| File name: | New Project (9).png |
| Full analysis: | https://app.any.run/tasks/971385cf-8b61-445e-a1a5-1e3682921b1a |
| Verdict: | Malicious activity |
| Analysis date: | March 28, 2026, 23:24:07 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | image/png |
| File info: | PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced |
| MD5: | B5F28F2AC7502F728503ED8BFB9C5CAA |
| SHA1: | 5575BCD35AC83B89EF58FF9A60E571265AB1045B |
| SHA256: | 2E7F0EF529D5368FF99386F5AF495B41360D2BDDF66A2AE603CB0B991AF2C835 |
| SSDEEP: | 3072:enz+dm8s01UEGDZs+h0z4RqjeGGPCHNeuJlnOk7kpQkZpxak:ez+Xs01Udq00z4Rmex+ou7nD7kSk5ak |
MALICIOUS
Execute application with conhost.exe as parent process
- cmd.exe (PID: 8604)
Bypass User Account Control (ComputerDefaults)
- ComputerDefaults.exe (PID: 6840)
Bypass User Account Control (fodhelper)
- fodhelper.exe (PID: 10688)
SUSPICIOUS
Uses ATTRIB.EXE to modify file attributes
- cmd.exe (PID: 2728)
Uses TIMEOUT.EXE to delay execution
- cmd.exe (PID: 2728)
Creates file in the systems drive root
- bootcfg.exe (PID: 3076)
- certreq.exe (PID: 7796)
Uses ICACLS.EXE to modify access control lists
- cmd.exe (PID: 2728)
Executes as Windows Service
- VSSVC.exe (PID: 7532)
- dllhost.exe (PID: 7776)
- msdtc.exe (PID: 8440)
- vds.exe (PID: 9868)
- FXSSVC.exe (PID: 10940)
The process executes files with name similar to system file names
- cleanmgr.exe (PID: 4916)
- CustomShellHost.exe (PID: 9068)
- DpiScaling.exe (PID: 9328)
Starts a Microsoft application from unusual location
- DismHost.exe (PID: 7188)
Application launched itself
- ClipUp.exe (PID: 6392)
- CompatTelRunner.exe (PID: 7692)
- cmd.exe (PID: 2728)
- CompatTelRunner.exe (PID: 7724)
Searches for installed software
- CompatTelRunner.exe (PID: 8548)
- CompatTelRunner.exe (PID: 7724)
The process verifies whether the antivirus software is installed
- DeviceCensus.exe (PID: 8976)
Uses DRIVERQUERY.EXE to obtain a list of installed device drivers
- cmd.exe (PID: 2728)
SQL CE related mutex has been found
- unregmp2.exe (PID: 6792)
Write to the desktop.ini file (may be used to cloak folders)
- FXSCOVER.exe (PID: 8992)
Sets XML DOM element text (SCRIPT)
- FXSCOVER.exe (PID: 8992)
Searches and executes a command on selected files
- forfiles.exe (PID: 10996)
INFO
Manual execution by a user
- cmd.exe (PID: 2728)
Reads the computer name
- agentactivationruntimestarter.exe (PID: 7896)
- DismHost.exe (PID: 7188)
- wmplayer.exe (PID: 9956)
- setup_wm.exe (PID: 6592)
- extrac32.exe (PID: 10752)
- EoAExperiences.exe (PID: 8396)
Checks supported languages
- appidtel.exe (PID: 4704)
- AggregatorHost.exe (PID: 2220)
- agentactivationruntimestarter.exe (PID: 7896)
- DismHost.exe (PID: 7188)
- curl.exe (PID: 5564)
- DataStoreCacheDumpTool.exe (PID: 8544)
- Defrag.exe (PID: 8500)
- deploymentcsphelper.exe (PID: 8260)
- drvinst.exe (PID: 7224)
- setup_wm.exe (PID: 6592)
- wmplayer.exe (PID: 9956)
- EoAExperiences.exe (PID: 8396)
- expand.exe (PID: 10624)
- extrac32.exe (PID: 10752)
Uses BITSADMIN.EXE
- cmd.exe (PID: 2728)
Reads security settings of Internet Explorer
- AppHostRegistrationVerifier.exe (PID: 3996)
- calc.exe (PID: 8024)
- certreq.exe (PID: 7796)
- OpenWith.exe (PID: 8044)
- cleanmgr.exe (PID: 4916)
- mmc.exe (PID: 6024)
- CompMgmtLauncher.exe (PID: 2092)
- CompatTelRunner.exe (PID: 7724)
- ComputerDefaults.exe (PID: 6840)
- CompatTelRunner.exe (PID: 8548)
- mmc.exe (PID: 8744)
- DpiScaling.exe (PID: 9328)
- explorer.exe (PID: 1972)
- explorer.exe (PID: 9836)
- wmplayer.exe (PID: 9956)
- setup_wm.exe (PID: 6592)
- unregmp2.exe (PID: 9268)
- mmc.exe (PID: 10544)
- FileHistory.exe (PID: 11016)
