General Info

File name

Document.pdf

Full analysis
https://app.any.run/tasks/4916ef3a-213b-4842-abd0-8408b2b5c6d9
Verdict
Malicious activity
Analysis date
11/8/2018, 21:33:21
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/pdf
File info:
PDF document, version 1.4
MD5

a75d2d60373ee06db7be11b457daa4b5

SHA1

cf6519ca37904637cdac4ec4a2310b490d422427

SHA256

7a3d2801b38a6370e7fb87e19d217946892cab6cdfd48d66bb2ed40a263f554a

SSDEEP

3072:gUOw0DJnV/fA7qYRXCTWhbIiv60kTcuXGcpIoWYdE:3Ow0DiyTCIKcb7aoWyE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executable content was dropped or overwritten
  • AdobeARM.exe (PID: 3452)
  • msdt.exe (PID: 2036)
Creates files in the program directory
  • AdobeARM.exe (PID: 3452)
Starts Internet Explorer
  • AcroRd32.exe (PID: 3704)
Reads Internet Cache Settings
  • iexplore.exe (PID: 548)
  • iexplore.exe (PID: 2428)
Reads internet explorer settings
  • iexplore.exe (PID: 2428)
  • iexplore.exe (PID: 548)
Changes internet zones settings
  • iexplore.exe (PID: 2244)
  • iexplore.exe (PID: 3732)
Creates files in the user directory
  • iexplore.exe (PID: 2244)
  • iexplore.exe (PID: 548)
  • AcroRd32.exe (PID: 3704)
Application launched itself
  • RdrCEF.exe (PID: 2100)
  • AcroRd32.exe (PID: 3704)
  • iexplore.exe (PID: 3732)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.pdf
|   Adobe Portable Document Format (100%)
EXIF
PDF
PDFVersion:
1.4
Linearized:
No
PageCount:
1
Producer:
RAD PDF 3.6.1.0 - http://www.radpdf.com
Creator:
RAD PDF
CreateDate:
2018:10:29 17:06:41Z
ModifyDate:
2018:11:08 18:19:03Z
XMP
XMPToolkit:
DynaPDF 4.0.24.62, http://www.dynaforms.com
Producer:
RAD PDF 3.6.1.0 - http://www.radpdf.com
CreateDate:
2018:10:29 17:06:41Z
CreatorTool:
RAD PDF
MetadataDate:
2018:11:08 18:19:03Z
ModifyDate:
2018:11:08 18:19:03Z
DocumentID:
uuid:3d284710-b822-3a2b-8e1e-159695e83c86
VersionID:
1
RenditionClass:
default

Screenshots

Processes

Total processes
48
Monitored processes
16
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start acrord32.exe acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs iexplore.exe iexplore.exe adobearm.exe reader_sl.exe no specs iexplore.exe iexplore.exe msdt.exe sdiagnhost.exe no specs ipconfig.exe no specs route.exe no specs makecab.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3704
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\Document.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\kbdus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sspicli.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\adobe\arm\1.0\adobearm.exe

PID
3092
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\Document.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.dll
c:\program files\adobe\acrobat reader dc\reader\agm.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\version.dll
c:\program files\adobe\acrobat reader dc\reader\bib.dll
c:\program files\adobe\acrobat reader dc\reader\cooltype.dll
c:\program files\adobe\acrobat reader dc\reader\ace.dll
c:\windows\system32\profapi.dll
c:\program files\adobe\acrobat reader dc\reader\axe8sharedexpat.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\weblink.api
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\escript.api
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\adobe\acrobat reader dc\reader\bibutils.dll
c:\program files\adobe\acrobat reader dc\reader\sqlite.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ia32.api
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\updater.api
c:\windows\system32\msimg32.dll

PID
2100
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\apphelp.dll

PID
3780
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2100.0.1134550331\120287222" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
3592
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2100.1.1593295900\1019427822" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
3732
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
548
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3732 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll

PID
3452
CMD
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:15.0 /MODE:3
Path
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Reader and Acrobat Manager
Version
1.824.27.2646
Modules
Image
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\program files\common files\adobe\arm\1.0\adobearmhelper.exe
c:\windows\system32\imagehlp.dll

PID
3196
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
Indicators
No indicators
Parent process
AdobeARM.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat SpeedLauncher
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2244
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\msdt.exe
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
2428
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2244 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

PID
2036
CMD
-modal 393570 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDFEDE0.tmp -ep NetworkDiagnosticsWeb
Path
C:\Windows\system32\msdt.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Diagnostics Troubleshooting Wizard
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msdt.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\atl.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\duser.dll
c:\windows\system32\wer.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dui70.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\sdiageng.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\version.dll
c:\windows\system32\sensapi.dll

PID
3332
CMD
C:\Windows\System32\sdiagnhost.exe -Embedding
Path
C:\Windows\System32\sdiagnhost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Scripted Diagnostics Native Host
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sdiagnhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\1c755e2849bee87c5f0f4758d2d51ae6\microsoft.windows.diagnosis.sdhost.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\8ac2425807a71c8133cfe1d40ba9ba67\microsoft.windows.diagnosis.commands.updatediagrootcause.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\9582f4042bd63965d8282ea15f63c934\microsoft.windows.diagnosis.commands.getdiaginput.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\a3c1bc5bfd402b4232df98aa5e5df103\microsoft.windows.diagnosis.commands.updatediagreport.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\b83e03dd807fb456c0bcceb3704c9702\microsoft.windows.diagnosis.commands.writediagprogress.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\20008c75bb41e2febf84d4d4aea5b4e8\system.serviceprocess.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\ipconfig.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\route.exe
c:\windows\system32\makecab.exe

PID
4024
CMD
"C:\Windows\system32\ipconfig.exe" /all
Path
C:\Windows\system32\ipconfig.exe
Indicators
No indicators
Parent process
sdiagnhost.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
IP Configuration Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ipconfig.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qagent.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll

PID
2736
CMD
"C:\Windows\system32\ROUTE.EXE" print
Path
C:\Windows\system32\ROUTE.EXE
Indicators
No indicators
Parent process
sdiagnhost.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
TCP/IP Route Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\route.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
2236
CMD
"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
Path
C:\Windows\system32\makecab.exe
Indicators
No indicators
Parent process
sdiagnhost.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Cabinet Maker
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\makecab.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
1094
Read events
952
Write events
142
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3704
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3704
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3704
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3704
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3704
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3092
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
3092
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
3092
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
smailto
5900
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{9AAE4EE8-E395-11E8-9C83-5254004AAD11}
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008001400210035008801
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008001400210035009701
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008001400210035006202
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008001400210035008202
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
34
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800140021003500DF02
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3452
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM
iSpeedLauncherLogonTime
D8720E7C8D76D401
3452
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3452
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3452
AdobeARM.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{C6254DA6-E395-11E8-9C83-5254004AAD11}
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B0004000800140023000600EB00
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B0004000800140023000600FB00
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008001400230006008801
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800140023000600A701
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
34
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800140023000600C601
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
23
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2244
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2036
msdt.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3332
sdiagnhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3332
sdiagnhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
4
Suspicious files
16
Text files
83
Unknown types
16

