General Info

URL

http://www.terryhill.top/proforma/

Full analysis
https://app.any.run/tasks/3e1a0995-f4f6-4b0b-bdad-263b19c28eb8
Verdict
Malicious activity
Analysis date
5/15/2019, 12:31:53
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:

opendir

loader

keylogger

hawkeye

stealer

evasion

trojan

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
525 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
on
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 11.0.9600.18860 KB4052978
  • Adobe Acrobat Reader DC MUI (15.007.20033)
  • Adobe Flash Player 27 ActiveX (27.0.0.187)
  • Adobe Flash Player 27 NPAPI (27.0.0.187)
  • Adobe Flash Player 27 PPAPI (27.0.0.187)
  • CCleaner (5.35)
  • Google Chrome (73.0.3683.86)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (64-bit) (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Professional 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Single Image 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
  • Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
  • Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (14.12.25810.0)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (14.11.25325.0)
  • Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.11.25325 (14.11.25325)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.11.25325 (14.11.25325)
  • Mozilla Firefox 65.0.2 (x64 en-US) (65.0.2)
  • Mozilla Maintenance Service (65.0.2)
  • Notepad++ (64-bit x64) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype™ 7.39 (7.39.102)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (64-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506014
  • KB2506212
  • KB2506928
  • KB2509553
  • KB2532531
  • KB2533552
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2563227
  • KB2564958
  • KB2579686
  • KB2585542
  • KB2585542 SP1
  • KB2598845
  • KB2603229
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2656356 SP1
  • KB2660075
  • KB2667402
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2706045
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2732059
  • KB2732487
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2763523
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2789645 SP1
  • KB2791765
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813430
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2884256
  • KB2888049
  • KB2891804
  • KB2892074
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2966583
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2973351
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2985461
  • KB2991963
  • KB2992611
  • KB3003743
  • KB3004361
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3035132
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075220
  • KB3076895
  • KB3078601
  • KB3078667
  • KB3080149
  • KB3084135
  • KB3086255
  • KB3092601
  • KB3092627
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3107998
  • KB3108371
  • KB3108381
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3115858 SP1
  • KB3122648
  • KB3124275
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3155178
  • KB3156016
  • KB3156019
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3161958
  • KB3170735
  • KB3170735 SP1
  • KB3172605
  • KB3177467
  • KB3179573
  • KB3184143
  • KB4019990
  • KB4040980
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 1 for KB2656356
  • Package 1 for KB2789645
  • Package 1 for KB3115858
  • Package 1 for KB3170735
  • Package 2 for KB2585542
  • Package 2 for KB2656356
  • Package 2 for KB2789645
  • Package 2 for KB3115858
  • Package 2 for KB3170735
  • Package 3 for KB2585542
  • Package 3 for KB2656356
  • Package 4 for KB2656356
  • Package 4 for KB2789645
  • Package 5 for KB2656356
  • Package 7 for KB2656356
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Actions looks like stealing of personal data
  • vbc.exe (PID: 2948)
  • vbc.exe (PID: 1080)
  • vbc.exe (PID: 2376)
  • vbc.exe (PID: 2868)
  • vbc.exe (PID: 2008)
  • vbc.exe (PID: 2264)
  • vbc.exe (PID: 2748)
  • vbc.exe (PID: 2040)
Stealing of credential data
  • vbc.exe (PID: 2948)
  • vbc.exe (PID: 2376)
  • vbc.exe (PID: 2868)
  • vbc.exe (PID: 1080)
  • vbc.exe (PID: 2008)
  • vbc.exe (PID: 2748)
  • vbc.exe (PID: 2264)
  • vbc.exe (PID: 2040)
Detected Hawkeye Keylogger
  • RegAsm.exe (PID: 1860)
  • RegAsm.exe (PID: 600)
  • RegAsm.exe (PID: 2676)
  • RegAsm.exe (PID: 2068)
Application was dropped or rewritten from another process
  • benu7.exe (PID: 2800)
  • player4.exe (PID: 836)
  • bobcry.exe (PID: 2668)
  • 50knewc.exe (PID: 372)
Writes to a start menu file
  • player4.exe (PID: 836)
  • benu7.exe (PID: 2800)
  • bobcry.exe (PID: 2668)
  • 50knewc.exe (PID: 372)
Downloads executable files from the Internet
  • IEXPLORE.EXE (PID: 2816)
Executes scripts
  • RegAsm.exe (PID: 600)
  • RegAsm.exe (PID: 2676)
  • RegAsm.exe (PID: 1860)
  • RegAsm.exe (PID: 2068)
Executable content was dropped or overwritten
  • 50knewc.exe (PID: 372)
  • player4.exe (PID: 836)
  • benu7.exe (PID: 2800)
  • bobcry.exe (PID: 2668)
  • iexplore.exe (PID: 1736)
  • IEXPLORE.EXE (PID: 2816)
Creates files in the user directory
  • bobcry.exe (PID: 2668)
  • player4.exe (PID: 836)
  • benu7.exe (PID: 2800)
  • 50knewc.exe (PID: 372)
Dropped object may contain Bitcoin addresses
  • benu7.exe (PID: 2800)
  • iexplore.exe (PID: 1736)
  • IEXPLORE.EXE (PID: 2816)
Changes internet zones settings
  • iexplore.exe (PID: 1736)
Reads settings of System Certificates
  • iexplore.exe (PID: 1736)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 2816)
Reads Internet Cache Settings
  • iexplore.exe (PID: 1736)
Reads the machine GUID from the registry
  • iexplore.exe (PID: 1736)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Video and screenshots

