General Info

URL

http://www.compuclever.com

Full analysis
https://app.any.run/tasks/cc83132b-07f2-4336-b471-6ae6436e90e0
Verdict
Malicious activity
Analysis date
2/11/2019, 03:09:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • pctum.exe (PID: 2172)
  • pctum.exe (PID: 1932)
  • pctum.exe (PID: 752)
  • pctum.exe (PID: 3588)
  • pctum.exe (PID: 2412)
Loads dropped or rewritten executable
  • pctum.exe (PID: 4024)
  • pmc.exe (PID: 3204)
  • ccmanagementservice.exe (PID: 3708)
  • pctum.exe (PID: 2172)
  • pmc.exe (PID: 3564)
  • programmanagementconsole_setup.exe (PID: 1700)
  • pctum.exe (PID: 3588)
  • pctum.exe (PID: 2244)
  • pctum.exe (PID: 752)
  • pctum.exe (PID: 3972)
  • pctuneupmaestro_setup[1].exe (PID: 2604)
  • pctum.exe (PID: 2412)
  • pctum.exe (PID: 1932)
  • pctum.exe (PID: 3536)
  • pctum.exe (PID: 3556)
Application was dropped or rewritten from another process
  • pctum.exe (PID: 2172)
  • pmc.exe (PID: 3564)
  • filextmgr.exe (PID: 1524)
  • ccmanagementservice.exe (PID: 3708)
  • programmanagementconsole_setup.exe (PID: 1700)
  • pctum.exe (PID: 4024)
  • pmc.exe (PID: 3204)
  • pctum.exe (PID: 2412)
  • pctum.exe (PID: 1932)
  • pctum.exe (PID: 752)
  • filextmgr.exe (PID: 2460)
  • pctum.exe (PID: 3972)
  • pctum.exe (PID: 3588)
  • pctum.exe (PID: 3536)
  • pctum.exe (PID: 2244)
  • pctuneupmaestro_setup[1].exe (PID: 2604)
  • pctuneupmaestro_setup[1].exe (PID: 3392)
  • pctum.exe (PID: 3556)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3112)
Reads internet explorer settings
  • pctum.exe (PID: 2172)
Creates files in the user directory
  • pctum.exe (PID: 2172)
  • pctum.exe (PID: 4024)
  • ccmanagementservice.exe (PID: 3708)
  • pmc.exe (PID: 3204)
  • pctum.exe (PID: 3972)
  • pctum.exe (PID: 752)
  • pctum.exe (PID: 2244)
  • pctum.exe (PID: 1932)
  • pctum.exe (PID: 3536)
  • pctum.exe (PID: 3556)
  • pctum.exe (PID: 2412)
  • pctum.exe (PID: 3588)
  • pctuneupmaestro_setup[1].exe (PID: 2604)
Executable content was dropped or overwritten
  • programmanagementconsole_setup.exe (PID: 1700)
  • pctuneupmaestro_setup[1].exe (PID: 2604)
  • iexplore.exe (PID: 3112)
  • iexplore.exe (PID: 2804)
Creates a software uninstall entry
  • pctuneupmaestro_setup[1].exe (PID: 2604)
Creates files in the program directory
  • pctuneupmaestro_setup[1].exe (PID: 2604)
Creates files in the user directory
  • iexplore.exe (PID: 2804)
  • iexplore.exe (PID: 3176)
  • opera.exe (PID: 348)
  • iexplore.exe (PID: 3112)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3856)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3176)
  • iexplore.exe (PID: 2804)
  • iexplore.exe (PID: 3112)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 3176)
  • programmanagementconsole_setup.exe (PID: 1700)
  • pctuneupmaestro_setup[1].exe (PID: 2604)
Reads settings of System Certificates
  • iexplore.exe (PID: 2804)
  • iexplore.exe (PID: 3112)
Reads internet explorer settings
  • iexplore.exe (PID: 3176)
  • iexplore.exe (PID: 3112)
Changes internet zones settings
  • iexplore.exe (PID: 2804)
Application launched itself
  • iexplore.exe (PID: 2804)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
57
Monitored processes
23
Malicious processes
4
Suspicious processes
9

Behavior graph

+
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs opera.exe pctuneupmaestro_setup[1].exe no specs pctuneupmaestro_setup[1].exe pctum.exe no specs pctum.exe no specs pctum.exe no specs pctum.exe no specs pctum.exe no specs pctum.exe no specs filextmgr.exe no specs pctum.exe no specs pctum.exe no specs programmanagementconsole_setup.exe pmc.exe no specs ccmanagementservice.exe pmc.exe no specs pctum.exe no specs pctum.exe iexplore.exe filextmgr.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2804
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\d2ypij90\pctuneupmaestro_setup[1].exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
3112
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2804 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
3856
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

PID
348
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll

PID
3392
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\pctuneupmaestro_setup[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\pctuneupmaestro_setup[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
CompuClever Systems Inc.
Description
Version
7.1.3.361
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\d2ypij90\pctuneupmaestro_setup[1].exe
c:\systemroot\system32\ntdll.dll

PID
2604
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\pctuneupmaestro_setup[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\pctuneupmaestro_setup[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc.
Description
Version
7.1.3.361
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\d2ypij90\pctuneupmaestro_setup[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsy5d56.tmp\system.dll
c:\users\admin\appdata\local\temp\nsy5d56.tmp\sightofuser.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsy5d56.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msls31.dll
c:\users\admin\appdata\local\temp\nsy5d56.tmp\linker.dll
c:\users\admin\appdata\local\temp\nsy5d56.tmp\pctum.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\program files\compuclever\pc tuneup maestro\filextmgr.exe
c:\users\admin\appdata\local\temp\programmanagementconsole_setup.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\netutils.dll

PID
3536
CMD
"C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\pctum.exe" /quit_popup
Path
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\users\admin\appdata\local\temp\nsy5d56.tmp\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\users\admin\appdata\local\temp\nsy5d56.tmp\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
3556
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /regTrialTime
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
3972
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /regbootor
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
1932
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /createstartupsschedule
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
2244
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /regbootor
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
3588
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /createstartupsschedule
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
2460
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe" /install
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc.
