General Info

File name

2.rar

Full analysis
https://app.any.run/tasks/b2d27979-37bb-423f-8f48-641faf54d24d
Verdict
Malicious activity
Analysis date
2/10/2019, 17:42:30
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

evasion

Indicators:

MIME:
application/x-rar
File info:
RAR archive data, v5
MD5

e81b648401165e53c123487dec35908a

SHA1

e5f60a04d5a22aa524b6fb81e7a164f4101d6f3d

SHA256

eb86689834fd802bc5bf3851677f67dcf34b53d0cc481dd3e6759500c9baae05

SSDEEP

49152:gy+fn2fdmis/VDE+/Ia0co4rzxmheexa1i3iQoOp1:gl/Ywis/VDE+/smzxmhNxa4Db1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • summitdghardware.exe (PID: 3096)
  • summitdghardware.exe (PID: 3540)
  • summitdghardware.exe (PID: 3152)
  • summitdghardware.exe (PID: 2716)
  • summitdghardware.exe (PID: 3500)
  • summitdghardware.exe (PID: 3848)
  • svchost.exe (PID: 2260)
  • Windows Defender.exe (PID: 2608)
Writes to a start menu file
  • csc.exe (PID: 3828)
  • csc.exe (PID: 4016)
Executable content was dropped or overwritten
  • csc.exe (PID: 1700)
  • csc.exe (PID: 1740)
  • csc.exe (PID: 3760)
  • csc.exe (PID: 2304)
  • csc.exe (PID: 3828)
  • csc.exe (PID: 3788)
  • csc.exe (PID: 3672)
  • csc.exe (PID: 3852)
  • csc.exe (PID: 4016)
Creates files in the user directory
  • csc.exe (PID: 3760)
  • csc.exe (PID: 2304)
  • csc.exe (PID: 1740)
  • csc.exe (PID: 3788)
  • csc.exe (PID: 1700)
  • csc.exe (PID: 3672)
  • csc.exe (PID: 3828)
  • svchost.exe (PID: 2260)
  • csc.exe (PID: 3852)
  • Windows Defender.exe (PID: 2608)
  • csc.exe (PID: 4016)
  • OP.GG SCRAPER(BETA).exe (PID: 2564)
Reads Environment values
  • svchost.exe (PID: 2260)
  • OP.GG SCRAPER(BETA).exe (PID: 2564)
Creates executable files which already exist in Windows
  • csc.exe (PID: 3852)
Reads internet explorer settings
  • svchost.exe (PID: 2260)
Application launched itself
  • OP.GG SCRAPER(BETA).exe (PID: 2564)
Application was crashed
  • summitdghardware.exe (PID: 3540)
  • summitdghardware.exe (PID: 3096)
  • summitdghardware.exe (PID: 3152)
  • summitdghardware.exe (PID: 2716)
  • summitdghardware.exe (PID: 3500)
  • summitdghardware.exe (PID: 3848)
Creates files in the user directory
  • iexplore.exe (PID: 3532)
  • iexplore.exe (PID: 1488)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 1488)
Application launched itself
  • iexplore.exe (PID: 3532)
Reads Internet Cache Settings
  • iexplore.exe (PID: 1488)
Reads internet explorer settings
  • iexplore.exe (PID: 1488)
Changes internet zones settings
  • iexplore.exe (PID: 3532)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.rar
|   RAR compressed archive (v5.0) (61.5%)
.rar
|   RAR compressed archive (gen) (38.4%)

Screenshots

Processes

Total processes
86
Monitored processes
33
Malicious processes
3
Suspicious processes
2