Processes

Total processes
59
Monitored processes
18
Malicious processes
12
Suspicious processes
5

Behavior graph

+
start iexplore.exe iexplore.exe 50knewc.exe benu7.exe bobcry.exe player4.exe #HAWKEYE regasm.exe #HAWKEYE regasm.exe #HAWKEYE regasm.exe vbc.exe #HAWKEYE regasm.exe vbc.exe vbc.exe vbc.exe vbc.exe vbc.exe vbc.exe vbc.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1736
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.terryhill.top/proforma/
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\propsys.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\sxs.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\imagehlp.dll
c:\program files\windows defender\mpoav.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\linkinfo.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxgi.dll

PID
2816
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\d2d1.dll
c:\windows\syswow64\dwrite.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll
c:\windows\syswow64\oleacc.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\wpc.dll
c:\windows\syswow64\wevtapi.dll
c:\windows\syswow64\samcli.dll
c:\windows\syswow64\samlib.dll
c:\windows\syswow64\netutils.dll

PID
372
CMD
"C:\Users\admin\Downloads\50knewc.exe"
Path
C:\Users\admin\Downloads\50knewc.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\50knewc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\winspool.drv
c:\windows\syswow64\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe

PID
2800
CMD
"C:\Users\admin\Downloads\benu7.exe"
Path
C:\Users\admin\Downloads\benu7.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\benu7.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\winspool.drv
c:\windows\syswow64\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe

PID
2668
CMD
"C:\Users\admin\Downloads\bobcry.exe"
Path
C:\Users\admin\Downloads\bobcry.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\bobcry.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\winspool.drv
c:\windows\syswow64\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe

PID
836
CMD
"C:\Users\admin\Downloads\player4.exe"
Path
C:\Users\admin\Downloads\player4.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\player4.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\winspool.drv
c:\windows\syswow64\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe

PID
2068
CMD
"C:\Users\admin\Downloads\50knewc.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
50knewc.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\winmm.dll
c:\windows\syswow64\samcli.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\msacm32.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\sfc.dll
c:\windows\syswow64\sfc_os.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\mpr.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\ad92dab7f418877d6a1e0358ce35658a\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\367e5b8a038ac76eba17528bb7b3688e\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\6f5bf6427122bfc30b5be76bcd651018\microsoft.visualbasic.ni.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\00c2b464e52d4e82c04d61592a12a89d\system.management.ni.dll
c:\windows\syswow64\clbcatq.dll
c:\windows\syswow64\wbem\wmiutils.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\ntdsapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\syswow64\shfolder.dll
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\ad8dd536906e94c4bc9cb9b82285580b\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\system.xml.ni.dll
c:\windows\syswow64\rasapi32.dll
c:\windows\syswow64\rasman.dll
c:\windows\syswow64\rtutils.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\dhcpcsvc6.dll
c:\windows\syswow64\dhcpcsvc.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\security.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\gpapi.dll

PID
1860
CMD
"C:\Users\admin\Downloads\benu7.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
benu7.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\winmm.dll
c:\windows\syswow64\samcli.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\msacm32.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\sfc.dll
c:\windows\syswow64\sfc_os.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\mpr.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\ad92dab7f418877d6a1e0358ce35658a\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\367e5b8a038ac76eba17528bb7b3688e\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\6f5bf6427122bfc30b5be76bcd651018\microsoft.visualbasic.ni.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\00c2b464e52d4e82c04d61592a12a89d\system.management.ni.dll
c:\windows\syswow64\clbcatq.dll
c:\windows\syswow64\wbem\wmiutils.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\ntdsapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\syswow64\shfolder.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\ad8dd536906e94c4bc9cb9b82285580b\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\system.xml.ni.dll
c:\windows\syswow64\rasapi32.dll
c:\windows\syswow64\rasman.dll
c:\windows\syswow64\rtutils.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\dhcpcsvc6.dll
c:\windows\syswow64\dhcpcsvc.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\security.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\cryptnet.dll
c:\windows\syswow64\wldap32.dll
c:\windows\syswow64\sensapi.dll
c:\windows\syswow64\cabinet.dll
c:\windows\syswow64\devrtl.dll

PID
600
CMD
"C:\Users\admin\Downloads\bobcry.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
bobcry.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\winmm.dll
c:\windows\syswow64\samcli.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\msacm32.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\sfc.dll
c:\windows\syswow64\sfc_os.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\mpr.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\ad92dab7f418877d6a1e0358ce35658a\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\367e5b8a038ac76eba17528bb7b3688e\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\6f5bf6427122bfc30b5be76bcd651018\microsoft.visualbasic.ni.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\00c2b464e52d4e82c04d61592a12a89d\system.management.ni.dll
c:\windows\syswow64\clbcatq.dll
c:\windows\syswow64\wbem\wmiutils.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\ntdsapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\syswow64\shfolder.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\ad8dd536906e94c4bc9cb9b82285580b\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\system.xml.ni.dll
c:\windows\syswow64\rasapi32.dll
c:\windows\syswow64\rasman.dll
c:\windows\syswow64\rtutils.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\dhcpcsvc6.dll
c:\windows\syswow64\dhcpcsvc.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\psapi.dll

