD6
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\DriverUpdate\htmlayout.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26DA28C9A03553C5488D3F67405E5D27
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\SlimWare.Core.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F80D48B9C03F1F754A5B3FEE9E4E7D7C
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D713F65C8E5D565F86371B866E46828
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.ProxyStub.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAB465E9D3FE71F529A5972E38168E5D
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A0820E9C0833935BBEF4392EEF6FBFD
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.ProxyStub.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D3E0B51CDEA04D5090F226906305310
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\BsSndRpt.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDAC067F835493755BABA7F70CAE4D25
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\DriverUpdate.UpdateLauncher.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E810A09F736895651868E8951B49FA83
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\BugSplat.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64924E41CD2B1715DB61B077B3641BE7
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\BugSplatRC.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B490B324AF2CBCB5CBD122FDB87D01B4
FC1AFF198B807BD488CB6AD69A4A0DAB
C:\Program Files\SlimWare Utilities\Services\dbghelp.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\SlimWare Utilities\Services\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\SlimWare Utilities\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\DriverUpdate\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}
ISlimWareSession
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\TypeLib
{58A8BF1A-3608-41EA-AAD1-581AB79105E6}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\TypeLib
Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\BaseInterface
{00020400-0000-0000-C000-000000000046}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\NumMethods
11
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\ProxyStubClsid32
{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36137FA3-91C0-48EF-B1A8-27C1974708B8}\LocalServer32
"C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe"
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36137FA3-91C0-48EF-B1A8-27C1974708B8}\LocalServer32
ThreadingModel
Free
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36137FA3-91C0-48EF-B1A8-27C1974708B8}
AppID
{F6A8CE42-CB2D-4920-85E7-24966D63D4B9}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36137FA3-91C0-48EF-B1A8-27C1974708B8}
SlimWare Services Session
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36137FA3-91C0-48EF-B1A8-27C1974708B8}\TypeLib
{58A8BF1A-3608-41EA-AAD1-581AB79105E6}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36137FA3-91C0-48EF-B1A8-27C1974708B8}\Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F6A8CE42-CB2D-4920-85E7-24966D63D4B9}
SlimWare.Services
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F6A8CE42-CB2D-4920-85E7-24966D63D4B9}
LocalService
SlimWareServices
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58A8BF1A-3608-41EA-AAD1-581AB79105E6}\1.0
SlimWareServices
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58A8BF1A-3608-41EA-AAD1-581AB79105E6}\1.0\0\win32
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58A8BF1A-3608-41EA-AAD1-581AB79105E6}\1.0\FLAGS
0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\InprocServer32
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.ProxyStub.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}\InprocServer32
ThreadingModel
Both
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2}
PSFactoryBuffer
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4}
ISlimWareSessionServer
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4}\TypeLib
{CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4}\TypeLib
Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4}\BaseInterface
{6D5140C1-7436-11CE-8034-00AA006009FA}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4}\NumMethods
7
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4}\ProxyStubClsid32
{BDF76960-B341-4592-BDBA-DFC8C74165A9}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9}
ISlimWareSessionServerFactory
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\TypeLib
{CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\TypeLib
Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\BaseInterface
{00000000-0000-0000-C000-000000000046}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\NumMethods
4
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\ProxyStubClsid32
{BDF76960-B341-4592-BDBA-DFC8C74165A9}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C88C47-EB26-40D1-BDC7-BBB30E0F752B}\LocalServer32
"C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe"
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C88C47-EB26-40D1-BDC7-BBB30E0F752B}\LocalServer32
ThreadingModel
Free
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C88C47-EB26-40D1-BDC7-BBB30E0F752B}
AppID
{6D3BC646-CFCD-4098-8495-B7BD0DF13133}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C88C47-EB26-40D1-BDC7-BBB30E0F752B}
SlimWare Services Session Server
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C88C47-EB26-40D1-BDC7-BBB30E0F752B}\TypeLib
{CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C88C47-EB26-40D1-BDC7-BBB30E0F752B}\Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6D3BC646-CFCD-4098-8495-B7BD0DF13133}
SlimWare.Session
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE74B1E6-4EBC-42A1-A4EF-E03F45195608}\1.0
SlimWareSession
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE74B1E6-4EBC-42A1-A4EF-E03F45195608}\1.0\0\win32
C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE74B1E6-4EBC-42A1-A4EF-E03F45195608}\1.0\FLAGS
0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\InprocServer32
C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.ProxyStub.dll
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF76960-B341-4592-BDBA-DFC8C74165A9}\InprocServer32
ThreadingModel
Both
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF76960-B341-4592-BDBA-DFC8C74165A9}
PSFactoryBuffer
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}
IJobLauncher
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}\TypeLib
{31E87E80-E113-49FD-9789-A97E83CEA4F1}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}\TypeLib
Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}\NumMethods
9
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}
DJobLauncherEvents
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}\TypeLib
{31E87E80-E113-49FD-9789-A97E83CEA4F1}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}\TypeLib
Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}\NumMethods
8
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}\LocalServer32
"C:\Program Files\SlimWare Utilities\Services\DriverUpdate.UpdateLauncher.exe"
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}\LocalServer32
ThreadingModel
Free
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}
AppID
{BAF61B64-5D1A-4108-97CB-A10B7DDF730E}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}
Update Launcher Server
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}
LocalizedString
@C:\Program Files\SlimWare Utilities\Services\DriverUpdate.UpdateLauncher.exe,-100
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}\TypeLib
{31E87E80-E113-49FD-9789-A97E83CEA4F1}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}\Version
1.0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BAF61B64-5D1A-4108-97CB-A10B7DDF730E}
DriverUpdate.UpdateLauncher
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{31E87E80-E113-49FD-9789-A97E83CEA4F1}\1.0
DriverUpdate.UpdateLauncher
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{31E87E80-E113-49FD-9789-A97E83CEA4F1}\1.0\0\win32
C:\Program Files\SlimWare Utilities\Services\DriverUpdate.UpdateLauncher.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{31E87E80-E113-49FD-9789-A97E83CEA4F1}\1.0\FLAGS
0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5139FDE1-9FDE-4D4C-89D0-5D016161B13A}\Elevation
Enabled
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\Registration
dmm
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\DriverUpdate\Registration
lv
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Comments
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Contact
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
DisplayIcon
"C:\Program Files\DriverUpdate\DriverUpdate.exe",0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
DisplayName
DriverUpdate
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
DisplayVersion
5.6.6
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
HelpLink
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
HelpTelephone
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
InstallLocation
C:\Program Files\DriverUpdate\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
InstallSource
C:\Program Files\Downloaded Installers\{91ffa1cf-08b8-4db7-88bc-a66da9a4d0ba}\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
UninstallString
"C:\Program Files\DriverUpdate\UninstallStub.exe" --log {91ffa1cf-08b8-4db7-88bc-a66da9a4d0ba}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Publisher
Slimware Utilities Holdings, Inc.
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Readme
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Size
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
URLInfoAbout
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
URLUpdateInfo
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
NoModify
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
NoRepair
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
VersionMajor
5
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
VersionMinor
6
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
LocalPackage
C:\Windows\Installer\5ee308.msi
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
AuthorizedCDFPrefix
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Comments
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Contact
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
DisplayVersion
5.6.6
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
HelpLink
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
HelpTelephone
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
InstallDate
20181108
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
InstallLocation
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Downloaded Installers\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
ModifyPath
MsiExec.exe /X{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
NoModify
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Publisher
Slimware Utilities Holdings, Inc.
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Readme
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Size
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
EstimatedSize
41154
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
SystemComponent
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
UninstallString
MsiExec.exe /X{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
URLInfoAbout
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
URLUpdateInfo
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
VersionMajor
5
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
VersionMinor
6
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
WindowsInstaller
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Version
84279302
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
Language
1033
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
AuthorizedCDFPrefix
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Comments
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Contact
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
DisplayVersion
5.6.6
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
HelpLink
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
HelpTelephone
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
InstallDate
20181108
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
InstallLocation
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
InstallSource
C:\Users\admin\AppData\Local\Downloaded Installers\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
ModifyPath
MsiExec.exe /X{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
NoModify
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Publisher
Slimware Utilities Holdings, Inc.