Behavior graph

+
start winrar.exe no specs op.gg scraper(beta).exe csc.exe cvtres.exe no specs windows defender.exe no specs wmiapsrv.exe no specs op.gg scraper(beta).exe no specs csc.exe cvtres.exe no specs svchost.exe wmiapsrv.exe no specs iexplore.exe iexplore.exe csc.exe cvtres.exe no specs summitdghardware.exe csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs summitdghardware.exe csc.exe cvtres.exe no specs summitdghardware.exe csc.exe cvtres.exe no specs summitdghardware.exe csc.exe cvtres.exe no specs summitdghardware.exe csc.exe cvtres.exe no specs summitdghardware.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3060
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2564
CMD
"C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe"
Path
C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
fishing lowly
Description
OP.GG
Version
1.5.0.0
Modules
Image
c:\users\admin\desktop\op.gg scraper (beta)\op.gg scraper(beta).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\users\admin\desktop\op.gg scraper (beta)\htmlagilitypack.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\windows defender.exe
c:\windows\assembly\nativeimages_v4.0.30319_32\system.deployment\b3731330e134999c1943e5876497d295\system.deployment.ni.dll
c:\windows\system32\psapi.dll

PID
4016
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\lbujwygd.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
OP.GG SCRAPER(BETA).exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe

PID
3372
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESE08D.tmp" "c:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSC28C6249C648D472AB7F7EBD7BCD3B48.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2608
CMD
"C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.exe"
Path
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.exe
Indicators
No indicators
Parent process
OP.GG SCRAPER(BETA).exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Defender
Version
1.8.0.0
Modules
Image
c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\windows defender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\netfxperf.dll
c:\windows\microsoft.net\framework\v4.0.30319\perfcounter.dll
c:\windows\system32\pdh.dll
c:\windows\microsoft.net\framework\v4.0.30319\corperfmonext.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\aspnet_counters.dll
c:\windows\microsoft.net\framework\v4.0.30319\aspnet_perf.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\esentprf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msdtcuiu.dll
c:\windows\system32\atl.dll
c:\windows\system32\msdtcprx.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\msscntrs.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\perfdisk.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\perfnet.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\perfos.dll
c:\windows\system32\perfproc.dll
c:\windows\system32\sysmain.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasctrs.dll
c:\windows\system32\rasman.dll
c:\windows\system32\winspool.drv
c:\windows\system32\tapiperf.dll
c:\windows\system32\perfctrs.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\perfts.dll
c:\windows\system32\winsta.dll
c:\windows\system32\utildll.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\usbperf.dll
c:\windows\system32\wbem\wmiaprpl.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\tquery.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\users\admin\appdata\roaming\windows defender\svchost.exe
c:\windows\system32\rpcrtremote.dll

PID
4052
CMD
C:\Windows\system32\wbem\WmiApSrv.exe
Path
C:\Windows\system32\wbem\WmiApSrv.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Performance Reverse Adapter
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmiapsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wmiprov.dll

PID
2984
CMD
"C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe"
Path
C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe
Indicators
No indicators
Parent process
OP.GG SCRAPER(BETA).exe
User
admin
Integrity Level
HIGH
Version:
Company
fishing lowly
Description
OP.GG
Version
1.5.0.0
Modules
Image
c:\users\admin\desktop\op.gg scraper (beta)\op.gg scraper(beta).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\users\admin\desktop\op.gg scraper (beta)\htmlagilitypack.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
3852
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\s1ho33zh.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
Windows Defender.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
3176
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES9FE.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSCCF7693A389B24F378165CAB6A76AC238.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2260
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\svchost.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\svchost.exe
Indicators
Parent process
Windows Defender.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Windows NT Kernel & System
Version
0.2.4.1
Modules
Image
c:\users\admin\appdata\roaming\windows defender\svchost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\netfxperf.dll
c:\windows\microsoft.net\framework\v4.0.30319\perfcounter.dll
c:\windows\system32\pdh.dll
c:\windows\microsoft.net\framework\v4.0.30319\corperfmonext.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\aspnet_counters.dll
c:\windows\microsoft.net\framework\v4.0.30319\aspnet_perf.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\esentprf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msdtcuiu.dll
c:\windows\system32\atl.dll
c:\windows\system32\msdtcprx.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\msscntrs.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\perfdisk.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\perfnet.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\perfos.dll
c:\windows\system32\perfproc.dll
c:\windows\system32\sysmain.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rasctrs.dll
c:\windows\system32\rasman.dll
c:\windows\system32\winspool.drv
c:\windows\system32\tapiperf.dll
c:\windows\system32\perfctrs.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\perfts.dll
c:\windows\system32\winsta.dll
c:\windows\system32\utildll.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\usbperf.dll
c:\windows\system32\wbem\wmiaprpl.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\tquery.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\hlink.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe

PID
2464
CMD
C:\Windows\system32\wbem\WmiApSrv.exe
Path
C:\Windows\system32\wbem\WmiApSrv.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Performance Reverse Adapter
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmiapsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wmiprov.dll

PID
3532
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
1488
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3532 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\hlink.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
3672
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\rhw5zjbe.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
2964
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES3871.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSC48FAB275F1A64E95B48997D470D5512F.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3848
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
3762504530
Version:
Company
Microsoft Corporation
Description
Windows System
Version
0.0.1.0
Modules
Image
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
3828
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\m1nfsatz.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
1236
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES9E69.tmp" "c:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSCD0B65FB352444B3878D19678270E3C7.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3788
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\qtmbnnqf.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
3036
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES2D4C.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSCD65F99FFFB9F43FF916BB95C775C62E4.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3500
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Windows System
Version
0.0.1.4
Modules
Image
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
1700
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\dsagpxll.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
3392
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESADA7.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSCF01A7D119B5C4EFB8FC247FBFADB7F6F.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3540
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Windows System
Version
0.1.4.3
Modules
Image
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
2304
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\1hbd5yjr.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
3100
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES364F.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSCE78F3A442BD2466F9FDEE9236FD5583.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3152
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Windows System
Version
0.1.4.1
Modules
Image
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
1740
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\llyueeq2.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
2904
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES4E2D.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSCD671E71BA2AD4365843552EB6659C8CD.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2716
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Windows System
Version
0.5.3.4
Modules
Image
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
3760
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\olfqihwt.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\alink.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorpehost.dll
c:\windows\system32\apphelp.dll

PID
3572
CMD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESC783.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSC375560920DA45ED9F2F2E2C46F4A24.TMP"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
12.00.52512.0 built by: VSWINSERVICING
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3096
CMD
"C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe"
Path
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows System
Version
0.0.3.2
Modules
Image
c:\users\admin\appdata\roaming\windows defender\summitdghardware.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shell32.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

Registry activity

Total events
2446
Read events
2312
Write events
134
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3060
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\2.rar
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000880103000000000039000000B40200000000000001000000
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000003C01020000000000160000002A0000000000000002000000
3060
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C8000000000000000000000000009A0103000000000016000000640000000000000003000000
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASAPI32
EnableFileTracing
0
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASAPI32
EnableConsoleTracing
0
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASAPI32
FileTracingMask
4294901760
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASAPI32
ConsoleTracingMask
4294901760
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASAPI32
MaxFileSize
1048576
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASAPI32
FileDirectory
%windir%\tracing
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASMANCS
EnableFileTracing
0
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASMANCS
EnableConsoleTracing
0
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASMANCS
FileTracingMask
4294901760
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASMANCS
ConsoleTracingMask
4294901760
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASMANCS
MaxFileSize
1048576
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OP_RASMANCS
FileDirectory
%windir%\tracing
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2564
OP.GG SCRAPER(BETA).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Linkage
Export
.NET Memory Cache 4.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Linkage
Export
MSDTC Bridge 3.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Linkage
Export
MSDTC Bridge 4.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Linkage
Export
ServiceModelEndpoint 3.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Linkage
Export
ServiceModelOperation 3.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Linkage
Export
ServiceModelService 3.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Linkage
Export
SMSvcHost 3.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Linkage
Export
SMSvcHost 4.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Linkage
Export
Windows Workflow Foundation 3.0.0.0
2608
Windows Defender.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Linkage
Export
Windows Workflow Foundation 4.0.0.0
2608
Windows Defender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2608
Windows Defender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4052
WmiApSrv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance
Performance Refreshed
0
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
EnableFileTracing
0
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
EnableConsoleTracing
0
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
FileTracingMask
4294901760
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
ConsoleTracingMask
4294901760
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
MaxFileSize
1048576
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
FileDirectory
%windir%\tracing
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
EnableFileTracing
0
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
EnableConsoleTracing
0
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
FileTracingMask
4294901760
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
ConsoleTracingMask
4294901760
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
MaxFileSize
1048576
2260
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
FileDirectory
%windir%\tracing
2260
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2260
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2260
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2260
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2260
svchost.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2260
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2464
WmiApSrv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance
Performance Refreshed
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{FF839A39-2D52-11E9-91D7-5254004A04AF}
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307020000000A0010002B0020006C00
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307020000000A0010002B0020006C00
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3532
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020000000A0010002B002000D900
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020000000A0010002B002000F800
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
20
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020000000A0010002B0020003701
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
18
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
9
Suspicious files
14
Text files
49
Unknown types
4