Dropped files

PID
Process
Filename
Type
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\en-US\DiagPackage.dll.mui
executable
MD5: 5d7936806e6855e2ecc2b095316d45d8
SHA256: 71a4559f9fd122914a95998e8685be638b8f81e581987708497e8f8a7a2f4dcb
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\S\89\AdobeARMHelper.exe
executable
MD5: 7182705213142ee4dcf722aa247dd55c
SHA256: f9b595f657589a25f6f247b4cdd0de7f2ba0319b015d33f000728bfc11d0a1c2
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\S\89\AdobeARM.msi
executable
MD5: d5e51c3a1d7979665b6b7e1ad2a653b4
SHA256: 2339ee197758a31ef70ea19a7a11413e08341c34d34a07a11029f8003114080f
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\DiagPackage.dll
executable
MD5: 2433e09c08c21455000f7e36d7653759
SHA256: ea9400e719fb15cd82d5dab4b7d8e3870bb375bbe11bb95b0d957a84fee2891c
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\NetworkDiagnosticsTroubleshoot.ps1
text
MD5: 1d192ce36953dbb7dc7ee0d04c57ad8d
SHA256: 935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
2428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 7f5a0d6a5479be6a0a494a757f0bc332
SHA256: 14bdc2e5460df05039af3ff537e4a7b1b9f25db085f1c5b81fb9b12c30ad8bab
2244
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C6254DA7-E395-11E8-9C83-5254004AAD11}.dat
––
MD5:  ––
SHA256:  ––
2244
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD996379BCE4F525A.TMP
––
MD5:  ––
SHA256:  ––
2244
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: f7991ea87fbaf780fa0cdab5d49e8ce7
SHA256: 41ad8fa91a47cef4a1a8ccb8b5c3260dd0c23d722b064fc5f26975caf0b92a0c
2244
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{DDEE373C-E395-11E8-9C83-5254004AAD11}.dat
binary
MD5: ebff24f1993d3966548612b1e7f8fb6a
SHA256: ea6bd2407ba1cf264c1172b34a1b6b018dafc80da61780543b81180e43888f2f
2244
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD040AB54504B13F3.TMP
––
MD5:  ––
SHA256:  ––
2244
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFACA79832D7FB0D5C.TMP
––
MD5:  ––
SHA256:  ––
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\errorPageStrings[2]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\latest.cab
compressed
MD5: e0fb756eea32c705c35432726474e811
SHA256: 59da1cf298100c4b3b3dbcb0c34d05f194f0d987dae1fbef0ada02a75d77b41b
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA2C82.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA3025.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA493F.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLAEE.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA1607.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\DebugReport.xml
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_cab_07ee0485\Report.wer
binary
MD5: 37e4cc61bd185e2a8826fcbf1d901d01
SHA256: 862a197f7684689609c97d75fb2c91d2ee482987d76242256545bae37c99b97c
2036
msdt.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_cab_07ee0485\Pkg428.cab
compressed
MD5: 6872ad228a810b91f0519d0c7ed131db
SHA256: d72e32ca60977ced2272fbfeedf1d91612c17c4eaa74ea824b716efe98bb9ace
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA7356.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA507A.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\msdt\_A2C655C8-83DB-4D39-A329-01B7DA5C9578_\Pkg428.cab
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA7C29.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA5780.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA503.tmp
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\latest.cab
compressed
MD5: 6872ad228a810b91f0519d0c7ed131db
SHA256: d72e32ca60977ced2272fbfeedf1d91612c17c4eaa74ea824b716efe98bb9ace
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\NetworkDiagnostics.0.debugreport.xml
xml
MD5: 25769306c148c9320c4d3bc22e2bca85
SHA256: 356efaccb7eb8c98706c87df33a65ffbd862e5fb65529cec6cba5da473fc1e01
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\result\DebugReport.xml
xml
MD5: 25769306c148c9320c4d3bc22e2bca85
SHA256: 356efaccb7eb8c98706c87df33a65ffbd862e5fb65529cec6cba5da473fc1e01
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\resultreport.xml
xml
MD5: a38370df3ce641a4538a6c80bb8db6e8
SHA256: a4d30553fbf37eaf439d4a2222eda9f556566caba3ed5f75975315c039a0d6da
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\ResultReport.xml
xml
MD5: a38370df3ce641a4538a6c80bb8db6e8
SHA256: a4d30553fbf37eaf439d4a2222eda9f556566caba3ed5f75975315c039a0d6da
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\results.xsl
xml
MD5: 310e1da2344ba6ca96666fb639840ea9
SHA256: 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\results.xml
text
MD5: 840b413cbf5e57a93deecff7e76cf260
SHA256: de5825ee63dd98ca86f86652ff81ac75380b3ac4d880ab44d8984b8bf531ffae
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\result\ResultReport.xml
xml
MD5: 5c8ee61f01c0595672248f7092a11403
SHA256: e4c9051eedd196e89c4f3bb31e896d6bcf150869295e2b691064e0235b4ba0fb