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Readme
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Size
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
EstimatedSize
41154
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
SystemComponent
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
UninstallString
MsiExec.exe /X{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
URLInfoAbout
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
URLUpdateInfo
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
VersionMajor
5
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
VersionMinor
6
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
WindowsInstaller
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Version
84279302
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
Language
1033
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
FC1AFF198B807BD488CB6AD69A4A0DAB
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\InstallProperties
DisplayName
DriverUpdate
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}
DisplayName
DriverUpdate
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FC1AFF198B807BD488CB6AD69A4A0DAB
Application
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\Features
Application
[zqfeQxnZE]oR5EZ8'T'wG=(m1w~aEnSbR+7[G.07nm^ruar[EQ&=+Rd_ARmBgXeu{`fKF6^[9H_[`[email protected])dLg6hg6O2+,A%%Z^SBj4CZYv8TS7cl^[email protected]!4PMQhCy+o2z6`v9ae{@z.GRWdFT,A*%iF`w=e9-i?9W85Fr8s]p(D^]fD'*vF*0p=F1CET9Rvj5PKRq3lbKBeB&MN-e5qMi]?]eCh*e0eB)[email protected]~{j*![VCF&XN?Blh}v'?,$EKWscAZmM%_EEG`7NZ=3vLS1[}YrsW=DfquluAKR7ia0GyCr&IiC7AmdT7&lyQkSZtZw2qWFrf$lqwMfhmDN`[email protected]'g81},VvpVhX{)QYW{EcoW9Xm{{H!~1+Sx2eq%D9eZ{PP!s]Bg1P&[email protected]}hCn8ZkDVYZ667efe){vz2B$5.=N*[email protected][email protected]
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\Patches
AllPatches
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
ProductName
DriverUpdate
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
PackageCode
F93FD1345ED9B8C4A9D6E9151CDF3A95
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
Language
1033
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
Version
84279302
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
Assignment
1
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
AdvertiseFlags
388
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
ProductIcon
C:\Windows\Installer\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\Icon.exe
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
InstanceType
0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
AuthorizedLUAApp
0
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
DeploymentFlags
3
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
FC1AFF198B807BD488CB6AD69A4A0DAB
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\SourceList
PackageName
setup.msi
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\SourceList\Net
1
C:\Users\admin\AppData\Local\Downloaded Installers\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\SourceList\Media
1
;
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB
Clients
:
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FC1AFF198B807BD488CB6AD69A4A0DAB\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Downloaded Installers\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\
3160
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
96
2208
MsiExec.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
2208
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
Owner
A00800009E6DD8E76377D401
2208
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
SessionHash
15B70287224D2E2EB95C2FE3FB6B4705357ED9E817C50CD359580BA5CF19C7DA
2208
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
Sequence
1
2208
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
RegFiles0000
C:\Program Files\DriverUpdate\DriverUpdate.exe
2208
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
RegFilesHash
1B23752669B55C67527B8DA4F1989B3AA41F981A7EB683CB2472CE91D8E0FD3F
2208
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
DriverUpdate.exe
11001
2208
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
DriverUpdate
cmd /c "start "" "C:\Program Files\DriverUpdate\DriverUpdate.exe" /delay=60 /mode=toaster "

Files activity

Executable files
36
Suspicious files
5
Text files
87
Unknown types
10

Dropped files

PID
Process
Filename
Type
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\nsDialogs.dll
executable
MD5: b9a5a272154fc0dd652ef9c59c5d63a0
SHA256: d84d810b8f8819f4a34d5e033b72951eadda1bbb5ed0b8c76874b6c25001caa9
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\BugSplatRC.dll
executable
MD5: 5eea312e33708456f292bf602a40bb85
SHA256: 165ec5e4c9f3fa640d155978427988af4563587489d0e31643e38b6e8e4c092d
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.ProxyStub.dll
executable
MD5: 1b996a8d130c043844061d19f04adbf9
SHA256: 80539f4e6b7418a11ea3cfa518846ff9cadaea363fb5e4e9499e2d77637c3bb7
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\BugSplat.dll
executable
MD5: e294d13f8b64989a2b15b558f567d7ba
SHA256: 6fd184e4e2b1d4ca2314f4d16b0e86a0e398054038a2235086d588f02bf39c67
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.ProxyStub.dll
executable
MD5: 6fb29f1a38610730b52b0cea4d5add6c
SHA256: 92aa46b4e54573f3ccb8229f6b176f3d0fb14d5c0393fcb3a25a3d540d2c5382
3160
msiexec.exe
C:\Program Files\DriverUpdate\SlimWare.DriverUpdate.Services.dll
executable
MD5: 85c0757797b9febbf104748a833a91c2
SHA256: 29b3bfa9c3071845e73af671bc2afdd29320b517d868d3163ddfedf2d403a296
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
executable
MD5: e185bdf53c63ce5bccb2f89290c27a4a
SHA256: d1870d574dbfcc038c3870b217d7e282164ee08e4fba74221e4739537053772b
3160
msiexec.exe
C:\Windows\Installer\MSIE6EC.tmp
executable
MD5: 52c8924e5b50a969f61447d44fea00c7
SHA256: d1991bbe356ad36efdce7368c20bde0c2685b3041e060255f45b1aecf7174acd
3160
msiexec.exe
C:\Program Files\DriverUpdate\UnifiedLogger.dll
executable
MD5: 172ef975120759ec8612f22faf4ad146
SHA256: e9ad79ef6661eb59dbbd9394e4cb9f6aaf7c4a4988c7ddd4da9633033eedad78
184
SlimCleanerPlus.exe
C:\Users\admin\AppData\Local\Temp\DriverUpdate-setup.exe
executable
MD5: 061c65516e61f9458cb5aaa1411dc110
SHA256: b84e6d326bf7bdff89c1fba8ca4dd22a012c3462f2292a0da6db69aa9d29b26e
3160
msiexec.exe
C:\Program Files\DriverUpdate\UninstallStub.exe
executable
MD5: e9bc0823fa6ca7d902d6532a6cb4bb18
SHA256: a54663a26fca48a2f0bd4c0c9e7c8294b16681e890c6b67ca003c4e236caf07b
3160
msiexec.exe
C:\Program Files\DriverUpdate\BsSndRpt.exe
executable
MD5: 2dd28460d99233d7b1fe71c16f11fed0
SHA256: bc5164470e16524393a53930cf362119b1596dea7b9f521507f9ef792de2b9f0
184
SlimCleanerPlus.exe
C:\Users\admin\AppData\Local\Temp\SWICD78.tmp
executable
MD5: 061c65516e61f9458cb5aaa1411dc110
SHA256: b84e6d326bf7bdff89c1fba8ca4dd22a012c3462f2292a0da6db69aa9d29b26e
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
executable
MD5: 166c0ac288197b82a4be749f5dce4285
SHA256: 3ecc53a7d0c7885ee0b0816cf1cbd5df479e576413771176389a0eb7a8dfe87a
3160
msiexec.exe
C:\Program Files\DriverUpdate\dbghelp.dll
executable
MD5: dee832103585ee41bd7f1a905f0726f7
SHA256: 3ab019bd41c6f30d4250f26b40e695021698d7909d538e2f9b8aeab73bb7b8aa
3160
msiexec.exe
C:\Program Files\DriverUpdate\BugSplat.dll
executable
MD5: e294d13f8b64989a2b15b558f567d7ba
SHA256: 6fd184e4e2b1d4ca2314f4d16b0e86a0e398054038a2235086d588f02bf39c67
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\YourTemplateFinderTooltab\TooltabExtension.dll
executable
MD5: 767737f00455032d893a223b78621f2d
SHA256: e71eca3ba443107880ea99520422489c4efc238b846681b6e3a5d3c9e61071bf
3160
msiexec.exe
C:\Program Files\DriverUpdate\SlimWare.Messaging.dll
executable
MD5: c0ad402ef774131c402fc4fcce8add81
SHA256: 9b35214ab70a9cdf1063dd99d235689ac4532ac1f50391f6435a24b018b186fe
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\BsSndRpt64.exe
executable
MD5: 2dd28460d99233d7b1fe71c16f11fed0
SHA256: bc5164470e16524393a53930cf362119b1596dea7b9f521507f9ef792de2b9f0
3160
msiexec.exe
C:\Program Files\DriverUpdate\BugSplatRc.dll
executable
MD5: 81e1bfd6dca11ce24872896a18eecf25
SHA256: 8e123d21e0b96563f51acc5f50a2b120f9a6c077213881b24a9a304b46f4e7c8
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\SlimCleanerPlus.exe
executable
MD5: 27a37fcde7209b8c7e9e09d1b154fa1f