Dropped files

PID
Process
Filename
Type
1740
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
executable
MD5: 669869c5310fe951804980756cfb3589
SHA256: 03293b990c15c12d48cab3ba9b15b85cf2fa76386b93d26da0869dd4aa243a99
1700
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
executable
MD5: a61b7edc4bc15529c1acd766d831197c
SHA256: fffd47fff226689bc15b05e1996d2a058882b0352976328dbcc86d4475dbf71c
3788
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
executable
MD5: 1c62d13b08c05c3c353f70a064d419b6
SHA256: 869b2c1a1069576867d9494ba95df387dd2d255000f7b311598abf6b29eb02f0
3828
csc.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.exe
executable
MD5: ab3e99e538d5ed79eaf1c83762f5a155
SHA256: b143d106ce0ff158abb40b72ef35ef161130474a846ecfff08c82ef43b575e23
3760
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
executable
MD5: 6e206c173faeec79e8c2cbd067c0f367
SHA256: 3602b193c64db64d88c04cb374635781d4aee09ee4d31638073d4ff37f3aa0e2
3672
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
executable
MD5: 0d7689e694f72fba65cad9e1502a3bf2
SHA256: 6fd87e1cf73686e61d8ea1d65c45d2c4e42240a695dfb505dabf836a39d884a2
3852
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\svchost.exe
executable
MD5: 7205ca7b59f794a0b5a198bc786f488e
SHA256: 3b9fd4ac5868c9bb2a4de4722b78b65c1ed3cc31d69f10070457915987362d53
4016
csc.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.exe
executable
MD5: 01291c48b5c23cfdaddce53d5624db9e
SHA256: e10920f165fa11b8ff262797c2ac97a3aa72491d01f90a93ec6ece3739e87e21
2304
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\summitdghardware.exe
executable
MD5: 9091159f90b444822970536f54325fd4
SHA256: d0549bf92ba6e9330b418f9ba6659b1e88d7f299da6498e8348f3ad6108ffc5a
3532
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF98BDA99B3DB1BDF2.TMP
––
MD5:  ––
SHA256:  ––
2904
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RES4E2D.tmp
––
MD5:  ––
SHA256:  ––
1740
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSCD671E71BA2AD4365843552EB6659C8CD.TMP
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\llyueeq2.cmdline
text
MD5: a388e270f9473b8c091ac83ee374844b
SHA256: 5ecc2af42ec25f3aa4e2e805ccc287e1fddc99502b768c32be3acbf803d4a18b
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\pensionc.resources
binary
MD5: af802afed427f01a013aa13020b192f8
SHA256: c67e60fc3d0958095d0d6141bde83d3bca648cb282a732aeb0a467faefbceb89
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\llyueeq2.0.cs
text
MD5: fed73c7dcd907846ed2f900c77f765f6
SHA256: 3f1a726860f61163983022439f006acc5490f1b4779183edff2da613fe44dc53
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmp4D57.tmp
––
MD5:  ––
SHA256:  ––
2304
csc.exe
C:\Users\admin\AppData\Local\Temp\1hbd5yjr.out
––
MD5:  ––
SHA256:  ––
3572
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RESC783.tmp
––
MD5:  ––
SHA256:  ––
3100
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RES364F.tmp
––
MD5:  ––
SHA256:  ––
2304
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSCE78F3A442BD2466F9FDEE9236FD5583.TMP
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\1hbd5yjr.cmdline
text
MD5: 9aae6623a3d073bde92a45c1076ac3e6
SHA256: 5be1a6a0ca298939c17b318c5eea08759b290c9c3b697c515874f28c9b36d68b
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\concentrates.resources
binary
MD5: d1ca5caad60950e151b6eb590c6b7e91
SHA256: 9139757b4db400cac055f6266615902fca01afbea51ab80b776647ca2b6769cc
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\1hbd5yjr.0.cs
text
MD5: 39493f65cc744adafaabfc72b50842eb
SHA256: d62fcf2d39ac5840291568043c631d978cef22ccbc6a6bd06440d02cf4ba657d
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmp35A7.tmp
––
MD5:  ––
SHA256:  ––
1700
csc.exe