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\F6CE0316-DC65-4A82-9793-6D57801D7EF3.Diagnose.0.etl
etl
MD5: 4559fda2dc96cdbc3847e986f6fe422e
SHA256: d50ae20103ed6217617427b1ce28e9d45d4b0b49e68d83b2a64d171c86461099
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2018110820.000\NetworkConfiguration.cab
compressed
MD5: 87611ede5793a54798cd28583a51fef0
SHA256: d543d18fdf9ccfaf851c9930e483bf24d50102dc58dadc52a5cbdca20645afe5
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA7356.tmp
binary
MD5: e36e1f3a4aedbc711cb2edaa50c5ec2b
SHA256: 10a1f282d9b721e774757f2621a1d509507997f55a7f253a1b64e831957718eb
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA503.tmp
binary
MD5: b84ef0ace83959b34c79d8fcc41747af
SHA256: 8440ae7098ca7dcd6c5aebffa8160656b432652782f400f32d5fc6668dd32a66
2036
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\latest.cab
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\result\NetworkConfiguration.cab
compressed
MD5: 87611ede5793a54798cd28583a51fef0
SHA256: d543d18fdf9ccfaf851c9930e483bf24d50102dc58dadc52a5cbdca20645afe5
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\inf_2236_2
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\tmp1B7.tmp\setup.inf
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\inf_2236_4
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\tmp1B7.tmp\setup.rpt
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\inf_2236_3
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\cab_2236_8
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\cab_2236_7
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\tmp1B7.tmp\NetworkConfiguration.cab
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\cab_2236_9
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\cab_2236_6
––
MD5:  ––
SHA256:  ––
2236
makecab.exe
C:\Users\admin\AppData\Local\Temp\cab_2236_5
––
MD5:  ––
SHA256:  ––
3332
sdiagnhost.exe
C:\Users\admin\AppData\Local\Temp\tmp1B7.tmp\route.print.txt
––
MD5:  ––
SHA256:  ––
3332
sdiagnhost.exe
C:\Users\admin\AppData\Local\Temp\tmp1B7.tmp\NetworkConfiguration.ddf
––
MD5:  ––
SHA256:  ––
3332
sdiagnhost.exe
C:\Users\admin\AppData\Local\Temp\tmp1B7.tmp\ipconfig.all.txt
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\result\F6CE0316-DC65-4A82-9793-6D57801D7EF3.Diagnose.0.etl
etl
MD5: 4559fda2dc96cdbc3847e986f6fe422e
SHA256: d50ae20103ed6217617427b1ce28e9d45d4b0b49e68d83b2a64d171c86461099
3332
sdiagnhost.exe
C:\Users\admin\AppData\Local\Temp\F6CE0316-DC65-4A82-9793-6D57801D7EF3.Diagnose.0.etl
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\result\results.xsl
xml
MD5: 310e1da2344ba6ca96666fb639840ea9
SHA256: 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\StartDPSService.ps1
text
MD5: a660422059d953c6d681b53a6977100e
SHA256: d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\UtilityFirewall.ps1
text
MD5: b004afc224e9216115ec3b0bf5d43ba2
SHA256: 31b97632ca31d1bb21917a07757b2ff415dbb6a4e7dd7b533ecc52431acf65b5
2244
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: ae66984cf63921b3e2a1beb6040ceca4
SHA256: dffdbb0f19e0e89a73909dfc3cea25ae3e7ad9814d1e3e783b2344c3247f8fba
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\UtilityFunctions.ps1
text
MD5: 2f7c3db0c268cf1cf506fe6e8aecb8a0
SHA256: 886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\UtilitySetConstants.ps1
text
MD5: 0c75ae5e75c3e181d13768909c8240ba
SHA256: de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 0b8bdbb076b08e5036ed7e9d59564860
SHA256: 60e1fe70c2c455f22d9be3e19cab4ff36c4d12d92b5058ee5ce71a8c8373e3eb
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\en-US\LocalizationData.psd1
text
MD5: dfc212122eade84d83607ba672a06114
SHA256: cec7595c6607862fb8b633468272c2118253ec77b47901aace7cd94f4f6c1f0b
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\NetworkDiagnosticsVerify.ps1
text
MD5: c0bb6343bd0f6f9b46b33e4b66106953
SHA256: eb9bc61668a93759d0127a11cdfc03e924100d69c7e6457feaa89330474c90c3
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\NetworkDiagnosticsResolve.ps1
text
MD5: a7b957f221c643580184665be57e6ac8
SHA256: 8582ef50174cb74233f196f193e04c0ccbbee2aed5ce50964cbb95822c218e7f
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\DiagPackage.diagpkg
xml
MD5: c9fb87fa3460fae6d5d599236cfd77e2
SHA256: cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\HTInteractiveRes.ps1
text
MD5: c25ed2111c6ee9299e6d9bf51012f2f5
SHA256: 8e326ee0475208d4c943d885035058fad7146bba02b66305f7c9f31f6a57e81b
2244
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C6254DA6-E395-11E8-9C83-5254004AAD11}.dat
––
MD5:  ––
SHA256:  ––
2036
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_b769d139-4035-4f69-b74c-a92bec76f1ee\InteractiveRes.ps1
text
MD5: 25b8543dbf571f040118423bc3c7a75e
SHA256: d78e6291d6f27ac6febdcf0a4d5a34521e7f033af8875e026df21ba7513ab64a
2244
iexplore.exe
C:\Users\admin\AppData\Local\Temp\NDFEDE0.tmp
binary
MD5: fca61975fcd507cc7c7af2a8f5d2ca0b