SHA256: 5ea7e68d1e8000171b8df9e9a4e0b74daf7dda5e10bfd5d70816b068f14456c2
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\dbghelp.dll
executable
MD5: dee832103585ee41bd7f1a905f0726f7
SHA256: 3ab019bd41c6f30d4250f26b40e695021698d7909d538e2f9b8aeab73bb7b8aa
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\BugSplat64.dll
executable
MD5: e294d13f8b64989a2b15b558f567d7ba
SHA256: 6fd184e4e2b1d4ca2314f4d16b0e86a0e398054038a2235086d588f02bf39c67
3160
msiexec.exe
C:\Program Files\DriverUpdate\dbghelp-app.dll
executable
MD5: dee832103585ee41bd7f1a905f0726f7
SHA256: 3ab019bd41c6f30d4250f26b40e695021698d7909d538e2f9b8aeab73bb7b8aa
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\DriverUpdate-Downloader[1].exe
executable
MD5: 27a37fcde7209b8c7e9e09d1b154fa1f
SHA256: 5ea7e68d1e8000171b8df9e9a4e0b74daf7dda5e10bfd5d70816b068f14456c2
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\DriverUpdate.UpdateLauncher.exe
executable
MD5: e0b15c91a246a0a940b04a1e1774cea5
SHA256: af3869dd97a6b6b625af93708fdd94004fc996bfbc963f91091db6b48d58065d
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\BugSplatRC64.dll
executable
MD5: 5eea312e33708456f292bf602a40bb85
SHA256: 165ec5e4c9f3fa640d155978427988af4563587489d0e31643e38b6e8e4c092d
3160
msiexec.exe
C:\Program Files\DriverUpdate\htmlayout.dll
executable
MD5: ee2540c23fc04dd39a17cc466ff3c946
SHA256: 5c43198ee7e9e4c94f4700a8032d368d3854c6b7e2f04a930d23b373f55ee003
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\System.dll
executable
MD5: 7399323923e3946fe9140132ac388132
SHA256: 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
3160
msiexec.exe
C:\Program Files\DriverUpdate\SlimWare.PushNotification.Services.dll
executable
MD5: 4a4fac223e34e6b3112647b3a446edc0
SHA256: f0e574c1eb2a79e49e9607bcc680f0ff208d4dabda559a58feae693ad6ac39d4
3160
msiexec.exe
C:\Windows\Installer\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\Icon.exe
executable
MD5: 72a1df462ebbadb6c7a75d8ac09f42ad
SHA256: 898b971083a27748f0aebbaf3187a0e71161783bacb69a80c9390c95f9dd2585
3160
msiexec.exe
C:\Program Files\DriverUpdate\InAppBrowserProxy.dll
executable
MD5: 71e90bddae90886915cf145f04e337b6
SHA256: 1dca46179e55d7fa9ecdbbd6fe275ef3755fa2985ca74c14fa589f33058ee5ef
3160
msiexec.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
executable
MD5: 6e968a1e613e9bbe4f0b6432ae9d543c
SHA256: ba30f23b4e5ce97664d58206b81883c816af6143ba878148000c5bdd7b25923c
3160
msiexec.exe
C:\Program Files\DriverUpdate\lib-inappbrowser.dll
executable
MD5: 7092ea8a7d5493f6d352883224d354a8
SHA256: b6cfb626dccb910e1f3c902b3fe88b4bcff5de78d6bbf21dbe22098996d71e2d
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\SlimWare.Core.dll
executable
MD5: dfcf3af3c2885a980a77c34eddd35f3d
SHA256: d92cc06d88636e73cd6aeed912191e4c96b15e29cec1100675b3e3e6633212c2
3160
msiexec.exe
C:\Program Files\SlimWare Utilities\Services\BsSndRpt.exe
executable
MD5: 2dd28460d99233d7b1fe71c16f11fed0
SHA256: bc5164470e16524393a53930cf362119b1596dea7b9f521507f9ef792de2b9f0
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\1ce708aa.config[1].js
text
MD5: 1ce708aace528b911ef00bfac5eae911
SHA256: aab4dce0680f3d727bf6bf7ccf1cf35ea153191f31a28ce155527741e61188cb
3160
msiexec.exe
C:\Windows\Installer\5ee306.ipi
binary
MD5: 02d254db23d13ad288c5b36361e40e7a
SHA256: d60cbc94bbeb0ca97fa3de96eb93ae314cbc7db332fa98a93eb8125d2ad5167a
3160
msiexec.exe
C:\Program Files\DriverUpdate\Open-Source Licenses.txt
text
MD5: 2e39a7eb31cea878e849582cb252b7fe
SHA256: 2bc0390d55803c28a92a2166bba711c4da6a1e55098d27dae91f1f84f468b219
3160
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFBA7776597B37C81E.TMP
––
MD5:  ––
SHA256:  ––
3160
msiexec.exe
C:\Config.Msi\5ee307.rbs
––
MD5:  ––
SHA256:  ––
3160
msiexec.exe
C:\Windows\Installer\5ee308.msi
––
MD5:  ––
SHA256:  ––
852
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: f8d54bfded29af94bdfc7436d17a6aa9
SHA256: 3f4df785f651fd82c4c8e89788d6dd4f1e66abfb96c59f4dad96e548e8b7a746
3160
msiexec.exe
C:\Users\Public\Desktop\DriverUpdate.lnk
lnk
MD5: ae4a55605a12b4fab220df8fc6e95619
SHA256: d803ff08b951171bdd35a1441dccb095563bf295524e303c474a801506ffef51
3160
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate Help.lnk
lnk
MD5: 3f6537e662a20beab199decb76b8f856
SHA256: b86af0027bab2ee688422d0140b576de6dda199539df36c85a6a45698be1759a
3160
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk
lnk
MD5: bbc3b73ab843b64b969e76085837726d
SHA256: b6a3a333c33076f781542bf39d986ceea9d847681b18737192bdc5298f8ec822
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\36b3ee2d91ed[1].ico
image
MD5: dfa85bb1fd633c2ab91c0fe07586da95
SHA256: 0d3b03b6b3a5d8d93f2e8e420352906459a9df4a19a34accac281e7ef1d07856
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\012af59acf0c[1].js
html
MD5: c5b90034d4edb71c06d64b01bed03772
SHA256: 8ad8d118af65e5cc8993f39b219fd445038afcad894f2c553ef37dcea21a7ace
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\c800922ea287[1].js
text
MD5: 0b2e34b00034bc57a94c2eaa3a2dc333
SHA256: ce60a7377e46c04178d6b2e19cd1ff10500fc2b0e3efa4eb0c2d768085cc3a1b
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\48caced648f9[1].js
binary
MD5: 4a990ecc8961dd0a65adfe6bbe10903a
SHA256: 27720e249c9b829bf623caffc93476cdc26bda010d89f1d667fd819b08a56967
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\94e067808d68[1].js
text
MD5: 098fb8609be1fd0f7d21d4366b14744c
SHA256: 0ea859e170226e507294969c2f98bda2d408f04efdb23ea31879f8debaecc57d
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\44ff9035bea8[1].js
text
MD5: a4fa99098ed309cea18246fedb67d225
SHA256: 03ed7bba9ec099fed185061f99b9f8e3f14e1d777fdc1d072208ad2c33589e4e
3160
msiexec.exe
C:\Windows\Installer\MSIE892.tmp
binary
MD5: 0f93d940b5032d1c387db743477f5dfd
SHA256: 6d2400cbeba3dc94dc102f2f2b8451183083e29863e3c99683b899b058ad7995
3160
msiexec.exe
C:\Windows\Installer\MSIE920.tmp
––
MD5:  ––
SHA256:  ––
3160
msiexec.exe
C:\Windows\Installer\5ee306.ipi
binary
MD5: efbd117b20ee6f723133aa094b608e66
SHA256: e642836014f74e5d454322e21744fff55924c7cd1f66aa2762d9d737fdbd0e26
3160
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF68F7823D10525923.TMP
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\A2AA38SG\hp.myway[1].xml
text
MD5: 096a21057e8a54f598f0e2e35db54174
SHA256: 421abf9884f28fad7712c41217ff8f924cb749a93b87e9538523b6669bbf6918
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\e2d74f3e36a3[1].js
text
MD5: 5d8d6becc18cc0c370aa1a562e532ade
SHA256: 208cd9d3c84cd0cf07027636ce3705aab3f02ca49a3cbb7e4bc2c208f67e4730
2192
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AOD0NRC4\ak.staticimgfarm[1].xml
text
MD5: 1c5b92aa0adf16212dd1ffe1ebf81aa4
SHA256: b771e520d04d154ecf44a67fca930cd9a7f73f8b6d84f80fde7eff37ff357539
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Rain[1].png
image
MD5: e6f774ff723ac452b1ae97d8a4fbefd5
SHA256: fbde67309cef5606384ff59c6a5ae72da3f1a2daa08682aae174af2678e37031
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 554f87469e8da5b47179be315c45053f
SHA256: a619f95cedb1cb62f6b286e72a5ba6b466ee159b92b60a3a97cffae99465fe75
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\auto[2]
text
MD5: 29eef150deb0269bb2c12c55b636a036
SHA256: aa8f66e4b962dd18a280524bbb0191f77a30b3a1790a5244578e7eb7c1eafebd
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\auto[1]
text
MD5: f805f003aea0f8249b0b512f340553bc
SHA256: e86ff4670fb22114952d86eceecf0f10767aaca4886f20047fbbe894c3ef2016
3160
msiexec.exe
C:\Windows\Installer\5ee304.msi
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\A2AA38SG\hp.myway[1].xml
text
MD5: 83230b1f5cddcaf50ba99a897554907c
SHA256: d73705703cc3bdcac72ee6710dac5a71db0df984eb7dd8568676454aea7ae44d
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\singlesday_banner_2018_600x50[1].png
image
MD5: 6b192e784073245b63dc6b12538c3d57
SHA256: cee415c34ea96679078585d72fedd45c1c039857818573cf0a387095cbb217e6
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 81f29afa50afd73050f6e85b2c10d05e
SHA256: a19745934a16a6935c40e4b31f5321af896728eff35b8a357b168f50799ba17b
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 536fab37f452841480e21feba0499ca0
SHA256: 9a2ea4ed273157ca4cea85d438ea595c133a2790f158fa619c38f3e020c0136e
2192
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ed33049c7fde97bd900976c80d4e00f7
