General Info

File name

DriverEasy_Setup.exe

Full analysis
https://app.any.run/tasks/460a0966-ccb9-4bc2-9da9-dc68dee6bce4
Verdict
Malicious activity
Analysis date
10/9/2019, 20:34:13
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

64ddc2f7d7733ffb1b338161fa71db0e

SHA1

83182f8c255559c4c1a99df87305d0b7c6f4a0b3

SHA256

9e7081de15de0fe336a185844aa61694dde1bd5050f1bb50837d75a7b834400c

SSDEEP

98304:VX4em8hMEJKnUt3NWot70O0eRrz57Jf8V6cOWl:d3hMUjWotQWRh58HOWl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Easeware.ConfigLanguageFromSetup.exe (PID: 2904)
  • DriverEasy.exe (PID: 3736)
Application was dropped or rewritten from another process
  • Easeware.ConfigLanguageFromSetup.exe (PID: 2904)
  • DriverEasy.exe (PID: 3736)
  • Easeware.CheckScheduledScan.exe (PID: 2440)
Loads the Task Scheduler DLL interface
  • Easeware.CheckScheduledScan.exe (PID: 2440)
Reads Windows owner or organization settings
  • DriverEasy_Setup.tmp (PID: 2704)
Executable content was dropped or overwritten
  • DriverEasy_Setup.exe (PID: 1128)
  • DriverEasy_Setup.exe (PID: 3340)
  • DriverEasy_Setup.tmp (PID: 2704)
Reads the Windows organization settings
  • DriverEasy_Setup.tmp (PID: 2704)
Creates files in the user directory
  • Easeware.ConfigLanguageFromSetup.exe (PID: 2904)
  • DriverEasy_Setup.tmp (PID: 2704)
Reads Environment values
  • DriverEasy.exe (PID: 3736)
Starts Internet Explorer
  • DriverEasy_Setup.tmp (PID: 2704)
Creates files in the Windows directory
  • Easeware.CheckScheduledScan.exe (PID: 2440)
Reads the machine GUID from the registry
  • DriverEasy.exe (PID: 3736)
Uses NETSH.EXE for network configuration
  • DriverEasy_Setup.tmp (PID: 2704)
Creates files in the program directory
  • iexplore.exe (PID: 2260)
Application was dropped or rewritten from another process
  • DriverEasy_Setup.tmp (PID: 2380)
  • DriverEasy_Setup.tmp (PID: 2704)
Creates files in the program directory
  • DriverEasy_Setup.tmp (PID: 2704)
Loads dropped or rewritten executable
  • DriverEasy_Setup.tmp (PID: 2704)
Creates a software uninstall entry
  • DriverEasy_Setup.tmp (PID: 2704)
Reads internet explorer settings
  • iexplore.exe (PID: 2260)
Changes internet zones settings
  • iexplore.exe (PID: 2576)
Reads settings of System Certificates
  • DriverEasy.exe (PID: 3736)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2260)
Creates files in the user directory
  • iexplore.exe (PID: 2260)
Application launched itself
  • iexplore.exe (PID: 2576)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (67.7%)
.exe
|   Win32 EXE PECompact compressed (generic) (25.6%)
.exe
|   Win32 Executable (generic) (2.7%)
.exe
|   Win16/32 Executable Delphi generic (1.2%)
.exe
|   Generic Win/DOS Executable (1.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:03:07 07:30:01+01:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
682496
InitializedDataSize:
314368
UninitializedDataSize:
null
EntryPoint:
0xa7ed0
OSVersion:
6
ImageVersion:
6
SubsystemVersion:
6
Subsystem:
Windows GUI
FileVersionNumber:
5.6.12.37077
ProductVersionNumber:
5.6.12.37077
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Easeware
FileDescription:
Driver Easy Setup
FileVersion:
5.6.12.37077
LegalCopyright:
Copyright © 2019 Easeware.
OriginalFileName:
DriverEasy_Setup.exe
ProductName:
Driver Easy
ProductVersion:
5.6.12
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Mar-2019 06:30:01
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Easeware
FileDescription:
Driver Easy Setup
FileVersion:
5.6.12.37077
LegalCopyright:
Copyright © 2019 Easeware.
OriginalFileName:
DriverEasy_Setup.exe
ProductName:
Driver Easy
ProductVersion:
5.6.12
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
10
Time date stamp:
07-Mar-2019 06:30:01
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000A50E0 0x000A5200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.36825
.itext 0x000A7000 0x00001668 0x00001800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.95049
.data 0x000A9000 0x000037A4 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.02787
.bss 0x000AD000 0x0000676C 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x000B4000 0x00000F1C 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.79161
.didata 0x000B5000 0x000001A4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.74582
.edata 0x000B6000 0x0000009A 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.88107
.tls 0x000B7000 0x00000018 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x000B8000 0x0000005D 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.36974
.rsrc 0x000B9000 0x00047CCC 0x00047E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.46469
Resources
1

2

3

4

5

6

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

11111

DVCLAL

PACKAGEINFO

MAINICON

Imports
    kernel32.dll

    comctl32.dll

    version.dll

    user32.dll

    oleaut32.dll

    netapi32.dll

    advapi32.dll

    kernel32.dll (delay-loaded)