C:\Users\admin\AppData\Local\Temp\dsagpxll.out
––
MD5:  ––
SHA256:  ––
3760
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSC375560920DA45ED9F2F2E2C46F4A24.TMP
––
MD5:  ––
SHA256:  ––
3392
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RESADA7.tmp
––
MD5:  ––
SHA256:  ––
1700
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSCF01A7D119B5C4EFB8FC247FBFADB7F6F.TMP
res
MD5: 553da417559513f787518f9bfd4f788d
SHA256: 4424fe5efeeafb1a6e4241c0364b894d28fbef372434a88c7f6211d01e159ef7
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\structurev.resources
binary
MD5: 24efeeead52516c88bf36743c73e8ab6
SHA256: 1c0d1845cc8197d081fc95210eb9e7999f43478642a7ff136382387514988657
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\dsagpxll.0.cs
text
MD5: db5c18d44f0ab84c2435cd1ce461298d
SHA256: c3bd336c1fb84e756cd9f5eebb8c618ef3bf22f80452b4229cd40cb548517342
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\dsagpxll.cmdline
text
MD5: 644e5ba7195fac22e4e36d2439708309
SHA256: 3518ab11d574c694a012edb778855238e1ebfc9fd7326fa85aa19b75972bd3b5
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmpAC91.tmp
––
MD5:  ––
SHA256:  ––
3788
csc.exe
C:\Users\admin\AppData\Local\Temp\qtmbnnqf.out
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\deadlyu.resources
binary
MD5: 7e799033b50255c55b77ea6a90726e44
SHA256: 85be1c938a8a7c97a555e95d124ef0cfd1116828d1a0bc282bb874afe3ddb5c1
3036
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RES2D4C.tmp
––
MD5:  ––
SHA256:  ––
3788
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSCD65F99FFFB9F43FF916BB95C775C62E4.TMP
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\qtmbnnqf.cmdline
text
MD5: bc93629a363420214d5b3d751352913b
SHA256: 7b1ae487663634760d17bfaa1acdece484a8a86987ae0a3b20d72ec9f7bbef8e
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\qtmbnnqf.0.cs
text
MD5: 20881610a7ffb5465483b950bb7dad11
SHA256: 628cb6e80966a981e406773690e881496fa5ad70e7eabd5dd83edb0acd43624f
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\incurc.resources
binary
MD5: db9ba914baa1ba7be65f364ae2be899f
SHA256: 2c01eb1eab95e5cafb9b086cd8f7ca5bbd2c7a80b4b172e96892b8671b96f3a9
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmp2CB1.tmp
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Windows Defender\thr.txt
text
MD5: 37a6259cc0c1dae299a7866489dff0bd
SHA256: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
3828
csc.exe
C:\Users\admin\AppData\Local\Temp\m1nfsatz.out
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\olfqihwt.cmdline
text
MD5: 97fa9fc7ce01cb21906da37764186d2f
SHA256: bbe278cd17baded9f896c72f4608d7e9dd4dc4ed2fe2404d1bbc41bb99c87886
1236
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RES9E69.tmp
––
MD5:  ––
SHA256:  ––
3828
csc.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSCD0B65FB352444B3878D19678270E3C7.TMP
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\m1nfsatz.cmdline
text
MD5: f2d27cd8d33d692b4e854315b4db6630
SHA256: e3da17d2a47d0eae8a57dee6b6ffb8ad90ed96c8cecf4f1823ea25f213955049
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\m1nfsatz.0.cs
text
MD5: 7c0e47c2dbbbbef7704fb22d146340b7
SHA256: 3213d08a00fa6ae391d4476cd89933e7509559b7ab4101a88784f2b136971b8c
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\commissionerz.resources
binary
MD5: 0199d874be5c402af9809917e198fb9d
SHA256: 7f07bba4793d47602a405ea12624f297de3c16fbe0ebff7e0c25aadc21887808
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmp9DBF.tmp
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Windows Defender\wd.ico
image
MD5: f66d6c20d8b2870f1f6c6856e38ca844
SHA256: 9f46942832f028b924e5c02b50402c576958f9446e7544137c7916ae05c80fb0
1488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: c2fc5023ff6ab3cf63368c7f1956a682