SHA256: 6fefa85b5a44f50b6ed56b069383585abf10b29e1e5495b6cbb94522898e22d9
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\async-iac_centerbanner_ui.center_banner_ui[1].js
text
MD5: e22a519c436db1cca29cbb8f9f7f0cfb
SHA256: 47d6c860f4ce1e1b77d1d07fefe3bcf4266a27d7301b35e3a1d0c01964b83217
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 424b87c71ef30e06c3eeb35f6fda98c4
SHA256: 3fafa6dc57bd85f74669440212991575fa964dd61a1dd4f6252bff7b43298136
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\53bf1be5.background[2].js
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\banner[1].jsonp
text
MD5: dffcef5c63c903b699c50b3a9bb7fb47
SHA256: 69c4c32cded7769f2f8782df5f3c4bf028d1c5c48ec06c8e5f719c0f3d709758
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\53bf1be5.background[1].js
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: 23c80e815e8ecb8b2e4796284070b38c
SHA256: 2205d552673a65a2ec1a691ae174818f3cb1838a03e22439bf93df4f49e9bac8
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\466f8118.config[1].js
text
MD5: 466f811831e91ebe02efe791bd02a635
SHA256: 000a25d756f98ca8058c1407b48e0a0aee52b666dcd671ee3f81f0cb80b0cfe7
852
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 9a24b65fcbc1386b75bef6d800f00467
SHA256: ca84d551051c7feeeb2e618c1ed21ef3a5511c3f4937eb969629f58aeadf58e6
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\Background[2].html
html
MD5: 2b06ed75ee771c954282bc27d08e9e9e
SHA256: ab9827b6069a97c59081721a62e047a54e43d932e1ff0d5d9c6574853f15e161
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ttdetect[1].html
html
MD5: 43ca599a05501246c367c16ed6e20393
SHA256: b61fd5ff6325e72f1a8eb9613405ada5a58fbcd984fec1411508e4934389d8f2
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\Background[1].html
html
MD5: f5fd61b99bfb72a0b009e18cc9e9d7d2
SHA256: 785cbffd2507e23b11fa60bbb37c1c97344391591cf1d688b7dc31e25b062eb3
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 3d2e4817d50260a2bda178f74b01dbc2
SHA256: 5dc9dad578fc42377991bcd0186b5deb23115447d647d427edc1ccdb216167c7
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\chiclet_trivago[1].png
image
MD5: 4e891f6d5a5c6c12eb1bb8810210f9c6
SHA256: 7e431d4562c8601781d8314c7762dac4d9fb93b320058ae062d58c98eac38baa
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\YTF_chiclet_email[1].png
image
MD5: 04f8d61ea995bcc6f13d7154c3f27534
SHA256: bb40f5df6fa65f0dd6e0254f38ef92e0f75fd5367307bfd30623c340f6afbfeb
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\macys[1].png
image
MD5: ecb347441433ef9cadcfa86ae321a98c
SHA256: ac8ff6c8b351fe492ab1b6892b311542be1169cc4a3614127d25b0f8689ae3d6
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\target[1].png
image
MD5: 261b6b105a15630b84f452ddce1ca009
SHA256: b6574e0491795309571c4cec443b7528203737028f4b3cb6b7a88c1f05a8b34a
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\walmart[1].png
image
MD5: d5cc779d1769577d9d979c9d37b4976b
SHA256: 4b9c948ebde3f8c28ff5f31f4165a998288ad15e9cfe999d39f3e401a97cfdc7
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\tripadvisor[1].png
image
MD5: 1831d723094a87b8cbf849e896d538d0
SHA256: cdf55d1d903133284a92c0a5393de14b420337c72a2fac6547590e5d189514d4
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\instagram[1].png
image
MD5: b511c3d0a89918913cdff93d014a3948
SHA256: 2bb1796ec9610eef4dbd2dcfcf60fb73eeb09baf316ae46f9a9cfc6901066160
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\chiclet_priceline[1].png
image
MD5: 42c2533944f8102b1c2beba419fcacd6
SHA256: d96450373455dfe3a37d4968abafa9b821e4af2d58ac64f21b053b53a3169ae8
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\chiclet_booking[1].png
image
MD5: 76262e6be07becebdc237e213eb39801
SHA256: d477de4e2d999862f5723575e1d2764467f60b215ee7205ddef98a1826444b26
2244
DriverUpdate-setup.exe
C:\Users\admin\AppData\Local\Downloaded Installers\{91FFA1CF-08B8-4DB7-88BC-A66DA9A4D0BA}\setup.msi
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\youtube[1].png
image
MD5: 9eb31c0bcbe7c0951f3f6f1d4d0a34f5
SHA256: 5a96ba8927e0b85f922dffb6404f7385052479b237aedc961ebf528a8ee30fe1
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\facebook[1].png
image
MD5: 1e997e6f9059f1c4e8f12a7808d59479
SHA256: f73e587c85322597e49465d9feb5c52d1f12a6b9eb694922271a999d16274ab3
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 7d5efc7cbd6849e19473cb62ee84a8d9
SHA256: df25316d6e0a3c7ac9cc82039af08ffef55437e600335e52dfff0470a0386a7d
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\MainIcon[1].png
image
MD5: ce46f6b3a74b8df7be86ea77a5f6d87d
SHA256: e05a14884955edcfaa6df1ed91e0ecc32ed98dca5ca0eb152140e835a997e9ac
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\YTF_chiclet_templates[1].png
image
MD5: d9e9a8615b2e0c5847d60c1028234cbd
SHA256: 67ca8e8453f0691e048cb5cfed2791d27ea94c0f497e93f335fc4ad5b2a670f6
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\control_chiclet_weather[1].png
image
MD5: 1aa5113871c414e6002b4828290b6a2d
SHA256: 60380a4e8fabf5149e8523b94a966dca20cc3bc705f0c8b36e518617db9b6f74
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\223777700[1].png
image
MD5: aed2f1a807816c0692bfd96569d06068
SHA256: fc8480fd273f59d27bc8011c77d92899d37453cbc8c280ad6935065d62b97b7e
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\223777673[1].png
image
MD5: 7dd97fb10f3d185977dfe2f719f918fa
SHA256: 4a64ae2942d0d5b5d410534567699155819ee29d8f389e044f4d041a39b8e89c
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\224099359[1].png
image
MD5: e7c1a5f21053c1d653eb80e1ae1d06e0
SHA256: 3139a2deeebacdfc1007efd8bed049e39a337c8db9de96438cdba97bfeed6905
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\en[1].png
image
MD5: 96e02ad54706267ad7b18ba797dddfbd
SHA256: 857579b5466da4b80cf6cdb6490d7c756f3d78ac72f25342c455afc8599565bf
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\down-arrow[1].png
image
MD5: 3724b871993686b0c1e8098d714afbbc
SHA256: d8715d730c57514730ba40d9ed08db6e8946d9709905070203a858c343fd490e
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\223754551[1].png
image
MD5: e8d7c88590d60cf3ad4ad0ae6a1c84b5
SHA256: 9b18caf884a0e0c3fc18d4291060f2e5c5f5f72b6a13354eb7ce28a65d4fbf3f
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e22b5ff139582237589d221ec553866d
SHA256: 5e85f96358c424e72378e605b0a2e0e42ec26840419a9b7b033c4f18bf3b6e10
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2244
DriverUpdate-setup.exe
C:\Users\admin\AppData\Local\Temp\SIOUT6216531\DriverUpdate-setup.msi
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: e687c155f727d0437d02cb274b183aca
SHA256: 6c2a2eae4b15e5ac25137de7d0fc96f5685c457c023b3f2010197e1c24703e72
2192
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\A2AA38SG\hp.myway[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2192
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f70a1655b954d8e8e80d058499d18d60
SHA256: f919f19a095563a72167ad6a0c9e7ff630e181e6d4ec710a4115dd11945fbc67
2076
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\js[1]
text
MD5: d47a3f2d4254ae890a6222e58c14e2d7
SHA256: a5468490a449df245444bf0ae6b1bab89efa376d75f986582cea97beb66de2e7
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\instagram_com[1].htm
html
MD5: cc63bedb536511e03d42b0baecb5762b
SHA256: 52da52bce065dd05e2f6b675bc4500b539c2dc7b09183eaaa67bf477e86921d7
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
image
MD5: ea7e85835ec27d1dc157beea83947aeb
SHA256: 5fde4f165a092c718bed29ea72cded744825c56594128d85a906ccd4fd54a872
1184
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 94dc4f1e188c3a67b77160d78efeca7d
SHA256: 3bd1d61ca7e11af2acc368f3989ee576479f86e08eab9924efbf1b57a5cc1cb9
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\BNF[1].ico
image
MD5: 26aec6d3573afcd9b0ced0374970d9ef
SHA256: b2a2111d4c65fef261f482aded1d942042e8ed7dcb1b41d828e90497a70f3845
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: dc001a10687ddf482c6fe5740b27c8a0
SHA256: cffa687536a8a29fdcf60a321895c6c25943d5f35f30203886625c3769039e67
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\app[1].js
text
MD5: c02cc947afb6533d7477a3513ce5ca30
SHA256: 40b7d9d6c877486a1240cf80802de6f99a8b6a28937fb0f55fa2edfeb18c9704
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: 3a9030e51df43e65253efbdf3dfd747c
SHA256: f3e3f799cdb54edbc5a656b2f11c73bb042fcd00fbc3a31335c692a4384c3004
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 5687682a52a6e7cf228f31f676c0d200
