General Info

URL

http://bubblemark.com/ClientBin/SilverlightBalls.xap

Full analysis
https://app.any.run/tasks/baf29c11-6c38-4168-907f-90bff6583e9c
Verdict
Malicious activity
Analysis date
5/15/2019, 14:36:47
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • agcp.exe (PID: 2280)
  • iexplore.exe (PID: 2444)
  • coregen.exe (PID: 2624)
  • coregen.exe (PID: 2416)
  • coregen.exe (PID: 3892)
  • coregen.exe (PID: 3132)
  • coregen.exe (PID: 2300)
  • coregen.exe (PID: 3328)
  • coregen.exe (PID: 2120)
  • coregen.exe (PID: 2708)
  • coregen.exe (PID: 4040)
  • coregen.exe (PID: 3628)
  • coregen.exe (PID: 3704)
  • coregen.exe (PID: 2892)
  • coregen.exe (PID: 3712)
  • coregen.exe (PID: 3076)
  • rundll32.exe (PID: 3264)
  • coregen.exe (PID: 3416)
  • SearchProtocolHost.exe (PID: 1256)
  • explorer.exe (PID: 252)
  • install.exe (PID: 3388)
Application was dropped or rewritten from another process
  • Silverlight.Configuration.exe (PID: 3452)
  • Silverlight.Configuration.exe (PID: 2840)
  • coregen.exe (PID: 2624)
  • coregen.exe (PID: 3892)
  • coregen.exe (PID: 3132)
  • coregen.exe (PID: 2416)
  • agcp.exe (PID: 2280)
  • coregen.exe (PID: 4040)
  • coregen.exe (PID: 2120)
  • coregen.exe (PID: 3628)
  • coregen.exe (PID: 3076)
  • silverlight.configuration.exe (PID: 4036)
  • coregen.exe (PID: 3712)
  • coregen.exe (PID: 3328)
  • coregen.exe (PID: 2300)
  • coregen.exe (PID: 2892)
  • coregen.exe (PID: 3704)
  • coregen.exe (PID: 2708)
  • coregen.exe (PID: 3416)
  • install.exe (PID: 3388)
  • install.exe (PID: 4084)
  • Silverlight.exe (PID: 2412)
Changes settings of System certificates
  • msiexec.exe (PID: 3856)
Executable content was dropped or overwritten
  • coregen.exe (PID: 3132)
  • coregen.exe (PID: 2624)
  • coregen.exe (PID: 3892)
  • coregen.exe (PID: 2416)
  • coregen.exe (PID: 3628)
  • coregen.exe (PID: 3328)
  • coregen.exe (PID: 4040)
  • coregen.exe (PID: 2300)
  • coregen.exe (PID: 2120)
  • coregen.exe (PID: 2892)
  • coregen.exe (PID: 3076)
  • coregen.exe (PID: 3704)
  • coregen.exe (PID: 3712)
  • coregen.exe (PID: 2708)
  • coregen.exe (PID: 3416)
  • Silverlight.exe (PID: 2412)
  • iexplore.exe (PID: 2948)
  • iexplore.exe (PID: 2444)
  • WinRAR.exe (PID: 2976)
  • msiexec.exe (PID: 3856)
Creates files in the program directory
  • coregen.exe (PID: 2416)
  • coregen.exe (PID: 3132)
  • coregen.exe (PID: 3628)
  • coregen.exe (PID: 2624)
  • coregen.exe (PID: 3892)
  • coregen.exe (PID: 2892)
  • coregen.exe (PID: 3712)
  • coregen.exe (PID: 4040)
  • coregen.exe (PID: 2120)
  • coregen.exe (PID: 2300)
  • coregen.exe (PID: 3328)
  • coregen.exe (PID: 3704)
  • coregen.exe (PID: 2708)
  • coregen.exe (PID: 3076)
  • coregen.exe (PID: 3416)
Uses RUNDLL32.EXE to load library
  • install.exe (PID: 3388)
Changes IE settings (feature browser emulation)
  • msiexec.exe (PID: 3856)
Creates COM task schedule object
  • msiexec.exe (PID: 3856)
Adds / modifies Windows certificates
  • msiexec.exe (PID: 3856)
Reads Internet Cache Settings
  • explorer.exe (PID: 252)
Creates files in the user directory
  • explorer.exe (PID: 252)
Starts Internet Explorer
  • explorer.exe (PID: 252)
Application launched itself
  • msiexec.exe (PID: 3856)
  • iexplore.exe (PID: 2948)
  • iexplore.exe (PID: 2968)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 2276)
Reads internet explorer settings
  • iexplore.exe (PID: 2444)
Creates a software uninstall entry
  • msiexec.exe (PID: 3856)
Starts application with an unusual extension
  • msiexec.exe (PID: 3856)
Reads settings of System Certificates
  • explorer.exe (PID: 252)
Reads Microsoft Office registry keys
  • explorer.exe (PID: 252)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2968)
  • iexplore.exe (PID: 2444)
  • iexplore.exe (PID: 3488)
Changes internet zones settings
  • iexplore.exe (PID: 2948)
  • iexplore.exe (PID: 2968)
Creates files in the user directory
  • iexplore.exe (PID: 3488)
Creates files in the program directory
  • msiexec.exe (PID: 3856)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
88
Monitored processes
33
Malicious processes
22
Suspicious processes
2