SHA256: 720c1cdebbfd478277a43d15a18e67fc6822f263e1aa71ae8a8971cbb58b8293
3532
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 1b4ee650b3123bd273d2e63bbf10ff2a
SHA256: 8d46217e909ad47f7d7c19f1c7c4b8d8d18c5249281e73d194c82215fe5ae2d8
3532
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF25ddc9.TMP
binary
MD5: 1b4ee650b3123bd273d2e63bbf10ff2a
SHA256: 8d46217e909ad47f7d7c19f1c7c4b8d8d18c5249281e73d194c82215fe5ae2d8
3532
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF839A39-2D52-11E9-91D7-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3532
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF98B55D473C7635F1.TMP
––
MD5:  ––
SHA256:  ––
3532
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZPMBZ47EYKMF1R2TDLBR.temp
––
MD5:  ––
SHA256:  ––
1488
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 56a12b1460ae8cbe7c53d733d7d81acb
SHA256: 600b0026e85f69792b56bde73cfde0802335c4b91600a0c74faf8d6116a68975
3532
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF839A3A-2D52-11E9-91D7-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3532
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFE9D82FC934A20F1D.TMP
––
MD5:  ––
SHA256:  ––
3532
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{1CCB7B86-2D53-11E9-91D7-5254004A04AF}.dat
binary
MD5: 041ef00690510e542766764a985a88dd
SHA256: 1fa4c6eadf96f86e2c43118961f25694c4f57fbc938d6f4bb38c2796e6b02124
3532
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{1CCB7B87-2D53-11E9-91D7-5254004A04AF}.dat
binary
MD5: 63326a8123cbaf62d8c6de11cd7992a4
SHA256: 1fa35770b3dc32d72b9c1133883076959566b39b08da6e95fc690cc10f3aea7c
3532
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF5E6BE6FB8D96F87B.TMP
––
MD5:  ––
SHA256:  ––
3060
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3060.47626\OP.GG SCRAPER (BETA)\HtmlAgilityPack.dll
––
MD5:  ––
SHA256:  ––
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\qsml[1].xml
xml
MD5: 2d7f685e552dcf3b8521575ce97be5e5
SHA256: 16311fe702245f5a9e53ddf0f477aed1c662ffe648679bf04327c9af8d9b2d55
1488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 6b86fa72def8cb36e1ff4745a6e01922
SHA256: 5c15329c1a5fcc6dae1dcf7a3cee21b717fdf63d4bd6203c16f20b34ced2704f
1488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 54940533bf08e3bad437c28292984a9e
SHA256: 22e6e45c5f361853ba8af617526f6cc4cbdbc3d7577a222e7a5d192eb30af7c9
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\qsml[1].aspx
––
MD5:  ––
SHA256:  ––
1488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3672
csc.exe
C:\Users\admin\AppData\Local\Temp\rhw5zjbe.out
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmpC6FD.tmp
––
MD5:  ––
SHA256:  ––
2964
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RES3871.tmp
––
MD5:  ––
SHA256:  ––
3672
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSC48FAB275F1A64E95B48997D470D5512F.TMP
res
MD5: daf8f7f0344c02da311964a587f1edaf
SHA256: 85953b3ede012e620db8674ba4ff3a5893a0a8f3b563faedf772e99915525637
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\rhw5zjbe.cmdline
text
MD5: 9008f5234b1b440139ded24312d34a98
SHA256: 81eb64b66063cd5c91125f328df35e419ee1b6aaeb53931a9bc62bcbc019340a
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\rhw5zjbe.0.cs
text
MD5: 631244e456df99839e5b6f2f3535d9ab
SHA256: f5c084e8543bae8643c5272774d16465273d44972b4353cd12277a5275370eaa
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Res\densityy.resources
binary
MD5: 3ecd339eb88b28e86704d4e93a9f4683
SHA256: 2adb2d01b3897244ee2c008001a59a78fe92d4366b3ad11d92619b7ef65650c9
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\tmp37C5.tmp
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Roaming\Windows Defender\thr.txt
