General Info

File name

wctA3B3.tmp

Full analysis
https://app.any.run/tasks/3f8ee04b-1434-4cac-84c5-cfa0799fa59f
Verdict
Malicious activity
Analysis date
4/15/2019, 09:36:14
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

6b00e4a46d2261621bc0d84da8a4d8a7

SHA1

91344bf54c152443118b8fad39268d42b7c6268f

SHA256

337d42f67c20ab87101d9f04a1187e72562a94b51996b9a14730876ac1b62c51

SSDEEP

6144:K/evKPHfTP/MHqvWoPfTdnUQNLgsuvesi7IiLCYGlvm:WjP/MHqvn7dUnWPCrv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
540 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 11.0.9600.18860 KB4052978
  • Adobe Acrobat Reader DC MUI (15.007.20033)
  • Adobe Flash Player 27 ActiveX (27.0.0.187)
  • Adobe Flash Player 27 NPAPI (27.0.0.187)
  • Adobe Flash Player 27 PPAPI (27.0.0.187)
  • CCleaner (5.35)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (64-bit) (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Professional 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Single Image 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
  • Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
  • Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (14.12.25810.0)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (14.11.25325.0)
  • Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.11.25325 (14.11.25325)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.11.25325 (14.11.25325)
  • Mozilla Firefox 65.0.2 (x64 en-US) (65.0.2)
  • Mozilla Maintenance Service (65.0.2)
  • Notepad++ (64-bit x64) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype™ 7.39 (7.39.102)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (64-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506014
  • KB2506212
  • KB2506928
  • KB2509553
  • KB2532531
  • KB2533552
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2563227
  • KB2564958
  • KB2579686
  • KB2585542
  • KB2585542 SP1
  • KB2598845
  • KB2603229
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2656356 SP1
  • KB2660075
  • KB2667402
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2706045
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2732059
  • KB2732487
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2763523
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2789645 SP1
  • KB2791765
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813430
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2884256
  • KB2888049
  • KB2891804
  • KB2892074
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2966583
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2973351
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2985461
  • KB2991963
  • KB2992611
  • KB3003743
  • KB3004361
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3035132
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075220
  • KB3076895
  • KB3078601
  • KB3078667
  • KB3080149
  • KB3084135
  • KB3086255
  • KB3092601
  • KB3092627
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3107998
  • KB3108371
  • KB3108381
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3115858 SP1
  • KB3122648
  • KB3124275
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3155178
  • KB3156016
  • KB3156019
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3161958
  • KB3170735
  • KB3170735 SP1
  • KB3172605
  • KB3177467
  • KB3179573
  • KB3184143
  • KB4019990
  • KB4040980
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 1 for KB2656356
  • Package 1 for KB2789645
  • Package 1 for KB3115858
  • Package 1 for KB3170735
  • Package 2 for KB2585542
  • Package 2 for KB2656356
  • Package 2 for KB2789645
  • Package 2 for KB3115858
  • Package 2 for KB3170735
  • Package 3 for KB2585542
  • Package 3 for KB2656356
  • Package 4 for KB2656356
  • Package 4 for KB2789645
  • Package 5 for KB2656356
  • Package 7 for KB2656356
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Changes internet zones settings
  • iexplore.exe (PID: 2164)
  • iexplore.exe (PID: 2324)
  • iexplore.exe (PID: 2200)
  • iexplore.exe (PID: 1612)
  • iexplore.exe (PID: 1844)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2164)
  • iexplore.exe (PID: 2324)
  • iexplore.exe (PID: 2200)
  • iexplore.exe (PID: 1612)
  • iexplore.exe (PID: 1844)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 2548)
  • IEXPLORE.EXE (PID: 1536)
  • IEXPLORE.EXE (PID: 3012)
  • IEXPLORE.EXE (PID: 2852)
  • IEXPLORE.EXE (PID: 2432)
Reads the machine GUID from the registry
  • iexplore.exe (PID: 2164)
  • iexplore.exe (PID: 2200)
  • iexplore.exe (PID: 2324)
  • iexplore.exe (PID: 1612)
  • iexplore.exe (PID: 1844)
Reads settings of System Certificates
  • iexplore.exe (PID: 2164)
  • iexplore.exe (PID: 2200)
  • iexplore.exe (PID: 2324)
  • iexplore.exe (PID: 1612)
  • iexplore.exe (PID: 1844)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (41%)
.exe
|   Win64 Executable (generic) (36.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.6%)
.exe
|   Win32 Executable (generic) (5.9%)
.exe
|   Clipper DOS Executable (2.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:04:15 04:22:42+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
171520
InitializedDataSize:
231936
UninitializedDataSize:
null
EntryPoint:
0x12248
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
3.8.40.4
ProductVersionNumber:
3.8.40.4
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
ProductName:
Gdi
LegalCopyright:
Copyright 2015
Comments:
Xml Ads Asynchronous Teller Dinesh
PrivateBuild:
3.8.40.4
FileDescription:
Xml Ads Asynchronous Teller Dinesh
FileVersion:
3.8.40.4
CompanyName:
AKVIS
ProductVersion:
3.8.40.4
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
15-Apr-2019 02:22:42
Detected languages
English - United States
Debug artifacts
C:\Red\RenderInd\Release\hta.pdb
ProductName:
Gdi
LegalCopyright:
Copyright 2015
Comments:
Xml Ads Asynchronous Teller Dinesh
PrivateBuild:
3.8.40.4
FileDescription:
Xml Ads Asynchronous Teller Dinesh
FileVersion:
3.8.40.4
CompanyName:
AKVIS
ProductVersion:
3.8.40.4
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
15-Apr-2019 02:22:42
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00029DA2 0x00029E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.83346
.rdata 0x0002B000 0x0000BD4E 0x0000BE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.14152
.data 0x00037000 0x0000487C 0x00001E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.79277
.rsrc 0x0003C000 0x00027A0C 0x00027C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.86924
.reloc 0x00064000 0x0000306A 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.23251
Resources
1

2

3

4

5

6

23

101

195

229

394

586

716

1282

1334

1668

2512

3046

3257

3497

3687

3934

4025

4241

4887

5052

5717

5815

6161

6710

7489

7959

7963

8146

8447

8459

8915

10189

10214

10334

10590

10843

11896

11937

AQUA_IDB_OFFICE2007_RIBBON_BTN_GROUPMENU_F_C

AQUA_IDB_OFFICE2007_TAB_FLAT

BLACK_IDB_OFFICE2007_MAINBORDER

BLACK_IDB_OFFICE2007_POPUPMENU_BORDER

BLUE_IDB_OFFICE2007_STATUSBAR_SIZEBOX

BLUE_IDB_OFFICE2007_SYS_BTN_RESTORE_S

SILVER_IDB_OFFICE2007_SYS_BTN_BACK_S

BBHELP

LMDSYSINFOTREE

STOPIMAGE

TCOMBOFLAT

TIMAGEFILTERED

DLGTEMPLATE

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    ole32.dll

    WS2_32.dll

    NETAPI32.dll

    AVICAP32.dll

    MSACM32.dll

    WINMM.dll

    IPHLPAPI.DLL

    SHLWAPI.dll

    COMCTL32.dll

    RPCRT4.dll

    OPENGL32.dll

    Wlanapi.dll

Exports

    No exports.