Description
File Extensions Manager
Version
1, 0, 0, 1
Modules
Image
c:\program files\compuclever\pc tuneup maestro\filextmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
752
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /createschedulescan
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
2412
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /createschedulediskdefrag
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll

PID
1700
CMD
"C:\Users\admin\AppData\Local\Temp\programmanagementconsole_setup.exe" /S /EmbedIns=yes
Path
C:\Users\admin\AppData\Local\Temp\programmanagementconsole_setup.exe
Indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc.
Description
Version
2.3.3.62
Modules
Image
c:\users\admin\appdata\local\temp\programmanagementconsole_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsy9156.tmp\system.dll
c:\users\admin\appdata\local\temp\nsy9156.tmp\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\compuclever\program management console\pmc.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
3204
CMD
"C:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exe" /installservice
Path
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exe
Indicators
No indicators
Parent process
programmanagementconsole_setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc.
Description
Program Management Console
Version
2.3.3.62
Modules
Image
c:\users\admin\appdata\local\compuclever\program management console\pmc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\compuclever\program management console\commonlib_wtl.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\compuclever\program management console\msvcp120.dll
c:\users\admin\appdata\local\compuclever\program management console\msvcr120.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3708
CMD
"C:\Users\admin\AppData\Local\CompuClever\Program Management Console\ccmanagementservice.exe"
Path
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\ccmanagementservice.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
CompuClever Systems Inc.
Description
CompuClever Management Service
Version
2.3.3.62
Modules
Image
c:\users\admin\appdata\local\compuclever\program management console\ccmanagementservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\compuclever\program management console\commonlib_wtl.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\compuclever\program management console\msvcp120.dll
c:\users\admin\appdata\local\compuclever\program management console\msvcr120.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\compuclever\program management console\sightofuser.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3564
CMD
"C:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exe" /createuserguid
Path
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exe
Indicators
No indicators
Parent process
programmanagementconsole_setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc.
Description
Program Management Console
Version
2.3.3.62
Modules
Image
c:\users\admin\appdata\local\compuclever\program management console\pmc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\compuclever\program management console\commonlib_wtl.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\compuclever\program management console\msvcp120.dll
c:\users\admin\appdata\local\compuclever\program management console\msvcr120.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2172
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe"
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
No indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\xmllite.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxtmsft.dll

PID
4024
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe" /installcompleted
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
Indicators
Parent process
pctuneupmaestro_setup[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
CompuClever Systems Inc
Description
PC TuneUp Maestro
Version
7.1.3.361
Modules
Image
c:\program files\compuclever\pc tuneup maestro\pctum.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\program files\compuclever\pc tuneup maestro\sightofuser.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
3176
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2804 CREDAT:6403
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\xmllite.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
1524
CMD
"C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe" /isnotify
Path
C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe
Indicators
No indicators
Parent process
pctum.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
CompuClever Systems Inc.
Description
File Extensions Manager
Version
1, 0, 0, 1
Modules
Image
c:\program files\compuclever\pc tuneup maestro\filextmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
2208
Read events
1875
Write events
330
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2460
filextmgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command
PC TuneUp Maestro.old
%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
2460
filextmgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command
PC TuneUp Maestro.old
%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
2460
filextmgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command
"C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe" %1
2460
filextmgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command
"C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe" %1
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019021120190212
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CachePrefix
:2019021120190212:
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CacheLimit
8192
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CacheOptions
11
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CacheRepair
0
3112
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
348
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
348
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
Publisher
CompuClever Systems Inc.
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
DisplayName
PC TuneUp Maestro
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
DisplayIcon
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
DisplayVersion
7.1.3.361
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
Version
7.1.3.361
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
MajorVersion
7
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
MinorVersion
1
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
InstallLocation