PID
2040
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpA6C7.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\vaultcli.dll

PID
2676
CMD
"C:\Users\admin\Downloads\player4.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
player4.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\winmm.dll
c:\windows\syswow64\samcli.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\msacm32.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\sfc.dll
c:\windows\syswow64\sfc_os.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\mpr.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\ad92dab7f418877d6a1e0358ce35658a\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\367e5b8a038ac76eba17528bb7b3688e\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\6f5bf6427122bfc30b5be76bcd651018\microsoft.visualbasic.ni.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\00c2b464e52d4e82c04d61592a12a89d\system.management.ni.dll
c:\windows\syswow64\clbcatq.dll
c:\windows\syswow64\wbem\wmiutils.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\ntdsapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\syswow64\shfolder.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\ad8dd536906e94c4bc9cb9b82285580b\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\system.xml.ni.dll
c:\windows\syswow64\rasapi32.dll
c:\windows\syswow64\rasman.dll
c:\windows\syswow64\rtutils.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\dhcpcsvc6.dll
c:\windows\syswow64\dhcpcsvc.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\psapi.dll

PID
2748
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpBE67.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll

PID
2008
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpD3A3.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\vaultcli.dll

PID
2264
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpD3B3.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\vaultcli.dll

PID
2868
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpD6EF.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\vaultcli.dll

PID
1080
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpD79C.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll

PID
2376
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpD7AB.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll

PID
2948
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmpDAE7.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\pstorec.dll
c:\windows\syswow64\atl.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll

Registry activity

Total events
1199
Read events
1081
Write events
118
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
2
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
1921451136
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30739209
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2221613636
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30739209
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B022F84F-76FC-11E9-8447-5254004AAD21}
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
80895673090BD501
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
DAEB5873090BD501
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000A0020000A00C700
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
3
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000D0B205C553C6044DCE57BFB08CC298C895B463D50DD1AE19EC07DC95D7BF7C6C9883EE59FB73600CD2EEECD6399A0998AC43AB620043223A415113A1560300B50259BD22CD12E00BF4B20EF65A6E80580B68255136F6072CD7D727A3E68F8EE6065429A028425732E2C3F2211D5BAA816C417F344F8A884975BB025FB404674AC993D039DEA2D381DD41B6AB3301CE1880EFE604959F1E84E31B5B5C6903E32EFE380B53DED4DDD7C64C9BDEDBFF2F87C492DCA1FDD50CF36519C044BC2A60C98B62A4AF4777E3C2FB04F388D9F78D01404BD098F6CC7F6BD3D3FD162D1B0EA38031AE27F92A0B62508B2C52D5883B7CF838B1452525A32B496BDA26E174C4963EC5A5ACFA8F39596DFCD5E4C6522C34B97A103D367EF79583FF94EBD7D66160AB3D599E43459FD3637B2FE7E8F58FC36532300A1478D1F913B1E8A413E26DBAC8BB6A6D86EB5295772766C30811BECA097E0139E5B3A8709B9F20C4F436D90D045E4992E5239E1D57202C3E3A464B22D17F45B7D2CF88C6FEEBA3355874ADAF444652D00E8CD7DC438692E37F340CA69555CC7BB06CD3756AB4ED6AF13A2AB0DE920ECAB4C5D5705A79383C447BB28A54219185322B84AEFF19A33B3B2A1038AF645CE8CB70C2FC5319FBD57DBBC741F901DA2944AA40777D3CE59A00E2AB78E6DB7E894E2C038925864C1C899315F2B7169AAC3A8A85CFD53BA310B203EA283917AC8ABD98B6772FE0520382A58C7E60814531A16B44F261381611742EED935138ED1B28560F046247497DEB90EC1C3F6013F3FAED029987514E18A1018D39E05D52E02305B7D72EDB3BC5C5F4B2788BD485D5A0B0FA5D49A8D59C6B1EF7FAC6A8066AE544A5AB0DBC1775B271956E89FD163E8D54961DAE5BE8CF00236ED80B3899F616B5D4FB180AF271EDA7215151FCA1424A7A377B338C662DAAB1E1425B2D098952F771C85FE52F9E02368BBD2EEF95233CC01162BA598EDC6769D0F64FA7494C8EA91269336DBD6A01BEED04F4F7461B51C793A63DE4E6E2FCE9106DF9C500476B6D657082C2B7283DDF671F78358E77EF2F49ADC94B7F1F66D367DAE7A9196371E2509CE404D8310B39DF353BC7E309E8981B260BB0B71F0BC5AAB8307297BECAA7A9D9E95354E7686CF8B7EECE57DE87A269D89331F0BF8C60B4EC5D400952105E7357F9CF6073BC174500C96A314E72EE6E7A0CF01A972145566F873254E52DA699A6ED98916590DC718D65BCC4596C1A739E360C4B3F97128F8CD36A0E52E61EB6F19BCEBD1AC55A73C774E2D05267C73EACFAA43A5E6969A0B65707A21B2C689439C5916BF3CF317656D2FD66DCA195D9EC79DA308AAEE84FDD2529D44F7123DFABD201775FE401CF077F2E0835D2249BA1ECCC7EFA813055626DF0A9BDC6EE1F02BF3E60B40E6A37482F932BD79614A2330B9CCA0434E22494A27B067A3B6B0BF9A568BDD6430C4C26DB4DD05E4A06CA69E768B571F79C79C0CBEC3BB3DD38F9CEB19FA3B2188771EAED7C50CB2F98D7B53652759B210077CD146241D5D3F7FDD5F5035083427B4A3E5341E90B356BE38DD078685EA7AC276C47FDAAFE6447F61A87B406ED6F88C2E204BAFFD80E1F90D63DFC8AD694416CD782DC36C69BC7F0128FD25FE5684E12F5C908EDE2D4544360ADFC3EF81060EE1D9521944DFE198F60807D9968856CC3C8934B204EE9AA066D199A62E68CA7A805C9EB72A70DDCD8A7AED59808F384FA4827A47380A2C1ED4FEFF4A62A29B81378485A2A88EBAFF86A76FB9B3ECD3533F3A331A73A7E3A2B120F2CCCB2F33114807E8EEB54BD340E02650DE2988A1F7F5DA7133E082BB3C3338F60A2A189B343DBE7A65D664E0A1F9E602C58AEB0E2D6496F6B94FA0ECD6B7115B2DFEF35DFAD13D2C429BE90D00F573C789EEB141EF3500F577CB6E328009F854090DAA85301330F0700F3EA2890514711DA2A7B734914CDF80CCCC864B096E22CEE2859B180FF4B8FF87756B130F14717D0173D81EF089D6E466C93217C2E73958634EB9769C98F7B4A2CBE0AFC1855AAB26D59E85CCA47DA5A5B6A000D43E49ADDD276A7A8C8A5ED8A46E4D5897F4EEABDFD3348BA03E15A4C44439F46D7715DE9FE217FC310E104218643B154147FF72F869440FEE4F60FFC523A9F6C38D2FC005CBEC0980718E089B5BA3D826A22F12F5D98722E28521A0E1FD5A0C13B1399F0897C0B7A7B4CA16383281B814422F88DE7F07D10AB199916ED9F428089A052693D2DFE043AA366A7A17FEA141F292C9EE2C7017894F8ADF935B32505F65749EE38553B9545D851033F8F4914D816ADA07BC19E59078376BD849EE989ED8A9CF60606600C903D814FCA10DA1660059B2438EAF4C36E4015EBA66E2F51ED3A6D018EAB0E82495D16AB023B3C5D7C0A1656B001A36F510EA8B1223D95810D85DA467233E62BC069309A62A60E8897263E6A14424BEEB616505D091FBCBA9F2A055F4093860FCDE7EEE3D004F272AAEF33DC885E8C4922632E180FF04422D4920C5F7372909DD3FD72E9A275878625E615054B4B0652147B60B3FB8BCD7A780011824330A2125165DB81F68B6C63FCAA047DAE3B591D24F007226281F751BE83324B47865D76F91D4904530F4314B0F420B1DE80247AA68343E0B26A636D1A0D91B8E02862DF648DDB3F9F70AB4C79C189967EB109D0E04035589249AF772B6A4D4583974F6652DFB33A62C7438173CB5F120DB1A754D40FFBAB8A087C9CB4FA85FDBF78C6E8710CF0415E5BAD010000000E0000007A67784775642F5046646B2533640200000000000000
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB3789000000000200000000001066000000010000200000009880885AB778703664A37EA0AABA3EF9682E358A3993E1A7EEBA0B19E349E4B4000000000E8000000002000020000000CD9C4D7C3AD69CA426B455C32197326BF75FC5FA7E1C45C0BBDC6DCE942FCCC450000000F5112FE97060556668BBDC1F475C87D13AB22C1828D507EB7652886B462DF762F8BD2C03E964FE7EBCE89328CAFB3B1F1C12BA7D271AEC9C022FFE0654011DBBA19C6F937B0AB6BB42670557B117F65C400000002C3F7E62B8F26174559F8A5D6E94CEA73DF920F83DB0DCDE5A53AD0794C68C1686312F3F3AE7897F08F21E467BE220690A94C28F011E6C6E7871FE5B6E6A09C2
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000069BA5E0C2AE2DF3DF6F34571772DC9A8FC1573C33E6FC3C26384732E3F0E052A000000000E8000000002000020000000BA4992BDF6068FC8D512AAED09A8DD0CFA8F49B3CA2BBCEE805F8C87D53C0612100000008431218149405DFE2A74384130E1CEF64000000024C6C4A9036C194E98D9358623585DEFEE59D0495D8196B42840E1F15E9D47BB39ABBDB3FBAE887886CB5D83A0B4CED97B19BEF8F5056A92D959D0A47711E5D3
1736
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000A0020001000C700
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
4
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F000A0020001D00E403010000001E768127E028094199FEB9D127C57AFE
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F000A0020001E00B700010000001E768127E028094199FEB9D127C57AFE
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
DownloadWindowPlacement
2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF14010000480000009403000028020000
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
2243332386
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30739209
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionLow
395188357
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionHigh
268435456
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListLastUpdateTime
3667330
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VendorId
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DeviceId
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
SubSysId
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Revision
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionHigh
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionLow
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DXFeatureLevel
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VendorId
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DeviceId
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-SubSysId
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-Revision
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionHigh
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionLow
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DXFeatureLevel
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3488873836
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30739259
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000019D73A953B5348F3D8554123E077BF009C2BF1124CBA95F7652F09BEAF4F62D0000000000E8000000002000020000000E86C6643E7BE6C23B746E7DF3ACEE7A03F1BA55F38437F26C949C89CB64DEB3D30000000C3F277F1D73D0EF4BE2DB08971B9B6ADFF9BAE09397A692A7A925CEFEF81945D85D570FFF5E2CC6965FCDCE51A2CF81340000000D2C5443082FD7B59CAE213E4A9289F82CB17B62F39D0D7BFC2829C84B202C4AF78213CB43E6E5085D05A2B0137BFEE58D696CCF6D2DC3E40590CF1C262A22EC6
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
B04BED85090BD501
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionHigh
268435456
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionLow
395188357
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
1
1736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
0
2816
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2816
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2816
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing
EnableConsoleTracing
0
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASAPI32
EnableFileTracing
0
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASAPI32
EnableConsoleTracing
0
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASAPI32
FileTracingMask
4294901760
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASAPI32
ConsoleTracingMask
4294901760
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASAPI32
MaxFileSize
1048576
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASAPI32
FileDirectory
%windir%\tracing
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASMANCS
EnableFileTracing
0
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASMANCS
EnableConsoleTracing
0
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASMANCS
FileTracingMask
4294901760
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASMANCS
ConsoleTracingMask
4294901760
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASMANCS
MaxFileSize
1048576
2068
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegAsm_RASMANCS
FileDirectory
%windir%\tracing
2068
RegAsm.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
1860
RegAsm.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US