Exports
    dbkFCallWrapperAddr

    __dbk_fcall_wrapper

    TMethodImplementationIntercept

Screenshots

Processes

Total processes
50
Monitored processes
10
Malicious processes
2
Suspicious processes
3

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drivereasy_setup.exe drivereasy_setup.tmp no specs drivereasy_setup.exe drivereasy_setup.tmp easeware.checkscheduledscan.exe no specs easeware.configlanguagefromsetup.exe no specs drivereasy.exe iexplore.exe iexplore.exe netsh.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3340
CMD
"C:\Users\admin\AppData\Local\Temp\DriverEasy_Setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\DriverEasy_Setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Easeware
Description
Driver Easy Setup
Version
5.6.12.37077
Modules
Image
c:\users\admin\appdata\local\temp\drivereasy_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-t93ad.tmp\drivereasy_setup.tmp

PID
2380
CMD
"C:\Users\admin\AppData\Local\Temp\is-T93AD.tmp\DriverEasy_Setup.tmp" /SL5="$8015A,4252798,997888,C:\Users\admin\AppData\Local\Temp\DriverEasy_Setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-T93AD.tmp\DriverEasy_Setup.tmp
Indicators
No indicators
Parent process
DriverEasy_Setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-t93ad.tmp\drivereasy_setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\shdocvw.dll

PID
1128
CMD
"C:\Users\admin\AppData\Local\Temp\DriverEasy_Setup.exe" /SPAWNWND=$B013A /NOTIFYWND=$8015A
Path
C:\Users\admin\AppData\Local\Temp\DriverEasy_Setup.exe
Indicators
Parent process
DriverEasy_Setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Easeware
Description
Driver Easy Setup
Version
5.6.12.37077
Modules
Image
c:\users\admin\appdata\local\temp\drivereasy_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-e34e1.tmp\drivereasy_setup.tmp

PID
2704
CMD
"C:\Users\admin\AppData\Local\Temp\is-E34E1.tmp\DriverEasy_Setup.tmp" /SL5="$D012E,4252798,997888,C:\Users\admin\AppData\Local\Temp\DriverEasy_Setup.exe" /SPAWNWND=$B013A /NOTIFYWND=$8015A
Path
C:\Users\admin\AppData\Local\Temp\is-E34E1.tmp\DriverEasy_Setup.tmp
Indicators
Parent process
DriverEasy_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-e34e1.tmp\drivereasy_setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\users\admin\appdata\local\temp\is-k5na6.tmp\isxdl.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\users\admin\appdata\local\temp\is-k5na6.tmp\botva2.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\users\admin\appdata\local\temp\is-k5na6.tmp\innocallback.dll
c:\windows\system32\mscms.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\easeware\drivereasy\drivereasy.exe
c:\program files\easeware\drivereasy\unins000.exe
c:\program files\easeware\drivereasy\easeware.checkscheduledscan.exe
c:\program files\easeware\drivereasy\easeware.configlanguagefromsetup.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\program files\internet explorer\iexplore.exe

PID
2440
CMD
"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
Path
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
Indicators
No indicators
Parent process
DriverEasy_Setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Easeware
Description
Easeware.CheckScheduledScan
Version
1.0.1.0
Modules
Image
c:\program files\easeware\drivereasy\easeware.checkscheduledscan.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mstask.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\mpr.dll

PID
2904
CMD
"C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe" DriverEasy en
Path
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
Indicators
No indicators
Parent process
DriverEasy_Setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Easeware
Description
Easeware.ConfigLanguageFromSetup
Version
1.0.4.0
Modules
Image
c:\program files\easeware\drivereasy\easeware.configlanguagefromsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\program files\easeware\drivereasy\easeware.driver.core.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll

PID
3736
CMD
"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
Path
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Indicators
Parent process
DriverEasy_Setup.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Easeware
Description
DriverEasy
Version
5.6.12
Modules
Image
c:\program files\easeware\drivereasy\drivereasy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\program files\easeware\drivereasy\easeware.driver.core.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\f52bfe40c54917622ed3abb98db8f90a\presentationframework-systemxml.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\1e1a1bd97e618bc4934ee967bea27ae8\uiautomationtypes.ni.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\program files\easeware\drivereasy\easeware.driver.backup.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\e588691224a17737f3a164cc2d46c156\system.management.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio84a6349c#\d7f5c5b7ad6ae9510514a279c1cb5665\presentationframework-systemcore.ni.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\msctfui.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winmm.dll

PID
2576
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
DriverEasy_Setup.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
2260
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2576 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\wer.dll

PID
992
CMD
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Driver Easy" description="Allow Driver Easy Access Internet to Scan and Download Drivers." dir=out action=allow program="C:\Program Files\Easeware\DriverEasy\DriverEasy.exe" enable=yes profile=any
Path
C:\Windows\System32\netsh.exe
Indicators
No indicators
Parent process
DriverEasy_Setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