C:\Program Files\CompuClever\PC TuneUp Maestro
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
InstallDate
20190211021127
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
Lang
en-us
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
VendorID
CompuClever
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
HelpLink
http://www.compuclever.com/
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
URLInfoAbout
http://www.compuclever.com/
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
URLUpdateInfo
http://www.compuclever.com/
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
Contact
PC TuneUp Maestro Support Team
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
UninstallString
C:\Program Files\CompuClever\PC TuneUp Maestro\uninstall.exe
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
QuietUninstallString
"C:\Program Files\CompuClever\PC TuneUp Maestro\uninstall.exe" /S
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
NoModify
1
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
NoRepair
1
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
EstimatedSize
13800
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASAPI32
EnableFileTracing
0
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASAPI32
EnableConsoleTracing
0
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASAPI32
FileTracingMask
4294901760
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASAPI32
ConsoleTracingMask
4294901760
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASAPI32
MaxFileSize
1048576
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASAPI32
FileDirectory
%windir%\tracing
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASMANCS
EnableFileTracing
0
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASMANCS
EnableConsoleTracing
0
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASMANCS
FileTracingMask
4294901760
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASMANCS
ConsoleTracingMask
4294901760
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASMANCS
MaxFileSize
1048576
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctuneupmaestro_setup[1]_RASMANCS
FileDirectory
%windir%\tracing
2604
pctuneupmaestro_setup[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2604
pctuneupmaestro_setup[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2604
pctuneupmaestro_setup[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2604
pctuneupmaestro_setup[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2604
pctuneupmaestro_setup[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsy9156.tmp\SightOfUser.dll
3536
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4778B3A4-DF4F-4625-AE57-DD3E77432DA1
3725B9B1-8131-4f69-8457-4A1A277C5E9C
062868A846A8E648A8A566A64646A586CCCC8CA527262707A5282866C648068866C66886C800
3536
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\9029E338-175F-47ec-A426-0F3362EFF6A8
9029E338-175F-47ec-A426-0F3362EFF6A8
3536
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\5A026215-92FD-42fa-B2FA-CC11C3A798D4
5A026215-92FD-42fa-B2FA-CC11C3A798D4
3556
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4778B3A4-DF4F-4625-AE57-DD3E77432DA1
4E2A53A0-CB7D-4af7-A604-40F99F589ED5
0A688AAAA9E68A4A292889EB46062627A50646A5260704466647A62747A62700
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{2F20BD9F-2DA2-11E9-BAD8-5254004A04AF}
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307020001000B0002000A0016005F02
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307020001000B0002000A0016005F02
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020001000B0002000A0016008803
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020001000B0002000A001600B703
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
51
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020001000B0002000A0017005B00
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
29
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000A0018007E02
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000A001900E201
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021120190212
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CachePrefix
:2019021120190212:
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheLimit
8192
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheOptions
11
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheRepair
0
2804
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2804
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
0EC7D1F3AEC1D401
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000A002500AD02
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
5
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000A002500B203
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
6
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000A0029008501
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
7
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000A002900A602
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307020001000B0002000B000D006F0100000000
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020001000B0002000B002700A400
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
16
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020001000B0002000B002700D300
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
53
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020001000B0002000B0027000101
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
8
2804
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B0002000B002900BD01
2804
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASAPI32
EnableFileTracing
0
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASAPI32
EnableConsoleTracing
0
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASAPI32
FileTracingMask
4294901760
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASAPI32
ConsoleTracingMask
4294901760
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASAPI32
MaxFileSize
1048576
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASAPI32
FileDirectory
%windir%\tracing
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASMANCS
EnableFileTracing
0
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASMANCS
EnableConsoleTracing
0
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASMANCS
FileTracingMask
4294901760
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASMANCS
ConsoleTracingMask
4294901760
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASMANCS
MaxFileSize
1048576
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\programmanagementconsole_setup_RASMANCS