Behavior graph

+
start drop and start drop and start iexplore.exe iexplore.exe winrar.exe searchprotocolhost.exe no specs iexplore.exe iexplore.exe explorer.exe no specs silverlight.exe install.exe no specs install.exe msiexec.exe msid510.tmp no specs msiexec.exe no specs rundll32.exe no specs coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe silverlight.configuration.exe no specs coregen.exe coregen.exe coregen.exe coregen.exe agcp.exe no specs silverlight.configuration.exe no specs silverlight.configuration.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
252
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\tquery.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\microsoft shared\office14\msoxev.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msutb.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\internet explorer\iexplore.exe
c:\program files\winrar\winrar.exe
c:\program files\winrar\rarext.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\twext.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wfs.exe
c:\windows\system32\wfsr.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\presentationhost.exe
c:\program files\microsoft office\office14\msohevi.dll
c:\users\admin\desktop\silverlight.exe
c:\users\admin\desktop\silverlightballs.dll
c:\users\admin\desktop\system.windows.controls.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
c:\windows\system32\ie4uinit.exe
c:\program files\windows media player\wmplayer.exe
c:\program files\google\chrome\application\chrome.exe
c:\program files\opera\opera.exe
c:\program files\opera\opera.dll
c:\windows\system32\devicecenter.dll
c:\windows\system32\sud.dll
c:\windows\system32\unregmp2.exe
c:\windows\system32\miguiresource.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\pptico.exe
c:\program files\microsoft silverlight\5.1.50918.0\silverlight.configuration.exe
c:\windows\installer\{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}\configicondll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\sc_reader.ico
c:\program files\ccleaner\ccleaner.exe
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\program files\videolan\vlc\vlc.exe
c:\program files\microsoft\skype for desktop\skype.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\filezilla ftp client\filezilla.exe

PID
1256
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\presentationhost.exe
c:\windows\system32\version.dll
c:\users\admin\desktop\system.windows.controls.dll
c:\windows\system32\ieframe.dll
c:\users\admin\desktop\silverlightballs.dll
c:\users\admin\desktop\silverlight.exe
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\linkinfo.dll

PID
2968
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://bubblemark.com/ClientBin/SilverlightBalls.xap
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll

PID
3488
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2968 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wintrust.dll

PID
2976
CMD
"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\SilverlightBalls.zip" C:\Users\admin\Desktop\
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2948
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Desktop\SilverlightBalls.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msftedit.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ehstorapi.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\sc_reader.ico

PID
2444
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\feclient.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\microsoft silverlight\5.1.50918.0\npctrl.dll
c:\program files\microsoft silverlight\5.1.50918.0\agcore.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft silverlight\5.1.50918.0\agcp.exe
c:\program files\microsoft silverlight\5.1.50918.0\npctrlui.dll