Registry activity

Total events
2196
Read events
1989
Write events
205
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2704
DriverEasy_Setup.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
900A000084D05633D07ED501
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
AC7C79FC8B848654F269EDEFE5C422EA4522A828A8FDB5CFC1E1A7A1A7B2A48C
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
9462FEE9E00B69DB6CE8EC0432B2BE047B74593907EF507154AC26903914BA8B
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Setup Version
6.0.1-beta (u)
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: App Path
C:\Program Files\Easeware\DriverEasy
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
InstallLocation
C:\Program Files\Easeware\DriverEasy\
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Icon Group
Driver Easy
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: User
admin
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Selected Tasks
desktopicon,schedulescan
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Deselected Tasks
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Inno Setup: Language
en
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
DisplayName
Driver Easy 5.6.12 (32-bit)
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
DisplayIcon
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
UninstallString
"C:\Program Files\Easeware\DriverEasy\unins000.exe"
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
QuietUninstallString
"C:\Program Files\Easeware\DriverEasy\unins000.exe" /SILENT
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
DisplayVersion
5.6.12
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
Publisher
Easeware
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
URLInfoAbout
https://www.drivereasy.com/
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
HelpLink
https://www.drivereasy.com/
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
URLUpdateInfo
https://www.drivereasy.com/
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
NoModify
1
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
NoRepair
1
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
InstallDate
20191009
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
MajorVersion
5
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
MinorVersion
6
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
VersionMajor
5
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
VersionMinor
6
2704
DriverEasy_Setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
EstimatedSize
14252
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2704
DriverEasy_Setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3736
DriverEasy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DriverEasy.exe
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
EnableFileTracing
0
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
EnableConsoleTracing
0
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
FileTracingMask
4294901760
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
ConsoleTracingMask
4294901760
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
MaxFileSize
1048576
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASAPI32
FileDirectory
%windir%\tracing
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
EnableFileTracing
0
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
EnableConsoleTracing
0
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
FileTracingMask
4294901760
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
ConsoleTracingMask
4294901760
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
MaxFileSize
1048576
3736
DriverEasy.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DriverEasy_RASMANCS
FileDirectory
%windir%\tracing
3736
DriverEasy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DriverEasy
version
5.6.12.37077 Free
3736
DriverEasy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DriverEasy
install_time
2019-10-09 19:34:48
3736
DriverEasy.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{78AFEE11-EAC3-11E9-AB4C-5254004A04AF}
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070A00030009001200220031008100
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070A00030009001200220031009100
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
414DF64AD07ED501
2576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
FD0BF74AD07ED501
2260
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019092020190921
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A0003000900120022003100C901
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
16
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009001200220031001802
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
59
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009001200220031009502
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
48
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2260
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2260
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe
2260
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1290246418
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070A0003000900120023000D00C303
2260
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\ErrorReporting
LastShipAssertTime
04BE954AD07ED501
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091620190923
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CachePrefix
:2019091620190923:
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheLimit
8192
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheOptions
11
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheRepair
0
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CachePrefix
:2019100920191010:
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheLimit
8192
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheOptions
11
2260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheRepair
0
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
992
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation

Files activity

Executable files
17
Suspicious files
3
Text files
83
Unknown types
16

Dropped files

PID
Process
Filename
Type
3340
DriverEasy_Setup.exe
C:\Users\admin\AppData\Local\Temp\is-T93AD.tmp\DriverEasy_Setup.tmp
executable
MD5: 39d1d410ad624c7de255858a69af2642
SHA256: 3fde8902eef797c32d00fe40974975d98f9667090ce0ee8f26b6752541212485
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
executable
MD5: 421062078743f1082c19bec1acea0385
SHA256: cb6bae1cbca6bafd998ecfd118e670fbe7c56540342397fe0e7bd4512e93c2db
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
executable
MD5: f8f603180f0a2eeea33266c8f588fe86
SHA256: e8d2b88484e0b49f43b1ebe281943c0c96c8e1235ea2fdce3419954e520db220
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\unins000.exe
executable
MD5: 39d1d410ad624c7de255858a69af2642
SHA256: 3fde8902eef797c32d00fe40974975d98f9667090ce0ee8f26b6752541212485
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
executable
MD5: eadc337eec5d1529c7917736a4c06c8b
SHA256: 785f72d69941eca8b8490722102206575cece5db1e78f5ead10e6f1a5a668874
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\7z\7z86.dll
executable
MD5: b956a163ebddd44343f3b25c257ccd75
SHA256: cb67b78c555c69660a36c9dacb462082aa6f7480a154f6d95ce032634287bf85
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\innocallback.dll
executable
MD5: 1c55ae5ef9980e3b1028447da6105c75
SHA256: 6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo.dll
executable
MD5: 05d5e02bad0a626dd600012a12e2a455
SHA256: caa9f006b03bce2920d39da7749ba25a4aa33c2a6ff718724e732254ab356fe3
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\botva2.dll
executable
MD5: 67965a5957a61867d661f05ae1f4773e
SHA256: 450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll
executable
MD5: d097b705562567a6b6210c9f82447b32
SHA256: 81c71f6123bcc40770af9fab52026b46446384fd58719ccc8003f06544430b45
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\7z\7z.dll
executable
MD5: d81e3fc518cb5ce170b13c59dd2bc8e6
SHA256: f58b4a8f495a7d99a9d1ad53094e6214f40d9e48d0f96b3c5db41181f3238539
1128
DriverEasy_Setup.exe
C:\Users\admin\AppData\Local\Temp\is-E34E1.tmp\DriverEasy_Setup.tmp
executable
MD5: 39d1d410ad624c7de255858a69af2642
SHA256: 3fde8902eef797c32d00fe40974975d98f9667090ce0ee8f26b6752541212485
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll
executable
MD5: 069511bbb3a0ce758fc589d2ce7f24fc
SHA256: f058f01d0b81046cff0b0ee62d15a07fe8cd680230400c6185279c5e0cdce98e
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Backup.dll
executable
MD5: 83c149b1fc9894dc366110631d233116
SHA256: c9d9bd53a0f89375619d51ddf35170ae76542eda3f25e0fa62f576da33dc3f32
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Interop.WUApiLib.dll
executable
MD5: 3b61c56cf40f05b829f0a8c4f656964d
SHA256: a3e1d94fc89c96401083da660006c58aa30e164eacfa587163aa3eaf0764cd7b
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\SevenZipSharp.dll
executable
MD5: 581afd7d571b9781d2818f48186f836e
SHA256: aabe78679777f20bd6ff873ef201430d3730e37f3d43bcb7efe66471897646a4
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\isxdl.dll
executable
MD5: 48ad1a1c893ce7bf456277a0a085ed01
SHA256: b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\icon-certified[1].jpg
image
MD5: d95171d3aefdc4f6b7e6119cb1a8f346
SHA256: 4380f5bf084b100f43876bd4386bbd6771f630f8477402d6f19f27c55e5c11e9
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 3c82cb68fef38ae0973b5e44181d50be
SHA256: 734aedd970cbd8f0a00a4e67e671389c20aa08e0540c5a75a5181941a0607814
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\KFT_GXcV5KU[1].txt
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\KFT_GXcV5KU[1].htm
html
MD5: 399cb43b2d227e966bf6888b4b63ebb1
SHA256: 3ebc92a039e499a9b5e83739a2676a7224228e53f453f0acd813b2c7de1a38f7
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\js[1]
text
MD5: ab5eacc643814074188620fa227c962a
SHA256: 453e964d5337a329274d3286dac65a342361a4e5a927663cb5250f542f2f7e60
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\note-blockquote[1].png
image
MD5: 3e2a72d39f1c0a72a9387f33c2539b05
SHA256: 213cdb76bc35aaf9ddace9831854c5259976def5e2e3167dc6dda34d21f9fdc2
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\global_buy_2checkout_wcu[1].js
text
MD5: 740639231a85d256d231ec900d41b73c
SHA256: 2f91e6e446d5f1c467d9054b8a8444d5733ee5ebffb0a732ca48333a05bf87ac
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\jquery.min[1].js
html
MD5: ddb84c1587287b2df08966081ef063bf
SHA256: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\map-top-countries[1].jpg
image
MD5: 6290e22c9ddbb4002aa9357d48952ee1
SHA256: 2b93599904b904db7f887c8b91f8374603c99bee97de49b508093728cb8ef557
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\updateall[1].jpg
image
MD5: d13165879e0ef121b463b3473c69e936
SHA256: de57a1b7b359c82cfa49b37c20db905c1ed1e2f79da9c8c74a3925eab7ded6b8
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\buy_microsoft_v2[1].jpg
image
MD5: c4bc1d015c0e5054b2494e951b30cd56
SHA256: dd7bbca93b114a2aac2e45929f5c1e36e1e40351c63ed986b884064c2c3dc84e
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\device-drivers[1].jpg
image
MD5: 15bd9c492aff9c80efee13b675f896de
SHA256: c81c809ae9f6bcaa2a3c533487eaba4c809e62f03d45acc1f6ce240b0b04792d
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\noneed[1].jpg
image
MD5: bba7805aeeaeb2c99a854fc254a1570f
SHA256: 69cbafb13686794452e4f7d24fbb2bb8ad556e3fa0d673430d451d455a1ae106
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\buy_norton_v2[1].jpg
image
MD5: bc83b0a96faa864e49631366e440350f
SHA256: aa805fae242d073ae67c973e35e42b70556696b70555f62e537b021d15a0df5d
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: dd904e4f982414941b41a41ccbf78200
SHA256: 001f462f02b8174e01715a437fc9629b710dc80a03070839c544c4c2a2293552
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\note-success[1].png