FileDirectory
%windir%\tracing
1700
programmanagementconsole_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1700
programmanagementconsole_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1700
programmanagementconsole_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1700
programmanagementconsole_setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1700
programmanagementconsole_setup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsy9156.tmp\SightOfUser.dll
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASAPI32
EnableFileTracing
0
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASAPI32
EnableConsoleTracing
0
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASAPI32
FileTracingMask
4294901760
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASAPI32
ConsoleTracingMask
4294901760
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASAPI32
MaxFileSize
1048576
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASAPI32
FileDirectory
%windir%\tracing
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASMANCS
EnableFileTracing
0
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASMANCS
EnableConsoleTracing
0
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASMANCS
FileTracingMask
4294901760
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASMANCS
ConsoleTracingMask
4294901760
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASMANCS
MaxFileSize
1048576
3708
ccmanagementservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccmanagementservice_RASMANCS
FileDirectory
%windir%\tracing
3708
ccmanagementservice.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3708
ccmanagementservice.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3708
ccmanagementservice.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
460000000200000009000000000000000000000000000000040000000000000010697826AFC1D401000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B00000000000000080000000000000078AE9E75446B4200446B420000000000000000000400000000000000686B420004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000C0A86449000000000000000003000000000000000400000000000000DADADADA000000000000000005000000000000000000000040551B00000000000000000000000000E06B4200E06B42000000000000000000FFFFFFFF00000000000000000000000000000000046C4200046C420000000000106C4200106C4200
3708
ccmanagementservice.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3708
ccmanagementservice.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3564
pmc.exe
write
HKEY_CURRENT_USER\Software\CompuClever\Core
uid
{BC950EBA-A694-40BF-A784-A8D75BCD6881}
2172
pctum.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2172
pctum.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2172
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
pctum.exe
2172
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1502680959
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASAPI32
EnableFileTracing
0
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASAPI32
EnableConsoleTracing
0
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASAPI32
FileTracingMask
4294901760
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASAPI32
ConsoleTracingMask
4294901760
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASAPI32
MaxFileSize
1048576
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASAPI32
FileDirectory
%windir%\tracing
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASMANCS
EnableFileTracing
0
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASMANCS
EnableConsoleTracing
0
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASMANCS
FileTracingMask
4294901760
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASMANCS
ConsoleTracingMask
4294901760
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASMANCS
MaxFileSize
1048576
4024
pctum.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\pctum_RASMANCS
FileDirectory
%windir%\tracing
4024
pctum.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4024
pctum.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4024
pctum.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4024
pctum.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
28
Suspicious files
38
Text files
345
Unknown types
11

Dropped files

PID
Process
Filename
Type
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\pctuneupmaestro_setup[1].exe
executable
MD5: c4284a27f4097c252fa25614336c8d73
SHA256: f88a395f13c8950cbe7c5ec14bd23303ba27383a9ed74b1dcf402b41a6c0aa5a
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe
executable
MD5: 6c88af8246e5fb971e35424ef5e5ff71
SHA256: 63352e912128eef3e8cdca3294a24877accf2395910db8f1ab19395345db3d9d
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\ccmanagementservice.exe
executable
MD5: 96a47e4ff942039bf941cebf49147827
SHA256: 7ae6e0adba4a4dcf941852b31d5b63aaac899b5f14c5ea8040a9f112b3159c83
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\ErrorReportSubmit.exe
executable
MD5: 53e9e961c54260bc8d76d7c7ede2e33d
SHA256: ab0b97caf60e634ba708224637b722bb45f54f82395d1508a5e93ea120630c4d
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\ccmanagementservice_gui.exe
executable
MD5: 31ca248de8a9234a85dd5785af501a12
SHA256: f5e62cb827657c60ea3ef22fe76a7ca7389118d1da058ebdede268aaedb3fff6
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\Temp\nsy9156.tmp\System.dll
executable
MD5: b8992e497d57001ddf100f9c397fcef5
SHA256: 98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exe
executable
MD5: 2704c22d91063ed6d89ce38edb2f8bda
SHA256: 6ec6e04f8494f7a2e34cd03a67bf1ed56ee1944cea101bd8c26ec05b60b63623
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\nsDialogs.dll
executable
MD5: 70d4c5f9acc5ddf934b73fa311ade7d8
SHA256: 02869b76936e3c3102bb36e34b41bc989770bf81dca09f31c561bb6be52285ee
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\CommonLib_WTL.dll
executable
MD5: c1da2fd383160dc1435a7681a88ff9bf
SHA256: 256be98979b7c6d9bb8ac02536c16cd6f46d3995a40a9cf7abce30577087b4a2
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\pctum.exe
executable
MD5: 6c88af8246e5fb971e35424ef5e5ff71
SHA256: 63352e912128eef3e8cdca3294a24877accf2395910db8f1ab19395345db3d9d
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\msvcp120.dll
executable
MD5: ea743019ed4c023f44ffd9403582148b
SHA256: da72aedd4031b0b8a7e7ad4f1094539b7ab1bcb7af89886448fa6cd795b846ae
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\Bootor.sys
executable
MD5: d2215553ff49bba3c02b5b3e751f77d5
SHA256: fc64041d6414e4f9707baec5c1f5e77e2178c30b5202fd55e2a187ab352d082e
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\SightOfUser.dll
executable