Files activity

Executable files
12
Suspicious files
10
Text files
17
Unknown types
1

Dropped files

PID
Process
Filename
Type
2816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\50knewc[1].exe
executable
MD5: fccd0412b43c70093795a08fe43a7d31
SHA256: 923a10cd5a45810a4f50fd88d630835d7476183ff53e2056e7e2b71cbc488684
1736
iexplore.exe
C:\Users\admin\Downloads\50knewc.exe
executable
MD5: fccd0412b43c70093795a08fe43a7d31
SHA256: 923a10cd5a45810a4f50fd88d630835d7476183ff53e2056e7e2b71cbc488684
2668
bobcry.exe
C:\Users\admin\AppData\Roaming\urqxxbzcsn\jmmyddbrnvdvqfk.exe
executable
MD5: 648f77570e975a296a5482730e9f5ece
SHA256: faad82acc0652954a8dced1b5b119189be888e897fe7b4378587627d9a1ab0ed
1736
iexplore.exe
C:\Users\admin\Downloads\bobcry.exe
executable
MD5: 2ab2a8ea06118624173a6075459c2ec1
SHA256: e2aed629ae9a752d1ba02149b2225a7cc1ed246131cddcba0f0b0540bf0dc045
1736
iexplore.exe
C:\Users\admin\Downloads\player4.exe
executable
MD5: 11b80bdd9d7c64665e94e0772acdccbd
SHA256: 5e43116e3b18615353968d8d7acd8f535aa8cb95568e78bb6ad926db6688d37e
372
50knewc.exe
C:\Users\admin\AppData\Roaming\xnonovurtk\mikotxwgpsfmakq.exe
executable
MD5: 4be97cd884f50364f9346278ad485ff2
SHA256: 44320a15b6bead25ac56454e8ecc65071136d25e55074356bfa9ceabbeb62012
2816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\bobcry[1].exe
executable
MD5: 2ab2a8ea06118624173a6075459c2ec1
SHA256: e2aed629ae9a752d1ba02149b2225a7cc1ed246131cddcba0f0b0540bf0dc045
2816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\benu7[1].exe
executable
MD5: 7f40a173fff35ce7ea85991969db0a1e
SHA256: 10149bf87feb3276a7d6bfb864864c655b4e11aa2ed6d677c177353dbffdfc25
836
player4.exe
C:\Users\admin\AppData\Roaming\sxorisjasj\gsksoulpnstxufb.exe
executable
MD5: a6dd5ce3011793222407788a1391a3f2
SHA256: 20293acec1ea7c8b3c26b34e4715f8a9796315f3d5a19aeeff86f660bb62a379
1736
iexplore.exe
C:\Users\admin\Downloads\benu7.exe
executable
MD5: 7f40a173fff35ce7ea85991969db0a1e
SHA256: 10149bf87feb3276a7d6bfb864864c655b4e11aa2ed6d677c177353dbffdfc25
2800
benu7.exe
C:\Users\admin\AppData\Roaming\biuhswbfrb\qdqhyxcunkferff.exe
executable
MD5: df21eff7c4594bdc43820844ff605705
SHA256: 32422502bcdeeea7371d8a17307da010af8d30ae20eb3d6d6c52685448646931
2816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\player4[1].exe
executable
MD5: 11b80bdd9d7c64665e94e0772acdccbd
SHA256: 5e43116e3b18615353968d8d7acd8f535aa8cb95568e78bb6ad926db6688d37e
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
xml
MD5: e17bca3c2f64732d1a734f3cb3632f4b
SHA256: c2b7f56b9c4c3c53877716ad7b5a36656ded2ca063e6293ad323eff8b28628b0
2264
vbc.exe
C:\Users\admin\AppData\Local\Temp\bhvD420.tmp
––
MD5:  ––
SHA256:  ––
2008
vbc.exe
C:\Users\admin\AppData\Local\Temp\bhvD410.tmp
––
MD5:  ––
SHA256:  ––
2748
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpBE67.tmp
text
MD5: 7fb9a9ad0fd9b1e0108ed71fbb276048
SHA256: 7d63c301317e144b0133a72250ae2d8e09af65a92e6a807ec58a71939fe530a9
2040
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpA6C7.tmp
text
MD5: 63fb3dccace896e4813a52d702e7efd7
SHA256: 769bf786b1a16ea7f553dff99bace4aca7550ff8e0bcfbcd0b8390716cff7cdd
836
player4.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gsksoulpnstxufb.eu.url
ini
MD5: 62a8efc5914b4f718763ae6caf8d0d61
SHA256: 6335d7419e85a180438175f9d076cbb31c610fe9bbf2f891f1be69f1e448aa11
1860
RegAsm.exe
C:\Users\admin\AppData\Local\Temp\TarE569.tmp
––
MD5:  ––
SHA256:  ––
2040
vbc.exe
C:\Users\admin\AppData\Local\Temp\bhvA734.tmp
––
MD5:  ––
SHA256:  ––
2068
RegAsm.exe
C:\Users\admin\AppData\Local\Temp\42629f46-7f45-27b3-2ec8-5af31eecdb5f
text
MD5: 454353131947d1483ff5470107478978
SHA256: 2df94dc1c58e952a1ebd1ae1185a291a8a573982ca90ec1bbb87b81126002668
2668
bobcry.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jmmyddbrnvdvqfk.eu.url
ini
MD5: dbd00cae9c9d0e03428ee1e7289f3fe3
SHA256: c47fcca849e44343f8a7e073f52f2471b6ab801e628ce368b688c61b84fdd3e0
1860
RegAsm.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
binary
MD5: bb2133b34c8ae96d097fee5a795bae21
SHA256: ab2b7eb94451e5102389799979a7d5180b8fe2058b057826b924b9887972eb10
2800
benu7.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qdqhyxcunkferff.eu.url
ini
MD5: 937e5f7b064759636ccecc9a0866bfff
SHA256: 620f0d9fcb4e73d638fc86032c05d23a49bc5f6935f2ed61bbe4326e867aec37
1860
RegAsm.exe
C:\Users\admin\AppData\Local\Temp\CabE568.tmp
––
MD5:  ––
SHA256:  ––
372
50knewc.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mikotxwgpsfmakq.eu.url
ini
MD5: 6efa1277fc76ecbb35cd997fcf5d32e9
SHA256: 702ec848e14830e0beb2d69cec3af18ac40bd5b8a714f41293c0a293080c0318
1860
RegAsm.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
binary
MD5: b7436205aefb14d7f6e98d829599eb85
SHA256: 72b00b50d0a1ebad7a7be8596ef5042ad9d90bd7fd530c5a75b2ee28fbb6ed4b
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B022F84F-76FC-11E9-8447-5254004AAD21}.dat