image
MD5: db5c0ea44ace809b37e7ad4eb83610a7
SHA256: a6b282bb7f55c6c5722a8580f6f89e84653d95668d42f1ba86aacfa8b5f2104f
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\skeleticons[1].eot
eot
MD5: 64184b622a4a5a1a8d5db4f2ab16519e
SHA256: b6af4c22129a4f2f330de92787162114da95d143d852925ec07ac3e102e953e4
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\OpenSans-Light-webfont[1].eot
eot
MD5: ab51d55805917a0c914268929f786d8b
SHA256: ec395cb9f448b92548e6d4bb9595d07e942891677e7bea83ef65e6105d7f7772
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\analytics[1].js
text
MD5: b66b3b5d54e154c81a50880cdcd7e5f8
SHA256: dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\OpenSans-Regular-webfont[1].eot
eot
MD5: ef387175ee4070780d18892de7069260
SHA256: c266114c962b4b6142714720cd8f34ecee82739af5f00d339cdab8b1e74eb446
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\buy_moneyback[1].png
image
MD5: 17b758b7feeb48552b1f339687d4e11e
SHA256: e7b741021f487cf75a69471fd9e6e29c9b5b44c72f4fd36ffd8634eb008e9c63
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\OpenSans-Bold-webfont[1].eot
eot
MD5: caba68b9c5aa72a1a9729df5e1e490d2
SHA256: 01bd7fe98442952636be9004725a81fcd533a6a48a3995277e61ae2e7ea5567d
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\logo-drivereasy[1].png
image
MD5: 6b3f22e2fe52121d0922664365bdf2f7
SHA256: 904bd8beeca2e93e7bad136fa973d459c399188e3fdc15b0a6b5585cb56eac22
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\style.min[2].css
text
MD5: 2446562857ed21bae441500b23199a89
SHA256: 786b58610788fd938ae249f403907d9896a0303702911df6e18c91dbb45e6c5b
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\jquery-v2.1.3[1].js
text
MD5: 1502356b3e93ccbe66894ce972e38fe6
SHA256: b0beefadef42ab2a724d8683fd19f41a325f858912a8cbfd85cf22d9c9c0879c
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\pressapps-knowledge-base-public[1].js
text
MD5: 2bd6ea9e6917cf9d7f766ec992879722
SHA256: 01ae0d37454997401b6a1ccfbcf482808199f6e28ee8b89f8b213b29530daabb
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\jquery[1].js
text
MD5: 8610f03fe77640dee8c4cc924e060f12
SHA256: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\style[1].css
text
MD5: ef4deefbdccd7082fa61cea701eb3441
SHA256: d91656e169e16b107dc4637707d8975e81318975c68add7e3f05f6b7fac54e4e
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ga6Iaw1J5X9T9RW6j9bNfFcWbA[1].eot
eot
MD5: 2f7f5c4b11d1a9317a5843833912e5e9
SHA256: 61f01f3b3c55970abdd586fe6109ee9ad2ce1df530cc92f6af180db26a2df453
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\block[1].css
text
MD5: df09ec45845a1fe40ee34b2f3c8046ee
SHA256: a8dcf2cb2ddaecc1cbd0971b3dfa64ed7aed3e9dbc33a238dc707e1f2747264e
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\screen[1].css
text
MD5: 1e7cb6ded82f975b74d78ce50f001853
SHA256: 991d72ca03b592c84fa9fb398f62016740f3e17f09f7f4769f761142c0250cfa
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bootstrap[1].css
text
MD5: a2fb1d1ae1852ff05478f9486a8a0ce2
SHA256: 822cd019de74e5b058e082d780a0859fe7172f771337585dd71f89e25ed48704
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\sk-icons[1].css
text
MD5: 63c99e126d9cf92b94d521a87a7cd858
SHA256: 85262169571ddaf28b539571c986aa8bc4d43a684b0f80281cd02452f8719292
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\style.min[1].css
text
MD5: 8b8c3d03d4a83aca7779e61210443cfc
SHA256: 4c004b5da51137c8cb98bbcb2c7ac5bb2c84bd0362065807b4f76160b85c5271
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\style.min[2].css
text
MD5: 09927056d95ca371cbd4d7402b352542
SHA256: e4b1fe2afad897c08a815e32ae07eeaa7db58ecfe48d75622db313450ebb59e9
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\style.min[1].css
text
MD5: fe929a23a43a921c573d6dec065f4697
SHA256: dec2ef0b6843c1b310d824f841cea765bdf85cb4700b942b010aa8aa1c201d88
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\blocks.style.build[1].css
text
MD5: e93ba64f93c9272a99ef3a62b68589ac
SHA256: 9fbc6c85ac21718d1b6ea71521757cd16883a4dfc99b148058bce5f5486fdc21
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\style.min[1].css
text
MD5: 375bd65d60ff3c8723fccc343afb1b9b
SHA256: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\pressapps-knowledge-base-public[1].css
text
MD5: 2b04b0cb5469397f37a433b11d59294a
SHA256: fadd4fd12a9a27eccf40f62342741827381be6729a87f1bee4de4cdf0c73351a
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\js[1]
text
MD5: c1eb667cc673413126d9e69f18548f41
SHA256: d52a2da6aa7d41bb24117f2fab8d4b27fa3fc0fa294baeba4573f7279f059ccd
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\css[1].txt
text
MD5: 30fb8329f184439fe454dc5ea44c3337
SHA256: c16abc552a28a3337299be97870552482d36bc0cea4fc4ede6a280b6ac028a94
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\html5[1].js
html
MD5: 5a98a86b5cb48c1506f338463259ce41
SHA256: 86fbfe313672eea1721475598ca81e520c6d1f788ec4ef7726c7af3cd987e560
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: bc61e86a7dff4102ba3786045ebedf44
SHA256: 6825e454714da935dccd388bca13e67f00688c5d4bc9e0211d0ae5e7603f18c0
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\why-choose-us[1].txt
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\why-choose-us[1].htm
html
MD5: bd0311e02860c7cf6145aebf58eebef1
SHA256: f80ac6f86aedabcf20b3ed955604d3c38734622f1a7df59b3cfe1a9519759dfe
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 856e63ccc2473d39683a9a468ce64dcd
SHA256: e5551fbd41ba61f2b8ecd2196c8475e24e40b19e3bd3de2e6de45047fea2e1c7
2260
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: e07b9577d198d41b1d7e1c496ce1f267
SHA256: d52583fdebf01c142785813608b0a5e6e7254efd48a3c905cc43a304ca1fc688
2576
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2576
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2576
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2904