MD5: 49e12b57e6443299d2c2f82c4e49240d
SHA256: 1b518ee5ec04c7c1a47b14848c90eee59f2c9ed8cc1cc59fda137e7e026347ef
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\Bootor64.sys
executable
MD5: 1405e7acc9735d3cf3cc539494540bfc
SHA256: e475c1d7427ef837627183de27ac2c2ad6122c8c951456cb6714b685b706b575
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\SightOfUser.dll
executable
MD5: 49e12b57e6443299d2c2f82c4e49240d
SHA256: 1b518ee5ec04c7c1a47b14848c90eee59f2c9ed8cc1cc59fda137e7e026347ef
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\launcher.pctumexe
executable
MD5: c80bc34edf6e3b1db8af787c177fd0f3
SHA256: 1e7135478594bf2c2145d193ce7b887e693d558a3624374a7c2f0ab82f8fef64
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\System.dll
executable
MD5: b8992e497d57001ddf100f9c397fcef5
SHA256: 98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.exe
executable
MD5: 5b9a68ad46d6d8979eba3a43e8a56cb1
SHA256: 4b5b958d40949207636a8d139b82e4cccbccddadf95bbd101d94837bff04581f
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\uninstall.exe
executable
MD5: 5839eb62e598b8e4affbb2cc9dc3aaa3
SHA256: 49c62035f4f5a78d46274264e302011a1ae32c2ca7606ec8fc15d47f95aeb693
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\Startups.exe
executable
MD5: 690970612e9a17f93cabbfd4560d8ccc
SHA256: 3ffde3e3006ab4153352afdb50e8e61928d82e81a87fda1d81a45e784d008476
2804
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\pctuneupmaestro_setup[1].exe
executable
MD5: c4284a27f4097c252fa25614336c8d73
SHA256: f88a395f13c8950cbe7c5ec14bd23303ba27383a9ed74b1dcf402b41a6c0aa5a
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\Temp\nsy9156.tmp\SightOfUser.dll
executable
MD5: 49e12b57e6443299d2c2f82c4e49240d
SHA256: 1b518ee5ec04c7c1a47b14848c90eee59f2c9ed8cc1cc59fda137e7e026347ef
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\msvcr120.dll
executable
MD5: 3ce7cf79ad90d41c511adaaa0923da2e
SHA256: 9d4dfe026d8cfd13a3e288ebf7e9c7099d61f15928378f7053127f3d4747c7df
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\RunUnknown.exe
executable
MD5: 62edbd481ddd60de12bd67d6999a0d65
SHA256: 6c81d59c9226bc763a117661630a2c3885b37726adb41eb3a23eea1d3477470d
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\uninstall.exe
executable
MD5: 968668f56e28a5342040519b26dce492
SHA256: 438659306c59ea8a772182b8286f614718af624f87dbff600a157bb97afc0eab
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\SightOfUser.dll
executable
MD5: 49e12b57e6443299d2c2f82c4e49240d
SHA256: 1b518ee5ec04c7c1a47b14848c90eee59f2c9ed8cc1cc59fda137e7e026347ef
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\programmanagementconsole_setup.exe
executable
MD5: c7171698ac2ef157020055eddeb4c545
SHA256: 808906a769966f279ab1962bc2e601b1a3212e74b67e81166f4c5040cb9fe6ca
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\linker.dll
executable
MD5: 50b1329c2f6c724298c8e59ca0764dd5
SHA256: e50c47f3e96fa96f27c14e76d8bc50d080aacea6b23cdcef7a6b98401eff12ec
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
binary
MD5: 53f092044aa617c11bc0f85dac32863f
SHA256: 8a344f1d87b64e8a6d44a88438fbb0be7850dca46e443c5d6de4df9e76abdadb
2172
pctum.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\IDR_HTML_WU_DESCRIPTION[1]
html
MD5: 3e82df22183ba7baea71dc224cc50049
SHA256: fadfdc935314dcd6f9ec905e9529251bb99c08938af035ba44c84d47db6ce575
2172
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: 34b5c4d1453c3b42720a5cd2f763df52
SHA256: b6b3ef7d1f71f943d265b407c7d425a912c2aa1f938564c767cfcebb6acb8711
2172
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
4024
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: 34b5c4d1453c3b42720a5cd2f763df52
SHA256: b6b3ef7d1f71f943d265b407c7d425a912c2aa1f938564c767cfcebb6acb8711
4024
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
4024
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
––
MD5:  ––
SHA256:  ––
3708
ccmanagementservice.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\logs.xml
xml
MD5: 5529e4281fc492ae577d19ae6b26ac58
SHA256: a0b28156f69bfeb18ab290b0f27fbca6afeaa54d49dcff5aa2f3e3b39b11a9d5
2172
pctum.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\uparrow[1]
image
MD5: b34ddd46791c1c90d427ff84d825a76d
SHA256: bbaecdb54fcadb3bd22f61772640ca50f597b22ce476e8e2d6c264124da97621
2172
pctum.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\IDR_HTML_WORD_SLN_PAGE[1]
html
MD5: 2a4ad84736ed9bada0df5a54fea93d10
SHA256: b90bf623b0690966e48cd24f987709688ab942021c5060c7b43dff7587be74ce
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsi5D45.tmp
––
MD5:  ––
SHA256:  ––
3708
ccmanagementservice.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\logs.xml
xml
MD5: 598fc78d22b9135ec26a249aae3ccef4
SHA256: 5e7ab390f3a567c8176bb73b9e5100608179bbdd09a8e0b576da58be9d4cca73
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\Temp\nsj9146.tmp
––
MD5:  ––
SHA256:  ––
3564
pmc.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\core.ini
text
MD5: 51797a8cd34ab3dd256be009672d1873
SHA256: 23286286052c1541451748096cb96dd138202369584d2e20041ec53451d1235c
3708
ccmanagementservice.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\adstat.xml
text
MD5: 2bc04fcb0f0470e2b806bdfaabacea39
SHA256: e5bebc8ac381e9167def2d32f977f64a22a17cbc75c35588e1589e5fc9951416
3708
ccmanagementservice.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\logs.xml
xml
MD5: 10824d86925d394a446516717770e25f
SHA256: b95d53a13ff62bfbee7265158e07ac13389b0efc0f0c96a4cab7ee0d247c39e1
3204
pmc.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\core.ini
text
MD5: 51797a8cd34ab3dd256be009672d1873
SHA256: 23286286052c1541451748096cb96dd138202369584d2e20041ec53451d1235c
3708
ccmanagementservice.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\logs.xml
xml
MD5: 8b38f58ecc1b3476f8cdfe0597d5cb4f
SHA256: c2a79e2acb5bad81465ce84dd157a99db2bbd8c2181650ed682b51e55a3692d2
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\capture[1].gif
image
MD5: c2196de8ba412c60c22ab491af7b1409
SHA256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
2804
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].ico
image
MD5: c9f15f0f9c74fb03b883fe9f5d4e8d4b
SHA256: 3f1b498d2bd9812ba1bd231c701f53cde4c90d51fb30e5611e461d1e66d0affc
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\identify[1].htm
html
MD5: 547f8f41ace22da23754396ba3372c7b
SHA256: eec38ed964149c6315ac80c0928be19e63467da7d91e96aeba979665fa1fc6a4
3176
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: a47f14181897845ea6b0373a70feeb38
SHA256: 9fc303727e2253c9f4deb51bea3d3dac31ad55d5d4bf843c5eaf143ecd1d3bc7
3176
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\unnamed[1].png