- FXSCOVER.exe (PID: 8992)
- fodhelper.exe (PID: 10688)
Creates files or folders in the user directory
- cleanmgr.exe (PID: 4916)
- CompatTelRunner.exe (PID: 7724)
- DeviceCensus.exe (PID: 8976)
- unregmp2.exe (PID: 6792)
- dxgiadaptercache.exe (PID: 9268)
Create files in a temporary directory
- cleanmgr.exe (PID: 4916)
- ClipUp.exe (PID: 3092)
- ddodiag.exe (PID: 6540)
- unregmp2.exe (PID: 9268)
- setup_wm.exe (PID: 6592)
- FXSSVC.exe (PID: 10816)
- FXSUNATD.exe (PID: 10536)
The sample compiled with english language support
- cleanmgr.exe (PID: 4916)
Reads Environment values
- DismHost.exe (PID: 7188)
Disables trace logs
- cmmon32.exe (PID: 1868)
- cmstp.exe (PID: 3048)
- cmdl32.exe (PID: 496)
- dialer.exe (PID: 9424)
- FXSSVC.exe (PID: 10940)
Reads Microsoft Office registry keys
- CompatTelRunner.exe (PID: 8548)
Execution of CURL command
- cmd.exe (PID: 2728)
Checks transactions between databases Windows and Oracle
- mmc.exe (PID: 8744)
- dllhost.exe (PID: 7776)
Reads the time zone
- DeviceCensus.exe (PID: 8976)
Displays MAC addresses of computer network adapters
- getmac.exe (PID: 10952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .png | | | Portable Network Graphics (100) |
|---|
EXIF
PNG
| ImageWidth: | 1280 |
|---|---|
| ImageHeight: | 720 |
| BitDepth: | 8 |
| ColorType: | RGB |
| Compression: | Deflate/Inflate |
| Filter: | Adaptive |
| Interlace: | Noninterlaced |
| SRGBRendering: | Relative Colorimetric |
| PixelsPerUnitX: | 2835 |
| PixelsPerUnitY: | 2835 |
| PixelUnits: | meters |
Composite
| ImageSize: | 1280x720 |
|---|---|
| Megapixels: | 0.922 |
Total processes
1 798
Monitored processes
1 614
Malicious processes
3
Suspicious processes
2
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 204 | "C:\WINDOWS\system32\bcdboot.exe" | C:\Windows\System32\bcdboot.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Bcdboot utility Exit code: 87 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 416 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 496 | "C:\WINDOWS\system32\ApplicationFrameHost.exe" | C:\Windows\System32\ApplicationFrameHost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Application Frame Host Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 496 | timeout /t 1 | C:\Windows\System32\timeout.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: timeout - pauses command processing Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 496 | "C:\WINDOWS\system32\cmdl32.exe" | C:\Windows\System32\cmdl32.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Connection Manager Auto-Download Exit code: 1 Version: 7.2.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 552 | "C:\WINDOWS\system32\chkntfs.exe" | C:\Windows\System32\chkntfs.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: NTFS Volume Maintenance Utility Exit code: 2 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 664 | "C:\WINDOWS\system32\ctfmon.exe" | C:\Windows\System32\ctfmon.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: CTF Loader Exit code: 3221226540 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 684 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | ApplyTrustOffline.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 728 | timeout /t 1 | C:\Windows\System32\timeout.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: timeout - pauses command processing Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 728 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | bthudtask.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
293 573
Read events
276 411
Write events
16 710
Delete events
452
Modification events
| (PID) Process: | (3996) AppHostRegistrationVerifier.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (3996) AppHostRegistrationVerifier.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (3996) AppHostRegistrationVerifier.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (3996) AppHostRegistrationVerifier.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppUriHandlers\mediaredirect.microsoft.com |
| Operation: | write | Name: | LastValidationAttemptTime |
Value: B0E362160ABFDC01 | |||
| (PID) Process: | (3996) AppHostRegistrationVerifier.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppUriHandlers\mediaredirect.microsoft.com |
| Operation: | write | Name: | FailedValiationCount |
Value: 2 | |||
| (PID) Process: | (1352) AtBroker.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility |
| Operation: | write | Name: | Configuration |
Value: | |||
| (PID) Process: | (1352) AtBroker.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1 |
| Operation: | write | Name: | SecureConfiguration |
Value: | |||
| (PID) Process: | (1352) AtBroker.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\system32\AccessibilityCPL.dll,-83 |
Value: Narrator | |||
| (PID) Process: | (1352) AtBroker.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility |
| Operation: | write | Name: | NarratorAfterSigninResetCompleted |
Value: 1 | |||
| (PID) Process: | (1864) bcdedit.exe | Key: | HKEY_LOCAL_MACHINE\BCD00000000\Objects\{a5a30fa2-3d06-4e9f-b5f4-a01df9d1fcba}\Elements |
| Operation: | delete key | Name: | (default) |
Value: | |||
Executable files
51
Suspicious files
23
Text files
28
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4916 | cleanmgr.exe | C:\Windows\System32\LogFiles\setupcln\setupact.log | — | |
MD5:— | SHA256:— | |||
| 4916 | cleanmgr.exe | C:\Windows\System32\LogFiles\setupcln\diagerr.xml | text | |
MD5:A0C22C9F1D7FADAAADABF0C83A1F4145 | SHA256:B39BD2E8B9D0CAE257127FE86F4CDAD8A730B923E11CF7C480C441D51E49D3B8 | |||
| 4916 | cleanmgr.exe | C:\Users\admin\AppData\Local\Temp\E0EB1572-63A5-4F0F-8B75-5FD05B212BD5\AppxProvider.dll | executable | |
MD5:396C483D62FEA5FA0FD442C8DC99D4EF | SHA256:36F2AF43F10FD76FEEF65BF574D79D3E27FD40DAF61249880511543C1F17AD91 | |||
| 2016 | BdeHdCfg.exe | C:\Windows\Panther\UnattendGC\diagwrn.xml | text | |
MD5:E7D61F31E13255B53337512E2D6EDF08 | SHA256:F5FD217C66A78E469FC33EE079506702CA14280B58FEFABFDEEE310F25E314FE | |||
| 2016 | BdeHdCfg.exe | C:\Windows\Panther\UnattendGC\diagerr.xml | text | |
MD5:3A8D2D92D67445734789F82D6E6D90A6 | SHA256:E80AA5A43C517844228A67E8A49E30EE8CF68979E54BA0A3FE660C80978808C6 | |||
| 4916 | cleanmgr.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE | binary | |
MD5:E7B69354097643D60D64FA716BDD82D1 | SHA256:97913E31381362D075A3EC5E717AA4843A505D0E1E8CE899EFC3C723B64643EE | |||
| 4916 | cleanmgr.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE | binary | |
MD5:FC2FAE9740FDDB59440B94E791FACC05 | SHA256:BE10C9C5BB492A124F62A253BFF6E45C3DE654E3A923F252039C4E70CC76B09A | |||
| 2016 | BdeHdCfg.exe | C:\Windows\Panther\UnattendGC\setupact.log | text | |
MD5:CAD30AC210A366FF8F822A8AC24BAA54 | SHA256:030500677CF774AADD66B8737FA995F8D9E44128A0B1B02C015E340CE3361875 | |||
| 4916 | cleanmgr.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21253908F3CB05D51B1C2DA8B681A785 | binary | |
MD5:1A3A08F5EC73273F18F9F94289DDA6B7 | SHA256:2E306230AA41D2C40649BBB57E2F1EB54E6ACF15C6206B0AAABBDBA47A387462 | |||
| 4916 | cleanmgr.exe | C:\Windows\System32\LogFiles\setupcln\diagwrn.xml | text | |
MD5:120A5813D24065B9212B5842190FEB08 | SHA256:18CCF640E3AD27215E88E709AECED5FD9A57E3D19C1DE8DAA1AB79BDEBE80D20 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
121
TCP/UDP connections
81
DNS requests
51
Threats
1
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5276 | MoUsoCoreWorker.exe | GET | 304 | 51.104.136.2:443 | https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop | US | — | — | whitelisted |
5276 | MoUsoCoreWorker.exe | GET | 304 | 4.231.128.59:443 | https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30 | US | — | — | whitelisted |
6228 | SIHClient.exe | GET | 304 | 74.178.76.128:443 | https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL | US | — | — | whitelisted |
— | — | GET | 200 | 23.11.41.157:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D | NL | binary | 312 b | whitelisted |
5532 | SearchApp.exe | GET | 200 | 184.86.251.22:443 | https://www.bing.com/manifest/threshold.appcache | NL | text | 2.15 Kb | whitelisted |
5532 | SearchApp.exe | GET | 200 | 184.86.251.22:443 | https://www.bing.com/DSB/search?dsbmr=1&format=dsbjson&client=windowsminiserp&dsbschemaversion=1.1&dsbminiserp=1&q=q&cc=US&setlang=en-us&clientDateTime=3%2F28%2F2026%2C%207%3A24%3A40%20PM | NL | text | 25.5 Kb | whitelisted |
— | — | GET | 200 | 204.79.197.203:80 | http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D | US | binary | 959 b | whitelisted |
5316 | svchost.exe | POST | 400 | 40.126.31.130:443 | https://login.live.com/ppsecure/deviceaddcredential.srf | US | text | 203 b | whitelisted |
5316 | svchost.exe | POST | 400 | 40.126.31.130:443 | https://login.live.com/ppsecure/deviceaddcredential.srf | US | text | 203 b | whitelisted |
5316 | svchost.exe | POST | 200 | 40.126.31.130:443 | https://login.live.com/RST2.srf | US | xml | 1.24 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
5484 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5276 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 48.192.1.65:443 | activation-v2.sls.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5532 | SearchApp.exe | 184.86.251.27:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
— | — | 23.11.41.157:80 | ocsp.digicert.com | AKAMAI-AMS | NL | whitelisted |
— | — | 204.79.197.203:80 | oneocsp.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
3428 | svchost.exe | 172.211.123.249:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5316 | svchost.exe | 40.126.31.130:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
oneocsp.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
5484 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
Process | Message |
|---|---|
cleanmgr.exe | PID=4916 TID=7352 DismApi.dll: - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 DismApi.dll: <----- Starting DismApi.dll session -----> - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 DismApi.dll: - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 DismApi.dll: Host machine information: OS Version=10.0.19045, Running architecture=amd64, Number of processors=6 - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 DismApi.dll: API Version 10.0.19041.3758 - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 DismApi.dll: Parent process command line: "C:\WINDOWS\system32\cleanmgr.exe" - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 Enter DismInitializeInternal - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 Input parameters: LogLevel: 2, LogFilePath: (null), ScratchDirectory: (null) - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 Initialized GlobalConfig - DismInitializeInternal
|
cleanmgr.exe | PID=4916 TID=7352 Initialized SessionTable - DismInitializeInternal
|