Easeware.ConfigLanguageFromSetup.exe
C:\Users\admin\AppData\Roaming\Easeware\DriverEasy\settings.dat
xml
MD5: 19c3a18d8fb32b72bf4f8c674f843864
SHA256: 36c45e05ae759099536f42744a44b0d26b17725bc125b070cfce8b9145ea6ff4
2440
Easeware.CheckScheduledScan.exe
C:\Windows\Tasks\Driver Easy Scheduled Scan.job
binary
MD5: 31a1a73464ba615c5a0e6ab85718637a
SHA256: eb092de1c451f4765299965dcea49142bbde527dc772825517218c38692f5b80
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\unins000.dat
dat
MD5: c923c9ce22cb0c56c1afe0434afbabf5
SHA256: 59b098a73431374db2dae4006d9c973efc89bfdbad4e3fa0fe4ef98d36b071ff
2704
DriverEasy_Setup.tmp
C:\Users\Public\Desktop\Driver Easy.lnk
lnk
MD5: 03e21048c3578d3e2eb89cc7a1e24819
SHA256: 63dc17abe396fbd3d0e1da6bf376b91307a2bcbc4d3381df335822e23b13e020
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\unins000.msg
binary
MD5: b6040095c694d912594840b8c61112bb
SHA256: 66c00fa3986abd9c86e656677fbb3a8bfd4b096d7e96731e9f3bb26fb81d0fa7
2704
DriverEasy_Setup.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk
lnk
MD5: 5af5a6d12123588a8a60e7fabac3abd8
SHA256: 445ef978e70a40071e133bb139b5d50fbdd5c6873237b6339191f8edb3f37a8b
2704
DriverEasy_Setup.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk
lnk
MD5: 9a6ccfff6fdec5362fbca8221b3015ba
SHA256: 779060a530631504971642e99e4ddbf8e27c4918910e2cc5b7ef5d75b2d5e584
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\partner.xml
xml
MD5: 4d2ecfc68d83d96f7760ebdb1c4a8089
SHA256: e5ab1594894693cb1dd2e9c99cc8ee1d2024aad67ddf147d67195611efd3a8d3
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Roaming\Easeware\DriverEasy\partner.xml
xml
MD5: 4d2ecfc68d83d96f7760ebdb1c4a8089
SHA256: e5ab1594894693cb1dd2e9c99cc8ee1d2024aad67ddf147d67195611efd3a8d3
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-VA363.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Roaming\Easeware\DriverEasy\is-7QM6J.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
image
MD5: 0f0903a40ae1ecbcd888cf1bdb585571
SHA256: 951407854fdeb46c3a5aef9dcc2002cf469b1d31c2df8cbf98fda6f4e11a1928
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\InstallDotNet.bat
text
MD5: 451e3d9f7282aa15b9530b11a80b8fb5
SHA256: 6abbcc8a924f507a1dd114d1bec4928efd164851ba485f62424d2c97891b583b
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\is-NH1QR.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-MLKU1.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019092020190921\index.dat
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-A9BLH.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\base[1].js
text
MD5: 71a02b904883f0a7418073cc8479448f
SHA256: 4f5d8d5f3eb1d6a66e828b2e08a7434df9136fbabc923ec640db7cbac8f06782
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\7z\is-1LV6F.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_12df8271b62395a348f102b12959f9768e2baf9_08c4ad1a\Report.wer
binary
MD5: 2270e6bdb2f767ae31189a34f580044e
SHA256: d0f0778ac3c515c9367e208fad24c98b858863e9ca8ac85f6636388fff4c8c9f
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\7z\is-LRVCA.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\logo-win_comp[1].jpg
image
MD5: d1bb71495e4b2f93403320219a539898
SHA256: b7cc2b45b2fa4b63e528a836bdaa14dca0f40bc15e41e3ef47b762455a8d1349
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-5HDMU.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Map.xml
xml
MD5: da1746c9cc324d7762c98cbcbde782b4
SHA256: 54901e8129e4f22566624d4650d6d9e5ef7de0b9bfdff5c54b07a12e2188666f
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-6SCN3.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\buy_banner_bg_v3[1].jpg
image
MD5: 7fd8545389041216ad65ddd0f8a811ed
SHA256: 3c00c4fb21e2d49bfe1cdb4d08e67638d4e89f4e477a6015a7a284c65cb610e0
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\wcu-about-bg[1].jpg
image
MD5: b79b7283237fcf8ea0493a75ffcfebf4
SHA256: 3375e8b475759a0cf49c7a3bb8a9f66a33f79bf9b60bc9bf8b2dd3d611460c79
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-1LUK6.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-VBIA2.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\www-player-vflwq7d4P[1].css
text
MD5: c2aedde0fbaf8eef3d2f1fbcd845980c
SHA256: 7692f7da1ec45694584e16e849ae5282581ecd50b0c632e0e7525b80df289e93
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-TCB29.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe.config
xml
MD5: 357195ceb812beb8702453e21728d0b1
SHA256: 12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-UPOVI.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe.config
xml
MD5: 357195ceb812beb8702453e21728d0b1
SHA256: 12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-2O66F.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-LKJIA.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\KFOjCnqEu92Fr1Mu51S7ACc6CsA[1].eot
eot
MD5: 3d24765047e383a80652f464d8d8dc34
SHA256: 54412faeb9ed658523d5bac0fdc02a6d59285621062fc5f4fdbecacca2c7dfc4
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe.config
xml
MD5: 0550e282f7d6d76a0b757916257599e6
SHA256: 6847509084814f51bde2f3bfd9b689a52451b4d976c0850b057026f65c47d445
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\KFOlCnqEu92Fr1MmEU9fBBc8[1].eot
eot
MD5: 03bb29d6722bf52f7fe88a6ed47d9e6e
SHA256: daa5d6292a35a6dc7e075436d0567dbe02515d5e886731fa5ca230e3d8fe26dd
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-JGMPA.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-LMN76.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-73F8J.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\7zip_license.txt
text
MD5: 899a48828b85c4b0402ee7cf1f65b62b
SHA256: 20343526e04ce61eed2675282462e7080d305246f7807386621149c2025765d9
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-OG07B.tmp
––
MD5:  ––
SHA256:  ––
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\KFOkCnqEu92Fr1Mu51xIIzY[1].eot