SHA256: 3832a89a3a74d7517420f58c4f7ec5bdba9fbfaffdbad000520370a7a76a3fcf
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\BNF[1].png
image
MD5: 56a9b1d7a4c1f2e9ed568b648ada1f4b
SHA256: 35f896f5bd3bc9097159a41fca4d14a818d94c271d641a2c0736b321c51a95bd
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\google[1].png
image
MD5: 953f6562d9c856bbe67943b342ef3812
SHA256: 089f2a53201e9ec91ba795d1c4a785b4c61b819702761436396d3380ff7015c4
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ie8[1].js
––
MD5:  ––
SHA256:  ––
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\anemone-1.2.7[1].js
text
MD5: 843306a0d584c6fa394cb0b531456405
SHA256: b61f1dc82835d8bc3b6332443358eb5b9c41a5f4b0672497cdf06ac0a8bbfdfa
2192
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].html
html
MD5: 8ba40c34e6515d4faeab4a3db1e01649
SHA256: e756e62e79583f32cfa813a19234164f9a7ac7b8659bf02fb9fecae884e050cc
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\install_pixels[1].jhtml
––
MD5:  ––
SHA256:  ––
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\install_pixels[1].htm
html
MD5: cc99b36570a26e47fa73f7f9db4871b2
SHA256: fc3a25b81f698dff30983a05670a305a60b1e08d46f9871966dd8504b40db61d
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 89f0e2726a24187fbb1f182451689606
SHA256: b0df1bd1793bb6c187dacbf2b43d540e01519525b26d2509105bd4ad163d0793
2776
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: b905abe9af89247b027522ec58221965
SHA256: a0520d1a26170f51ffb66c147873e805a66e1955f67c2581426a9f789b8c7b6a
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1672
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\config_event[1].htm
html
MD5: f9d6fb1c74abdb1c6300257b60e58770
SHA256: 53b7637570617c900705350ac095781d36ff057b3b778c88f9f1a37e677d1633
1672
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 575fc185337f3f8fd9ee0758ac48a3e0
SHA256: 1bf22feb1c7d847387851dc2ebce6ad545c99867167f207c83e32953c51a7539
1672
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: fd62d1c1ad8371374ba6fbd29db7de55
SHA256: 29f5b2967645cac1619beef9dec0135ecff893ef144812f69ebb9672e0c6cd1d
1672
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\config_event[1].jhtml
––
MD5:  ––
SHA256:  ––
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\instagram_com[1].txt
––
MD5:  ––
SHA256:  ––
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\YourTemplateFinder_msi_bg-copy_1501857885092.bmp
image
MD5: 6b58a0a87b7ade1f6533f201d7c10450
SHA256: 13d86cd66076216af388c756e06504f3719c1b2c4a958c77cd4d5691a4532fa6
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1184
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\secondary_bg.png
image
MD5: ef9b703c128d55ca8ddd59faf349dbaf
SHA256: 44b8754fe41fff7769b3abb7ecfec41a41ddf952c2ca5cdca50a1accfaa7df1d
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\secondary_decline.png
image
MD5: 50f453a18c9a5b803c8cd9bc79b5d170
SHA256: 1b6d27c88d6a81fd6856bb4ca7be936c895ab9d3b8bee78fbae48835d68cb47d
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\secondary_accept.png
image
MD5: 78cdb6d9bd4cc11a6948ccfd594dee19
SHA256: af4328f96750613b85aaf2380880e9467bbfeee68f0b6f5a6e68dc0672e28b64
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\installerParams
text
MD5: 1f32caadb643f09ff7f6169b11401862
SHA256: f012c048e06ce1c3ed46d3d3ab79c5e7c274af71697cd7366dc193483fc16ccb
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\installerParams[1].jhtml
text
MD5: 1f32caadb643f09ff7f6169b11401862
SHA256: f012c048e06ce1c3ed46d3d3ab79c5e7c274af71697cd7366dc193483fc16ccb
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: cc34d6b4332e142c307fbff7b568a66f
SHA256: 79845c54acc5f069b4ec24eeade94fdf0a5daa07997cb049ec6a7706e2250104
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
binary
MD5: da6c793fb0533af0139a6d76c9956547
SHA256: bcec4bffd8ee03e0fdf1c1577ef4635ac08db1f94cf07b0c406a6b3a171e9e1d
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\Install_ENG_1435860958525.bmp
image
MD5: 7078777f775a58435028c19515955085
SHA256: df2bd2e2781daa4d3270ff3bac2cfae49fcb42e2a331d10f4f0cbda2e3b1dddc
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\cancel_blue_1473358017200.bmp
image
MD5: c20f972bb1e321bcf007a11d1433496c
SHA256: ddeb1a235c5fbb989fadf287a627736894f62406c0258b2a8b73379ada7a6775
1968
YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe
C:\Users\admin\AppData\Local\Temp\nshA526.tmp\YourTemplateFinder_msi_bg-copy_1501857870041.bmp
image
MD5: 98e8ae48a448ceb300834709580df9af
SHA256: cd89fba61abcf16dbaf7b2d5be655b2b3f950867b612bf72ce1913206e708e46
1184
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2192
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e986f140861945107ba75bd7c3883947
SHA256: 75a483a80575a3cac596a660c6e1b706b7005d888c4a72fe3d5d6cfbebc24a15
2776
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\62c7e45f2969[1].js
text
MD5: 70d6176e9a4e348eee024df17d4ea248
SHA256: af5bd3a295bf5eed749043785d896d6eafcb8cf1ac7b3247fb39f2364ef6084a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
82
TCP/UDP connections
62
DNS requests
28
Threats
32

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=948b5cbfbd684cbeb043ab2c09ccd3ea&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^mni000^TTAB02&refSub=&anxl=en-US&anxr=2117311035&refCobrand=BNF&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=1&errorType=nsisError&errorDetails=%5EBNF%5Expt136%5ETTAB02%5Egb&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2091125014&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=3rdPartyOfferCriteriaCheck&bundleName=DriverUpdate+Setup&criteriaPass=true&failType=&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2030911058&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerInvoked&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2059153490&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=3rdPartyOfferShow&bundleName=DriverUpdate+Setup&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2060802540&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=3rdPartyOfferAccept&bundleName=DriverUpdate+Setup&optIn=true&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=2000543731&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
184 SlimCleanerPlus.exe GET 200 52.20.7.33:80 http://stc.slimwareutilities.com/gettrack?product=SW2&p2=%5ESW2%5Exdm110&secondOfferOrigin=%5EBNF%5Expt136%5ETTAB02%5Egb&ul_stubid=948b5cbfbd684cbeb043ab2c09ccd3ea US
text
malicious
184 SlimCleanerPlus.exe GET 200 52.54.9.186:80 http://trk.slimwareutilities.com/ulc.php?ev=InstallerInvoked&platformOSVersion=6.1&secondOfferOrigin=%5EBNF%5Expt136%5ETTAB02%5Egb&ul_stubid=948b5cbfbd684cbeb043ab2c09ccd3ea&p2=%5ESW2%5Exdm110&installer=SD0&product=SW2&installerVersion=2.4.0&machineId=91E81986-FAA2-412D-B1C2-F8715923274A&platformOS=Windows&ul_track=DU0155 US
text
malicious
184 SlimCleanerPlus.exe GET 301 52.6.81.132:80 http://apps-api.slimwareutilities.com/install/du/6.1/x86/DriverUpdate-setup.exe?machineId=91E81986-FAA2-412D-B1C2-F8715923274A US
––
––
malicious
1184 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
184 SlimCleanerPlus.exe GET 200 52.222.163.215:80 http://download.driverupdate.net/5.6.6/x86/DriverUpdate-setup.exe US
executable
whitelisted
1184 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1672 iexplore.exe GET 200 74.113.235.138:80 http://free.yourtemplatefinder.com/config_event.jhtml?anxuu=948F8853-D2A2-4C54-8EB3-1D36B745FA41&anxa=CAPOne&anxv=&anxd=&anxsn=dubprdsndlbfe88.dub.jabodo.com&anxu=http://free.yourtemplatefinder.com/index.jhtml&anxl=en&anxlv=Thu%20Nov%2008%2007:25:51%20EST%202018&anxrp&anxrk=&anxrm=&anxrc=&anxrs=&anxsq=&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxi&anxtv&fParameter=000000b0&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&anxe=ToolbarConfig&anxr=1611445117&anxsi=001007013000826 IE
html
malicious
1672 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=948F8853-D2A2-4C54-8EB3-1D36B745FA41&anxa=CAPOne&anxv=&anxd=&anxsn=dubprdsndlbfe88.dub.jabodo.com&anxu=http://free.yourtemplatefinder.com/index.jhtml&anxl=en&anxlv=Thu%20Nov%2008%2007:25:51%20EST%202018&anxrp&anxrk=&anxrm=&anxrc=&anxrs=&anxsq=&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxi&anxtv&fParameter=000000b0&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&anxe=ToolbarConfig&anxr=1611445117&anxsi=001007013000826 US