binary
MD5: c4ca4238a0b923820dcc509a6f75849b
SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3532
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\dnserrordiagoff_webOC[1]
html
MD5: 3948ef3d9f9fb9fd68bfbbcdbdcfc605
SHA256: 1d5e9dc7114347ef6c6e7a89ebe73cab3fa45cc9728943a5ffb3cb91adf6e8fe
3532
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3532
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\dnserrordiagoff_webOC[1]
html
MD5: 3948ef3d9f9fb9fd68bfbbcdbdcfc605
SHA256: 1d5e9dc7114347ef6c6e7a89ebe73cab3fa45cc9728943a5ffb3cb91adf6e8fe
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2260
svchost.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\navcancl[1]
html
MD5: 4bcfe9f8db04948cddb5e31fe6a7f984
SHA256: bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228
3852
csc.exe
C:\Users\admin\AppData\Local\Temp\s1ho33zh.out
––
MD5:  ––
SHA256:  ––
1740
csc.exe
C:\Users\admin\AppData\Local\Temp\llyueeq2.out
––
MD5:  ––
SHA256:  ––
3176
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RES9FE.tmp
––
MD5:  ––
SHA256:  ––
3852
csc.exe
C:\Users\admin\AppData\Roaming\Windows Defender\CSCCF7693A389B24F378165CAB6A76AC238.TMP
res
MD5: 38b928b56aeff8b7316c23200671f417
SHA256: 4b95f330f4f2b4a9904630b8e3906cf37586e742cc767d2e238d381035cd1695
2608
Windows Defender.exe
C:\Users\admin\AppData\Local\Temp\s1ho33zh.cmdline
text
MD5: b359a6e955ef37518274f1838a5e37b0
SHA256: 394fbd21d40f30b9785f239a55e66eedf7e36504fc3e0c3e4f458318be183f12
2608
Windows Defender.exe
C:\Users\admin\AppData\Local\Temp\s1ho33zh.0.cs
text
MD5: 488ab16d768138ecb3e579420cca5fb7
SHA256: 59005c84999d8316dbe9dc9e8b612945549df8e5eb761082cde6155f2d32ad24
2608
Windows Defender.exe
C:\Users\admin\AppData\Roaming\Res\sleazyf.resources
binary
MD5: eae7c9b986d30528903ead004d48d187
SHA256: ccb28d81816a326cb512b62ab6ed29a09f3ef67f7c354ea5af45d7280a75c0e8
2608
Windows Defender.exe
C:\Users\admin\AppData\Local\Temp\tmp914.tmp
––
MD5:  ––
SHA256:  ––
2608
Windows Defender.exe
C:\Users\admin\AppData\Roaming\Windows Defender\orj3.txt
––
MD5:  ––
SHA256:  ––
4016
csc.exe
C:\Users\admin\AppData\Local\Temp\lbujwygd.out
––
MD5:  ––
SHA256:  ––
3760
csc.exe
C:\Users\admin\AppData\Local\Temp\olfqihwt.out
––
MD5:  ––
SHA256:  ––
3372
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RESE08D.tmp
––
MD5:  ––
SHA256:  ––
4016
csc.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSC28C6249C648D472AB7F7EBD7BCD3B48.TMP
––
MD5:  ––
SHA256:  ––
2564
OP.GG SCRAPER(BETA).exe
C:\Users\admin\AppData\Roaming\Res2\inspectionp.resources
binary
MD5: 9bf62d6d8371f0fb3d69d3f294dfc5ad
SHA256: 4e1943a6db230610ab994892daed2e2d3bf6cf70488dcf720ea3783aafa57f59
2564
OP.GG SCRAPER(BETA).exe
C:\Users\admin\AppData\Local\Temp\lbujwygd.cmdline
––
MD5:  ––
SHA256:  ––
2564
OP.GG SCRAPER(BETA).exe
C:\Users\admin\AppData\Local\Temp\lbujwygd.0.cs
––
MD5:  ––
SHA256:  ––
2564
OP.GG SCRAPER(BETA).exe
C:\Users\admin\AppData\Local\Temp\tmpDF74.tmp
––
MD5:  ––
SHA256:  ––
2564
OP.GG SCRAPER(BETA).exe
C:\Users\admin\AppData\Roaming\Res2\wd.ico
image
MD5: f66d6c20d8b2870f1f6c6856e38ca844
SHA256: 9f46942832f028b924e5c02b50402c576958f9446e7544137c7916ae05c80fb0
2564
OP.GG SCRAPER(BETA).exe
C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\usernames.txt
text
MD5: 2e7dd1f4a0f031dde7c0d19612747eb2
SHA256: dabe112664a3a1f927ebcb4d5d8ef6d8fb6e06fa2d8489a4e51d3b6309607cb0
3060
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3060.47626\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe
––
MD5:  ––
SHA256:  ––
2260
svchost.exe
C:\Users\admin\AppData\Local\Temp\olfqihwt.0.cs
text
MD5: 6722ba87bb7968fbce32760f3621b9fe
SHA256: 2ab7d2c67a8b32f3e41a4d05124de8e14883b6128cb2a38e415a9e91276fe32c

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
8
TCP/UDP connections
12
DNS requests
7
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2564 OP.GG SCRAPER(BETA).exe GET 200 143.204.101.18:80 http://tr.op.gg/ranking/level/page=5600 US
html
whitelisted
2564 OP.GG SCRAPER(BETA).exe GET 200 143.204.101.18:80 http://tr.op.gg/ranking/level/page=5601 US
html
whitelisted
2564 OP.GG SCRAPER(BETA).exe GET 200 143.204.101.18:80 http://tr.op.gg/ranking/level/page=5602 US
html
whitelisted
2564 OP.GG SCRAPER(BETA).exe GET 200 143.204.101.18:80 http://tr.op.gg/ranking/level/page=5603 US
html
whitelisted
2564 OP.GG SCRAPER(BETA).exe GET 200 143.204.101.18:80 http://tr.op.gg/ranking/level/page=5604 US
html
whitelisted
2564 OP.GG SCRAPER(BETA).exe GET 200 143.204.101.18:80 http://tr.op.gg/ranking/level/page=5605 US
html
whitelisted
3532 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1488 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=asdasdasdasdas&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2564 OP.GG SCRAPER(BETA).exe 143.204.101.18:80 US unknown
2260 svchost.exe 140.82.118.4:443 US unknown
2260 svchost.exe 88.99.66.31:443 Hetzner Online GmbH DE suspicious
3532 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
1488 iexplore.exe 13.107.5.80:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
tr.op.gg 143.204.101.18
143.204.101.23
143.204.101.79
143.204.101.62
unknown
github.com 140.82.118.4
140.82.118.3
shared
iplogger.com 88.99.66.31
shared
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
api.bing.com 13.107.5.80
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.