Video and screenshots

Processes

Total processes
45
Monitored processes
11
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start wcta3b3.tmp.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2124
CMD
"C:\Users\admin\Desktop\wctA3B3.tmp.exe"
Path
C:\Users\admin\Desktop\wctA3B3.tmp.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
AKVIS
Description
Xml Ads Asynchronous Teller Dinesh
Version
3.8.40.4
Modules
Image
c:\users\admin\desktop\wcta3b3.tmp.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\netapi32.dll
c:\windows\syswow64\netutils.dll
c:\windows\syswow64\srvcli.dll
c:\windows\syswow64\wkscli.dll
c:\windows\syswow64\avicap32.dll
c:\windows\syswow64\winmm.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\msvfw32.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\msacm32.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\opengl32.dll
c:\windows\syswow64\glu32.dll
c:\windows\syswow64\ddraw.dll
c:\windows\syswow64\dciman32.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\wlanapi.dll
c:\windows\syswow64\wlanutil.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\imaadp32.acm
c:\windows\syswow64\msg711.acm
c:\windows\syswow64\msgsm32.acm
c:\windows\syswow64\msadp32.acm
c:\windows\syswow64\l3codeca.acm
c:\windows\syswow64\msftedit.dll
c:\windows\syswow64\ntmarta.dll
c:\windows\syswow64\wldap32.dll
c:\windows\syswow64\clbcatq.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\ntdsapi.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\sxs.dll

PID
1844
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\mlang.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxgi.dll

PID
2432
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\mshtml.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
1612
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll

PID
2852
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
2324
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll

PID
3012
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\d2d1.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dwrite.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
2200
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll

PID
1536
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

PID
2164
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll

PID
2548
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll

Registry activity

Total events
2284
Read events
2000
Write events
284
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
2
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
44947600
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30733150
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
344950490
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30733150
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{404C2199-5F51-11E9-9B0A-5254004AAD21}
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F000700250000005F03
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
3
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000923410120DC9A2B598B7CC77061A5920F7628138EBCDCDDD62F9667B0D33E4B89A50694AF59458D8E4F324BE6353C0110EC15AAA66D2CCF89F8B46107C9B5D9CC0B972B1B3796F7702E56149509FEC99297DCD7FD0BF1D85D963824DDC336320848FBABCA617BCAA74AB4459676C69548EB5CBC12936CECB4BA0D42C1E9D32E18BF2AFF9800E999B8B664B10B95A020E228B6479B3D539666D6201C2337878FAFC027811D0FE3F69303769BC810985DEA61DC95FDB3D782E3BC9DA73D663D161C9DF2CA47987559E4D3C9A73D3194052228DE25D500F6FBBDDF4DD7B5700046002A929F17749213BC69770026F2BE4A4DAF988DE83E9B872B705FEBF8BEDE40FFC80C64E24E48848BB65D3264CDDBF0B5B832EEF506DED230D1BC7F18DCCEBF0A984BA724DF8A10155CAA31D32D0CD12C7497E2CF2395E384D56E307393C998A8AD5488C7825348601E3F57E02A418032B6DF88783EE597295D5ACFDCEDC4421869391296B0B3A25C1D16A68C0F9B760B30DD5D4342D033AC0BA61EDF24EC77286DE86F4D049133195B432FDF56F4B73374BAB2B9694D87EE424AC6D2B31AD8DDCD6E637BA8107672CADB5319EA6E1E0B645A51714C5A0202133084DD12424B36D9CC436F552E7E5E5DAB7E5773F11581B1D3E99E25EBAF473072E92FAC94748644EB859C05C47B1B35C4E5333D8EA4D95F18FF49C00454FABBFB3D058BF6BD87B0D2B24E33F41CE7954FAC9081270C202E36D56474C8724EF7D1DCFAEA54B2853F93EFC269B78E454E07FBBB18D731F9D11403D9CE035B65960D47A8B1D425A223219C55D10DA76D821F419CFE9A121A99D89C2465EEBD24788C72B51C64F1D44D897476B3E5EAA9B37A500C8C6F5D46BA67DA4EB6475A29014583AAA3F56F1490B1F6848C5109B4E43DBB567C5D99AF34B70286C948606BD26BFE2F02A947A59EB7A325C453D45A96302F158846E494CAEEBCC1A8C618BE4DD1B790D2601E30D98A7AEB05D40F885B8D97D0BA4985296EDBEC8F7EDE1DE335932F186D2E44C7B328A8EE5AF21601463592187C5AF015A2AA85B49586AE637BA60AD0CD09A5325D900A1AFDA201A3282A9DF81870CC2D98382EF8E6B055A851F5CA851BFE5A332ADFF1DC47EC3DCDF36817EB28ADE7D4C1A2D0861C8BAF4CDAAE5E6A63EDF951FCE16BCEE3BFE2D8F9F136AB66E9C03EB0D4003140D892F027A303C1BEF43E7055C6C9DA3B1F5A67BDE93DB6AD4BF86077E28A98ADB069408AF2A613D717F791177690238807CCF4D11EE594F5AB623D68B809041D303987469B754B363FA24553F81D722481180B359078315A1A77F305664488793440EA7C78E134467979CE7D4530B4FA9E5DC64D7022BEE498D709DFDF35E74BDA721E2EB5E9C7B1CFB60EF56B5B5484318D529A90FC7B4F2EDB70DA2252E30EF0EE875F41A41DE2159BEE0E5C71365B6AA42F3F09629C93C51CCB9638F7EACCAC07D6902F1502D18AFE4C9A18A4CD3A1278987CC3E9142C876B64F62C6F649EFF2B4E8347C060BA03F08D6AAB70DADA62ED0035EFD00483440F971BE305BD3FC3C53DEAC31D39D587292C520F6EFEA6473C811C459F11521648EE6961A9F689360E2038918ED3EE2AE64C0238BB0C57BAB01D91F7B4AE22FDEED6B0C48C6F252260C23EBAB384ADDDB2E97D3543EF08B1BD57690EAAFDFFE942BF13E1794CFDA128B47F25A79E6E850CB8B50EE8933348AD61835A61EF92E2621454E090D04CCF8A7E1BD15D853A585B7CABA0534651673DEE02F83DA77609AA6815AF3C5D8C6C146F16E2BB999B25792BC31810963D1469DB39E59A800323EDE458477054D6AB988012487DCD3B16BB0E5D57240400512C656A3BB596A45DB8FCDEAD0B3E856EBF74BFF99D71F41EABD90C6DC986E52F6C34A5CC6AD1E3987902DAE6C1D852B1B468B1E5FD59201FB718D24B045645804FBD1EA117981AE3E42AFEEFC7F2E8A199DDCA3EBABF393D14F890F0EA288B639A9916D1826B744B2173FCC4E6DB511877BFDAD75423196AE7B8DA7FCBBB00E9C412306DF7E839B4A34A5667BFC4C62E6233A5C70459CA96B9A670DF6A8DAFFAB6CF8D382C839548F1303DE85C6E51BDE997FD06829DB6EE3C4635FCCB3CD29F587E9F5DA352E0D6C46D45214BD9CDDA232AC28AB8054842F8B5ABE5752E42C26BE748DAB9A1267713830E4A9C43349CEB39D8674A1A68A5E084E4AD1ED26A8BAB114B90D81AA021011BBB2FD28F9FD45FE7E091996072293006123017B013D65ADDF9A9C80CD7E209ADADE72DB559BF55159D146666FEB8D185A69A2E5018B7D6E8050FFECBB7BE43A6187A884F8C1A116B4FD9BA7AC84F9157F3C78454E32F47953FC1DCF609AEB01E2CCCA6648111240B4AF5C66F18F062F5FBCE0E635D25003FCBC81385B799FC06CCF49091B29A238DB06025459AB33742B092D26980A0B6390B1A0D948B9E23774AED8BDB9AA866024225153E977FF3A654365178A7CF31E79FC00EFE4FA6B4D418B8AEE5635DA1D6C23EE441895EFA43F8AE5FAABC70D7B30BB4682C1DC04599984BD40ED6868788E28BB316AA4753067FEA78B858B3BA89C0F7DF0E1FF478252BB1B8067E54B4ADD53F0BDAC43C65C5FBFE413F168227282189ACA8A03F324A14E18670C4ACBFE03C314EA1214955A0FED3F56FEFE188D57F76D034B89204E225F5C29AF38D0DF5498D62E3DB659D11DA8484719EDB4681DCA5A653B2FDB49AD0C91D42E5055F374F2FAD8A2C8A0AC0E10359555D5010000000E0000007A67784775642F5046646B2533640200000000000000
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000215C2468AC0E41A330444F589C1E81F0440BC57CBBC7E451CA4BA0AFFD211276000000000E8000000002000020000000FFEBC1480353302D7FC97231B566D329A73632DE9279E865CFA7ADAD7737FC455000000092BE0B6CAE3E538F3D2B4201ED17D61BEBF5D9F2F87986BB5D3D174E18AC6F31B23755B1078251897CD565171DD1E5EDF5B6C45C82FAB84001B28733CC775DC88ACB59FEF6C9824E4196090BBFC0178340000000C7F3118B019B60D378FF0F5C484540C125FA343507A77A0B3DC12173C47549B1202A43A882A0BE5EC9D97FA9D4E06B60A12C0E7B629361063821049D0633AC81
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB3789000000000200000000001066000000010000200000009F1ADB03550FE84FE93FDA293D75C8DBFA627BF211B4B84BFBE3BD57D265ADF2000000000E80000000020000200000007A199B22422AF4609A274BDB2CC59B415B219B5B7094384BE5DFE247835A437510000000D994F5C6C57FF6CA6DDC01E58A60558D40000000A5B164351353FA6A241DC60292DDDE56B858A1AA77829D67DA2455960443CF889831F236D146ABB03E89AA8325D5B040F37975DDD133F181B54D37BBFC9D3EAD
1844
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionLow
395188356
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionHigh
268435456
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListLastUpdateTime
3666607
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VendorId
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DeviceId
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
SubSysId
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Revision
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionHigh
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionLow
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DXFeatureLevel
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VendorId
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DeviceId
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-SubSysId
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-Revision
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionHigh
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionLow
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DXFeatureLevel
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
358075490
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30733150
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
1607835690
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30733200
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionHigh
268435456
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionLow
395188356
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
1
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000B57FF06229B3AAF536FE0A4120464DD5F9E508B318123F319562126B931B31EF000000000E80000000020000200000009EE95E87D0EADA7E610A3FACD6C3C2E7D14E460E6A0F785DB4EB35138AE641D830000000C43471456214D7DAF6DF210D777A2DFE30F2F32B0C8D754EEAB8EB0D08326538792325DEAF7824C57F599597F3C2FD324000000077A381F8F13FBA978C4D0263C894CA913912239960F26D55BD695A65B98EE1F021327C203B0A8485CD7AC8F5183D8CA44552DC3307488B29F0982AC23EB6C188
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
A06082185EF3D401
1844
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
0
2432
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2432
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2432
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000079000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{5C7D0FC7-5F51-11E9-9B0A-5254004AAD21}
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F00070025002F004602
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A60700006D156ED77C52D4F74B9706763F29302440F89E0A0AFAFD0281B0FD5B1458C27E55FD2179C43A416077FE62E42A3F763BD9D834A6E7F8AE891CD47AD4F58D84AD5F7E2AED6258FCA0B1C6B86989865F773E22709BF1BC55767AA9E251E5AFAD770B3873A237CA5FB9C78F46296ECB8E1179744C636865EDEE88CEB4AAD7DEEC7F34CBCE3BB1B10717D8F96BCAC02C6D41D56F0ECF1213B3234EE55A67AA3AACE3B3D6EB3BA12DFBA223A5955548CB15AA71B4E4B5DAE5B543388D5CE3DFE365D7D6FB5135285FAE1A3E31E71E0AC742A0B5E14D31B1FD42C1BE65D080AEF9D1090DD9FF9566654EC1353F8ABFE63F24356D98B16F427ABCE5740F3DEBC29C5EE0831057FBD5609258E86C392175550C1BEC77F70F317CADB66E2A206994EC127DE640AA187C714170C65BC997FB270154901F10107323A72BCE55713FB009DB9A1509882F29B6FCFFB2ABB90C5BD72CB33C31FF4DA28E33B036320821F7137230090BCA14FA503C5372FD5639C983AC2AC44BE891F5DF62FA835F30B8BB2AA4EC39E6D3C5E15F7D4B46EF78F00C4D8FF0400FDC313735CB2CC77EF930B26E7780133A75924B0451E43F225F79D753FB6CE11BBE3B15B0C84E222E2BDFD8FF1AB172A7FECF245D2117163609FB2EB7A6F78C100937836F890D900E99F383FD5F496BCD8B21D18B3604C0CB57F7BA97496F228FEC71DD948ED3E8C0D43A91887FC9844B555092AE216FAA8131D131156D94B536B9DDA63EEE290CE315EFB7C048F49CC3B0AC17E79B8CC7F8376DF84F6B3A4AA798821D8D526EDA160F9F02C64F29BDD4A20B8C54BF1D6BD1CDD61667D84ABE80077967A1F1D8E4FBA41C68B87888CB1E9544FA1600DD28AAE4FEC17BEA949C626E7BAA994ECE53313C8063B7DCECF6412B53794E4F3C1D24CC821EAD476B04EE1201CD970B869E57C53B69E30FB716DD70F32D1A2A6DBADF538A911B48189BC282F21BBAF2FFE70F3F3E045C41641292BDDCE19B72C3F67BD0AED2E7D31C018080E21622DF4250F880237F4236F37400EE89F4F17D5BE7985DF70E30E83FEDC6E7DE88EECCF8F4B18C7945B57D245AC7938B5E3D351B61D76EE6B81535706E36CFCDEF40E84FE6DCA61048D589797D878872F59D1DFD4CD6548B7BB85B761B6EDB5EE037D82C4E18A85F2FC2F71780DFD143BF32C7AB3C36D4B6EF37BC70FC0FA68635F38CB2A1048DF5229C5F668A715780321DCE6FC897D13063B44D2970BA7F904B94CA174B42C9FC74833E8EAEDC2FBA097CBE6A9E996001B64D0732A10D10B7E039F0C5577129CC2A97BEC09AC0F5BCD3709226A0DC63CF5C2402D767AA585C8604CED2A430398B4DF8F34DF8BDA2429E19736F9700A247B757ADE00A2F6BBD1514AAC30121E0E302C68C8EE073FC3B5998CA7E5AA625993D08C11FBA3D11487189DFA136E322C31721149F1F829CA2140B567D206C13FEF055D0D20E75E0784D83CA5C8A154931342947E4068A0DE7E293B54914F35C590B6054D398759545C82166836B59812C82FEAB63492B8FDF7C515299B0DBB7DC9147F89766DF6D20F285A7437D4E82A0A4C00FF04A05CE537B637962A2C404C61C2CEC031151AF8229CEB9C2C0931C6AF78F271F7FB8480FF4EAF9978A4E302B9B2D57089C6CF70D531C33BE00CA0665D38B1B11D8E3BE8B8106A838651A2FD0166C371426D16939CE8E25844492FB91EFD4280C9428032662D891AA6BC6961520084E56D21E9D8FE546C535828A4C46AA8AB4E1C52647E5747EEA6613F3E5F1FE2077CA36F5A17F1963AF5932547273D0CDE329C37D58CB9219B2F4E041D0F939D6741DF2F459B82C05D3C5628F27F3CABD5649AACD5CC871CA923AC5508D7EA348A45A9ABCC918694C7BCFC8DA3CEF967A5B4C0FB621243FAF4D17F9C065B7479896703AEE312EA45755CF28D7DC50AB24518D02D8F98CF5E94E4D62320DF788E4597DD8282843EF485BFB9F24D443BADB342E36D38BA7B998BFC24244A5FF4E4ED4EF480C61FD143EDB84DE6398C9A8BF24604247AF3D41DD300B30972A54CAF4AB79F238F78A4D59D1103933E45C95F04D7E78D4DFEC0BD6D8460BCB31A860F8B9CF944DE96384B8677C9C33849FA28E68F26C1AD570DCA47C4B9A809358A778EB3963EC8895DD7D66EEEF05CA249DB9E5F0A5B8D8799567B422A7564BF72B96C2F187B326A5D2C7A63E7E48A83ABF9133FF815031121740D1D887ED7DE3E370B1576C443FF978B691ABFD9BB4D48E37344FFE811696D04D1B956CE61DF514284AEFCD3D09DA746A96D9FAA0FE7856C995E2D5EB5C3890AF470933DF833AB2DCED30963FD903B9028D2D77F6A34365688488C02E11197F87B02B007965BE19AE172A15EBD6BEE9A0406D973C40FD6834E2A310EAD2EF44F39246EF54016292BC60F1BBDF41921A63D8B4D8145C37504DE7C134BF363BC9146253E31075CE912877DFE3BD1682586BC2BB471D7C8310D373066A4DC20E9B0AA2A48A4D2E666D11C5A7F623C0DC97D72A6AAFF6ABB251E6D862403495635AF62DE763AC5856F89619332EB3AF998CC96ABCED41992A73A67B9D28140903B4F6306C0FCB14AD28D94654050B6B48E6602CF55E9DE1472533802AC08CA1FAA02B60C4314B4E87D3F8AD44B6CCD88D2DBCE127A0A9A7CB2BAD01D7803EFEA36FB633AEE4CC9C47421573F855976B356EFDB50617074B667434913DA2C9453928B5D653CEEE0BE5C24E123BDA0AC0CB8F429D0B5756C2423BE82C11C1CDB1FEA449010000000E0000007A67784775642F5046646B2533640200000000000000
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000F8CD1596F8739ED3BC4D9E49351CE1970A3A0CF6FB84390EAA3F24B4CCC86758000000000E800000000200002000000084ED9234E223B7CDF802FFF5521930E2AE23731ECF017EA8B506FEA30871BAA2500000002566C90D9480435C378A3127602FBE39B37368459CFCBD95A78E51FB99FC453CF35270260F5669C94BFCDC88DCA3D3AEEA7CF56B77348F5A1EEA054F716754D1F0BBA3EC4AE2C72AF13AAE1FFC8B49174000000064D1B15622CB1E1F914C459DE41A88DDAA5176D8204126F4ECF2334A9A4209465654122E28909CF822F2CCE2FA68DDCEE70828A358B4BCAAF90451DAD7C92829