SHA256: d281c700e3b775ec2a5f43d744c5e204c9a7be60935e6a16bf6e313f37c5541b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[2]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\dnserror[2]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2244
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2244
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2244
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 9be99160196324b098e63d4adc60f11b
SHA256: e6dc4f4a797983596f8b0f9b98ae0aebcbfd76c9df238f450778613ac4d9b264
2244
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF235BCD68B65C02A9.TMP
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp8401.tmp
––
MD5:  ––
SHA256:  ––
2244
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BFPD6P92AW50NQNOA4FI.temp
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp83B2.tmp
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: ef4178ce70902f478650b2a934cb8ac7
SHA256: 183b3c36a9e37ae36db9f3da3991ae70357eedbf730bfba65b51d5dfd206aaf9
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp68B7.tmp
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: c46add5fb92b0266cfc3d3186169083f
SHA256: 29cf56b920ebee8c2eaf71367af2c03be8a6942dcd3a5544698a1a90c4b56244
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp6887.tmp
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 2a226f33869410e3b2de886505605e42
SHA256: 42103b4346164e8516b987567884bfe0ea52f1dc5cff3fb7fb48dbcb25b74bb4
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp4CD0.tmp
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6B288E9FB8928759.TMP
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9AAE4EE8-E395-11E8-9C83-5254004AAD11}.dat
––
MD5:  ––
SHA256:  ––
548
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
548
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 8079f795b3a04792b3b54a30f88ac32d
SHA256: fa43c406684e2f8a34dab11d815834c06d968648bfc77d05a6388caeba67f355
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9AAE4EE9-E395-11E8-9C83-5254004AAD11}.dat
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF8FA73769823BC603.TMP
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{B01EB431-E395-11E8-9C83-5254004AAD11}.dat
binary
MD5: f620a6f34f1b4dc583e82d783892b1ae
SHA256: 6fba5b08540c3e368398d033be29877eb36678ab52b040ddbe06c00c08e0450f
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: 12ed099526d4e532afbeebb94537cd6e
SHA256: b5ffaacae63b80c4c40732f16e6958170e7dfb81f2b2b2013bc56898713096f8
3732
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC177B14CCA9ED502.TMP
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFAD9F45B8AAB9B062.TMP
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: a5deee52b298967638b05dc479def3a9
SHA256: 932ad7d7735eabddcecd281d859df90619225c5ff6d3d5c717b4bcbae46b094d
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpCDBC.tmp
––
MD5:  ––
SHA256:  ––
3452
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 7ee207d20e6054e7143dc013a208de47
SHA256: 6b57482124a3544c106cd447b289cafb5b426a2ae1d9a128b7713595d33e2a6c
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpCDAB.tmp
––
MD5:  ––
SHA256:  ––
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
3452
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\ArmUI.ini
text
MD5: 864c22fb9a1c0670edf01c6ed3e4fbe4
SHA256: b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3732
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 42039a1ed27328fbf47a77384cb518f9
SHA256: 440333726142e73e20554d8252d94410009c467fe74b0daa7f879e1ca56fa8af
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Raxw1a1_1fwtdo8_2dw.tmp
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R3yu924_1fwtdo6_2dw.tmp
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Ris8uz3_1fwtdo7_2dw.tmp
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rkpwe9z_1fwtdo4_2dw.tmp
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Ruqc15u_1fwtdo5_2dw.tmp
––
MD5:  ––
SHA256:  ––
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 211126bb81b82ccac96de23b653bb93f
SHA256: d2af11cfc4e6435d1b5ea0c20cafe174736d0378b7fdc381c86e667e083bd0af
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 1c3bef3cb58e16d2003acef4a37a11de
SHA256: e2ddeb61fcc8f58176eeaa6714d3c3252068dbbbfeb0e00547a826fc51025ceb
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: b93b145fe0eb9ccadf3b49905c4a0ae2
SHA256: 8928b58dc44f172b2bea427a12bc8aa05e44873e6425a6fe6f302964c5a59822
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 26a8885ce9b1e03aac7d6ae6e1343801
SHA256: 37dd44e1ab880b4baefc5abf97b1e24444fe8a3d880a245199ae16e7a520c5a8
3092
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: eab71718813cfe89151bbfdc77f7a471
SHA256: cb34a1f8ae424cd9d25fc4a2081ad0f8a5943a027ec5e30d7a02f5bd56ec80a0
2244
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF1a2339.TMP
binary
MD5: ae66984cf63921b3e2a1beb6040ceca4
SHA256: dffdbb0f19e0e89a73909dfc3cea25ae3e7ad9814d1e3e783b2344c3247f8fba