––
––
unknown
2776 iexplore.exe GET 200 74.113.235.138:80 http://free.yourtemplatefinder.com/install_pixels.jhtml?partner=^BNF^xpt136^TTAB02^gb&sub_id=001007013000826&coId=948b5cbfbd684cbeb043ab2c09ccd3ea&tbGuid=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&source=msni IE
html
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-17&errorType=nsisError&errorDetails=http%3A%2F%2Ffree%2Eyourtemplatefinder%2Ecom%2Finstall_pixels%2Ejhtml%3Fpartner%3D%5EBNF%5Expt136%5ETTAB02%5Egb%26sub_id%3D001007013000826%26coId%3D948b5cbfbd684cbeb043ab2c09ccd3ea%26tbGuid%3D0F7D23ED-B204-407B-AAF8-38A6A68E52D1%26source%3Dmsni&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2090098465&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
1184 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-23&errorType=nsisError&errorDetails=http%3A%2F%2Ffree%2Eyourtemplatefinder%2Ecom%2Fconfig_event%2Ejhtml%3Fanxuu%3D948F8853-D2A2-4C54-8EB3-1D36B745FA41%26anxa%3DCAPOne%26anxv%3D%26anxd%3D%26anxsn%3Ddubprdsndlbfe88%2Edub%2Ejabodo%2Ecom%26anxu%3Dhttp%3A%2F%2Ffree%2Eyourtemplatefinder%2Ecom%2Findex%2Ejhtml%26anxl%3Den%26anxlv%3DThu%2520Nov%252008%252007%3A25%3A51%2520EST%25202018%26anxrp%26anxrk%3D%26anxrm%3D%26anxrc%3D%26anxrs%3D%26anxsq%3D%26anxt%3D0F7D23ED-B204-407B-AAF8-38A6A68E52D1%26anxp%3D%255EBNF%255Expt136%255ETTAB02%255Egb%26anxi%26anxtv%26fParameter%3D000000b0%26coid%3D948b5cbfbd684cbeb043ab2c09ccd3ea%26anxe%3DToolbarConfig%26anxr%3D1611445117%26anxsi%3D001007013000826&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2089064586&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
2192 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/yourtemplatefinder/ttab02/index.html?n=7849ED5D&p2=^BNF^xpt136^TTAB02^gb&ptb=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&si=001007013000826&coid=948b5cbfbd684cbeb043ab2c09ccd3ea unknown
html
whitelisted
2776 iexplore.exe GET 200 2.18.232.251:80 http://akz.imgfarm.com/images/anx/anemone-1.2.7.js unknown
text
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/yourtemplatefinder/ttab02/assets/1541017700817/ie8.js unknown
html
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/search/google.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/BNF.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/yourtemplatefinder/ttab02/assets/1541017700817/app.js unknown
text
whitelisted
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerFinished&tbUID=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&tbVer=&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2086046569&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
1184 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/vicinio/chrome/spent/images/favicon/BNF.ico unknown
image
whitelisted
1184 iexplore.exe GET 200 74.113.235.138:80 http://free.yourtemplatefinder.com/favicon.ico IE
image
malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=3rdPartyOfferDownloadComplete&bundleName=DriverUpdate+Setup&installerType=secondary_installer&resultCode=0&platform=vicinio&anxv=2.7.1.3000&anxd=2018-08-16&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&refPartner=^BNF^xpt136^TTAB02^gb&refSub=001007013000826&anxl=en-US&anxr=-2035650293&refCobrand=BNF&refCampaign=xpt136&refTrack=TTAB02&refCountry=gb US
––
––
malicious
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html unknown
html
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223754551.png unknown
image
whitelisted
2776 iexplore.exe GET 204 74.113.235.138:80 http://free.yourtemplatefinder.com/anemone.jhtml?anxuu=0E0FA18E-9232-464F-964F-210C10B6A1CF&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04%3A00%3A00Z&anxsn=dubprdsndlbfe53.dub.jabodo.com&anxu=http%3A%2F%2Ffree.yourtemplatefinder.com%2Finstall_pixels.jhtml&anxl=en-us&anxlv=1541682402540&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=60133E39-CD02-4E00-A7BB-B3D5A18B4A24&anxe=backFill&anxr=1400206996 IE
––
––
malicious
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/localization/searchbuttons/en.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223777673.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223777700.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/down-arrow.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/224099359.png unknown
image
whitelisted
2776 iexplore.exe GET 302 193.0.160.128:80 http://20787045p.rfihub.com/ca.gif?rb=32555&ca=20787045&_o=32555&_t=20787045&ra=REPLACE_ME_WITH_YOUR_CACHE_BUSTING NL
––
––
whitelisted
2776 iexplore.exe GET 302 193.0.160.129:80 http://20780365p.rfihub.com/ca.gif?rb=32555&ca=20780365&_o=32555&_t=20780365&ra=REPLACE_ME_WITH_YOUR_CACHE_BUSTING NL
––
––
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/images/weather/MainIcon.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/YourTemplateFinder/YTF_chiclet_templates.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/Control/control_chiclet_weather.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/Background.html unknown
html
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.chiclet.unbranded-en/Background.html unknown
html
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/facebook.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/youtube.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_booking.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_priceline.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/instagram.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/walmart.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/tripadvisor.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/macys.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/target.png unknown
image
whitelisted
2776 iexplore.exe GET 302 172.217.168.66:80 http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=NjQwOTg4OTA1MDg3ODMzMjE4&forward=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D13490%26nid%3D2596%26put%3D640988905087833218%26expires%3D30%26next%3Dhttp%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D18%2526code%253D640988905087833218http%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537073062%252526val%25253D640988905087833218%252526r%25253Dhttp%2525253A%2525252F%2525252Fimage2.pubmatic.com%2525252FAdServer%2525252FPug%2525253Fvcode%2525253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%2525253D%2525253D%25252526piggybackCookie%2525253D640988905087833218%25252526r%2525253Dhttp%252525253A%252525252F%252525252Fdsum.casalemedia.com%252525252Frum%252525253Fcm_dsp_id%252525253D57%2525252526external_user_id%252525253D640988905087833218%2525252526forward%252525253Dhttp%25252525253A%25252525252F%25252525252Ftapestry.tapad.com%25252525252Ftapestry%25252525252F1%25252525253Fta_partner_id%25252525253D937%252525252526ta_partner_did%25252525253D640988905087833218%252525252526ta_format%25252525253Dgif US
––
whitelisted
2776 iexplore.exe GET 302 172.217.168.66:80 http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=NjM5NTgxNTMxMjU3MzQzMjI5&forward=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D13490%26nid%3D2596%26put%3D639581531257343229%26expires%3D30%26next%3Dhttp%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D18%2526code%253D639581531257343229http%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537073062%252526val%25253D639581531257343229%252526r%25253Dhttp%2525253A%2525252F%2525252Fimage2.pubmatic.com%2525252FAdServer%2525252FPug%2525253Fvcode%2525253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%2525253D%2525253D%25252526piggybackCookie%2525253D639581531257343229%25252526r%2525253Dhttp%252525253A%252525252F%252525252Fdsum.casalemedia.com%252525252Frum%252525253Fcm_dsp_id%252525253D57%2525252526external_user_id%252525253D639581531257343229%2525252526forward%252525253Dhttp%25252525253A%25252525252F%25252525252Ftapestry.tapad.com%25252525252Ftapestry%25252525252F1%25252525253Fta_partner_id%25252525253D937%252525252526ta_partner_did%25252525253D639581531257343229%252525252526ta_format%25252525253Dgif US
––
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/YourTemplateFinder/YTF_chiclet_email.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_trivago.png unknown
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/banner.jsonp?v=1541682405803&callback=fn unknown
text
whitelisted