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000743665DA71BE2A8AE1B7F5AAE938439A5A4D365E38F46EB03DE28804A5569866000000000E80000000020000200000002EFB70C43023B6416719B07BBDF8E7549678749659197D3F7925F197B07737D210000000FFCF1DC483A8D2BF933106D69A4E745F400000007AC8541C8E1E12BC0615A5F7BE22B3E239060849F5622685B6BDBF9F7F255E497774783A91B9CEC60C95098B3AF519662C9FC3328AB738456E86005F490F7C96
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000E224B421520879B8C3C9365DA41E2F9B257D0CFF397EB7056F27FA9DD41888EC000000000E8000000002000020000000AA0C4796D92CB8AEA1C189A6BC4DB4484EB177F5EB568025985A59C5C0F671123000000080135BE9B7C7710BDB099DF3CB05999F82192703B1DE2DA9A8489EE562CB0F79F0BA334BC7CD6F02B78102258178F94A40000000675AD77BDFF6023F3929AE11354FCB6AA5E7C175BFDEE2956FA82A0F8BF1C080162F45327F32DEC4AD9DECCD10BE38AAA55CDD3F9580CBD58E9860AF1D1AF975
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
C0FA63225EF3D401
1612
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2852
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2852
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2852
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007A000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{6C607B8B-5F51-11E9-9B0A-5254004AAD21}
0
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F00070026000E007100
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
5
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000496CB34EE8BDAA010F05508F4B86AEA2DC33D8E326B7FB5D7D2936E868DFDD09B1994023B0D57BE0B3DD2DC5DE9125D8B511DBD65BBDA579103642A6F95701D37B50ED2016524CB47587975CDD3423738248370ADDB8F152E664B63F796D671DAF2F2F7123541ADF03A2EF88BA84CFD295786A7E34C98E9384535EB5DB3F05E5D0D7162025FB8D349CCDB9F9F4A1316B4941393F7E0EBED0F2A30F1C16EF187A17E92C9695663C7C67AA8C4FFCAB66715D43FA6DA6A8567334F52FD9D39B04CCB2037DA89CB7D746FAD72B9FDEC2F24F491E84D4DDB78DF522E7E7EB3265648BE9C77D38720DF514F1F7F400B206C0F241721A0E1E5CF371781A1647CE6BAC1BA7D3CC6041888BC82CA63636819786DC70DF483D1DB5FA7C122E923E68CF635382C88E338847626C82868F598F959A127C05C050CFE3E051C2C363FFBCAF680A3147740CDD6CB644F63891A48F207CD28083CFDC8E068650AA795A186B2D187DADEE6868EE16D037365B1A3E9D58DE1AA8FBA27E293F9ACA8FF0B919B767C47D5D5F1E5A7565FE7F828E3020385EB005DC0CF5D5DBAC711D7BC9213C0E7F936FB73816887F79C4AFFB730108635002F0CD562308E96E681E2EA2BD1BD493FE1E961AE1B790711C0952A9187B7A4F3872F0795EDB6FA6C8DA0C1CE5821FC522590FA65AEDC56F2A2084CF8AD76E7B62270E156058017227A2E4D739439D336D66A07ACB1B069279CEEE87C47745F4D74729CA58028AF3CA62F0736F24CBFF544178381F6263FAC478037051E30CDA12102638529FA149DF55D690E8D80E48C0AE997EA6DBF8C616A4AF291814424DABFB02FFA68D4B95A0FC78CFD90CF42D05196FEED8F8EE1841DBEC54FEC7156D1BC970BFFFA8F6F5296E5FCE377F6FD04A4412261276ED0F13DE5990EBDF2A5A0D589817A8C1A18A9DF0222EBB2AD54FCFCBB2C735D519CBD72DFE7C0BD72534D94DB7A989A5677545E9EB8F9E8208CC5D747672CB6A556C61D932BA4A45061BA38DFD14B9B37AD40215CC9177BDE365434C90C50900E011CBA823E9546B5A2FF685C1F89901D4C8B11AF8D4952B493C739C7E62FA00CADCA78DA5A829DF4C901241F2F53C17C37136609AF83DA7B46F53A719E7A83701EC16690899B3340F5E6157F7AB142F5CF0893D429E840A2320C93BA4F5501E4B61E81F785BEFC63BB9769D40BA70121963E6763D6412BDBE6D26132E2DD0BC265BB0FD8C8D3D8737C1F5B41CC2DB7997EBB50547EB684C78787604CA2D1B159DF98A6D5AD157E28296C3603D6395090CA9F13CEBD31016965F31003E970025E75D9CF964C6C0AFE85859AF4B3DDFD37ABBC92CA8BC8905414481E61C09A6722AA6A3A2D30B2337E3271CF176F08871F9427C669D46375B9E459A258424412B4DF488821E424D40E923C283961B64A9AD5E22033A1282871B84A7273B891DD18066BFC3640A4438846C786892607EA26130CE0576BED9174820C296E2D6A57C961E29E2D0026F61FF2244ADF45E66AE74D68A0267EB3CAC8E38646B6DADC5A7083B6D4274CC7B17C565F6A5DAB5959FDE71551EE139BC0838EEE8CDEEAC6F8D6FDD001466073121C8557FF3FD05FAAE75222F5ACC487629FB60EDC69B74661860248B89CE524114AF12F05D00EEF8F03F072830BCB8D16E6FB05DBF7CA64B62B52F9C58214F31C5A2BC787B0A10825EB2418480482A55DCE3FC72D1F0E01BC1D620B291AF9CB6CCF4736C2A2E0B366C89F0A9CC1E3CDE5B3666F0E821C46C6660168EC2D7DBF118AA57EFD71A7FA52B453580C43E8FF11EDC0CC9B3E7F0858E06319E6C24ABD88DCD88179A6E0C9807002EF8231EC34F043610A361CE05CB3B85903AC881AB2EBCD726DE1876522E09D5FC6EDCC47863159A9060372BA49B87CB5588D8BD7D5EA19351C84286F0F4AB88BF0B94B44E190E37AE4CEAA66B7A83E19FBDD226C00978DC29CEDAB48829453398607393E533FCB68874D652FC57A02D8EE5CE86134AA07ACFE7CCD4B972FEF8A5073C62DE52E314404AFBE6F56BB5754261CFF418A28A7E613558DE239B54B1078DBD35D7FE7C99F43CCD9CF7C987BFDA64134F6ED4C134005007E8669B3668DF488A007136FE3EC6EED708A3FBEDC878ADBCDEB4FFF773CC28784F22B1A5014B0507E34C4FF891D4BE298197247A013B69C5E38C8F2A5FE50FF61BF7A4EDFE6C63CA8208343CC340719B65754DBD6343593F439572D9176B79E00085A76DC4629842F14582DB8229E6D9DADBBF10A4AFE1EFA86ECB3F407E6DE3716C87EA584EDBB866A4112DCAAE294B716B7EF884A10B2DF7B97CB0663ED1017A4CE77AE54E62997BC30DED69F121BD24C37B0FEB3863194415FCF12DCBFF6C89C440F6858374112B435863D4101FE6B484458770940920AB21E6B32645B62B97768502660E95FBD4C4A19E5C2DD7B5504FAE367DD507D2277FAA1045CC74961F0104A8340D881DDBE6A2C18C662E748EC2EB378F1A38054ECECE2039802B9BDA053375CBA16FB3A349CB5A5DDDF7B4647FF514CE850748A7AD249B0C81A3D9B2226E39A0EA5249918DF6CF8FB046154C24518A4035CBAB4BBE8A8A5CEFF089E9F816485A0936EE525320D729018BCDE452E4D2544AB4D275A0620E07EA8C340A279C52011CDDAB3C395905B7EEF11324AA02857BE41058A0F2EB2B16922F3E394FF8CBB24405541BE0E86378990A46C6CAAE05BC22C6840A56ECB3F607433B461052DE63A2F49EEBE8F71D87204FF365549C819026010000000E0000007A67784775642F5046646B2533640200000000000000
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB3789000000000200000000001066000000010000200000007752FA19012E6EB962094094791ED07D7EDBE8FB6B80F9CA44C004E265843493000000000E8000000002000020000000CCB982E7683FBFF691528D8D1EC3F935CE8816AD6D877332E4DBE5CDC8B408755000000074EB6F526E2BF07740D1B6CB72D8A5AFFD736887EF5ECDC9E7722638D930E146D66F9D4574565EE5D947E6B1B9C122365AE3F61501D71A8A6F3A35B7A09D24CE5D651EC7112FB2DED86C6A6B3E7F46054000000054D28C0D1FA049FF255152051B8DA0E2F0873F3F7C617E20145DED4EDB87E4E95A8109F97D29BF03B1592D17C4681F67C2BCD6B4E30F574567DAA65EBF3E3D73
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB3789000000000200000000001066000000010000200000003925515C269EF0A7262A24196FE05B6EB03623F8A850D3C3B3CFCAE2034F5207000000000E8000000002000020000000B10860271DCDE44335763EECE669902E1252378DB79E0648F1602ED17F050CA21000000051BF9308E9202F2AC3E5112AF5E7A6B8400000001B1C0E156FECCF38AC08F17DA6AE3E7982CABD02FBE806A29C6B1A8B29D5EBB013F62229FC7CAE5F84F0F1FF4F990B2FBF2D90A7450B756BB9F1FB33DDCC81D7