image
MD5: c43ea6403435d09aff3df278e5c76287
SHA256: 4ef337d77642598a9687aefc635f57b52755d41868a321563aa8afd4d32c5db8
1700
programmanagementconsole_setup.exe
C:\Users\admin\AppData\Local\CompuClever\Program Management Console\Microsoft.VC120.CRT.manifest
text
MD5: c582ba1318239d5f50e51eb4408783a3
SHA256: efec46acaa7a9353376005fd532f5e7b2cb09412b32f7544773be86b0460c9c1
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\unnamed[4].png
image
MD5: 599c2ec34c515df04a56c6616a41c249
SHA256: 4c849757deda1cfd9379b1346fe099913539a8952e428aff8a65a57fce6b37f7
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\unnamed[2].png
image
MD5: 6f12d17e3015414019bfb0c052cafa05
SHA256: fc31314e6dffc5aa006710f3307e4f33fc17f3af7c7f2f3ea76cc25b1e46f3ca
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\unnamed[3].png
image
MD5: 819ef87a24bbdb68dfab01a300f87b57
SHA256: 08603c4db10e1d80c7dba20c921a361daefa443237b34c5202dabd255d683be8
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\unnamed[1].gif
image
MD5: 537cd84234fd32b9012948ce4e49948b
SHA256: e3f0e4357a2108bcfc52ae4ab3bf78c491daf5c70202bcf94132f99dc0197b00
2412
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
2412
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: 1209f0b2ac248a91bb7001b39352555d
SHA256: eca62fe7c51c7abaf8f5bb03a196304bf309313a9000680d11fe8dcbb6426b74
752
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
752
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: 1dedaa5db8652fbf7168e7716b3ba63e
SHA256: ad15cbc850a1a4f0199911c32f48db5c0f6028d42d5a710b9a106140aa32724a
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
lnk
MD5: 9bf82d6c42357b03ba7347ad30a7700d
SHA256: 135a84a9bb9d6ed2fa0d1a6348ab0b557e2d7831e6bc8cbf7a7108a245ee5964
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\Desktop\PC TuneUp Maestro.lnk
lnk
MD5: d576c0d93bede3ab5572356c49b40953
SHA256: 75a6f998c05611a2a1c9e9fcd875e456755a21a16bca0901d83ded3a1933ca0a
3588
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: b920ab7beb3f2e82caf1f2d95b37b1da
SHA256: cc15a6a54df5a1832cc6e6a24d0fffd0bc8259cf7faee6ec55086022dec8914a
3588
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
2244
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
2244
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: b920ab7beb3f2e82caf1f2d95b37b1da
SHA256: cc15a6a54df5a1832cc6e6a24d0fffd0bc8259cf7faee6ec55086022dec8914a
1932
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: b920ab7beb3f2e82caf1f2d95b37b1da
SHA256: cc15a6a54df5a1832cc6e6a24d0fffd0bc8259cf7faee6ec55086022dec8914a
1932
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
3972
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: b920ab7beb3f2e82caf1f2d95b37b1da
SHA256: cc15a6a54df5a1832cc6e6a24d0fffd0bc8259cf7faee6ec55086022dec8914a
3972
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
3556
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
3556
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: b920ab7beb3f2e82caf1f2d95b37b1da
SHA256: cc15a6a54df5a1832cc6e6a24d0fffd0bc8259cf7faee6ec55086022dec8914a
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\Data\startuplist.dat
binary
MD5: ed8de3af5c9e772720c1bca6f09be9c1
SHA256: 63e7c4a1560a9ea23de6c9cbbbf8638bb588935bbb82e6ba1df7c42f0cb3791f
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\wu_special_item.xml
xml
MD5: 579da6c722cffe3c8d51fcedf28c4968
SHA256: e70e3bfca8036dda18e63c49cc4df66bedc038264e4bb0e571fc417cb8f11bb8
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\Images\wintools_program_32x32.png
image
MD5: c132136c48fdd2708225c23f94a0c91b
SHA256: ea181030c45ec26ce6ef8e4ef9e09bb69802f8e62a5ea28071c41ef5ec3c7c3f
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\Images\wintool_taskscheduler_32x32.png
image
MD5: 4d5c49d039f3a6aec5ca815f00bc5ec5
SHA256: 6c5fd8e9e4b61adaf650435a2865991cfb94449d77b3ea99a333b6cd45720a3c
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\Images\wintool_service.png
image
MD5: c117518ab29ddb51a937f85026ee88f0
SHA256: 4963dfc3b11fd6b6307a6bd3c7b6ab579c87225a304c155c232fba61991c9b85
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\Images\wintools_taskmanage_32x32.png
image
MD5: de9680a92028db58ac08c23adfda9d2e
SHA256: 92563f8c44181a74357982ee76b959696df5ce9623b0dacf7ba0be659c0108fe
2604
pctuneupmaestro_setup[1].exe
C:\ProgramData\CompuClever\PC TuneUp Maestro\Images\wintool_controlpanel_32x32.png
image
MD5: 02db3897054daaf5a54f23cb07da93d9
SHA256: e7c79bb0b92c13101b427add2ad9222bff55bb4f74125ba4cab89ec0a53ee343
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever\CompuClever PC TuneUp Maestro.lnk
lnk
MD5: 4f68b8ae042bdd36b1e9055c6ab13650
SHA256: aac950b79247faf28aefa6d0c95aaccb4aa54620421ab80107b01fe79c35490c
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
2604
pctuneupmaestro_setup[1].exe
C:\Program Files\CompuClever\PC TuneUp Maestro\filextmgr.ini
text
MD5: 7a90cb90475102bfc04b43e708736c2b
SHA256: 1c3e1b9484f37197e3400c9907220251d61a5eafd2feff457ceaade0a8c32bf4
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\center[1].js
text
MD5: 7c68e0105fab4bea0fd95601f258b275
SHA256: 3d00a57837a1f2d14b1b724ab6b87159b0ee5b387f67014f89826352da264959
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\unnamed[1].png
image
MD5: b99766650cf543e85644f8ddaf7e2db2
SHA256: 1a4cd562682402c97a81ad5125158d0e0d1d3d2a8fdfa08a46d50078b1bd6974
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\UMBTrPtMoH62xUZCz4g-[1].eot
tw
MD5: 41a7f2a85779215921cd0975bb7cc128
SHA256: 380abd03a52ccc7a2190a9910a3b906b1a769e2cd939164ddcda52889a190a9a
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\embed[1].js
text
MD5: 6ee1476bc259c8375222819f76128103
SHA256: a98225449b16ab27c6e80eb2683c899a4ddfb2ed5571328fbd31ff612f24f513
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fontawesome-webfont[1].eot
eot
MD5: 25a32416abee198dd821b0b17a198a8f
SHA256: 50bbe9192697e791e2ee4ef73917aeb1b03e727dff08a1fc8d74f00e4aa812e1
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a01a60a4be5ee63e097c5d79089b43b3
SHA256: 8ca91ec84c36a46d51def12b906a52b4534532c96b904b7f12c1a8adb6d55a91
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\font-awesome.min[1].css
text
MD5: 4083f5d376eb849a458cc790b53ba080
SHA256: 008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt
text
MD5: 603187d06d3fcf9c4252307ff35ad84d
SHA256: e1c96104d9a2aa208326abbe29cd5a32c590db0a713f5d42b107131b346c4297
3536
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: b920ab7beb3f2e82caf1f2d95b37b1da
SHA256: cc15a6a54df5a1832cc6e6a24d0fffd0bc8259cf7faee6ec55086022dec8914a
3536