2776 iexplore.exe GET 302 172.217.168.66:80 http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=NjQwOTg4OTA1MDg3ODMzMjE4&forward=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D13490%26nid%3D2596%26put%3D640988905087833218%26expires%3D30%26next%3Dhttp%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D18%2526code%253D640988905087833218http%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537073062%252526val%25253D640988905087833218%252526r%25253Dhttp%2525253A%2525252F%2525252Fimage2.pubmatic.com%2525252FAdServer%2525252FPug%2525253Fvcode%2525253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%2525253D%2525253D%25252526piggybackCookie%2525253D640988905087833218%25252526r%2525253Dhttp%252525253A%252525252F%252525252Fdsum.casalemedia.com%252525252Frum%252525253Fcm_dsp_id%252525253D57%2525252526external_user_id%252525253D640988905087833218%2525252526forward%252525253Dhttp%25252525253A%25252525252F%25252525252Ftapestry.tapad.com%25252525252Ftapestry%25252525252F1%25252525253Fta_partner_id%25252525253D937%252525252526ta_partner_did%25252525253D640988905087833218%252525252526ta_format%25252525253Dgif&google_tc= US
––
whitelisted
2776 iexplore.exe GET 302 172.217.168.66:80 http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm=&google_sc=&google_hm=NjM5NTgxNTMxMjU3MzQzMjI5&forward=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D13490%26nid%3D2596%26put%3D639581531257343229%26expires%3D30%26next%3Dhttp%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D18%2526code%253D639581531257343229http%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537073062%252526val%25253D639581531257343229%252526r%25253Dhttp%2525253A%2525252F%2525252Fimage2.pubmatic.com%2525252FAdServer%2525252FPug%2525253Fvcode%2525253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%2525253D%2525253D%25252526piggybackCookie%2525253D639581531257343229%25252526r%2525253Dhttp%252525253A%252525252F%252525252Fdsum.casalemedia.com%252525252Frum%252525253Fcm_dsp_id%252525253D57%2525252526external_user_id%252525253D639581531257343229%2525252526forward%252525253Dhttp%25252525253A%25252525252F%25252525252Ftapestry.tapad.com%25252525252Ftapestry%25252525252F1%25252525253Fta_partner_id%25252525253D937%252525252526ta_partner_did%25252525253D639581531257343229%252525252526ta_format%25252525253Dgif&google_tc= US
––
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/scripts/466f8118.config.js unknown
text
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/scripts/53bf1be5.background.js unknown
text
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.chiclet.unbranded-en/scripts/1ce708aa.config.js unknown
text
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.chiclet.unbranded-en/scripts/53bf1be5.background.js unknown
text
whitelisted
2776 iexplore.exe GET 302 193.0.160.128:80 http://p.rfihub.com/cm?forward=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D13490%26nid%3D2596%26put%3D640988905087833218%26expires%3D30%26next%3Dhttp%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D18%2526code%253D640988905087833218http%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537073062%252526val%25253D640988905087833218%252526r%25253Dhttp%2525253A%2525252F%2525252Fimage2.pubmatic.com%2525252FAdServer%2525252FPug%2525253Fvcode%2525253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%2525253D%2525253D%25252526piggybackCookie%2525253D640988905087833218%25252526r%2525253Dhttp%252525253A%252525252F%252525252Fdsum.casalemedia.com%252525252Frum%252525253Fcm_dsp_id%252525253D57%2525252526external_user_id%252525253D640988905087833218%2525252526forward%252525253Dhttp%25252525253A%25252525252F%25252525252Ftapestry.tapad.com%25252525252Ftapestry%25252525252F1%25252525253Fta_partner_id%25252525253D937%252525252526ta_partner_did%25252525253D640988905087833218%252525252526ta_format%25252525253Dgif&google_gid=CAESEJMEC9itUcZPPsZQN0xcmZs&google_cver=1 NL
––
––
whitelisted
2776 iexplore.exe GET 302 193.0.160.128:80 http://p.rfihub.com/cm?forward=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D13490%26nid%3D2596%26put%3D639581531257343229%26expires%3D30%26next%3Dhttp%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D18%2526code%253D639581531257343229http%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537073062%252526val%25253D639581531257343229%252526r%25253Dhttp%2525253A%2525252F%2525252Fimage2.pubmatic.com%2525252FAdServer%2525252FPug%2525253Fvcode%2525253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%2525253D%2525253D%25252526piggybackCookie%2525253D639581531257343229%25252526r%2525253Dhttp%252525253A%252525252F%252525252Fdsum.casalemedia.com%252525252Frum%252525253Fcm_dsp_id%252525253D57%2525252526external_user_id%252525253D639581531257343229%2525252526forward%252525253Dhttp%25252525253A%25252525252F%25252525252Ftapestry.tapad.com%25252525252Ftapestry%25252525252F1%25252525253Fta_partner_id%25252525253D937%252525252526ta_partner_did%25252525253D639581531257343229%252525252526ta_format%25252525253Dgif&google_gid=CAESEAc1jwVKbAula8tJHG9WM2M&google_cver=1 NL
––
––
whitelisted
2776 iexplore.exe GET 200 213.19.162.90:80 http://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=639581531257343229&expires=30&next=http%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D18%26code%3D639581531257343229http%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073062%2526val%253D639581531257343229%2526r%253Dhttp%25253A%25252F%25252Fimage2.pubmatic.com%25252FAdServer%25252FPug%25253Fvcode%25253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%25253D%25253D%252526piggybackCookie%25253D639581531257343229%252526r%25253Dhttp%2525253A%2525252F%2525252Fdsum.casalemedia.com%2525252Frum%2525253Fcm_dsp_id%2525253D57%25252526external_user_id%2525253D639581531257343229%25252526forward%2525253Dhttp%252525253A%252525252F%252525252Ftapestry.tapad.com%252525252Ftapestry%252525252F1%252525253Fta_partner_id%252525253D937%2525252526ta_partner_did%252525253D639581531257343229%2525252526ta_format%252525253Dgif GB
image
whitelisted
2776 iexplore.exe GET 200 213.19.162.90:80 http://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=640988905087833218&expires=30&next=http%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D18%26code%3D640988905087833218http%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073062%2526val%253D640988905087833218%2526r%253Dhttp%25253A%25252F%25252Fimage2.pubmatic.com%25252FAdServer%25252FPug%25253Fvcode%25253Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTU3NjgwMA%25253D%25253D%252526piggybackCookie%25253D640988905087833218%252526r%25253Dhttp%2525253A%2525252F%2525252Fdsum.casalemedia.com%2525252Frum%2525253Fcm_dsp_id%2525253D57%25252526external_user_id%2525253D640988905087833218%25252526forward%2525253Dhttp%252525253A%252525252F%252525252Ftapestry.tapad.com%252525252Ftapestry%252525252F1%252525253Fta_partner_id%252525253D937%2525252526ta_partner_did%252525253D640988905087833218%2525252526ta_format%252525253Dgif GB
image
whitelisted
2192 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/yourtemplatefinder/ttab02/assets/1541017700817/async-iac_centerbanner_ui.center_banner_ui.js unknown
text
whitelisted
2192 iexplore.exe GET 200 74.113.237.38:80 http://weatherblink.wdgserv.com/weatherblink/lookup/auto?callback=jQuery19108874421609281851_1541682406146&_=1541682406147 US
text
unknown
2192 iexplore.exe GET 200 74.113.237.38:80 http://weatherblink.wdgserv.com/weatherblink/lookup/auto?callback=jQuery19101800203665070788_1541682406162&_=1541682406163 US
text
unknown
2192 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=22E45E48-DE2A-4880-811B-AAE938C540CC&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fyourtemplatefinder%2Fttab02%2Findex.html&anxl=en&anxlv=0&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxsi=001007013000826&buid=e5f646a4-9ff4-4019-852e-3ef3d54027ff&pageType=tab&productData=%7B%22coid%22%3A%22948b5cbfbd684cbeb043ab2c09ccd3ea%22%2C%22pageLoad%22%3A1%7D&anxe=Heartbeat&anxr=1931426901 US
––
––
unknown
2192 iexplore.exe GET 502 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=22E45E48-DE2A-4880-811B-AAE938C540CC&anxa=CAPOne&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fyourtemplatefinder%2Fttab02%2Findex.html&anxl=en&anxlv=1541682406240&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxsi=001007013000826&buid=e5f646a4-9ff4-4019-852e-3ef3d54027ff&pageType=tab&anxtv=webtooltab-2.1.1&fParameter=00000050&coid=948b5cbfbd684cbeb043ab2c09ccd3ea&productData=%7B%22pageLoad%22%3A1%7D&anxe=ToolbarConfig&anxr=2127856215 US