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000038589D8633CB5C5629AF0ED2D80E6A35F798B4F5322444CAACFBE970ED1469A7000000000E800000000200002000000074BBAC133E2C2F316D9C60545FFBAA9D64C4B10C20F44F2A1E5E918B5B1B64B4300000007EEA95325E4F74EECAF19F0152A606FA72708603DB4154944CD2723511AEA24FE2F67C7A9BF0DD1F6DDF3A2824916750400000009FB576E6D0325524ABA317FD2A607278B6DC8332486F765A7F88A0E05F69A52ECFC3CE06D4BD05CBABA85D6876C4C3D2CF9A2DB3272A45AB11225C6A85983FFF
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
509510325EF3D401
2324
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
2324
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
3012
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
3012
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
3012
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007B000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{7C202409-5F51-11E9-9B0A-5254004AAD21}
0
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
6
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F000700260028002702
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
6
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A60700005DE8B953AC99C81FBB81A2B66F28F28B30B6975D3A80575671DED5BB4490E992451641D7F4AF53D3E75EECD17ADEF7D1E9BCFA2CD70CE7E1AC575FA545C3BACF4F9DBE5E52BB8100215D8178F98309CD2EECC8D5A11EBBB9EA4249AB55A3B5FF3B1DF441E7DB284E371C22BE1EE6854969E447FEB8D560DF183E41F307509138C435F2ABE13075F1683CDACF9025A849E545BEF26251EF70FEEA521C7AEA85B6A387D9A451DB219DB35D503418622D5801B034B32AB2797D48E847BE2F914355C6B2EBA658FA48BFAE1FE013BABBFDABA5C32B95E1177D2B2ED7A6FF5E65C0D77D56DFC3B6AEAF0B852367935652C3137D20E36D92A2252CE456523712869201B3136E5D851761599806363FA545D8B91C65F4520172AA7E1E073C9D4414EB80F68942694C569ACD566CCD842BB65EB3A033CAE943A7E2877E89E50F002F36A10558434B1989D65B22F2423EABC3FC602C2B7C4572616472A67BC8E247F762DC39206238AAD1D58D0239734C398EFD9FD4EB6152A5BF83E6137FB0C5EB8C8D2A49812A2E314F11A3F6E16F40DC35BCC87015CED9C7E3A60F7734ADB3E20ED432031BD47B3B21AEFDAF8A141707DA648311471E0C65EC35ECD2396CF7A89DE33B628E75D4D46864DC86D4D8059E9B37629C228DA253FA6EF60030A73AF359DFF99B79F8F78144306770607B4F0A9A8A583247EA8A8D2C5D1578B8F3AEC1621225B47E63EA42D602105ACCC43261F672F7C5543C2696A4B2E5FC704538E7D8D5E38C3CB2B7273CE73A57B946E5A8CE4C7D7AEBCA1A2D81B94A6AFACCB5B2DBCFFFAD53F5CEBC970F3AFBC7059C6644BABAAEAAD2AE37E38D5374F57C52D88B22F1FB63E8E02A08C89FD8963FA7B1762FBE8C320CB87AEA7C71C30036E5B30807B7060C615F29ADD9D3ADC68B9A4E8688583424D71BBDB5BCF72EBD5466B972637F06EEF07DDDA77B052AF8FD8BC1926F6BEB1EADD9EB6657F797CAB371F4E9EC1D02A9E5CA9116E26466CA6A5862BC8A0711C20EAF461C145CC0C99ED78F8DF65704DD7754241BA0B157DD1703BE22A763FDAE594258F7AE676459A940957E5BFA6A2AD55F0ED4D21511D1C42068E63E969E8364E1DF169A6F961932DF98DC89C26D30EDB0C562BD52DC468A4AAB2695292BE261D1D09B1CF8FEABA3339FC76419908EF75D8FE51D3DACDCDCB21F04D07CEC69C32CE5A5AE1331AE4EDD925FF295BAE6F938627E368CB83379B7939E6AF060BAA9511B541C1ADBC1447C24C5755CDED752C3D94B19F22EECF68F6616F4EB917336E110C8A0ACE78654A77A1707428A0183B8A36DF68B30A564088C8A6BAB9735B74CF6209409549CEFE93D76BCC9E8042A206E05419A07FF504A071CC0DE1AA153F4C57EA4B291A23BD972025EE8108097F609318792EA9AB2B88DEA4F1FAA55EFD52101915EA63A113847DBEC9E2F157B64C412E079D01642D8A01686297EF321CC7DC9CB407A0306266421846316635181D2C8398D8413BB4C5BBFD7F3A819685DF8F5A19BDB9CE26432F4F15B590AB8AE4C74C7442032EDE0E1042E8976693B17A2A7A4A5EDA7EBA61474EB5F7AAA777DAB34309C5211BDA26C07A9BF01813980F9FE90BE50C323F727C1EDD78FE2F820A429C1AF3A51970DCBE643B4AC02EC94231A89F2B08F1F2903FB2E62C854D379717480A8F592F04446C3AE1C568DBAD63E1B4BD134AD2B591F42024E849FB9A912335EFCFB74925B90BC8069C2C0ABEAB520358D12BC01835AB6E6E0B5639B3DA4870DF3A3979DB44EF379B5263D9EC6C94B1477A25B24210077A370F340C4DBC2905E8C909BDD68E986F08302A2AD711CBB73BD122C54E01AA5A04CBAD6BB95416F35A3552122C173972354AA9052515990F68178CEE7622660E2751FC5E9B60F422D7169C73FC5B7447E032AA8A90774EA093EB8E0C3111BC87D2532ADEC2BA52A0457122ED8D178AF9EF6C88882E3BFE8177A0F04A300EAFD3328462EBF7B694899FBF2F6E2449EF6AE2378D21BDEE4ACCECE6ED99EDFF81FB10552E8E24D31BAF7B5A0BFAC371A3B23DB0224B6283D559E38C9FE83FCE54E72F9687B657DFBA1BF4A9B291C4BD09C806A841FBC4B5403CDC00C150158D2AAD5B89C8654C38C1D30FB2AD58D7F173B4490736479D68DD5E66D7FBD77C6CD534C0F95ABB9EB454FA9DD576133217B37C4B5F791609AE2ED10898E957620EF690A4491893B9C2755F28C176EDBC0B3AFD0065C48D07D486AF4354D3FF9893E0C2055EEC001AAE050FD22FC9CB63F64C59D4BDD2797D7246C28516A5AB9C1E65CD3FCE5F04E0140617186C38BA7EAC29758A086CF6B5F69136DAAE7852684B579908B30B9371A2FA6B406B0DB91A24947E4ED25E1ABA7997E6584276246FEB883BD9200BB7F02B440BC497F2D6E19C2F3B93FCBFB0034EACFA06CA88F794FA09A76592496D9EEB94FB986731F921821BD45E4F3BF39110825D560D7AE201CE0DEAF251AEA04674BF4E1123A5295E0DDC3675AE6CB6E0547A01E3D3F5E9132816FBA5770572BFA0A4DE33E1366579128274913DEC03F4FBC5F5E899D3EA739A36D1750387D2882847B26829FFBE8A1F8077C04353FF4F4D6842285EEF0DF7595F8C628D0FB4BFF909E24F9A1B1E36F23852106A6E6B4A0FD2E19933013209A9B30283CB07377FB3FD7F9309428E1D5B2BF0905455714123E7D11E9874695AC24366681D2841B81F8444D417E0131D812D73403EA30111A7F910797E72BD0F76B28FFAFD1CE3FA4D406010000000E0000007A67784775642F5046646B2533640200000000000000
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000072AE65146EEE3FAE23895DB89C97A0B881CCC96F9050AC5342A1295736EF14DE000000000E80000000020000200000003C7264D6BB4CD74D3BEC495867C7E71E68A36C0A9DBB16992C246331C8E96F2C500000003613E4E5D93FC4A24A14CCDD5DA6D9E2D1683C73BAA61AD0EF63ED3EA5D8ACB52F7F3BAE2845800315C448BE4DB50ABA033C29E7A63A9FBD6ABB4B8899BE4389D288714279A7B2CA49ADE93A56C78D6E400000009E940E4333712EBCA88D973062E53956F540E1C5A8DEC63E22A78248D746698A088B8EE902A88D8DC52590D793D8C9BAAFB279B39C65ECA960857EF3C7BF7E9A
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000EAC7FD8E3B252B96B1D28BD3A35A3591B4842A854A65A9F4B999581BC3910C47000000000E80000000020000200000006211DD35653C3DF48EE0B56F2C6DD17F5A0402D1C05E121952E7792688BA576410000000DE6E0C853260A44C29151697B6CBBCA740000000596F69051FCC233961909DA1466638A21B7B11D5C216CFAEC9E7B6A6C8312BB37734566D50700B86CD8C0DE948E7A3C1A85C7FBCFB62711293BAE2E3DAA5962F
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000042C6D9D082A161B6A1A42E941B9FD1CBF05B22F9746134BBF7BE844A3F8C0272000000000E8000000002000020000000682A1DD31FD7CCA87DA8623B7C165153CCF1DCBED4B148D9F3ECA128342CE69E300000008A28E731FB21400EF2B6BD4981B7F7FC4E58706DD2D7DC1A8B333AD852686C76954A3FC88D6472EA174DA93CFAFA8D3040000000FBEE1900042A3AD33FD25F39075DEE92D47C03986219E12A792D1F988FF8D1A998CF93F055DE3094F406DC25CBAEF24ACEEF1449632C6CE53559003A84826C5D