eot
MD5: f5c365f29f0193e60cf4927c7ce5b5b5
SHA256: 3e700198012f9480be89bd91e804640bcd3c3e9d9e7be7539393d6ba1b8363d6
2704
DriverEasy_Setup.tmp
C:\Program Files\Easeware\DriverEasy\is-2V89B.tmp
––
MD5:  ––
SHA256:  ––
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon_custom_up.bmp
image
MD5: 93649f9b062b8c4ab772865d46ffa393
SHA256: 16ff0dab2c78fa45b9472da68a1f37b4403ce71d4f0920aae5d2ac7fb00aa59e
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon_custom_up_hover.bmp
image
MD5: f7c42b90419faa060a2c572566c5187f
SHA256: 0fe60578b9ce8281cfa7ca946cdcc27d19f9d96f1d8144e6a841f38a587d5881
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon_custom_down.bmp
image
MD5: 5364a733d3df6ffe2aaeac7ea868b835
SHA256: 6da5e640207cd3b84aef694d0ec01d8b0ccf05fe0676defe09a9e0e2584fafbe
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon_custom_down_hover.bmp
image
MD5: 7479fffe26db34b75fb6cba9485414f8
SHA256: 4922d18715d2fbd852c07c8506976857755a3574a6fddcc57d47492ecfb04920
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\btn_browse.bmp
image
MD5: a14d38bcad591c0f1a3cf9f5f77e3000
SHA256: 1642d5ba407ad652fae4a4d10a00fc1c0728d94a6ef75a8d0901a2b315f1677e
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\btn_install_hover.bmp
image
MD5: fe1a861ae94c7008b250c1d1ab6977eb
SHA256: 8a2a09ac95f059c3de0da131223ed07a94dd9a7a3a95c77221d12b5b9c3d9543
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\btn_browse_hover.bmp
image
MD5: 3b065325cd6fa7540e1667b37e4d95b5
SHA256: 74b4dc33550c3bead02dc9bcee3af2822dfe63f8c5239d42ce5b420da25423f7
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\btn_install_notclick.bmp
image
MD5: aedbde162857f71dba9bcbb8b35273b1
SHA256: 144fe14e213132d37fe5e3927912b4117c8a6789a3075e6ecdfea9154dde137e
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\btn_install.bmp
image
MD5: a26f91701137a55b7602242731f8ee65
SHA256: 5d51169829331cbba1ae020e08a99de2714803bbe277abf3235fa8c67b54eb19
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon-info_60x60.png
image
MD5: 1df20e390976ad57765f1449e07cfd72
SHA256: 7a07b728ebede2cf1b4e81a50b7f5f9beae0975d4909c889e0d650472016663b
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\background_messagebox.png
image
MD5: 1549ea2cf00358fb791db13bcb773501
SHA256: d9cd2cee2f362d1388513d5da6031259ff9ce97e0f13a992c50077e8eaf33e54
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\background_welcome_more.png
image
MD5: a6d3e5688c82c04d29a0a9ee356e9a8b
SHA256: e940c5f6f7cad5ce4eb7a66e15f5604d4f4da5902b53a5259eb045775c93ee4c
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\button_minimize.png
image
MD5: 0327da652758a468b4a782e3392eb72b
SHA256: a1c151e746184ba06e9ff178b4134fc8763f64a53d017486cbfb5b2a9af36ca0
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\background_welcome.png
image
MD5: f048154d9062a3c2f147b6380ce6f3ac
SHA256: 1d537619ea6508a383387d88e523522436e86dc72b929680e1552b10e44cf0f6
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\progressbar_background.png
image
MD5: 8590e035e72584ca56eba6a9dfb23a33
SHA256: c5267ffea02e06c538c8be10b1b83513830d6390a069761d10a4b67d9e684f0b
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\background_installing.png
image
MD5: dd797aad2893785472aaa18ec9d131e0
SHA256: 33dfe9609b7aa20bc064a4f4429ccefba07ba951adc5ce2a8f994945e6a17b57
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\progressbar_foreground.png
image
MD5: 1432db7bb8b975c28f110a373d9efe94
SHA256: add59e97c665f0b2e91ed46a9e229320ca3b99f64fc09a54fd5456a8d906f82a
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\checkbox_license.png
image
MD5: b66aff516f0d0b51ac1330ad38f0da68
SHA256: e76216c1183152853638f804170efebe8d061d11c30ea9bf9e6ed1a9fcc6afed
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\background_finish.png
image
MD5: d616086585f3450d847f32f3e6ad8317
SHA256: b0e957bf89342424da907d866ff5d1c614a4fd3a0603f4de9c57f606a360debb
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\button_close.png
image
MD5: 5f6a7af5eca52aa134a4a06832a5d005
SHA256: 7d9ef408ad2520d62d4389c957e105d3fabf14697d2846b77e4fc488fbb84535
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\button_browse.png
image
MD5: c7c746fcc5542d734a3860b425ac6a1e
SHA256: 7cdac82567cdd9719a83bcb62c098c6d2b19d115f10e3db2b164b5f3b0ed1f89
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\button_setup_or_next.png
image
MD5: b9e4b8247138afe12ae2157b20628de9
SHA256: 7877a7839c12c635271f4f03b980f80cb2cdd19b9c660e706edac85f2ca50022
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon_custom.png
image
MD5: 39ab68a67302e28f0ae08ec418890d2e
SHA256: a22aa447e1f620098e969d56688e79cc4b3b729afe83a13468e86cd2927545df
2704
DriverEasy_Setup.tmp
C:\Users\admin\AppData\Local\Temp\is-K5NA6.tmp\icon_uncustom.png
image
MD5: 5a7f3314fbd8a3db765394798bc8a9ce
SHA256: 2f67d842567176b42176784bb001ec63e3d84685fa35aebe5c23db20a969d427
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\www-embed-player[1].js
text
MD5: ab832d1b1dcb8e7abe0793deb8cf0fa1
SHA256: 9d990ea243cc372406ec0e98f35505577ba49389e290679d03fa4863496a0299
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\avatar_4[1].jpg
image
MD5: 91bdfb5e893dd2a98357e11da3e44324
SHA256: 508785c8b2aa2b96095fdf34d1139b081189a59e92627b311d0dc8be11b773df
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
dat
MD5: df5a8b982f4c7e27bb11d4175c019a01
SHA256: 5e48130abd96e2b6785de28e79b033891ae312db5f4472ef394b7b81c477c3ee
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\avatar_1_01[1].jpg
image
MD5: 911c0de2aa3f13a9c33586a1724aab36
SHA256: 5960c23b4f4d40f84f027948e0d08ae912164088e5ca6d22d3713dd3ad824692
2260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010\index.dat
dat
MD5: 0ca0d5cafacaaa82b5c8c74fcdd62aa4
SHA256: cdf18e4478c630f16e6da1359f0cb144831b1473a5a196ee7ac25ae23e76ed1d