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml
text
MD5: d541395b86f942ef94ec7e3513c06ea2
SHA256: 198dce5f0501683dc4625fec537f5f4f8cdc0125498369dab5aa61838cc03ea2
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\pctum-install-thankyou-rcvdsc[1].txt
––
MD5:  ––
SHA256:  ––
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\MS-partner-logo_200.bmp
image
MD5: 9fd84ea7d781c14c3fc633cbc6a0ac03
SHA256: 87f045c2f62fc8f7f9e28689d8ab717cf9d054a268a7c905d2e1d8cc7cf02786
3176
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\pctum-install-thankyou-rcvdsc[1].htm
html
MD5: 5aa4f58734453737109b96ae271252af
SHA256: 1d8021453f6ac0d49748b7a425edaee7cc727a24c14cb1544f244e623c7703b5
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\modern-wizard.bmp
image
MD5: d6da98579e1829a5c4180aababf2e1c9
SHA256: fa41cc154dd66c4c9a16711c264bba0db431f17c0a23ae04a8c9a8811c69605a
2172
pctum.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\update-green-64[1]
image
MD5: 4ddf456661e6f1d06d97d5d452f93c83
SHA256: feffb311eff5faac5d7ceea172fe66f58c7cf03c72e117448604a07b7d77c73a
2604
pctuneupmaestro_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsy5D56.tmp\modern-header.bmp
image
MD5: 6d4104c0abb1db4f4a436c055acda3a2
SHA256: cf68e5b457d84b78497628e5536f8b4e98a35d9a8c648b2e417e3c7aecaf8c68
3708
ccmanagementservice.exe
C:\Users\admin\AppData\Roaming\CompuClever\Core\logs.xml
xml
MD5: 548a9175cf0213c91f31fc1844a62145
SHA256: e0f8c602385443cb7940224d0ad2af04118efb3b11223117b3d69ecb1eca17cf
2172
pctum.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\Symbol-Information-24x24[1]
image
MD5: 8488714c076618fd07208369d476a2d5
SHA256: 50a77d08ee05b42be3aae07c421dddf02ec10cdf3f6774958f17b5ab64adcc93
2804
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\pctuneupmaestro_setup[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\pctum-launch-instruction[1].jpg
image
MD5: b99fae9e2203b6da7ec58813f40e2d0e
SHA256: 46efc587455a1ea6eb567c1cf669f60c0aba34b0589ce18ea3dd2f15d63bb610
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\enhanced-for-intel[1].png
image
MD5: e0b5a35aebe9db16e27528ad7a776ae9
SHA256: 57a257d40d7de64f607f17d5b73eff3c70d46d2e3a1e85e26e77779bbf58e1af
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\win8-blue-logo[1].png
image
MD5: 499f70f0288aa3055d5bf1d1d1f1f082
SHA256: 97319fe4282d18e14f1c970b66cad47d16132b89ff77679444d77785839ec9af
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ff-uac-sm[1].png
image
MD5: d286b64453e2651ffac4749c1b8eba96
SHA256: 3617cdc00f0d618bf986dfa25da7062350624635e84a2095ae97726d3a9b419a
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ms-partner-black-small[1].png
image
MD5: f376e82daefe0c05fd17f6d998e4837f
SHA256: a37b4bb295cda51ebc5124ed0a5e6673f0176d892d6f32cc4475329de83e1e70
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\intel-partner-logo[1].png
image
MD5: 2464f1adc78a2f432e84bd24f371fe05
SHA256: 3c643595a4ad7997c5908792b533c3d50ddb42b2903da0179a4a1d50abc71daf
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\pctum-box-left-100[1].png
image
MD5: 4c6aa41be608708f9f0872d7e2ef844c
SHA256: b3fb0c60c516932bb5b07eecbd1fa0472ddb58de01af666b5849b41e06604fdb
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\style-lp[1].css
text
MD5: 9c73984f55efb6a1b5c0fa0caa4dba0d
SHA256: 41e1c7b7515f21d072e33c9e411170f4364dbabcd27ae1b6d5ddd385691573c4
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\instructions[1].txt
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\instructions[1].htm
html
MD5: 7937d7fa97605688c427988585888dc2
SHA256: 7524dc6e933aa2f0faac0af5ba7e07ee630268647e3962bb5662629ff23701ea
2804
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\pctuneupmaestro_setup[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2172
pctum.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\rec_update[1]
image
MD5: bb56ac0fa1b94fd06c261afa9c1091cd
SHA256: ddf50f0c811413abe0c2d40d91c161201093236225bc66c7bacd553d74e90eb2
2172
pctum.exe
C:\Users\admin\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll
text
MD5: a8856c65d1ae9df940666d00defb76de
SHA256: 4cecc8a8fea636c89376663aa7a037a08505cd7196dd7b104ef924059707b57d
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\968453330[1].gif
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 6d9b8602be853f28ed0eddbb194607c2
SHA256: 4913cc791e1bdea234882afa0f65f452e260aba0a848e49bccdd823b0ba15de8
3112
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 69d6eb386126397feedb2aa3ee830b8b
SHA256: 3a3a11ed7a419556ccb42762d2b323797211d9de86f4c92e6bca908ebae229c0
2804
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\opr3FB2.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\opcache\dcache4.url
binary
MD5: 14c7763fe1db0054a13f650b509ac543
SHA256: e807a2e726d3a021b9936e56c22e5631b3c1aeba38afecfd76a753cf8f13ac94
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\dcache4.url
binary
MD5: 84aec064a2842b0857c638b1337bf5c5
SHA256: f7aa4a6de80a2cf60bfa840e173fd67ac474e24d8c98f547dd9faff41888128b
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
binary
MD5: e30ba30a4107987de2dcba1e31a25186
SHA256: b6560cec7e059b3d015f1271661fe74d43fe5f5cab96e554b9cf13e4196c3362
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\dcache4.url
binary
MD5: 269abfcdb8eb1886306172aad82c919b
SHA256: 6e5005153bf4250978bd0f260f94b47abfa8b8676b36d7e8b8b1703c36c47f59
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\dcache4.url
binary
MD5: 4162b363bebd31c63a3bb9933e46da05
SHA256: 9f790dd6caa931e5fc8982b416c8570a7ca735b2da28834273765e910de74fe1
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\opr3FB1.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr3FB0.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr3F9F.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\cache_groups.xml
xml
MD5: 0c3d13ca7a1b93960f71a49613f4aa5c
SHA256: eb9eaf372a1df1d4d3f389bb09f05b0cd8a1dbd838ae1247f34b36fa7566bb5a
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\mail\omailbase.dat
abr
MD5: f52d18b1988d60b85f3df3b422e67906
SHA256: e8c7c39ae1a30e455ceea25c20267ef6d3035cc2dbbaa80c62650ae6610710f8
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: 9f6a36e846bc2a7bded83531b10b83d2
SHA256: 5dcefd4872bafe4f1cb01d9ac47a3883cfaa78552dbfa1fb1e4c193b568411a5
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
xml
MD5: 8f9bc25082526679d20832e134280689
SHA256: 0fede19a884e68af700217770d350b22bfe9cee4cf87ba9438d50f2341a85b2c
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
text
MD5: 47f8554a9afe589c397ab7a341795b13
SHA256: ce531480d2d0820a38633c0809c14d2b060cfa387fe3c40cc0b682b044d8b860