PID
2412
CMD
"C:\Users\admin\Desktop\Silverlight.exe"
Path
C:\Users\admin\Desktop\Silverlight.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Self-Extracting Cabinet
Version
5.1.50918.0
Modules
Image
c:\users\admin\desktop\silverlight.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\feclient.dll
c:\65c003ed8a5846164a24a7b7e0ab\install.exe

PID
4084
CMD
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
Path
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
Indicators
No indicators
Parent process
Silverlight.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
External Installer
Version
VER_DOTPRODUCTVERSION
Modules
Image
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
c:\systemroot\system32\ntdll.dll

PID
3388
CMD
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
Path
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
Indicators
Parent process
Silverlight.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
External Installer
Version
VER_DOTPRODUCTVERSION
Modules
Image
c:\65c003ed8a5846164a24a7b7e0ab\install.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\65c003ed8a5846164a24a7b7e0ab\install.res.dll
c:\windows\system32\msi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\version.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\profapi.dll
c:\program files\microsoft silverlight\xapauthenticodesip.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\wuapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wups.dll
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe

PID
3856
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\devrtl.dll
c:\windows\installer\msid510.tmp
c:\windows\system32\cabinet.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\microsoft silverlight\5.1.50918.0\silverlight.configuration.exe

PID
2688
CMD
"C:\Windows\Installer\MSID510.tmp" flat
Path
C:\Windows\Installer\MSID510.tmp
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
202
Version:
Company
Description
Version
Modules
Image
c:\windows\installer\msid510.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll

PID
2276
CMD
c:\Windows\system32\MsiExec.exe -Embedding D0C25F055E33F585CFE91CADF427E9C4
Path
c:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\microsoft silverlight\xapauthenticodesip.dll
c:\windows\system32\devrtl.dll
c:\program files\microsoft silverlight\5.1.50918.0\slmsprbootstrap.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3264
CMD
"C:\Windows\System32\rundll32.exe" "C:\Program Files\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll",SetupPlayReadyData
Path
C:\Windows\System32\rundll32.exe
Indicators
No indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft silverlight\5.1.50918.0\slmsprbootstrap.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3416
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" mscorlib.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
3076
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
2708
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Core.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
3704
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Net.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
3712
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Xml.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
2892
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Runtime.Serialization.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
2120
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.ServiceModel.Web.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.servicemodel.web.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
4040
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" Microsoft.Xna.Framework.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
3328
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" Microsoft.Xna.Framework.Graphics.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.graphics.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
2300
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" Microsoft.Xna.Framework.Graphics.Shaders.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.graphics.shaders.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.graphics.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.graphics.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
3628
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Windows.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
4036
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe" -enableMU
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe
Indicators
No indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Silverlight Configuration Utility
Version
5.1.50918.0
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\silverlight.configuration.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wups.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\profapi.dll

PID
2416
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Windows.Xna.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.xna.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.graphics.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.graphics.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\microsoft.xna.framework.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
3892
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.ServiceModel.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.servicemodel.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
3132
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Windows.RuntimeHost.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.runtimehost.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll

PID
2624
CMD
"C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe" System.Windows.Browser.dll
Path
C:\Program Files\Microsoft Silverlight\5.1.50918.0\coregen.exe
Indicators
Parent process
install.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Common Language Runtime native compiler
Version
5.1.50918.0 built by: SL_V5_SVC
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.50918.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.browser.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorlib.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.windows.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.net.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.core.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.xml.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.runtime.serialization.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.servicemodel.web.ni.dll
c:\program files\microsoft silverlight\5.1.50918.0\system.servicemodel.web.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\microsoft silverlight\5.1.50918.0\mscorrc.dll
c:\windows\system32\imagehlp.dll