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
5068F6415EF3D401
2200
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
2200
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
1536
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
1536
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
1536
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007C000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{8C05F227-5F51-11E9-9B0A-5254004AAD21}
0
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
7
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F00070027000700FE00
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
7
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000B43FAC73A7AF2925CAEB46B2B06E5E83B988394F91E4F2F4B01CB153838F43C3FCE2BF1CCFE574F756E997D8B5BA572BF0B2A32C6C876C658DD46556A287407D269B077B99DC83C0F0A36D1F46AB76726781A3048A3A73EC6B5A1D50D218F4ACA28848337C35C4E8663B965F91040B9B10153A91A39F1DD539CC8CF5E0E27275EDCA92206A8ED9F8D9CFDA9ACF664FCAEC8D73F90955E8F33F4B91F3BD859A595A829C162A88C4684281E19657723822980B7E76D1FB2DB329F73DBC08A1A0E16FCE86EA93C3907AFF6F2D4FC5C657746CAE47488A33DB3C2FF0E61D59D6A0CE64CF4BD0ADDF7021D4BA7F3659047D7D4496CBFA099C47A6055662AB35C414E4DAA5FC078E7C55FF69847846FACA0FB495E2B0F8AAD50B375F4977F4030BBD3E4F7161D8773B856DE7E9A1DF64BA07ABB9B40D71F880A4BA5FE92A8F674B8737EC51FEDD52BA2899730C417C147204FBE52B3F8C593C5FE1275672F1C023B8DEA06602A5319AC9ABD30B582DB693E0C22D676AEFBEA8C3B332B0F8148C354DFE60D1C299BA7B90054708ACED03BEECB57988AB902C6673163617F5F4A520B6B27AB0903EC0FD1D8BDE2130C2C8915ABB88AD8BDD1E158C5933AB22D38F849391CB2496BF9FC04FFC577803A961AED71CD5F8B62EB8541DE0018CD053F401C65F824D38CA9A64255FA12B7A5C05B3DF420B88128916C57BCD19DA4961E63796555D4CA1BB498ADD7D2B5CE4DEBE4185054C7D1AB93D079DC83DB59BE820C66CFA353F681D1CD0BC6BE629ABE067F9898A63F70DB196B96AD34B3D0861554E4F85C447937077D780252AB478EED97939B3E71547401C7D7826F592A7235F6F93D762851D4BB13F5138891B3E6F3E633B19F5F9B11761F2CE27E2D49D9354C96D032F1762C7A2A8407B1C80887911559FA13DC2911DD6B7516DEF239B187EFC655EFF1EC438A6B275DDDB01BD708EF0A29772902913106E9CCCF69F91E5D3A7EE2BABBAFA415AFE413D37C037751DD53B5CD88259872DB61181C1684092886C1AD21D0CBA283F2A585606DCE3A7B1A2B6A4C4BAA01CC32E755B859E9682B2EA6BA20332558805D71EB7E0744C3537F920491757BD1D74782A04D7614220DFC1A62AD44D714CFEA528D16DAAFF3DE47891A23279B9606B33D851DFD165E2F891B122797E6FFBC434BD0DFD9CE37EA0C0BB7A2540707DCEFEB7A5B00E2B2615FA3DDD23E3DE55F92430FD696C7ED81C72F08899CB4B4F007BDF64FA380BD9439C9E51F79D29415216C58F9F38A599B92C6C80983C15CCFB488F73A66FB0EE3D1739B1F3CC1B0558A8F15D4122E2A4439013B10EB2052A8D07E3CFB5D3FBAA1A0B458C41917CD8257BA405D648A75DF83CD734534D644F2E57B62A9084D2B87518508C090AABBA122FD7953BCC726A82D14EAC932C3A99BAD795A3C7A2BA1560DE0CB6C65886A5CF646004A1CC08447FF0E28FF77148F2D6290985BB4D2DC8A3FC2345AF9BE605E9BA1BBC356AD2989437DC0CB13B5D3443EC3819FAA58A68D514C30D30F4588787D17738F1C4C8785E4823743FAAE1DE89BFA38B6CCBE67793C5F074E3814534304AC9AA03FC655AE3C1373A78DE7A19E244BCDD71DDE18BC0AF23F7A66396DF2FC312BA8B3074E79443AE82A5F6A109481ADAE571FCEB44C472894031BB86E30ADDCD4B04825DA0096F3641CF14FA77C5E0BC645548C91738AEF4D02DA73A2BD9381E5CAA10474CEFE314E70B57E9C1DE385C2813E1B0E45D03C231AC48CF90BF74C8ECF2FCF037414107A21FDF7D2252C1763A43E7D26027117CC09ABE2B8CC931B6FA6165F046B627212A8BCBE842B71A8526537AAB4F5D78D0FF032AD1297A10578DE46A78D53C374F21B33D4C20E2E5234D59BAD88941D85C83F6AA705C44AFD9CC382D0566080F3600E354C8415FC1174339C71AD59CD01B62AB5F4A973EAF592FC3CC6127F75073973130CE3AA44DA0452EC19B908D02B0406F6A9ABBE2B08FB243691F3C419B721A71F1FF800F2BCDBD2FC81229BF0DDBE22BE97355CA528A26D122E8E5D58E3DC19BB6838E46FAA3D028FC5D63C291EB56C1FD6724B0352D884A19546B2FCB6AF5CDA1815BBF590E040D7D4574D52E7DA985C671FD97F9086AFB6C6FE118F07A104AD1841C16EA53F11E6B5AEAEA843C2C7C6594F34E3FB772263D85B5A49EA3AA7E661D5B494CB3034FE6FA642833D94E28F803D81CA58EE2A6AA61147C76547A45807F58F31E3B516C0EEA1CD9DBAE0087A061022BCC46322DD5FA11DB167DC0943E9DC10F025A77EB03093E611C27AC7C7E5B6FDB5422BA92DCD2B14D202648FFC2FCB77297C990C6E5E00F529651BB19B0272DA4DD7E7001E14EB41632FEF72C2B6D1EF27C7037E6D478EA7FE997ABF9573319CF072FAE8E02A1368DED31E95299B9441153C195C9F0F80387B475BB8D9368EA72738B10226114255EF2481F3A2B82D963BB758BD6598105E79928170385E28D50BF575E6B1D2A79D2DF56BFDF03452DDC53E9DCDE2FE377A63709A8194B3CD5018C2483E255C54C7756EEE15740FFC817BD0478DC9251F5E42EC06781063372BF7A3C9C2E2B06B8B7F566F02C027C516D984FC8CFA27738F21E2F4339D75D42DB29BA0FF0BDA9849C5D93946F6999BBD6830913B17FF1F01CA7C89729DC11ECA4397BBB452D6BAC3D2F1D37BC9427D4252033F1A649CE6D43696734FB3629CC734BFE29CF99F7A8CD09480CE3A5E40E940D3ACDA620A0152C04ADF1A805E5302FFD010000000E0000007A67784775642F5046646B2533640200000000000000
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000070F2A3D2637814A77179090C5F135B329A6A316028178D521866C9E1067C8B70000000000E8000000002000020000000B5C9152B7EEFD7A48F339A38F223416B1E33469C7CCFBAE2FFBC2CDBCF853ECA50000000BA9612612624DF23D14CF4C88DA9D5072A90C9E6FED48F50B6B509E1C57C3D49C85512087640CC62CB0A14FD58A199DD367F46A1D8A5101C8DAD93E18A4E9C84B63EF012E53FE5E91C674F98FF32EF24400000008B13D59A438F14BC1F9AAA2540EE5AF947C8E0376CF0BBB80890391E6D07D60BBD40C2BCB59108CF8B768008F7E438C2F2E3360AD8DA2943E7E62BFA579C050C
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000B3249B5808333AC1EE67496CB65D996B7DBDAAF41669EA64A460EEABBA0A09BB000000000E8000000002000020000000306A7ECAB2981B10BCA1939A2C4993D05A09E6B06607FB498186D713DB3B994D10000000B1DE91F88C8EB7C54B0A9D006DB7CC064000000020371A622987B092649B3488389129D4CAB3615E90109C276959CD7174D00DD3F574E4BFDE6E43E523AA9F773359BA86CE19DE9FE1CEAF554932C64F73257879
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000014B01E186E86A57183C49C617F27E9473870188EA28C33599DF4C04C32C92C04000000000E8000000002000020000000AA7AF18A30811AA90251BD04AFF8BA3DDC1EDD3AEFEE06621685AA7BFF8D9F3A30000000D7F61901CD847B9C112F2077BB240D5D3778DB5DB8389616C7768E61D719F932FE8137A52256D78243E3C0CC06C1206A40000000DCD33AF06F635C82E41E17AFD42C09A113175E1A201A84792A26EE7C28388699D5580DA02DD33061D7D696B33DD35D4ADA98029F50B1C1419008D99368AB26D3
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
B015B6515EF3D401
2164
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
2164
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:

Files activity

Executable files
0
Suspicious files
2
Text files
23
Unknown types
0

Dropped files

PID
Process
Filename
Type
2164
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF752F36BF22E3A0E6.TMP
––
MD5:  ––
SHA256:  ––
3012
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\NewErrorPageTemplate[2]
text
MD5: cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA256: 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
2164
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{8C05F229-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2164
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6193695BCA35186D.TMP
––
MD5:  ––
SHA256:  ––
2164
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\NewErrorPageTemplate[1]
text
MD5: cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA256: 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\httpErrorPagesScripts[2]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\dnserror[1]
html
MD5: 73c70b34b5f8f158d38a94b9d7766515
SHA256: 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
2200
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7C202409-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2200
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFA70DD58937B1897C.TMP
––
MD5:  ––
SHA256:  ––
2200
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7C20240B-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2200
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF3B804EC74C7E999A.TMP
––
MD5:  ––
SHA256:  ––
2200
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1536
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
1536
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\NewErrorPageTemplate[1]
text
MD5: cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA256: 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
1536
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\errorPageStrings[2]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
1536
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\dnserror[1]
html
MD5: 73c70b34b5f8f158d38a94b9d7766515
SHA256: 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
2324
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC84064D894C8579B.TMP
––
MD5:  ––
SHA256:  ––
2324
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6C607B8B-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2324
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{6C607B8D-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
2324
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF83B10D6C0B60E65A.TMP
––
MD5:  ––
SHA256:  ––
2324
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3012
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
3012
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
2164
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8C05F227-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
3012
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\dnserror[1]
html
MD5: 73c70b34b5f8f158d38a94b9d7766515
SHA256: 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF223BE1CE2876CA69.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5C7D0FC7-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{5C7D0FC9-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF824BD27AAD0E04E1.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2852
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
2852
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
2852
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\NewErrorPageTemplate[1]
text
MD5: cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA256: 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
2852
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\dnserror[2]
html
MD5: 73c70b34b5f8f158d38a94b9d7766515
SHA256: 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{404C2199-5F51-11E9-9B0A-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
1844
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF99E81598E5120E44.TMP
––
MD5:  ––
SHA256:  ––
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
xml
MD5: f68a128cdafa596c331514ca90b91859
SHA256: fb563f15f30bfb70f2bfa796047d1036454523e454ed792109b84f0de5f68072
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\iecompatviewlist[1].xml
xml
MD5: f68a128cdafa596c331514ca90b91859
SHA256: fb563f15f30bfb70f2bfa796047d1036454523e454ed792109b84f0de5f68072
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{404C219B-5F51-11E9-9B0A-5254004AAD21}.dat
binary
MD5: 42a84c0a590e580f1c3054f5ddcd44db
SHA256: 5f78824a16936624c9b5d7e9403a00100e5393e0299631fa5050da798de08af4
1844
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD2A2EB28E673B606.TMP
––
MD5:  ––
SHA256:  ––
1844
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\favicon[1].ico
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1844
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\favicon[2].ico
––
MD5:  ––
SHA256:  ––
2432
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\httpErrorPagesScripts[1]
text
MD5: 3f57b781cb3ef114dd0b665151571b7b
SHA256: 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
2432
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\errorPageStrings[1]
text
MD5: 6b26ecfa58e37d4b5ec861fcdd3f04fa
SHA256: 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
2432
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\NewErrorPageTemplate[1]
text
MD5: cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA256: 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
2432
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\dnserror[1]
html
MD5: 73c70b34b5f8f158d38a94b9d7766515
SHA256: 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
15
DNS requests
28
Threats
1

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
1844 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
1844 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1612 iexplore.exe 13.107.21.200:443 Microsoft Corporation US whitelisted
2324 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2200 iexplore.exe 13.107.21.200:443 Microsoft Corporation US whitelisted
2164 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
nuovalo.icu No response malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
api.bing.com 13.107.5.80
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET INFO DNS Query for Suspicious .icu Domain

Debug output strings

No debug info.