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF20D70B3ED097CF91.TMP
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K78MRVB5\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\iecompatviewlist[1].xml
xml
MD5: e17bca3c2f64732d1a734f3cb3632f4b
SHA256: c2b7f56b9c4c3c53877716ad7b5a36656ded2ca063e6293ad323eff8b28628b0
2816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\proforma[1].htm
html
MD5: 56af729f5a91d99e59d76625172b926d
SHA256: 8a0b652f1b1063efb59ed5b43cadec10be49bd0110f000a2c183c303f5aeaca0
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B022F851-76FC-11E9-8447-5254004AAD21}.dat
binary
MD5: 191b5ddff1bc57eef87b5867c5919259
SHA256: 1dd2c5d478072cd1c10a67534b92f2fc30efa145bc307e5106b7f26894d1f151
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6B0B4E77AB266072.TMP
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{BA91420E-76FC-11E9-8447-5254004AAD21}.dat
binary
MD5: ac63cb2fbf204f615e5d3c5c53dbca7e
SHA256: e4a16589e7c810f5d93890f5b24b9f39c7abd717f5da367c8d0711cbeb366f48
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF282CC8FA638A66A5.TMP
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{0155F336-8C1D-11E8-9711-5254004AAD21}.dat
binary
MD5: bd3e3627e906e7dc75e3312f8ecffdb4
SHA256: fa81979ed2630722c6781659518eea767a4717bafaf702f221f7e22b7f153501
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C100BAFD-76FC-11E9-8447-5254004AAD21}.dat
binary
MD5: be744771b44d5b31985c5b214bc06a17
SHA256: 81d3c5d864f4c9d778595bc18ce431f725dd0f2898d6f2f51be72e28ddc2fd7f
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C100BAFC-76FC-11E9-8447-5254004AAD21}.dat
binary
MD5: b99b57b50736a3e0d36a4e18bcc0ba9f
SHA256: f938481cffe1969e05977f53a0cabb4f1164ce8661361296ad8b2a7cc06be6be
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFFF3BD5295BA6225B.TMP
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFA71657A014F6A977.TMP
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2236ED6EBCC6B587.TMP
––
MD5:  ––
SHA256:  ––
1860
RegAsm.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
cat
MD5: d4ae187b4574036c2d76b6df8a8c1a30
SHA256: a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
1736
iexplore.exe
C:\Users\admin\Downloads\50knewc.exe.87byom0.partial:Zone.Identifier
––
MD5:  ––
SHA256:  ––
2816
IEXPLORE.EXE
C:\Users\admin\Downloads\50knewc.exe.87byom0.partial
––
MD5:  ––
SHA256:  ––
2948
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpDAE7.tmp
text
MD5: 7fb9a9ad0fd9b1e0108ed71fbb276048
SHA256: 7d63c301317e144b0133a72250ae2d8e09af65a92e6a807ec58a71939fe530a9
1736
iexplore.exe
C:\Users\admin\Downloads\benu7.exe.q9cfxxp.partial:Zone.Identifier
––
MD5:  ––
SHA256:  ––
2816
IEXPLORE.EXE
C:\Users\admin\Downloads\benu7.exe.q9cfxxp.partial
––
MD5:  ––
SHA256:  ––
2376
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpD7AB.tmp
text
MD5: 7fb9a9ad0fd9b1e0108ed71fbb276048
SHA256: 7d63c301317e144b0133a72250ae2d8e09af65a92e6a807ec58a71939fe530a9
1736
iexplore.exe
C:\Users\admin\Downloads\bobcry.exe.k09rwr2.partial:Zone.Identifier
––
MD5:  ––
SHA256:  ––
2816
IEXPLORE.EXE
C:\Users\admin\Downloads\bobcry.exe.k09rwr2.partial
––
MD5:  ––
SHA256:  ––
1080
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpD79C.tmp
text
MD5: 7fb9a9ad0fd9b1e0108ed71fbb276048
SHA256: 7d63c301317e144b0133a72250ae2d8e09af65a92e6a807ec58a71939fe530a9
1736
iexplore.exe
C:\Users\admin\Downloads\player4.exe.e8hukn8.partial:Zone.Identifier
––
MD5:  ––
SHA256:  ––
2816
IEXPLORE.EXE
C:\Users\admin\Downloads\player4.exe.e8hukn8.partial
––
MD5:  ––
SHA256:  ––
2868
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpD6EF.tmp
text
MD5: 63fb3dccace896e4813a52d702e7efd7
SHA256: 769bf786b1a16ea7f553dff99bace4aca7550ff8e0bcfbcd0b8390716cff7cdd
2868
vbc.exe
C:\Users\admin\AppData\Local\Temp\bhvD73D.tmp
––
MD5:  ––
SHA256:  ––
2264
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpD3B3.tmp
text
MD5: 63fb3dccace896e4813a52d702e7efd7
SHA256: 769bf786b1a16ea7f553dff99bace4aca7550ff8e0bcfbcd0b8390716cff7cdd
2008
vbc.exe
C:\Users\admin\AppData\Local\Temp\tmpD3A3.tmp
text
MD5: 63fb3dccace896e4813a52d702e7efd7
SHA256: 769bf786b1a16ea7f553dff99bace4aca7550ff8e0bcfbcd0b8390716cff7cdd
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B022F852-76FC-11E9-8447-5254004AAD21}.dat
binary
MD5: e296da157db25620aa5caf0824517231
SHA256: c59ff010e5cdef3304d36c8a664e26aa459df2bc9703fc414e25d28bf7343800
1736
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC8ACF041996C24CE.TMP
––
MD5:  ––
SHA256:  ––
1736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\favicon[1].ico
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1860
RegAsm.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
compressed
MD5: 7eb117d4f238090940dbe43efbcdf1f4
SHA256: a45a77d256628943190f8aa0f4673496d11dba6bc3569796b6f733465fd005e4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
17
TCP/UDP connections
21
DNS requests
16
Threats
27