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
7
TCP/UDP connections
23
DNS requests
8
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3704 AcroRd32.exe GET 304 2.16.186.33:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip unknown
––
––
whitelisted
3704 AcroRd32.exe GET 304 2.16.186.33:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip unknown
––
––
whitelisted
3704 AcroRd32.exe GET 304 2.16.186.33:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip unknown
––
––
whitelisted
3704 AcroRd32.exe GET 304 2.16.186.33:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip unknown
––
––
whitelisted
3704 AcroRd32.exe GET 304 2.16.186.33:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip unknown
––
––
whitelisted
3732 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2244 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3704 AcroRd32.exe 2.16.186.33:80 Akamai International B.V. –– whitelisted
3704 AcroRd32.exe 23.210.248.251:443 Akamai International B.V. NL whitelisted
3732 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
548 iexplore.exe 209.205.208.13:443 24 SHELLS US unknown
–– –– 23.210.248.251:443 Akamai International B.V. NL whitelisted
–– –– 2.18.233.74:443 Akamai International B.V. –– whitelisted
2428 iexplore.exe 209.205.208.13:443 24 SHELLS US unknown
2244 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
–– –– 209.205.208.13:443 24 SHELLS US unknown

DNS requests

Domain IP Reputation
acroipm2.adobe.com 2.16.186.33
2.16.186.32
whitelisted
armmf.adobe.com 23.210.248.251
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
thepottersvilla.com.ng 209.205.208.13
unknown
ardownload2.adobe.com 2.18.233.74
whitelisted

Threats

PID Process Class Message
–– –– unknown SURICATA TCPv4 invalid checksum

Debug output strings

No debug info.