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
text
MD5: 378946a66814bed3e90d8b14e9d94180
SHA256: e3fabf8e0007a8a229c143f8ea11af31a52ee9a51297a692d8c3cb5217f76d85
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: a462c1d3a816596da09d1cdb378dd324
SHA256: f1a48bbf0400a8f617a64860d4b8c72cddb93070193211f0042de34b2e4a01ce
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr3F7F.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr3F7E.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: c6bb9f4ecb7995e1c8bf8d4b2b5e0369
SHA256: aff3ccae88267386aece32d6c93f89e91b9705b3852c4dbd057eacf2bf0c9292
348
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
348
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF1a3f6c.TMP
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
348
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF1a3f6b.TMP
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
text
MD5: c6bb9f4ecb7995e1c8bf8d4b2b5e0369
SHA256: aff3ccae88267386aece32d6c93f89e91b9705b3852c4dbd057eacf2bf0c9292
348
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MQCEH6Q93WGNO13Y1VWV.temp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr3F6D.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWLW10ZG54B06QI1XYIF.temp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 7f5dcbf9f067f258078d5071195d5c51
SHA256: fec0be3946fe4780375cee50eb647bea4fb130af228e473fe442b39ff19d0492
348
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000V.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 59761e989f564f76a3a4b778db7abcf1
SHA256: af879942d234d85c0ce75921dbdda50e2f6d135bd961f259106131751359052b
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
binary
MD5: 82f1a2b1176a5ecc457d32301e2ad833
SHA256: a783052804dd4c232be2ed3dc00c430cb67a20370890e235562ed2b27b5a602e
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: e23cdd9cb2568eb6a0a122c83288754f
SHA256: f236cc919bb23ad61ca93f994d726cdb1f0a38f08f2b905b246cd2e39c426a30
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: f45a68361dd73b87ac073df7bb4a9bcb
SHA256: d1d6378340b3f20266b5194a80df723cdb2af1ebc315046747766121cf948c94
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr3376.tmp
––
MD5:  ––
SHA256:  ––
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: df65c80b99a486d9b2e04523f73f0c11
SHA256: 96af233c577994a1961d70ed99ed57edd0035a89ed5b2043dc0cf07fba815f40
348
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr3317.tmp
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\pctum-right-400[1].png
image
MD5: c61ef54762f1de658176b247c6fcea7d
SHA256: cef46ed861cd958b31e9e7aa916c53707b9e7be72524ed8ec16472c818bcbf78
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\check-green-16x16[1].png
image
MD5: 900d59968f7dfd965d1f0224bc2f9073
SHA256: 0c7369072f9c5d3613050cdc786e90016c8ce33d203796a339033eaf54f6b4a1
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\three[1].gif
image
MD5: e84559239b3fa76c407168159489fe21
SHA256: 3456509024c5a10af373f64d9ddb832c03994459c03ecd9e45cf5ecd092800d3
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ie-download-prompt-sm[1].png
image
MD5: 3583a36b462e0433d841d22eb797a873
SHA256: 366b90f7d8e6113f0ea4e5a20b0cdb47e3ac0c82bc89afa55680ef9f23fc94ad
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Installer-wizard-start-sm[1].png
image
MD5: afbb017989f1c9e4af1fffdbf8db4457
SHA256: abf622eb0018c329dd2039b8eaa5bc6318c6eae91a7fe636e86905df31b7a744
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\one[1].gif
image
MD5: 7df73a22bd9da0146953ee144108120d
SHA256: 4bb15e3ca7686aa05eea4fb5cbd4f285ee0b89db2b31d5642a131a6faa23e1cd
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\two[1].gif
image
MD5: ed066eb8a8792c3bc2edbde6ca78ae20
SHA256: d1e9793ec3833fd7bfd5528214bacedfc422d681f28a5d6cbf4f04a69e5a2bd8
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ie-security-prompt-sm[1].png
image
MD5: cd9caef968fe23ec04786fdf135943dc
SHA256: 80b6a967fc2eee08d437d35fa1fbe4e9b04f20f4a7567fdd619862ccdc315568
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\Intel-Software-Partner-Logo-60[1].png
image
MD5: 5997a72a7b2f3e011f22910cc0e02b7f
SHA256: 2ada897552dd1090ec0b92ac35cbdb2c271b0fe9eb8c720da6ca002ad58aadd1
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\download-button[1].png
image
MD5: f768d89ca63f11fcabbd23cdb1eab13a
SHA256: 9db2a3aa6b4700327ec7db065e142315e48715ec52954e5fb6dd4748e2babda8
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\windows10-compatible_75x92[1].png
image
MD5: d91c3c108c4adcf962732e34386928cd
SHA256: 989e503b12824274f4c8b1264451a36d2957c27f744c6307ded1a1d04858a5a0
3112
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7f77e3925bb6a0839d5d17223c79d0fd
SHA256: 6eda4198323d3f7070058c8c32be30a643b4354acb791201cef84d434efa282e
3112
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fbevents[2].js
text
MD5: 05c6790936f628efb5baadf02e76bc2b
SHA256: 222d6a37b66b79384926caa02c4dd11d56ab1d64ffb239fd5db9ebf1abfaf6b5
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download[1].txt
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download[1].htm
html
MD5: 352a6a6800d6724f365e1f4e7d431c65
SHA256: c4a3385cdd77fd52c2f7527732a6bc446604fabdc9fbb869985e60435279499a
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\support-team-member[1].png
image
MD5: b7e94041472f8213b0793a1fa838c4b9
SHA256: 9656f68cf960cf1f40a3dea3710459625545d627b307ec646ebdd0b7973d8e43
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\windows_startup_03[1].png
image
MD5: 4b5c352761375b700a412585413b6440
SHA256: b9ea17f1e9f93b85396d44ded2e282782e4718bee732b784c93f1c4950c5cd23
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Service%20Manager[1].png
image
MD5: 1cc0cbc958dd5d8359ae9e10635df14a
SHA256: 646b67130df961256bca42dec63af7ab18b33d7bc6135032ad7b0c236309036d
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fix-it-ctr-64[1].png
image
MD5: 2a4e8bded9aabcd44fc4477056d9d4ed
SHA256: 62a1beead25335088d7fb79c31a8002276cb0e9edaedb32f9b7cb2f877cf7091
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\banner_product_03[1].png
image
MD5: 97d5a6c3992c6cb99e26f43b783e5c4b
SHA256: dd979dcf66d026593bb0bb2922f13385668da08a19d4660bb60707ca26ac5414
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\backup_restore_80[1].png
image
MD5: 7c6e56d0df42e21d096879c22f06674e
SHA256: 8b5e7f729e34f1654bd082afc80e3f1a192a121e29b464e00b7ab859dd22ce77
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\banner_product_06[1].png
image
MD5: eac881d7823d30fb2ee93cbd1b4c9331
SHA256: 3387ac3ba89bae0d3ef455a3ee89fe2398cda9d52590f9c868865865acba125b
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE