analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://downloads.optimize-windows.net/en/pc-repair/def/pc-repair-setup.exe

Full analysis: https://app.any.run/tasks/be75b8f9-bf0a-4a7e-9ce7-a482b4237b63
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Analysis date: March 31, 2020, 01:42:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

6ACD30B2FEF20DE407F6D8686B903ADE

SHA1:

E1ED907CF102A483E123B47D341A362B78DFB021

SHA256:

18B049B8191A829D581FD2A2ED4B3BFFED3BFD8D911DE44C567249522962BB21

SSDEEP:

3:N1KaKE4L+MIg/3sVGvgtRAkA:CaG/sagtRAkA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • pc-repair-setup.exe (PID: 3172)
      • pc-repair-setup.exe (PID: 2644)
      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2684)
      • PCRepair.exe (PID: 2932)
      • dismhost.exe (PID: 3040)
    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3008)
    • Loads dropped or rewritten executable

      • pc-repair-setup.exe (PID: 2644)
      • Installer.exe (PID: 3180)
      • regsvr32.exe (PID: 1828)
      • PCRepair.exe (PID: 2684)
      • PCRepair.exe (PID: 2932)
      • DISM.exe (PID: 3244)
      • dismhost.exe (PID: 3040)
      • iexplore.exe (PID: 1756)
      • TrustedInstaller.exe (PID: 3088)
    • Loads the Task Scheduler COM API

      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2684)
      • PCRepair.exe (PID: 2932)
    • Registers / Runs the DLL via REGSVR32.EXE

      • Installer.exe (PID: 3180)
    • Changes settings of System certificates

      • PCRepair.exe (PID: 2932)
      • Installer.exe (PID: 3180)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 1756)
      • pc-repair-setup.exe (PID: 2644)
      • Installer.exe (PID: 3180)
      • DISM.exe (PID: 3244)
    • Reads Internet Cache Settings

      • pc-repair-setup.exe (PID: 2644)
      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2932)
      • taskhost.exe (PID: 3872)
    • Reads Windows owner or organization settings

      • Installer.exe (PID: 3180)
    • Reads Windows Product ID

      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2684)
      • PCRepair.exe (PID: 2932)
    • Reads the machine GUID from the registry

      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2684)
      • PCRepair.exe (PID: 2932)
    • Reads the BIOS version

      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2932)
    • Reads the Windows organization settings

      • Installer.exe (PID: 3180)
    • Executed as Windows Service

      • taskhost.exe (PID: 2948)
      • taskhost.exe (PID: 3872)
    • Reads the cookies of Mozilla Firefox

      • Installer.exe (PID: 3180)
    • Reads the cookies of Google Chrome

      • Installer.exe (PID: 3180)
    • Creates files in the user directory

      • Installer.exe (PID: 3180)
    • Creates files in the program directory

      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2684)
      • PCRepair.exe (PID: 2932)
    • Creates a software uninstall entry

      • Installer.exe (PID: 3180)
      • PCRepair.exe (PID: 2932)
    • Creates COM task schedule object

      • regsvr32.exe (PID: 1828)
    • Creates or modifies windows services

      • PCRepair.exe (PID: 2932)
    • Adds / modifies Windows certificates

      • PCRepair.exe (PID: 2932)
      • Installer.exe (PID: 3180)
    • Creates files in the Windows directory

      • TrustedInstaller.exe (PID: 3088)
    • Low-level read access rights to disk partition

      • PCRepair.exe (PID: 2932)
    • Searches for installed software

      • PCRepair.exe (PID: 2932)
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1756)
      • iexplore.exe (PID: 3008)
    • Changes internet zones settings

      • iexplore.exe (PID: 1756)
    • Application launched itself

      • iexplore.exe (PID: 1756)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 1756)
    • Reads settings of System Certificates

      • pc-repair-setup.exe (PID: 2644)
      • Installer.exe (PID: 3180)
      • iexplore.exe (PID: 1756)
      • PCRepair.exe (PID: 2932)
    • Dropped object may contain Bitcoin addresses

      • Installer.exe (PID: 3180)
    • Creates files in the user directory

      • iexplore.exe (PID: 1756)
    • Reads Microsoft Office registry keys

      • PCRepair.exe (PID: 2932)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1756)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
13
Malicious processes
8
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe pc-repair-setup.exe no specs pc-repair-setup.exe installer.exe taskhost.exe no specs taskhost.exe no specs regsvr32.exe no specs pcrepair.exe no specs pcrepair.exe dism.exe dismhost.exe trustedinstaller.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1756"C:\Program Files\Internet Explorer\iexplore.exe" http://downloads.optimize-windows.net/en/pc-repair/def/pc-repair-setup.exeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3008"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1756 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3172"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exeiexplore.exe
User:
admin
Company:
Outbyte
Integrity Level:
MEDIUM
Description:
Outbyte PCRepair Installation File
Exit code:
3221226540
Version:
1.0.3.20
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\pc-repair-setup.exe
c:\systemroot\system32\ntdll.dll
2644"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exe
iexplore.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Outbyte PCRepair Installation File
Exit code:
0
Version:
1.0.3.20
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\pc-repair-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3180"C:\Users\admin\AppData\Local\Temp\is-19484251.tmp\Installer.exe" /spid:2644 /splha:19409216C:\Users\admin\AppData\Local\Temp\is-19484251.tmp\Installer.exe
pc-repair-setup.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Installer
Exit code:
0
Version:
1.0.3.20
Modules
Images
c:\users\admin\appdata\local\temp\is-19484251.tmp\installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\is-19484251.tmp\axcomponentsvcl.bpl
c:\users\admin\appdata\local\temp\is-19484251.tmp\axcomponentsrtl.bpl
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
2948"taskhost.exe"C:\Windows\system32\taskhost.exeservices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Host Process for Windows Tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3872"taskhost.exe"C:\Windows\system32\taskhost.exeservices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Host Process for Windows Tasks
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1828"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Outbyte\PCRepair\BrowserCareHelper.Agent.x32.dll"C:\Windows\system32\regsvr32.exeInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\systemroot\system32\ntdll.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2684"C:\Program Files\Outbyte\PCRepair\PCRepair.exe" /Install /SendInfo /AutoStartC:\Program Files\Outbyte\PCRepair\PCRepair.exeInstaller.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
PC Repair
Exit code:
0
Version:
1.0.3.20
Modules
Images
c:\program files\outbyte\pcrepair\pcrepair.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2932"C:\Program Files\Outbyte\PCRepair\PCRepair.exe" /FromInstallerC:\Program Files\Outbyte\PCRepair\PCRepair.exe
Installer.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
PC Repair
Version:
1.0.3.20
Modules
Images
c:\program files\outbyte\pcrepair\pcrepair.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
59 930
Read events
54 779
Write events
0
Delete events
0