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
23
DNS requests
12
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2576 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3736 DriverEasy.exe 172.217.18.110:443 Google Inc. US whitelisted
–– –– 204.79.197.200:80 Microsoft Corporation US whitelisted
2260 iexplore.exe 167.114.130.158:443 OVH SAS CA malicious
–– –– 172.217.22.106:443 Google Inc. US whitelisted
–– –– 216.58.207.72:443 Google Inc. US whitelisted
2260 iexplore.exe 216.58.207.35:443 Google Inc. US whitelisted
3736 DriverEasy.exe 167.114.130.158:443 OVH SAS CA malicious
3736 DriverEasy.exe 2.16.106.201:80 Akamai International B.V. –– whitelisted
2260 iexplore.exe 172.217.18.110:443 Google Inc. US whitelisted
2260 iexplore.exe 172.217.21.238:443 Google Inc. US whitelisted
2260 iexplore.exe 172.217.23.142:443 Google Inc. US whitelisted
2260 iexplore.exe 108.177.15.155:443 Google Inc. US whitelisted
2260 iexplore.exe 172.217.16.132:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.google-analytics.com 172.217.18.110
whitelisted
www.drivereasy.com 167.114.130.158
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
fonts.googleapis.com 172.217.22.106
whitelisted
www.googletagmanager.com 216.58.207.72
whitelisted
fonts.gstatic.com 216.58.207.35
whitelisted
cdn.drivereasy.com 2.16.106.201
2.16.106.187
suspicious
www.youtube.com 172.217.21.238
172.217.22.14
172.217.23.142
216.58.206.14
172.217.23.110
216.58.207.46
216.58.207.78
172.217.16.174
216.58.208.46
172.217.16.142
172.217.22.46
172.217.22.78
216.58.210.14
172.217.23.174
216.58.205.238
whitelisted
s.ytimg.com 172.217.23.142
whitelisted
stats.g.doubleclick.net 108.177.15.155
108.177.15.157
108.177.15.154
108.177.15.156
whitelisted
www.google.com 172.217.16.132
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.