html
unknown
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/banners/singlesday_banner_2018_600x50.png unknown
image
whitelisted
2192 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=22E45E48-DE2A-4880-811B-AAE938C540CC&anxa=CAPSearch&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fyourtemplatefinder%2Fttab02%2Findex.html&anxl=en&anxlv=1541682406287&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=5&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxsi=001007013000826&buid=e5f646a4-9ff4-4019-852e-3ef3d54027ff&pageType=tab&productData=%7B%22pageLoad%22%3A1%7D&anxe=TabPageView&anxr=1591115627 US
––
––
unknown
2776 iexplore.exe GET 204 74.113.235.138:80 http://free.yourtemplatefinder.com/anemone.jhtml?anxuu=0E0FA18E-9232-464F-964F-210C10B6A1CF&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04%3A00%3A00Z&anxsn=dubprdsndlbfe53.dub.jabodo.com&anxu=http%3A%2F%2Ffree.yourtemplatefinder.com%2Finstall_pixels.jhtml&anxl=en-us&anxlv=1541682404822&anxsq=3&tbUID=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&tbVer=&anxe=PixelFrameTT&anxr=680191257 IE
––
––
malicious
2776 iexplore.exe GET –– 74.113.235.138:80 http://free.yourtemplatefinder.com/anemone.jhtml?anxuu=0E0FA18E-9232-464F-964F-210C10B6A1CF&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04%3A00%3A00Z&anxsn=dubprdsndlbfe53.dub.jabodo.com&anxu=http%3A%2F%2Ffree.yourtemplatefinder.com%2Finstall_pixels.jhtml&anxl=en-us&anxlv=1541682405744&anxsq=4&tbUID=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&tbVer=&anxe=PixelFrameTB&anxr=1433546653 IE
––
––
malicious
2776 iexplore.exe GET 204 74.113.235.138:80 http://free.yourtemplatefinder.com/anemone.jhtml?anxuu=0E0FA18E-9232-464F-964F-210C10B6A1CF&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04%3A00%3A00Z&anxsn=dubprdsndlbfe53.dub.jabodo.com&anxu=http%3A%2F%2Ffree.yourtemplatefinder.com%2Finstall_pixels.jhtml&anxl=en-us&anxlv=1541682405744&anxsq=5&tbUID=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&tbVer=&anxe=PixelFrameComplete&anxr=97713029 IE
––
––
malicious
2192 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=22E45E48-DE2A-4880-811B-AAE938C540CC&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fyourtemplatefinder%2Fttab02%2Findex.html&anxl=en&anxlv=1541682406271&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=4&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxsi=001007013000826&buid=e5f646a4-9ff4-4019-852e-3ef3d54027ff&pageType=tab&productData=%7B%22queryString%22%3A%7B%22n%22%3A%227849ED5D%22%2C%22coid%22%3A%22948b5cbfbd684cbeb043ab2c09ccd3ea%22%2C%22dpr%22%3A%22%22%2C%22pixelUrl%22%3A%22%22%7D%2C%22innerWidth%22%3A788%2C%22innerHeight%22%3A460%2C%22userFontSize%22%3A16%2C%22pageLoad%22%3A1%7D&anxe=PageView&anxr=665591281 US
––
––
unknown
2192 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/images/weather/Rain.png unknown
image
whitelisted
184 SlimCleanerPlus.exe GET 200 52.54.9.186:80 http://trk.slimwareutilities.com/ulc.php?ev=InstallerFinished&platformOSVersion=6.1&secondOfferOrigin=%5EBNF%5Expt136%5ETTAB02%5Egb&installId=67AE028E-F0B9-4C46-B6AF-A49AC17AEE1A&ul_stubid=948b5cbfbd684cbeb043ab2c09ccd3ea&p2=%5ESW2%5Exdm110&installer=SD0&product=SW2&installerVersion=2.4.0&machineId=91E81986-FAA2-412D-B1C2-F8715923274A&platformOS=Windows&ul_track=DU0155 US
text
malicious
2192 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=22E45E48-DE2A-4880-811B-AAE938C540CC&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fyourtemplatefinder%2Fttab02%2Findex.html&anxl=en&anxlv=1541682406287&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=6&anxt=0F7D23ED-B204-407B-AAF8-38A6A68E52D1&anxp=%5EBNF%5Expt136%5ETTAB02%5Egb&anxsi=001007013000826&buid=e5f646a4-9ff4-4019-852e-3ef3d54027ff&pageType=tab&label=Go%20to%20Instagram&name=Go%20to%20Instagram&controlID=Go%20to%20Instagram&type=Button&icon=%2F%2Fak.staticimgfarm.com%2Fimages%2Fwebtooltab%2Fchiclets%2Finstagram.png&zone=underSearchInput&action=click&uitype=chiclet&anxs=chiclets&productData=%7B%22url%22%3A%22https%3A%2F%2Fwww.instagram.com%2F%22%2C%22itemName%22%3A%22Go%20to%20Instagram%22%2C%22pageLoad%22%3A1%7D&anxe=UIControl&anxr=2087944557 US
––
––
unknown
1184 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe 74.113.233.192:80 Mindspark Interactive Network, Inc. US suspicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe 74.113.235.138:443 Mindspark Interactive Network, Inc. IE malicious
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe 2.18.232.251:443 Akamai International B.V. –– whitelisted
184 SlimCleanerPlus.exe 52.20.7.33:80 Amazon.com, Inc. US malicious
184 SlimCleanerPlus.exe 52.54.9.186:80 Amazon.com, Inc. US malicious
184 SlimCleanerPlus.exe 52.6.81.132:80 Amazon.com, Inc. US malicious
1184 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
184 SlimCleanerPlus.exe 52.222.163.215:80 Amazon.com, Inc. US suspicious
1672 iexplore.exe 74.113.235.138:80 Mindspark Interactive Network, Inc. IE malicious
1672 iexplore.exe 74.113.233.187:80 Mindspark Interactive Network, Inc. US unknown
2776 iexplore.exe 74.113.235.138:80 Mindspark Interactive Network, Inc. IE malicious
2192 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
2776 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
2776 iexplore.exe 216.58.215.232:443 Google Inc. US whitelisted
1184 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
1184 iexplore.exe 74.113.235.138:80 Mindspark Interactive Network, Inc. IE malicious
2776 iexplore.exe 74.113.233.187:443 Mindspark Interactive Network, Inc. US unknown
2776 iexplore.exe 178.250.2.82:443 Criteo SA FR unknown
2776 iexplore.exe 193.0.160.129:80 Rocket Fuel Inc. NL unknown
2776 iexplore.exe 193.0.160.128:80 Rocket Fuel Inc. NL unknown
2776 iexplore.exe 172.217.168.66:80 Google Inc. US whitelisted
2776 iexplore.exe 74.119.119.84:443 Criteo Corp. US unknown
2192 iexplore.exe 104.109.68.59:443 Akamai International B.V. NL whitelisted
2776 iexplore.exe 213.19.162.90:80 The Rubicon Project, Inc. GB unknown
2192 iexplore.exe 74.113.237.38:80 Mindspark Interactive Network, Inc. US unknown
2192 iexplore.exe 74.113.233.187:80 Mindspark Interactive Network, Inc. US unknown
2776 iexplore.exe 31.13.92.174:443 Facebook, Inc. IE malicious
1184 iexplore.exe 31.13.92.174:443 Facebook, Inc. IE malicious

DNS requests

Domain IP Reputation
anx.mindspark.com 74.113.233.192
malicious
dp.tb.ask.com 74.113.235.138
whitelisted
dns.msftncsi.com 131.107.255.255
whitelisted
ak.ssl.imgfarm.com 2.18.232.251
whitelisted
stc.slimwareutilities.com 52.20.7.33
52.55.74.238
malicious
hp.myway.com 2.18.232.251
whitelisted
trk.slimwareutilities.com 52.54.9.186
34.231.33.210
54.175.217.102
malicious
apps-api.slimwareutilities.com 52.6.81.132
52.2.26.10
52.44.174.33
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
download.driverupdate.net 52.222.163.215
52.222.163.12
52.222.163.101
52.222.163.158
whitelisted
free.yourtemplatefinder.com 74.113.235.138
malicious
anx.tb.ask.com 74.113.233.187
unknown
akz.imgfarm.com 2.18.232.251
whitelisted
www.googletagmanager.com 216.58.215.232
whitelisted
ak.staticimgfarm.com 2.18.232.251
whitelisted
anx.mywebsearch.com 74.113.233.187
unknown
20780365p.rfihub.com 193.0.160.129
whitelisted
sslwidget.criteo.com 178.250.2.82
whitelisted
20787045p.rfihub.com 193.0.160.128
whitelisted
cm.g.doubleclick.net 172.217.168.66
whitelisted
dis.us.criteo.com 74.119.119.84
whitelisted
imp.admarketplace.net 104.109.68.59
unknown
p.rfihub.com 193.0.160.128
whitelisted
pixel.rubiconproject.com 213.19.162.90
213.19.162.80
whitelisted
weatherblink.wdgserv.com 74.113.237.38
unknown
www.instagram.com 31.13.92.174
whitelisted

Threats

PID Process Class Message
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
184 SlimCleanerPlus.exe Potentially Bad Traffic ET POLICY Executable served from Amazon S3
184 SlimCleanerPlus.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1968 YourTemplateFinder.948b5cbfbd684cbeb043ab2c09ccd3ea.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent

10 ETPRO signatures available at the full report

Debug output strings

No debug info.