Modification events

No data
Executable files
88
Suspicious files
37
Text files
26
Unknown types
19

Dropped files

PID
Process
Filename
Type
3008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\pc-repair-setup[1].exe
MD5:
SHA256:
3008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exe.i1f23ew.partial
MD5:
SHA256:
1756iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF8F10A14699012E37.TMP
MD5:
SHA256:
1756iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exe.i1f23ew.partial:Zone.Identifier
MD5:
SHA256:
2644pc-repair-setup.exeC:\Users\admin\AppData\Local\Temp\is-19484251.tmp\Lang\esp.lngbinary
MD5:B9B90AC1B4566D6147A86C42048934F5
SHA256:F19B34D4206004642B8560EFD876547326471089E617DDDC56B8306AB98818A0
2644pc-repair-setup.exeC:\Users\admin\AppData\Local\Temp\is-19484251.tmp\Lang\fra.lngbinary
MD5:BC7AC79912C082FC73180008DAF18A5E
SHA256:D00CFEA16EE88D51C2C18D551A9EDEB9D9119FD624943CF60A2F7AD67B9C1DE8
2644pc-repair-setup.exeC:\Users\admin\AppData\Local\Temp\is-19484251.tmp\Lang\ptb.lngbinary
MD5:F749073288E014CE7CE40DF300DF508C
SHA256:6A28AA5A3F600A00A8C0D6F1ED308C876E95FA548222B13BC42F0DB141A01DC0
1756iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{F7967D39-72F0-11EA-972D-5254004A04AF}.datbinary
MD5:B923393F40A1704150752447CDDF7559
SHA256:FBBAFEBDF82ED6CE3711311EDD9552743087A9C6004F901E9744003756727766
1756iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\pc-repair-setup.exeexecutable
MD5:4ADD15E8C09DE1C165CDC1C948B2003A
SHA256:89D42E6FF52DA66A26CBBA2549040099056B1780CC5272AF7E0228B30D53277B
3008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\pc-repair-setup[1].htmhtml
MD5:860A7F118DE590E5A508C8958EECBC68
SHA256:5BB80404D17ED6F72AD3E82E75D74C0D7D518464E1D51DB742087D97E94B36FA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
18
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3008
iexplore.exe
GET
200
151.139.237.160:80
http://static.optimize-windows.net/en/pc-repair/def/pc-repair-setup.exe
US
executable
20.8 Mb
suspicious
3180
Installer.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEChOOcFLOG2InHKZ5YzQWlc%3D
US
der
727 b
whitelisted
1756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3180
Installer.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
3180
Installer.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
1756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
1756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3008
iexplore.exe
GET
302
149.56.19.59:80
http://downloads.optimize-windows.net/en/pc-repair/def/pc-repair-setup.exe
CA
html
161 b
suspicious
3180
Installer.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS83pEmglYTXfyF78OS%2BRiTRWadkgQULGn%2FgMmHkK404bTnTJOFmUDpp7ICEBK19AoQmh7woOkPJmoB2Rw%3D
US
der
471 b
whitelisted
3180
Installer.exe
POST
200
172.217.18.110:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1756
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3180
Installer.exe
45.79.210.152:443
outbyte.com
Linode, LLC
US
unknown
1756
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2932
PCRepair.exe
45.79.210.152:443
outbyte.com
Linode, LLC
US
unknown
3008
iexplore.exe
151.139.237.160:80
static.optimize-windows.net
netDNA
US
suspicious
3180
Installer.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
3180
Installer.exe
172.217.18.110:80
www.google-analytics.com
Google Inc.
US
whitelisted
3008
iexplore.exe
149.56.19.59:80
downloads.optimize-windows.net
OVH SAS
CA
suspicious
1756
iexplore.exe
204.79.197.200:443
ieonline.microsoft.com
Microsoft Corporation
US
whitelisted
2932
PCRepair.exe
172.217.18.110:80
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
downloads.optimize-windows.net
  • 149.56.19.59
suspicious
static.optimize-windows.net
  • 151.139.237.160
suspicious
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
outbyte.com
  • 45.79.210.152
suspicious
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
www.google-analytics.com
  • 172.217.18.110
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted

Threats

PID
Process
Class
Message
3008
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
DISM.exe
PID=3244 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
DISM.exe
PID=3244 Initializing a provider store for the LOCAL session type. - CDISMProviderStore::Final_OnConnect
DISM.exe
PID=3244 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
DISM.exe
PID=3244 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
DISM.exe
PID=3244 Loading Provider from location C:\Windows\System32\Dism\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
DISM.exe
PID=3244 Connecting to the provider located at C:\Windows\System32\Dism\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
DISM.exe
PID=3244 Getting Provider OSServices - CDISMProviderStore::GetProvider
DISM.exe
PID=3244 The requested provider was not found in the Provider Store. - CDISMProviderStore::Internal_GetProvider(hr:0x80004005)
DISM.exe
PID=3244 Failed to get an OSServices provider. Must be running in local store. Falling back to checking alongside the log provider for wdscore.dll. - CDISMLogger::FindWdsCore(hr:0x80004005)
dismhost.exe
PID=3040 Encountered a loaded provider DISMLogger. - CDISMProviderStore::Internal_DisconnectProvider