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2816 IEXPLORE.EXE GET 200 54.36.212.206:80 http://www.terryhill.top/proforma/ FR
html
malicious
1736 iexplore.exe GET 404 54.36.212.206:80 http://www.terryhill.top/favicon.ico FR
html
malicious
1736 iexplore.exe GET 200 204.79.197.200:443 https://www.bing.com/favicon.ico US
image
whitelisted
2816 IEXPLORE.EXE GET 200 54.36.212.206:80 http://www.terryhill.top/proforma/50knewc.exe FR
executable
malicious
2816 IEXPLORE.EXE GET 200 54.36.212.206:80 http://www.terryhill.top/proforma/benu7.exe FR
executable
malicious
2816 IEXPLORE.EXE GET 200 54.36.212.206:80 http://www.terryhill.top/proforma/bobcry.exe FR
executable
malicious
2816 IEXPLORE.EXE GET 200 54.36.212.206:80 http://www.terryhill.top/proforma/player4.exe FR
executable
malicious
1736 iexplore.exe GET 200 152.199.19.161:443 https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin US
binary
whitelisted
1736 iexplore.exe GET 200 152.199.19.161:443 https://iecvlist.microsoft.com/IE11/1479242656000/iecompatviewlist.xml US
xml
whitelisted
1736 iexplore.exe GET 304 152.199.19.161:443 https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlistWin7.xml US
––
––
whitelisted
1736 iexplore.exe GET 200 152.199.19.161:443 https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblocklist.bin US
––
––
whitelisted
2068 RegAsm.exe GET 200 66.171.248.178:80 http://bot.whatismyipaddress.com/ US
text
shared
600 RegAsm.exe GET 200 66.171.248.178:80 http://bot.whatismyipaddress.com/ US
text
shared
1860 RegAsm.exe GET 200 66.171.248.178:80 http://bot.whatismyipaddress.com/ US
text
shared
2676 RegAsm.exe GET 200 66.171.248.178:80 http://bot.whatismyipaddress.com/ US
text
shared
1860 RegAsm.exe GET 200 192.35.177.64:80 http://apps.identrust.com/roots/dstrootcax3.p7c US
cat
whitelisted
1860 RegAsm.exe GET 200 205.185.216.42:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7093e07c677da9f8 US
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2816 IEXPLORE.EXE 54.36.212.206:80 OVH SAS FR malicious
1736 iexplore.exe 54.36.212.206:80 OVH SAS FR malicious
1736 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
1736 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2068 RegAsm.exe 66.171.248.178:80 Alchemy Communications, Inc. US malicious
2068 RegAsm.exe 23.186.192.228:587 –– unknown
600 RegAsm.exe 66.171.248.178:80 Alchemy Communications, Inc. US malicious
1860 RegAsm.exe 66.171.248.178:80 Alchemy Communications, Inc. US malicious
600 RegAsm.exe 69.46.29.186:587 HIVELOCITY VENTURES CORP US malicious
1860 RegAsm.exe 192.185.84.68:587 CyrusOne LLC US unknown
2676 RegAsm.exe 66.171.248.178:80 Alchemy Communications, Inc. US malicious
2676 RegAsm.exe 107.6.154.186:587 SingleHop, Inc. NL malicious
1860 RegAsm.exe 192.35.177.64:80 IdenTrust US malicious
1860 RegAsm.exe 205.185.216.42:80 Highwinds Network Group, Inc. US whitelisted