PID
2280
CMD
agcp.exe 2444 2164
Path
c:\Program Files\Microsoft Silverlight\5.1.50918.0\agcp.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
agcp.exe
Version
5.1.50918.0
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\agcp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\program files\microsoft silverlight\5.1.50918.0\agcore.dll
c:\program files\microsoft silverlight\5.1.50918.0\npctrl.dll
c:\program files\microsoft silverlight\5.1.50918.0\npctrlui.dll

PID
3452
CMD
"c:\Program Files\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe" -autoUpdate
Path
c:\Program Files\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Silverlight Configuration Utility
Version
5.1.50918.0
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\silverlight.configuration.exe
c:\systemroot\system32\ntdll.dll

PID
2840
CMD
"c:\Program Files\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe" -autoUpdate
Path
c:\Program Files\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147549183
Version:
Company
Microsoft Corporation
Description
Microsoft® Silverlight Configuration Utility
Version
5.1.50918.0
Modules
Image
c:\program files\microsoft silverlight\5.1.50918.0\silverlight.configuration.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wups.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\qmgrprxy.dll

Registry activity

Total events
10656
Read events
7571
Write events
3062
Delete events
23

Modification events

PID
Process
Operation
Key
Name
Value
252
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041120190412
252
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
252
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62
252
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
252
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
252
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
252
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories
252
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup
252
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
252
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
00000000000000000000000081020000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000005000000020000005A9D000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
WinRAR.ZIP
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
2
530069006C007600650072006C006900670068007400420061006C006C0073002E007A00690070000000860032000000000000000000000053696C7665726C6967687442616C6C732E7A69702E6C6E6B00005E0008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000530069006C007600650072006C006900670068007400420061006C006C0073002E007A00690070002E006C006E006B00000028000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip
0
530069006C007600650072006C006900670068007400420061006C006C0073002E007A00690070000000860032000000000000000000000053696C7665726C6967687442616C6C732E7A69702E6C6E6B00005E0008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000530069006C007600650072006C006900670068007400420061006C006C0073002E007A00690070002E006C006E006B00000028000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip
MRUListEx
00000000FFFFFFFF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
MRUListEx
020000000100000000000000FFFFFFFF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
0000000000000000000000007C080000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000050000000200000055A3000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{B41DB860-8EE4-11D2-9906-E49FADC173CA} {00000122-0000-0000-C000-000000000046} 0xFFFF
0100000000000000A9AFDDEC1A0BD501
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\ntshrui.dll,-103
S&hare with
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
0904
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\WFS.exe
Microsoft Windows Fax and Scan
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\JvaENE\JvaENE.rkr
0000000000000000000000003E000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000050000000200000093A3000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\ieframe.dll,-5731
&Open
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\ieframe.dll,-5732
Open in S&ame Window
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Vagrearg Rkcybere\vrkcyber.rkr
00000000010000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFFA0648BF01A0BD50100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000060000000200000093A3000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList
a
iexplore.exe
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList
MRUList
a
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
htmlfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
3
530069006C007600650072006C006900670068007400420061006C006C0073002E00680074006D006C000000880032000000000000000000000053696C7665726C6967687442616C6C732E68746D6C2E6C6E6B00600008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000530069006C007600650072006C006900670068007400420061006C006C0073002E00680074006D006C002E006C006E006B00000028000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html
0
530069006C007600650072006C006900670068007400420061006C006C0073002E00680074006D006C000000880032000000000000000000000053696C7665726C6967687442616C6C732E68746D6C2E6C6E6B00600008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000530069006C007600650072006C006900670068007400420061006C006C0073002E00680074006D006C002E006C006E006B00000028000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html
MRUListEx
00000000FFFFFFFF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
MRUListEx
03000000020000000100000000000000FFFFFFFF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
0000000000000000000000009A2A0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000600000002000000B1C5000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000001000000000000000200000006000000030000000500000004000000FFFFFFFF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Locked
1
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
0000000000000000000000002F410000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000060000000200000046DC000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\PresentationHost.exe,-3300
Windows Markup File
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\ieframe.dll,-912
HTML Document
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\ntshrui.dll,-5112
Share the selected items with other people on the network.
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr
00000000000000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\Qrfxgbc\Fvyireyvtug.rkr
00000000010000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF60E267031B0BD50100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000070000000200000046DC000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr
000000000000000000000000BC000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000070000000200000002DD000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\Qrfxgbc\Fvyireyvtug.rkr
0000000001000000000000000F000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF60E267031B0BD50100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
00000000070000000200000011DD000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\Qrfxgbc\Fvyireyvtug.rkr
000000000100000000000000ED020000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF60E267031B0BD50100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000700000002000000EFDF000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr
000000000000000001000000BC000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000700000003000000EFDF000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MinPos1280x720x96(1).x
4294967295
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MinPos1280x720x96(1).y
4294967295
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MaxPos1280x720x96(1).x
4294967295
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MaxPos1280x720x96(1).y
4294967295
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).left
22
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).top
22
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).right
822
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).bottom
582
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WFlags
2
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
ShowCmd
3
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
HotKey
0
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
NavBar
000000000000000000000000000000008B000000870000003153505305D5CDD59C2E1B10939708002B2CF9AE6B0000005A000000007B00360044003800420042003300440033002D0039004400380037002D0034004100390031002D0041004200350036002D003400460033003000430046004600450046004500390046007D005F0057006900640074006800000013000000F00000000000000000000000
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Rev
0
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616193
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Vid
{65F125E5-7BE1-4810-BA9D-D271C8432CE3}
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr
0000000000000000010000001A010000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000007000000030000004DE0000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616209
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
94000000900000003153505305D5CDD59C2E1B10939708002B2CF9AE4100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00003300000022000000004E0061007600500061006E0065005F0046006900720073007400520075006E0000000B000000000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
LanguageList
en-US
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@"%windir%\System32\ie4uinit.exe",-732
Finds and displays information and Web sites on the Internet.
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@C:\Windows\system32\DeviceCenter.dll,-1000
Devices and Printers
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@C:\Windows\system32\sud.dll,-1
Default Programs
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@C:\Windows\explorer.exe,-7021
Help and Support
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@C:\Windows\System32\ie4uinit.exe,-731
Internet Explorer
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@C:\Windows\system32\unregmp2.exe,-4
Windows Media Player
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
1
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
1
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\64\52C64B7E
@C:\Windows\system32\miguiresource.dll,-201
Task Scheduler
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
0000000000000000010000002F410000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000007000000040000004DE0000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
101
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
VLC.3g2
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
VLC.3gp
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
VLC.3gp2
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids
VLC.3gpp
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\OpenWithProgids
VLC.aac
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\OpenWithProgids
VLC.adt
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\OpenWithProgids
VLC.adts
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
VLC.aif
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithProgids
VLC.aifc
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithProgids
VLC.aiff
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
VLC.asf
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
VLC.asx
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
VLC.au
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
VLC.avi
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
WinRAR
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.contact\OpenWithProgids
contact_wab_auto_file
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Paint.Picture
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR\OpenWithProgids
MediaCenter.DVR
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvr-ms\OpenWithProgids
MediaCenter.DVR-MS
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwfx\OpenWithProgids
Windows.XPSReachViewer
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.easmx\OpenWithProgids
Windows.XPSReachViewer
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.edrwx\OpenWithProgids
Windows.XPSReachViewer
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eprtx\OpenWithProgids
Windows.XPSReachViewer
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
jpegfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids
jpegfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jtx\OpenWithProgids
Windows.XPSReachViewer
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
VLC.m1v
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
VLC.m2t
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
VLC.m2ts
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\OpenWithProgids
VLC.m2v
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
VLC.m3u
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
VLC.m4a
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\OpenWithProgids
VLC.m4p
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
VLC.m4v
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithProgids
mhtmlfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