DNS requests

Domain IP Reputation
www.terryhill.top 54.36.212.206
malicious
api.bing.com 13.107.5.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
bot.whatismyipaddress.com 66.171.248.178
shared
mail.strutnfittings.com 23.186.192.228
unknown
mail.renata-ltd.com 69.46.29.186
malicious
mail.jaguarline.com 192.185.84.68
unknown
mail.mwanzompya.com 107.6.154.186
malicious
apps.identrust.com 192.35.177.64
whitelisted
ctldl.windowsupdate.com 205.185.216.42
205.185.216.10
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile
2816 IEXPLORE.EXE Potentially Bad Traffic ET INFO HTTP Request to a *.top domain
2816 IEXPLORE.EXE Misc activity ET INFO Packed Executable Download
2816 IEXPLORE.EXE Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
2816 IEXPLORE.EXE Misc activity ET INFO Possible EXE Download From Suspicious TLD
2816 IEXPLORE.EXE Misc activity ET INFO Packed Executable Download
2816 IEXPLORE.EXE Misc activity ET INFO Possible EXE Download From Suspicious TLD
2068 RegAsm.exe A Network Trojan was detected MALWARE [PTsecurity] Spy.HawkEye IP Check
2068 RegAsm.exe Generic Protocol Command Decode SURICATA Applayer Detect protocol only one direction
600 RegAsm.exe A Network Trojan was detected MALWARE [PTsecurity] Spy.HawkEye IP Check
1860 RegAsm.exe A Network Trojan was detected MALWARE [PTsecurity] Spy.HawkEye IP Check
2676 RegAsm.exe A Network Trojan was detected MALWARE [PTsecurity] Spy.HawkEye IP Check
1860 RegAsm.exe Generic Protocol Command Decode SURICATA Applayer Detect protocol only one direction
2676 RegAsm.exe Generic Protocol Command Decode SURICATA Applayer Detect protocol only one direction
2676 RegAsm.exe A Network Trojan was detected ET TROJAN Hawkeye Keylogger SMTP Beacon
2676 RegAsm.exe A Network Trojan was detected MALWARE [PTsecurity] HawkEye Reborn8 Stealing Data via SMTP
600 RegAsm.exe Generic Protocol Command Decode SURICATA Applayer Detect protocol only one direction
600 RegAsm.exe A Network Trojan was detected ET TROJAN Hawkeye Keylogger SMTP Beacon
600 RegAsm.exe A Network Trojan was detected MALWARE [PTsecurity] HawkEye Reborn8 Stealing Data via SMTP

8 ETPRO signatures available at the full report

Debug output strings

Process Message
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbeat.cpp(199)\diagtrack.dll!000007FEFA4EDA84: (caller: 000007FEFA4ED257) ReturnHr[PreRelease](60) tid(514) 80070510 The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
–– base\diagnosis\diagtrack\engine\heartbea