VLC.mid
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\OpenWithProgids
WMP11.AssocFile.MIDI
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
VLC.mod
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
VLC.mov
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithProgids
VLC.mp2
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\OpenWithProgids
VLC.mp2v
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithProgids
VLC.mp3
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
VLC.mp4
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids
VLC.mp4v
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
VLC.mpa
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\OpenWithProgids
VLC.mpe
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithProgids
VLC.mpeg
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithProgids
VLC.mpg
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithProgids
VLC.mpv2
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.14
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
VLC.mts
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
VLC.rmi
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
VLC.snd
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
TIFImage.Document
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\OpenWithProgids
VLC.ts
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\OpenWithProgids
VLC.tts
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\OpenWithProgids
VLC.vob
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
VLC.wav
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
VLC.wma
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
VLC.wmv
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithProgids
WMP11.AssocFile.WPL
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithProgids
MediaCenter.WTVFile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
VLC.wvx
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\OpenWithProgids
Windows.XPSReachViewer
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
000000000000000001000000974F0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000700000004000000B5EE000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42
CheckSetting
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D1000000000200000000001066000000010000200000009285D2603CD2137DF13D8991ABD2F6DCC1A0A68678F9E6C183B5BC52CBA957C1000000000E8000000002000020000000670AD84F4F763B4B56F813DF3CF0AA1636E5CCF1C72F29F41B4B0F1297FAEBA330000000EFCDF9808405F442FE565CE052D447B3DD10E4D5AB244FC7E329804ACAD95D5FEC8D306DCBD0F66C7A1FBC6761B5CA1E4000000041D2BFEE2F673A9CA3B6EB7FBE7C47FBA5FF2E3920B73353702E74662CDB4D70C1463D5E2036AEB0013E3EF03EE399A838CB7B002668E009B58F2B9538A78465
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.VagreargRkcybere.Qrsnhyg
000000000000000002000000974F0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000700000005000000B5EE000003000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E8350203000000020000001B6900004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000350201000000000000000000A27650E935023CE735025E7C37777CE93502787C3777030000008A018C01EC92CB026CE73502F77C37770100000050E93502847C3777BCE73502B0E73502C8E73502000000000000000000000000B8E7350250E93502000000000000000000000000F0E83502F0E8350200000000010000007CE93502F0E83502B2FE3777F270377785FC3777B5860A759A7C3677EC92CB02A27E367734E935021800000014FB3502006F367700000000000000001CE935023C003E007CE93502C34E9D00BCE7350200000000D84609000000350218E8350204EB350200000088C8000000C8000000C8000000C8000000F2010300000000000000D868A8D33A030106004000000000F0EA35021053D8687FEB9C7620000000220000001053D868102FD8020000000011000000B8450A00B0450A00A8D33A03ACE800001FB258415CE835028291BE75ACE8350260E835022795BE750000000054CAD20288E83502CD94BE7554CAD20234E93502C8C5D202E194BE7500000000C8C5D20234E9350290E83502
1256
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1256
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\PresentationHost.exe,-3300
Windows Markup File
1256
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\ieframe.dll,-912
HTML Document
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{231B3489-770E-11E9-B3B3-5254004A04AF}
0
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F000C00250002008F02
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F000C00250002009F02
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000C00250002008903
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000C0025000200A803
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
100
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000C00250003001E00
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
88
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
0
43003A005C00500072006F006700720061006D002000460069006C00650073005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0069006500780070006C006F00720065002E00650078006500000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
MRUListEx
00000000FFFFFFFF
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000001000000000000000200000006000000030000000500000004000000FFFFFFFF
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\Shell
SniffedFolderType
Generic
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
4
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
1
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
16
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
1
69006500780070006C006F00720065002E0065007800650000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
0100000000000000FFFFFFFF
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip
0
7A0032000000000000000000800053696C7665726C6967687442616C6C732E7A69700000560008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000530069006C007600650072006C006900670068007400420061006C006C0073002E007A0069007000000024000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip
MRUListEx
00000000FFFFFFFF
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
7A0032000000000000000000800053696C7665726C6967687442616C6C732E7A69700000560008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000530069006C007600650072006C006900670068007400420061006C006C0073002E007A0069007000000024000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AE010000B000000051030000BA01000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2968
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Download Directory
C:\Users\admin\Desktop
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F000C0025000C00990300000000
2968
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3488
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePath