Malware Analysis Report

2024-07-28 05:20

Sample ID 240603-a4msgadb2w
Target goggle.com trojan.exe
SHA256 361c5ca1db8ea24f3a773cddcddbcbaebd845432dcd12e180bfd975114366f28
Tags
adware discovery evasion persistence spyware stealer trojan upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

361c5ca1db8ea24f3a773cddcddbcbaebd845432dcd12e180bfd975114366f28

Threat Level: Shows suspicious behavior

The file goggle.com trojan.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery evasion persistence spyware stealer trojan upx

Drops startup file

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Checks BIOS information in registry

UPX packed file

Checks installed software on the system

Checks whether UAC is enabled

Adds Run key to start application

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Program crash

NSIS installer

Modifies Internet Explorer settings

Modifies Internet Explorer start page

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Browser Extensions
T1176
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-03 00:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 00:46

Reported

2024-06-03 00:48

Platform

win7-20240221-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe"

Signatures

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (149).exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk N/A N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk \??\c:\windows\SysWOW64\dwdsregt.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (110).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (111).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (112).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (113).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (115).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (117).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (119).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (120).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (114).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (116).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (118).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (122).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (124).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (126).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (12).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (128).exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows installer = "C:\\winstall.exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\updchecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\fun (114).exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (114).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adstartup = "C:\\Windows\\system32\\automove.exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (129).exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\KeywordSearchUpdater = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\fun (144).exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (144).exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\ad405cn\iePlayer.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}\ = "Google Toolbar Helper" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B55AD4C1-9BB6-42A4-B5A0-E53FCFCCB2DE} C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B55AD4C1-9BB6-42A4-B5A0-E53FCFCCB2DE}\ C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC}\ = "FlashGetBHO" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC}\NoExplorer = "1" C:\Windows\SysWOW64\regsvr32.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax N/A N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File created C:\Windows\SysWOW64\SWin32.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (129).exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\msnav32.ax \??\c:\windows\SysWOW64\dwdsregt.exe N/A
File opened for modification C:\Windows\SysWOW64\dbglogfolder\n_inst_03_06_24.log \??\c:\windows\SysWOW64\dwdsregt.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\The Ultimate Guide To Joomla Step By Step Joomla Videos\Icon05112011023531.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
File created C:\Program Files (x86)\The Ultimate Guide To Joomla Step By Step Joomla Videos\The Ultimate Guide To Joomla Step By Step Joomla Videos.LNK C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
File created C:\Program Files (x86)\Google\googletoolbar1.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (14).exe N/A
File opened for modification C:\Program Files (x86)\HBCheckPermission.txt C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe N/A
File opened for modification C:\Program Files (x86)\MyEmoticons\UMEP.EXE C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (137).exe N/A
File opened for modification C:\Program Files (x86)\The Ultimate Guide To Joomla Step By Step Joomla Videos C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
File opened for modification C:\Program Files (x86)\The Ultimate Guide To Joomla Step By Step Joomla Videos\Icon05112011023531.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
File opened for modification C:\Program Files (x86)\The Ultimate Guide To Joomla Step By Step Joomla Videos\The Ultimate Guide To Joomla Step By Step Joomla Videos.LNK C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe N/A
File created C:\Program Files (x86)\HBCheckPermission.txt C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ad405cn\iePlayer.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (139).exe N/A
File created C:\Windows\ad405cn\ATLcom.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (139).exe N/A
File created C:\Windows\PPlayer.2.1.58130.251.(508).dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (140).exe N/A
File created C:\Windows\ad405cn\Update.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (139).exe N/A
File created C:\Windows\ad405cn\info2asp.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (139).exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (12).exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (140).exe

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (149).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (149).exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.k887.com/?631" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F04A2CA1-9140-4553-B6C4-03E4139ECA93}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CD3C5A4-7E59-4B22-9DAF-62FF27C45E35}\TypeLib\ = "{4ECB13A5-757F-472B-8E54-EE529A450220}" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CD3C5A4-7E59-4B22-9DAF-62FF27C45E35}\TypeLib\ = "{4ECB13A5-757F-472B-8E54-EE529A450220}" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{64C80684-8B59-459F-BFCA-356E28D79688}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64C80684-8B59-459F-BFCA-356E28D79688}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5ECBAEED-ED5E-4D69-B137-37ED7F5279A6}\2.0 C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4752D0B-C6E1-4EB2-9D56-DBBBB2346B0F}\TypeLib C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4752D0B-C6E1-4EB2-9D56-DBBBB2346B0F}\ProxyStubClsid C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F04A2CA1-9140-4553-B6C4-03E4139ECA93}\TypeLib C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\ = "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B55AD4C1-9BB6-42A4-B5A0-E53FCFCCB2DE}\TypeLib\ = "{5ECBAEED-ED5E-4D69-B137-37ED7F5279A6}" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B4ADFB5F-F6D4-4D00-A88E-B785E2BD2391}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{64C80684-8B59-459F-BFCA-356E28D79688}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5ECBAEED-ED5E-4D69-B137-37ED7F5279A6}\2.0\0\win32 C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AmiBs.Boot C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\ = "&Google" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64C80684-8B59-459F-BFCA-356E28D79688} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5ECBAEED-ED5E-4D69-B137-37ED7F5279A6}\2.0\0\win32\ = "C:\\Windows\\SysWow64\\IEEula.dll" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4ECB13A5-757F-472B-8E54-EE529A450220}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4ECB13A5-757F-472B-8E54-EE529A450220}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ATLcom.bhoRay2009.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC}\ProgID\ = "FlashGetBHO.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\FLAGS C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B4ADFB5F-F6D4-4D00-A88E-B785E2BD2391}\1.0\0\win32\ = "C:\\Windows\\PPLAYE~1.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google\CLSID\ = "{AA58ED58-01DD-4D91-8333-CF10577473F7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4752D0B-C6E1-4EB2-9D56-DBBBB2346B0F}\ = "_IEEula" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B55AD4C1-9BB6-42A4-B5A0-E53FCFCCB2DE}\Programmable C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AmiBs.Boot.1 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F04A2CA1-9140-4553-B6C4-03E4139ECA93}\Programmable C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CD3C5A4-7E59-4B22-9DAF-62FF27C45E35}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ATLcom.bhoRay2009\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ = "IGoogle" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B55AD4C1-9BB6-42A4-B5A0-E53FCFCCB2DE}\VERSION\ = "2.0" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEEulas.IEEula\ = "IEEulas.IEEula" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AmiBs.Boot\CurVer\ = "AmiBs.Boot.1" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F04A2CA1-9140-4553-B6C4-03E4139ECA93}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4ECB13A5-757F-472B-8E54-EE529A450220}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64C80684-8B59-459F-BFCA-356E28D79688}\ = "IbhoRay2009" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4752D0B-C6E1-4EB2-9D56-DBBBB2346B0F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4ECB13A5-757F-472B-8E54-EE529A450220}\1.0 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ = "IGoogle" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F04A2CA1-9140-4553-B6C4-03E4139ECA93}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ATLcom.bhoRay2009\CurVer\ = "FlashGetBHO.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B4ADFB5F-F6D4-4D00-A88E-B785E2BD2391}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\VersionIndependentProgID\ = "Googletoolbar.Google" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B05CB5FE-1E22-43C7-93E2-4CF04C87B3CC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B4ADFB5F-F6D4-4D00-A88E-B785E2BD2391}\1.0\HELPDIR\ = "C:\\Windows" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5ECBAEED-ED5E-4D69-B137-37ED7F5279A6}\2.0\0 C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4752D0B-C6E1-4EB2-9D56-DBBBB2346B0F}\TypeLib\ = "{5ECBAEED-ED5E-4D69-B137-37ED7F5279A6}" C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4752D0B-C6E1-4EB2-9D56-DBBBB2346B0F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (122).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (122).exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (110).exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (140).exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (115).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (128).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (114).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (115).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (115).exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsyC4F7.tmp\downloadmr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsyC4F7.tmp\downloadmr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A
N/A N/A \??\c:\windows\SysWOW64\dwdsregt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2088 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 2088 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 2088 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 2088 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 1928 wrote to memory of 864 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe
PID 1928 wrote to memory of 864 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe
PID 1928 wrote to memory of 864 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe
PID 1928 wrote to memory of 864 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe
PID 1928 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe
PID 1928 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe
PID 1928 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe
PID 1928 wrote to memory of 2964 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe
PID 1928 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe
PID 1928 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe
PID 1928 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe
PID 1928 wrote to memory of 2480 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe
PID 1928 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe
PID 1928 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe
PID 1928 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe
PID 1928 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe
PID 1928 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe
PID 1928 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe
PID 1928 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe
PID 1928 wrote to memory of 2608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe
PID 2964 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe C:\Windows\SysWOW64\WerFault.exe
PID 2964 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe C:\Windows\SysWOW64\WerFault.exe
PID 2964 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe C:\Windows\SysWOW64\WerFault.exe
PID 2964 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe C:\Windows\SysWOW64\WerFault.exe
PID 1928 wrote to memory of 2516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe
PID 1928 wrote to memory of 2516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe
PID 1928 wrote to memory of 2516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe
PID 1928 wrote to memory of 2516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe
PID 1928 wrote to memory of 2828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe
PID 1928 wrote to memory of 2828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe
PID 1928 wrote to memory of 2828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe
PID 1928 wrote to memory of 2828 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2584 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe
PID 1928 wrote to memory of 2684 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe
PID 1928 wrote to memory of 2684 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe
PID 1928 wrote to memory of 2684 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe
PID 1928 wrote to memory of 2684 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe
PID 1928 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe
PID 1928 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe
PID 1928 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe
PID 1928 wrote to memory of 2544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe
PID 1928 wrote to memory of 2436 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe
PID 1928 wrote to memory of 2436 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe
PID 1928 wrote to memory of 2436 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe
PID 1928 wrote to memory of 2436 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe
PID 2828 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe
PID 2828 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe

Processes

C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe

"C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\Blaster.bat" "

C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe

"anr0129.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe

"fun (10).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe

"fun (100).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe

"fun (101).exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 116

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe

"fun (102).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe

"fun (103).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe

"fun (104).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe

"fun (105).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe

"fun (106).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe

"fun (107).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe

"fun (108).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe

"fun (109).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe" /asService

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.chrisqueen.com/cb/JOOMLA12/program

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (110).exe

"fun (110).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (111).exe

"fun (111).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (112).exe

"fun (112).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (113).exe

"fun (113).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (114).exe

"fun (114).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (115).exe

"fun (115).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (116).exe

"fun (116).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (117).exe

"fun (117).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (118).exe

"fun (118).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (119).exe

"fun (119).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (12).exe

"fun (12).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (120).exe

"fun (120).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (121).exe

"fun (121).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (122).exe

"fun (122).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (123).exe

"fun (123).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (124).exe

"fun (124).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (125).exe

"fun (125).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (126).exe

"fun (126).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (127).exe

"fun (127).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (128).exe

"fun (128).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (129).exe

"fun (129).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (13).exe

"fun (13).exe"

C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe

C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe /u4dc9054e-38b0-4614-bdd5-20605bc06f26 /e2504568

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\RarSFX0\

C:\Users\Admin\AppData\Local\Temp\nsyC4F7.tmp\downloadmr.exe

C:\Users\Admin\AppData\Local\Temp\nsyC4F7.tmp\downloadmr.exe /es126548

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\RarSFX0\

C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe

C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe /u4dc90cd0-7328-42b2-8f65-20295bc06f26 /e2296882

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Windows\SysWOW64\regini.exe

"C:\Windows\system32\regini.exe" C:\Users\Admin\AppData\Local\Temp\$~LOGU.TMP

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 708

C:\program files\Internet explorer\iexplore.exe

"C:\\program files\Internet explorer\iexplore" http://en.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=6

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1061932 /prefetch:2

C:\Windows\SysWOW64\regini.exe

"C:\Windows\system32\regini.exe" C:\Users\Admin\AppData\Local\Temp\$~LOGI.TMP

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 456

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (131).exe

"fun (131).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (132).exe

"fun (132).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (133).exe

"fun (133).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (134).exe

"fun (134).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (135).exe

"fun (135).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (136).exe

"fun (136).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (137).exe

"fun (137).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (138).exe

"fun (138).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (139).exe

"fun (139).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (14).exe

"fun (14).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (140).exe

"fun (140).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (141).exe

"fun (141).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (142).exe

"fun (142).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (143).exe

"fun (143).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (144).exe

"fun (144).exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32 C:\Windows\PPLAYE~1.DLL,DllDelete C:\Users\Admin\AppData\Local\Temp\RarSFX0\FUC866~1.EXE

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (145).exe

"fun (145).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (146).exe

"fun (146).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (147).exe

"fun (147).exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:603141 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (148).exe

"fun (148).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (149).exe

"fun (149).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (15).exe

"fun (15).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (150).exe

"fun (150).exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (16).exe

"fun (16).exe"

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\RarSFX0\

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\PPLAYE~1.DLL

C:\Windows\ad405cn\Update.exe

C:\Windows\ad405cn\Update.exe 11C454014FFDA493E62DBFFAE914C42A578E3EFDE155E8D180AFAE28B8137F369681EE45A169D55C59871473

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Windows\ad405cn\info2asp.exe

C:\Windows\ad405cn\info2asp.exe 11C454014FFDA493E62DBFFAE914C42A578E3EFDE155E8D180AFAE28B8137F369681EE45A169D55C59871473

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1389579 /prefetch:2

C:\Windows\ad405cn\iePlayer.exe

C:\Windows\ad405cn\iePlayer.exe 11C454014FFDA493E62DBFFAE914C42A578E3EFDE155E8D180AFAE28B8137F369681EE45A169D55C59871473

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1258749 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1651719 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1717256 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:406729 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:668872 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275658 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1127657 /prefetch:2

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /c "C:\Program Files (x86)\Google\googletoolbar1.dll"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1455118 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2044937 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1520661 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1782803 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:865488 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:472221 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1913879 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2307083 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2372616 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2110491 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:209969 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2176031 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:930950 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2831369 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2700305 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2438158 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3027978 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2962442 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2896906 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2569228 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1324238 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1193123 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1586213 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3290122 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3355659 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3486729 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1848361 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3159055 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3552267 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3683338 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3093519 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3814411 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2241566 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:734369 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2503704 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:996606 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:537752 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3224599 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3617812 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2634780 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3748882 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4011018 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3945486 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4142094 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3879948 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:2765853 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4076565 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1979444 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:3421209 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4731919 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4600847 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5190665 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4928521 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4666386 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4797457 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4994060 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4404239 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1061957 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5125142 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4338707 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4863008 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4273171 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5059615 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4469785 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4207645 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:4535328 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5846022 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5452808 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5780486 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5387272 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5649420 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6108173 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5518351 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5321741 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6173711 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5714962 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5256219 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5977104 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5911569 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6042640 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:5583891 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6239270 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7287810 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7222275 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6566923 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6697997 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6894597 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7091206 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6370315 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6632463 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6829072 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7025675 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6763534 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6435864 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7156760 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7812099 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6304793 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6501406 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:6960147 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7746569 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7681035 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7353353 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8336387 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8205316 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8270853 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7418893 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8139786 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7484437 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8074249 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7943176 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7615508 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7549981 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:7877646 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8008720 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8467467 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9319427 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9384964 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8795140 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8664075 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9188361 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9253902 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9122827 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8926216 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8860682 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9057291 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8598555 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8991757 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8401942 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8729622 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:8533025 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9581578 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9778188 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9843721 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9647114 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10433539 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10105860 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10302470 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9450513 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9516047 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9712669 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10171404 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10236941 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9974801 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:9909273 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10040336 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10368014 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11154435 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11351045 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11416580 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11088900 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10761224 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11219981 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10564621 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10892299 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10957835 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10826761 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11285517 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10695700 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11482129 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10499092 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11023389 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:10630177 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12137477 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12203013 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12006407 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11744263 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11809809 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11613197 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12334087 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11678738 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12465156 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12399630 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12268566 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12071953 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11940889 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11875347 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:11547668 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12530711 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13186052 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13513732 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13579267 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12989447 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12923911 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13120519 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12596234 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12661771 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12727309 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13448212 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13382675 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12792854 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:12858397 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13054995 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13251601 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13317144 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13775878 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14103560 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14627844 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13841416 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13906953 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13644811 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13972491 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14234635 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:13710362 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14300183 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14496781 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14365705 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14169102 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14038040 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14562331 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14431251 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14693383 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15676420 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14824454 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15348740 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15610887 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15283207 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15152143 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15021064 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14889994 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14955535 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15545365 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15217677 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15414279 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15479828 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:14758947 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15086613 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15938568 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16462854 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16266243 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16397321 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16331786 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16593925 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16724998 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16004107 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16200716 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16135178 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15807503 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15873043 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16069650 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16528412 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16659473 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:15741971 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17511431 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17314822 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17380361 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16856075 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17773573 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17642500 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16921611 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17576965 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17183755 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17249291 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17445916 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16790552 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17118221 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17708046 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:16987155 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17052692 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17970182 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17904649 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18166792 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18101259 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18494479 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18691076 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18560003 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18822150 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18625544 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17839125 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18297869 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18363402 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 368

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18428951 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18035738 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18232350 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18756637 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19084296 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18887687 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:18953223 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19018759 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19215366 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19870724 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19739653 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19674117 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19805197 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19608586 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19149838 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19346445 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19411981 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19280910 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19543074 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19477531 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20067337 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20198408 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20526083 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20657158 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20591621 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20722706 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:19936279 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20329476 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20395026 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20263948 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20919315 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20132889 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20788252 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20460561 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20001821 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20853790 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21181449 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21902340 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21836804 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21967876 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:20984840 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21574662 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21443591 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21771272 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21115918 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21705743 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21247004 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21509134 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21312533 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21050388 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21640208 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:21378075 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22098957 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22230024 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22164493 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22492166 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22426632 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22819846 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22361108 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22754318 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22688776 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22295574 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22623237 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23016455 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22885383 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22557707 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22950929 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:22033467 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23081996 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23475212 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23344138 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23278601 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23540747 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23147539 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23671813 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23802887 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23606291 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23999494 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23933968 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23213077 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23868427 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23737369 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:23409689 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24065051 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24261640 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24392718 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25113605 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25048069 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24327177 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24589320 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24458256 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24851462 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24654856 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24130584 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24196120 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24720397 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24785943 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24917006 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24523798 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:24982555 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25375752 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25703427 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25768966 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25310219 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26096643 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25834507 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25965574 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25572372 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26162182 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25900050 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25441314 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25244689 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25179156 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26031123 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25506839 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:25637917 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26489865 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26817550 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26883082 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26227724 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26293267 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26424336 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26686471 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27145221 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27210757 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26948614 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27014153 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26752028 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26620945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26555411 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:26358812 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27079717 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27276298 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27866116 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27931653 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27997190 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28259332 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27669514 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28193799 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27735048 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27603978 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27800590 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27407397 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28128272 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27341844 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27472915 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28062737 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:27538469 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28914693 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28324874 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29045765 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28980231 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29176838 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28718092 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28521484 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28849160 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28652557 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28587026 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28390419 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28783640 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29111315 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29307929 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:28455964 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29242397 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29438986 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29504523 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29373450 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30290948 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30225412 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30356493 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29635595 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30028806 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29963270 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29897740 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29832216 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30159888 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29766677 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29701155 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30094355 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:29570075 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30422025 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30749702 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30880773 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31077382 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31339528 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31208452 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31273997 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30487570 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30553098 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30946320 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31142929 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31405070 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31011862 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30815250 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30684189 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:30618646 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31732742 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31470604 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31798278 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31601677 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32257029 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32388102 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32191493 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31863825 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32453638 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31536158 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31994903 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32125963 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32322575 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32060433 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31667229 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:31929372 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32846855 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32781319 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32977934 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32715787 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33305604 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33240069 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32912397 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33371152 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33109002 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32650261 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33174546 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33436679 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32519198 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:32584725 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33502218 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33043491 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34157575 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34419715 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34026504 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34092045 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34485259 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34288653 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34550798 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33698831 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34223120 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33633289 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34354187 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33764373 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33567757 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33960975 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33895449 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:33829923 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35009545 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35533828 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34681864 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35075086 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34878474 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34944024 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34812939 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34747401 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35599366 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35468298 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35402777 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:34616340 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35337228 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35206160 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35140636 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35271702 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36123657 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36451333 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36320262 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36385803 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35861516 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35795980 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35664914 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35730442 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36189193 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36254739 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36058147 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36582410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36647944 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35927063 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:35992613 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36516888 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36910086 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37368837 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37696515 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37630980 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36713489 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36844555 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37041170 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36779026 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37237768 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37303312 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37499918 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37106704 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:36975631 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37434385 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37172250 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37565468 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38417418 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37958666 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38155271 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38548486 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38220815 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38614023 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38679556 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37762063 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38745095 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38351895 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38286347 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37893140 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38024209 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:37827602 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38089755 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38482975 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39662597 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39269382 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38876168 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39531526 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39597066 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38941707 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:38810643 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39072785 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39007253 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39334940 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39203853 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39400459 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39728142 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39466016 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39138338 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40317956 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39924743 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40449030 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40514567 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40186887 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40580111 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40383501 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40645637 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39859207 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40055837 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:39990305 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40121355 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40842249 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40776717 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40711192 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40252445 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41432067 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41497607 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41104389 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41628678 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41759749 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41563149 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41890821 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40973323 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41694220 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41169938 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41366545 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41825295 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41301013 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41038881 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:40907799 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41235487 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42480647 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42415117 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42284041 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42152968 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42611726 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42546203 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42742789 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42808324 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42677255 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42218520 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:41956370 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42939398 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42021906 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42349592 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42873866 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:42087471 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43070472 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43004936 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43725828 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43660291 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43791366 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43922436 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43594757 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43398167 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43463692 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43136028 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43201551 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43529232 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43332630 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43987983 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43267102 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:43856924 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44577796 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44708869 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44184589 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44250127 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44315657 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44512270 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44905476 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44839939 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44119055 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44643340 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44971020 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45036564 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44446747 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44053532 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44381209 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:44774416 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45364235 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45429766 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45298699 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45560845 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45757444 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45691911 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45495303 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45102101 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45233171 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46085131 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46019596 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45626393 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45888520 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45954070 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45167658 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:45822996 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46609418 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47068164 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47133699 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46871557 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46674950 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46543881 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46281742 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46347275 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46478350 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46150674 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46412817 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46937108 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47002647 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46216221 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46806035 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:46740512 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47526918 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47330319 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47592454 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47920132 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47985670 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48051208 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47395855 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48182278 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47657998 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48116747 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47264783 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47723527 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47789068 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47854608 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47461416 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:47199269 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48706565 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48772101 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48575495 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48444431 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48378890 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48837654 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48247823 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48641045 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48903173 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48509979 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49165318 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48968709 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49099782 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49034246 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:48313380 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49230865 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49755144 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49427470 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49820680 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49558533 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49296397 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49886215 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49361928 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49951748 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49689613 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49624082 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50213893 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50279429 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50148357 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:49493005 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50017293 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50082825 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50344967 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50541573 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50410502 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51065861 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50934787 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51196935 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50672646 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50803720 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51328011 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50476054 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50869265 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51000351 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51262481 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50738209 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:50607143 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51131430 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51983367 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51393542 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51459079 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51917838 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51524617 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51852302 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51655700 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52311045 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52179975 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51786770 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51721240 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52048909 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52245524 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:51590172 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52114455 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52376613 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52769799 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:53294084 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:53228556 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:53359628 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52573195 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52966412 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52900871 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:53097481 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52638733 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:53031952 /prefetch:2

\??\c:\windows\SysWOW64\dwdsregt.exe

c:\windows\system32\dwdsregt.exe FI002

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52704274 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:53163029 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52442133 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:52507675 /prefetch:2

Network

Country Destination Domain Proto
CA 69.50.175.180:80 tcp
US 8.8.8.8:53 www.whitesmoke.com udp
US 35.161.225.9:80 www.whitesmoke.com tcp
US 8.8.8.8:53 www.chrisqueen.com udp
US 34.174.54.80:80 www.chrisqueen.com tcp
US 34.174.54.80:80 www.chrisqueen.com tcp
US 8.8.8.8:53 stat.zvu.com udp
US 8.8.8.8:53 zvu.com udp
RU 178.218.223.39:80 zvu.com tcp
RU 178.218.223.39:80 zvu.com tcp
US 8.8.8.8:53 log.iobit-team.ru udp
US 8.8.8.8:53 log.iobit-team.ru udp
RU 178.218.223.39:80 zvu.com tcp
US 8.8.8.8:53 dl.zvu.com udp
RU 178.218.223.39:80 dl.zvu.com tcp
RU 178.218.223.39:80 dl.zvu.com tcp
US 8.8.8.8:53 www.888.com udp
US 8.8.8.8:53 www.888.com udp
US 8.8.8.8:53 www.entercasino.com udp
US 8.8.8.8:53 www.entercasino.com udp
FR 18.155.129.95:80 www.888.com tcp
GB 217.72.240.204:80 www.entercasino.com tcp
GB 217.72.240.204:80 www.entercasino.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.888promos.com udp
US 8.8.8.8:53 satysservs.com udp
NL 217.147.127.160:80 www.888promos.com tcp
US 8.8.8.8:53 xmlinstcp.tlbvit.com udp
US 8.8.8.8:53 savegglss.com udp
US 8.8.8.8:53 en.sergiwa.com udp
US 173.214.252.173:80 savegglss.com tcp
US 64.91.249.20:80 en.sergiwa.com tcp
US 64.91.249.20:80 en.sergiwa.com tcp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 api.downloadmr.com udp
US 8.8.8.8:53 www.solimba.com udp
US 8.8.8.8:53 api.downloadmr.com udp
US 8.8.8.8:53 ww1.sergiwa.com udp
DE 64.190.63.136:80 ww1.sergiwa.com tcp
DE 64.190.63.136:80 ww1.sergiwa.com tcp
US 8.8.8.8:53 parking.parklogic.com udp
US 67.225.218.50:80 parking.parklogic.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
RU 178.218.223.39:80 dl.zvu.com tcp
RU 178.218.223.39:80 dl.zvu.com tcp
US 8.8.8.8:53 www.ddnswzplus.com udp
US 8.8.8.8:53 www.wizeniapp.com udp
US 8.8.8.8:53 www.daum.net udp
KR 121.53.105.193:80 www.daum.net tcp
US 8.8.8.8:53 service.srvmd2.com udp
US 8.8.8.8:53 www.haole3.com udp
US 8.8.8.8:53 service.srvmd4.com udp
US 8.8.8.8:53 ad.405.cn udp
US 8.8.8.8:53 how2ofwealth.com udp
US 8.8.8.8:53 torangcomz.com udp
DE 3.64.163.50:80 www.haole3.com tcp
US 8.8.8.8:53 config.poweredbysave.com udp
US 8.8.8.8:53 playmp3z.biz udp
US 8.8.8.8:53 www.amonetizeinstaller.com udp
US 8.8.8.8:53 pfexrzbgxhouepqfmgt.itplayshop.com udp
US 8.8.8.8:53 dw.supportbar.co.kr udp
US 8.8.8.8:53 u.skywo.com udp
US 8.8.8.8:53 gg.skywo.com udp
CN 60.174.238.200:80 gg.skywo.com tcp
CN 60.174.238.200:80 gg.skywo.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
RU 178.218.223.39:80 dl.zvu.com tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.sidemax.net udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 m.networkadex.com udp
US 147.135.45.118:80 m.networkadex.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.k887.com udp
RU 178.218.223.39:80 dl.zvu.com tcp
US 8.8.8.8:53 update.torangcomz.com udp
US 8.8.8.8:53 ww.cndydy.com udp
RU 178.218.223.39:80 dl.zvu.com tcp
RU 178.218.223.39:80 dl.zvu.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 147.135.45.118:80 m.networkadex.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Blaster.bat

MD5 6a83b03054f53cb002fdca262b76b102
SHA1 1bbafe19ae5bcdd4f3710f13d06332128a5d54f7
SHA256 7952248cb4ec97bc0d2ab3b51c126c7b0704a7f9d42bddf6adcb04b5657c7a4e
SHA512 fa8d907bb187f32de1cfbe1b092982072632456fd429e4dd92f62e482f2ad23e602cf845a2fd655d0e4b8314c1d7a086dc9545d4d82996afbccb364ddc1e9eae

\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe

MD5 eb790be93afb8481cfc43515b00976ab
SHA1 3e2a4c1393f7c09e5c1ae989aea0eb1d3b8c1e6d
SHA256 f6dec10d8bc56fc09673e544007654553c99848c8a211c64dbee0758ec9ddbd2
SHA512 6604a81c584bba8fcd4b96b895f29d43b311c99bcfb5065300d1f3f423b1857ce9faacea6d54e0e7b624c3c5aed1b4037ddae130e8b3499e9aca5ae4b8dcd99a

memory/864-332-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1928-331-0x00000000000C0000-0x00000000000CD000-memory.dmp

memory/1928-330-0x00000000000C0000-0x00000000000CD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (1).exe

MD5 8a84d8b3c4044c3f4eca7127d1cad349
SHA1 e3c9335b805c858bae6d64d176fcc259fa4f12ee
SHA256 7f27eac0d3e5ce33ba5dea3a0dcd07e33e7ba9b9f5783abe99d20eba9f783bd3
SHA512 fc019f613c9167ca3832e5ab4a798f8d441930f1bba246d5901a12ad36e410bab2be1b467b82aaacb57250b0eb887dc6d26265f6f4b783c937f951a3548f8879

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (10).exe

MD5 59b6701af709b715c6dd3d5ae6f17788
SHA1 518a86ed19ac6c958a85f59afee3c5e33eedf130
SHA256 fe870fd003d28f78ebc40dc9dc7e1161fa06082b6e00d701e2a9b79a6534cc38
SHA512 ba2b36bb297d29c77d83f3d0515b458bfd93fcb12863e92664d0b6fa8abde1fb3bf0e5e944a516e7a7e63c0f04f63589bd3128bb77d85e8fbfadfd1acab08434

memory/1928-376-0x0000000002AB0000-0x0000000002B11000-memory.dmp

memory/1928-377-0x0000000002AB0000-0x0000000002B11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (100).exe

MD5 2ce16551fc977cffdfbcab7da39fcc39
SHA1 3e7b772b836b5fc1d643341e29a63c76c3332c46
SHA256 dd59293aca4a98d401b50bf9f6412f4f7e655017d38852098ca099ae8ebc6250
SHA512 99c9cae48ae410d06bdea12717586349df5d33f74ac5158f45cfc20da76434e708f2055f71b03d2f6a3af79b029a8e18139a187fef3f5275c7c7ec22dd24c2a7

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (101).exe

MD5 a81757d5762a81325e322103b48fbd86
SHA1 5380155e987eca6e19cee1cebb57c7fc4951c1e1
SHA256 48dd21d65ad3f1468e7631fcd16e56e5b30165e2b5b89e27746d7630f6000576
SHA512 7f99f55dbd1a56251367f5268daf46f45f34814f8e4b66e8237041144b1fa507b48eb03714933b8ae60a63d8bfb6228521e9e39f449a7476decca9681ebe9728

\Users\Admin\AppData\Local\Temp\RarSFX0\fun (103).exe

MD5 ac666aaaf78dadd6dd2d7680de65e388
SHA1 981355f87c8f7b70dd0c287470967d5cf4a53475
SHA256 bab2d07fd943a1875b6df3c7dca13b4ddf45dbc2c65bd1323746e50d1d67a724
SHA512 798a710141514f534083b43e5cd64c091eb312267dcd3b9bbbac4ece2a6bd03d326be7325f6ded9bf0fa6515adf57cd4c2f2a3820e5485e25125a66db048ac09

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (102).exe

MD5 a63e1124a1c422e5860d7a65c9488b44
SHA1 a3b33bc534a760322460ec1430ba1ed609dfdb52
SHA256 1390c06f9e8c454aefc7a209e0c5d62e714de34cf69b386bcf514b37fbf519bb
SHA512 2e11df2bf5b78c0d9cbec3d3ef5abaec2609d935bb3dac3eb85bc1d0aa1876557a62adcebb1bde15ba72b411dfb777a5444ddbea20234d904b89b84ebc878dbc

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (104).exe

MD5 03e89666101e0d093b6140e35a1fcb1d
SHA1 b15263e5b8bbabc712ab38e50f0f270b63de2f78
SHA256 77446f95051319662e788057c6a9b1d6e82177734c4661fef3ba6eec55a0a47e
SHA512 ff0fd2e23cf566960e6f2a0c7db5fe92919225f56523a8c53d55495f44aa1822fbdacfe0908e55ba2d634f5927a03d37f71422a4970ea900b6f7fa9c45e7d7d8

memory/2828-403-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (105).exe

MD5 0ec9fe4d7a6c6be6c3f5d4407cad9884
SHA1 c715cba42721a1fdb715fd802c74e6f9d3f8c87e
SHA256 dcdab4ca18760faa7d4fc04fb8add45087859644a34b91b1518a9ec2c8d4f32b
SHA512 87f57f9b1108a3c01337aedf6e9f88a1dadd4efdcaf8b5e3fd3acb43107c37ab0c099003f4792dd253903f47186a3a03dbcc8ce643437dd998e95f09c9db1812

memory/1928-401-0x0000000002AB0000-0x0000000002AE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (107).exe

MD5 0794bee2d48d8aa856323d5d98c34b12
SHA1 51f035f9b2e4674816564416434bfcb355be0222
SHA256 d1c59be472c7f1ad7ca81f67959d6a7f5971a7fd22e6fdc51eb812bf4aec7042
SHA512 eb0dfea22ba6c6a61260d4efd78115f0a6f3ea976411dd5db91ab583e38a788b52fc16dd441dbd4030225a6b13135f8fc600569210a7b1bf39e22f0b3cf3ef54

\Users\Admin\AppData\Local\Temp\RarSFX0\fun (109).exe

MD5 02e6ed3f8db2b0ebf0cb80528974b685
SHA1 2de7fb70bcd3ef4f6b26472c4c0fb9fc4a164703
SHA256 4b5cfb4f1b1391620a506ae23c6726e2f1131a8360a5a3fb6f4291b857e17d7c
SHA512 77eef1ccb9e52f1a0333f4af8f30b7affd650c6c8559d70377540834148a651a3a369c606ca848b9218795b3b1aa71472e66455e22b67592be34bbda3cfa4967

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (11).exe

MD5 cf0bbc3f3161920736f549b8b08a1217
SHA1 0d0f893be7aa5bdf95eda21bc3b4cf9160b1fe0f
SHA256 6ec8b47a9499381beb5cbf1dd103257d948cbd377b51dfc8feddf2b649fb3c03
SHA512 00a70ba83e06d583a8da9acefd7d610627f213595fcac113890680ae8a747cfbefcb9d65ee4bf7de90584219c89a6e3fd14d7d790d5531b339cb4b0d7c1e4f52

C:\Users\Admin\AppData\Roaming\Zvu\init.xml

MD5 02c391bd3a616bbaad57ce1ff97ccf09
SHA1 e1b25739327553411d8f4d77b90dad9236cd8b78
SHA256 35d4d966523bb12aa68378dda2931cad1912f541acc44ed020b7cc605264551a
SHA512 88ffc28fdb7ffec5e50bdf680fa7e2850c20d7603ab81ddaa2010a250636fb4de70ccf1b87f4afeff1a17f47b9998f5a2ecac0ff0c6cdf75c6ca609e286e6e3e

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (108).exe

MD5 1196fb2d8572245fbdfec4ddfbc1f715
SHA1 18851aa1baddc1767dd6ef96f0a6498e15ee20ad
SHA256 32e13ba82b7a2af020dc3c976bc034459997eb90b36822336eb7b796bfaca0a4
SHA512 1db722c2784711f862513112de27f5747bd4166fbc69f29c9c5b69c809a8266676f8f8e7caaa3eeb10916a800c4d3cbfaedd2efec24092619602507bac0ede8d

memory/2828-467-0x00000000025D0000-0x0000000002606000-memory.dmp

memory/2828-468-0x00000000025D0000-0x0000000002606000-memory.dmp

\Users\Admin\AppData\Local\Temp\RarSFX0\fun (106).exe

MD5 33aa65e837b3ee6edb71c7544d7b3b06
SHA1 03a0df0c2587b92afb12213b8103868ca6b61b78
SHA256 991bba588b19b36c03473c035ff1618395d75954c123e6fad9d7c3253381b2b8
SHA512 a34d40804ceb9a6b4c214d42f4eec9f9cc14e42de338760b403b1ab5bc3959f5d5676630f8269cca047efa5239242d4a7893449b7e88792509b82896625a0253

memory/864-476-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1928-475-0x00000000000C0000-0x00000000000CD000-memory.dmp

memory/1928-474-0x00000000000C0000-0x00000000000CD000-memory.dmp

memory/2556-394-0x0000000000400000-0x0000000000419000-memory.dmp

memory/1928-386-0x0000000002AB0000-0x0000000002AC9000-memory.dmp

memory/2964-383-0x0000000000400000-0x0000000000461000-memory.dmp

C:\Program Files (x86)\The Ultimate Guide To Joomla Step By Step Joomla Videos\The Ultimate Guide To Joomla Step By Step Joomla Videos.LNK

MD5 3aa139251546ecbf99eb408df6e35969
SHA1 81c0b4bd2eda79a485bc8c07852bbdee7c2e9a88
SHA256 ed19b42703839d345b6457ea7a0cf62e900a1e3e7117a2276dab079a3802d92a
SHA512 77af90005bccb97adb93b5432c4e55fe0b24ac390012a9fe5fd53c0eb54fa362221fd1bbc11337469446c884d696d99239be2be3e862c77213d214fa3dfc6f8f

C:\Users\Admin\AppData\Local\Temp\Cab336F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB5E2F83CE9B8330B0590B7CD2E5FF2E

MD5 d474de575c39b2d39c8583c5c065498a
SHA1 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25
SHA256 7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf
SHA512 7b9cf079b9769dfa9eb2e28cf5a4da9922b0f80e415097d326bf20547505a6ab1b7ac6a83846d0b8253e9168b1f915b8974aec844a9b31c3adcab3aec89fcd07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB5E2F83CE9B8330B0590B7CD2E5FF2E

MD5 035f899d156ff243e12e578130092ae7
SHA1 af2f01a5ea8fbc01f0bb519433ebd14309cea369
SHA256 0ba84b400eb2f368094013e205a27ffa6a738b7ae7570d9033ff3c513331bb69
SHA512 6ae85cc820fa014ac46ab0848e2fc341512a9830aa91b7a2ac9916a31e7f2eaa746c413e44f4f71b75fe51506bfa23b3d878b4cc4f3feb39fd5100dd2e931ba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd5f3551638ae3b350315c33d4c26ab9
SHA1 a7f40eb113f112af38692eb2a695ed846037c3d5
SHA256 34763076eee1da4747d47376d78dd2acafa889a865a4ab01cb365b071b441d57
SHA512 05e2b63bd8563f1716f7ede4ec78dde2d17b432550d5f8c3a822437e76c6a900595cbab11aeb20eeb43bbe009f2b38700891e9a73f66737f55764d72d50b2b01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

MD5 b007c38f8d095ed072a2004ff2ba7988
SHA1 e63a2ccdf7d098b73bb7c0468441071bf2e8a8c6
SHA256 60e1aeef52ab6100c0e461837da2ce477eb7078ac2d35e9d0aaf486c2394fdf1
SHA512 b7fe1fa5355999587304dcf21e1cac951529adffbc2e413cf33834cfca6f5643e45bfaf405efd5de04fd964cccfbbac21fac997eb55b1774d8e268980baad370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

MD5 a12e4fd943197571711db976fbaa9ea6
SHA1 b26739d3fbb98e0cd51f5e82a32d5b8b258a4db6
SHA256 c3428ae82603e50096f21e308a3727dac9f856542992066fdd26a6f5a5678a8b
SHA512 3e9d914273ed8c9a8118861929999d4455a5241c1f90c37766f3dcec79a8f222cfb731aff4771213fc6d539dc03950a919d88e74f8bc0d0e161cdbbbd88c4860

C:\Users\Admin\AppData\Local\Temp\Tar3539.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Windows\SysWOW64\dwdsregt.exe

MD5 2fb98efb9f79347103103650b04410fc
SHA1 a1a82e0c49004101432a6948020e04d9ca0af7ad
SHA256 33410fb5ae9ac228c8fc92cb14e7f18a458d1aac11427dd2cd4cdd703cd41356
SHA512 240c674b28b0992e8412c2be850c93fa2df333a301e10110f8ec600ced1d64d4cc4e28bc62bbf7276f568d96799ca58f90104d3e73737cd3ee92ef95583de14a

memory/2220-632-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Windows\SysWOW64\msnav32.ax

MD5 9b4ed1413c3358398385bc8a0611153a
SHA1 bdc488e82a8f134ed63daaf84e4b45960b8e4e18
SHA256 0dddb9a4486f874ff77933b0f6c375240806eb2dbefdce1fcbabddf90f7a47e3
SHA512 0307db06f0c30e6f164e5992c9bf8f22e682d1d71a3ddd345b06180493ab7010d60ced9801c3cee786eff5d1fe855fca3260bd877906c5802fe1483fdcd9bbdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b629407c76165a26c3a37f92e593356
SHA1 eb57f3d50b49f88fdce9d42c25639496c7fcd7e6
SHA256 b35dca0e7579138ab13827af46985f9c804e38eb1265672ab1d2e535d40e0797
SHA512 3743f6fb879551f92b1c06a35109d216100ef573ae9251c8b63eb4207ca2c15c0f803585c2caadd0fc5ea76a8ff558c2e73a85f578bad8bb8a21f7ce5b95a032

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk

MD5 c8a53bb99a7ec5249238d00484b00d72
SHA1 36c4f9f240f0aae06431358de38ed16ceb3a14a5
SHA256 aec3d4eec1936a3cd3ea9227efbf1d36b0151a66c5c01154df5853d627bfe128
SHA512 79e08ec170f215d834cfa1bee9d64340102f3c0e06fce6c4e8ae09b515850ae6bbb3db80a3d080229b84a1006041b3ea3599308280a93e5071a9229b7f40be27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca7addac6103a80052065b8e0baf0f29
SHA1 fc5a2ad1cca2b6f90e0ca7122d835fd4fe87eaf1
SHA256 6aa65219595c3d8eb78bd88d40760a7d6525ec0243eb1ee3393d3574462ff3ff
SHA512 94ffbc47cf458500bdef141d8049d880cf2b6e87d61d0304facd9307fff1ce98f5d24d995b91c4ffa4c3a2f70733d2485052e3bca18a179023455dc789b441e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b06b5fa9add61307679f123a853a809
SHA1 af721a88a3f8ec303fd03261ca59eb4553801f53
SHA256 64028a98f6568a85acc18c10c4f0840a3635de4fc91a6d25aa1629ebd7d08d8c
SHA512 9122125448f624bdb61b08f137726488ab27013d9f246b47b6681a5caf000f663e21edf45d2ffc5d89f8c5315819b0ced71031cc97359123eface4183f1f604b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb710886e462f62c554fc64567182750
SHA1 50225a13b57d44b732cd4b629b0c93d59f0ad951
SHA256 4b367ca1af3a1d985e9c0954725fc3a82bc36c016c07e91358d07e771866e06c
SHA512 12fc67b3cd9d2617db0c096a7784f9e4ebf770de89eb25f5ecf740c3c04c18417d957cc77af6cc6ac93dab47a71924f3d11e506f1db0a6a53ad6bf3e82e1cecc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 432e592cf8500d633fa9bbc65bd5c419
SHA1 97182de8fae29fc4cba5dc394d18e1e859cf2353
SHA256 32c4fbc18c6298b67dc08b2fe99fac3b1da3e3370aadfb5d2022909249c3fc6d
SHA512 df95cd50a23acf00face0d44237bd782dc3bfc744162946d08fa3f00bfab4760fdf47714986b317af0a03155bc50154a33eae4d44181a0ab69c88db76fc8d808

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 442fe60ca2aa33f8161b61e6c34d5cb5
SHA1 29a216742244381e1df7b277c162beba862ae8af
SHA256 2c18e2294dfb390c4025e656b119640d6a342066388d6cba44c5959b60bf3992
SHA512 e00a30cbad0c3945ed08dde7dbe254a7c5b3651ff89a72eb546e3b4d8f4a6acc1afd97ddb310a906540e45203950653ad2a16ebecb3ad8deb3bad593052c81b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f557be80a009bcbbeec98bcca135c6e
SHA1 f8beb56395079a73ae3ce7fa2128b0055e5a5480
SHA256 9a418179b316254b5dacdb9e4efd9a724dac4afc232525f12951a5575b6e1566
SHA512 7ae82d39fc4fad514c31d49f2191840fd81b7f13c30a539f257f561a1c17316eca13899b5e78edefbe6b45f49677a1fc7572a8f6459c18ac6a7df2cc578f5011

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e0c572199a5a169e0dfbc33e8e44eee
SHA1 27e030b833d6431b356f55701347a34252ce23d9
SHA256 29ca636b2e2c914233d9e46300987240d0b953418ae0452bbf14ddee3f592662
SHA512 24d0bf85bda831de52ab94ecab9759adcd0da0bb6f24ebebaa57b5b94f496b9d663e7629707a2c4e064c7667d7c8a974da42d51fa00d41a405c44cc65851e28b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11060b8d5c06d0207c48d8381c901aba
SHA1 1b45e4259f97594633164cb09ad06cf5cdccc8c9
SHA256 74269c278eb074a74f057def1c139e94ec5f638cba8e267e13511570352c5a02
SHA512 d5835cb119ef11de93a520847d7bbc9bbe08581d2df2c05a759e90ad142955be0f8fcc602cc4ee12d1be3236279924de5197e9ad7637d413f5e72ca52d9e95c4

memory/2964-1093-0x0000000000400000-0x0000000000461000-memory.dmp

memory/2556-1094-0x0000000000400000-0x0000000000419000-memory.dmp

memory/2828-1095-0x0000000000400000-0x0000000000436000-memory.dmp

memory/1864-1096-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2556-1097-0x0000000000400000-0x0000000000419000-memory.dmp

memory/1928-1104-0x0000000002AB0000-0x0000000002AC9000-memory.dmp

memory/1928-1113-0x0000000002AB0000-0x0000000002AE6000-memory.dmp

memory/2828-1123-0x00000000025D0000-0x0000000002606000-memory.dmp

memory/2828-1149-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2492-1175-0x00000000003E0000-0x00000000004E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

MD5 7cc400af60e6be05dc25a6257ee44d50
SHA1 32e9ba2f2639ebde1f1d0897bae7240d524ae066
SHA256 5a3c0250c513d29f7fbfb3cb4369da274b95a8df8bec10dd1f45ad52bd0fb220
SHA512 be90ea85d596f97c90bafec1915be7c6719188f69c15fa4450a9ed2704f7f3efc7273efa9d2b91a5cd5fe207fcf5501cd0d31f9348fd6ed5a25a08c2d273a349

C:\Users\Admin\AppData\Local\Temp\nstC3ED.tmp\downloadmr.exe

MD5 7901bead3f7a8a199eb7f3c0037c027e
SHA1 aac8278236ee105267e68a823d206c908760cd92
SHA256 16ab9cc63212022fa73ba56f1b16d3d9eed436caa7ee816eab88dbd0289ca7f0
SHA512 5665a49cfbf68cfa14bbc143a646e7d1fe5aec91abe2f2143de993b03381018e90b3684d7d5d0076f3c4b44ce017a584fc400e4a65cb07b6f06205c33355a1e7

memory/2492-1174-0x00000000003E0000-0x00000000004E0000-memory.dmp

memory/2492-1173-0x00000000003E0000-0x00000000004E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsoC3CE.tmp\nsProcess.dll

MD5 faa7f034b38e729a983965c04cc70fc1
SHA1 df8bda55b498976ea47d25d8a77539b049dab55e
SHA256 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
SHA512 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

memory/2340-1274-0x0000000000400000-0x0000000000413000-memory.dmp

memory/1928-1273-0x0000000002BF0000-0x0000000002C03000-memory.dmp

memory/1928-1272-0x0000000002BF0000-0x0000000002C03000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsoC3CE.tmp\blowfish.dll

MD5 5afd4a9b7e69e7c6e312b2ce4040394a
SHA1 fbd07adb3f02f866dc3a327a86b0f319d4a94502
SHA256 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae
SHA512 f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

C:\Users\Admin\AppData\Local\Temp\nsoC4B7.tmp\System.dll

MD5 bf01b2d04e8fad306ba2f364cfc4edfa
SHA1 58f42b45ca9fc1818c4498ecd8bac088d20f2b18
SHA256 d3f9c99e0c1c9acd81a1b33bc3dbd305140def90d10485c253cf1d455f0dc903
SHA512 30ca1663d659c5efac7fed3d1aaba81c47d5d5fda77f30f021124c882b858732e17f917bfd0aa3ee7b269fad86e75b1b9388d8f916e7a4e2c9961669f2c772e7

C:\Users\Admin\AppData\Local\Temp\nsyC4F6.tmp\Install.dll

MD5 f04972f869093e766a0313601b3239cf
SHA1 333e2e8385b3b3f898dbe6f327a2dc55694176aa
SHA256 4a8547edbbeb197baf780e668616f47ce48c72b99af2c24d49db600ca410583c
SHA512 7b2a531a042e30ff59355712fd96c280dc27375bf039ab90ea85710c2bb823d414e4e3a01b7c7eb4c010210262692e338aacd66212274212efe921773ddb2318

C:\Users\Admin\AppData\Local\Temp\nsyC4F7.tmp\downloadmr.exe

MD5 c20412a0c9d47656f9f97aa5cb7812cb
SHA1 8b55384408e93184b098559084a7746e1ab77036
SHA256 ef757b82a1db0330051d6e16468ad1e906bff88e29d919f3939742a98da87c8d
SHA512 6630ecb5bec345ac08c989d5bfaa2d718ebf89adddae34dcd4e0353668f8aff0f3d068b7bad5117a631420c8a32ebccfe9f228dd8e4b2561cbe9e947e23fbef0

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe

MD5 0585b1e09e1f69c50ac22f69c99273af
SHA1 d2b20c442a4c4a2797e9d0b5563487fb5d89eb48
SHA256 b9c545e59008ed546a2b17a9090d293cc7b4c872707e44c382ecb77df1263b1e
SHA512 91f39eb5ca525a0f2527837821981a9cacdaa5f803bd6f0e7a63995bd72e246fc3b8a7cec197eb21a140bc9dd8f937b86e5c469970712df62f8b8d6c97a3a277

C:\Users\Admin\AppData\Local\Temp\nsdC563.tmp\downloadmr.exe

MD5 0fd326c9da52b48bf2d93fe975af528e
SHA1 e9b60fb463447d8a92f3884b28c542a21b8e9371
SHA256 2d26d07df002716d99c8c8d851a28510967cc9f181ace4dd7a806e9cf97304e9
SHA512 452c78cb030b08083695281e35ffe437101370426fa9ab9699a5f91e474ce016c610075e96d05d1ddaf9e76820fde70b7bf719a6fde0ee5ecad21209d70e1f1b

C:\Users\Admin\AppData\Local\Temp\nsjC535.tmp\INetC.dll

MD5 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1 d850013d582a62e502942f0dd282cc0c29c4310e
SHA256 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

C:\Users\Admin\AppData\Local\Temp\nsdC5B0.tmp\System.dll

MD5 810f3a0aefe36a9f63e29e604bea91a9
SHA1 2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80
SHA256 f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779
SHA512 836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

C:\Users\Admin\AppData\Local\Temp\nsdC340.tmp\inetc.dll

MD5 e541458cfe66ef95ffbea40eaaa07289
SHA1 caec1233f841ee72004231a3027b13cdeb13274c
SHA256 3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
SHA512 0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

C:\Users\Admin\AppData\Local\Temp\nsdC340.tmp\nsDialogs.dll

MD5 c10e04dd4ad4277d5adc951bb331c777
SHA1 b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
SHA256 e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
SHA512 853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\sedo_logo[1].png

MD5 def00c11b1596db4efee6a9fbe64fc27
SHA1 bd298981e6d8d7e4ffa18abcf687041f4246672d
SHA256 95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4
SHA512 c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk

MD5 b37e102e01295b1706c5ab7b81fb77ac
SHA1 3f8e3e44fc39c7c36a1c89f0f6dae4d281dad3ae
SHA256 b7944abda771472e8e9d7ffcdde3142db187d7a68f10ccc7658d0b6c06c09b6d
SHA512 14691a1a6240b9f45029116a9664dfa85fb6a4ff9aab2e8e2030a927df8178b38cf03df73fb904d5214e13aab199483ba027e542ee075be90745c39a1dd99257

memory/2420-1677-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2340-1678-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

MD5 e4d17b8df2bb9ba8b8d46537d60a1e4e
SHA1 8a8585bf44fae0a02fab8479dbb4a27f8cd1548d
SHA256 7f99587a3a42df424f941f3fce9767517bb4b2912620a811fb0890d83d208bc4
SHA512 ba436572a192732a69ea839aff4d6bc823ffddc5c2d7c8aac7728dd75535af419de4d9e010a538bda4965bee2b722e2c597be32f73fb96746e748dc7afa93001

memory/1928-1735-0x0000000002BF0000-0x0000000002C37000-memory.dmp

memory/1928-1734-0x0000000002BF0000-0x0000000002C03000-memory.dmp

memory/1184-1740-0x0000000000400000-0x0000000000447000-memory.dmp

memory/1928-1746-0x0000000002BF0000-0x0000000002C07000-memory.dmp

memory/760-1788-0x0000000000390000-0x00000000003EC000-memory.dmp

memory/2500-1787-0x0000000000400000-0x00000000004C4000-memory.dmp

memory/1928-1745-0x00000000052C0000-0x0000000005502000-memory.dmp

memory/2152-1744-0x0000000000400000-0x000000000043E000-memory.dmp

memory/1928-1743-0x0000000002BF0000-0x0000000002C2E000-memory.dmp

memory/2304-1742-0x0000000000400000-0x0000000000452000-memory.dmp

memory/1928-1741-0x0000000002BF0000-0x0000000002C42000-memory.dmp

memory/1944-1739-0x0000000000400000-0x0000000000419000-memory.dmp

memory/2828-1732-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Bu_.exe

MD5 1377f82f44ba8ace2e6509e38b18d4ba
SHA1 ac0dfbca2a6cfc35989d44693a1ea6f49a08b9d8
SHA256 52ebb9a200c8eb95e96e98c364e58561379f17dd376f7027c5ec3a6b1ecf9f1e
SHA512 2963aaddeaf55ed2f2d4f349e84e3abab183fa94ceb6e326cc7063f25c23babd90df0ae0219fe0dfa74b8775bb4eb78d76aa43fefc2142b6d4e0937ab89c2039

memory/1752-1772-0x0000000000400000-0x0000000000642000-memory.dmp

memory/1548-1781-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy231C.tmp\ioSpecial.ini

MD5 16fed3c29a9b6ee77f3b84861f7e8c68
SHA1 b07367e626c3a14bbea42d2321457431d3affad7
SHA256 97f0cd3481e10ca5aafcffda3eb5084d839c9f21accaaa31ffd7757bc9eeae1e
SHA512 7922007e8bbc7648d81dbc68cf9b8ff5879f727943c708280bcbfe33df04f9ebffb9370c974970a03ecfcd39d1be0e0580c04dc231ce97c54073dd2f06f95411

C:\Users\Admin\AppData\Local\Temp\nsy231C.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

memory/1184-1780-0x0000000000300000-0x0000000000347000-memory.dmp

memory/1928-1779-0x0000000002BF0000-0x0000000002C4C000-memory.dmp

memory/1928-1778-0x0000000002BF0000-0x0000000002C1F000-memory.dmp

memory/1928-1777-0x0000000003450000-0x0000000003514000-memory.dmp

memory/1928-1776-0x0000000002BF0000-0x0000000002C55000-memory.dmp

memory/1928-1775-0x0000000002BF0000-0x0000000002C55000-memory.dmp

memory/1928-1774-0x0000000002BF0000-0x0000000002C07000-memory.dmp

memory/1184-1773-0x0000000000300000-0x0000000000347000-memory.dmp

memory/1272-1799-0x0000000000400000-0x000000000042E8B0-memory.dmp

memory/1124-1794-0x0000000000400000-0x0000000000465000-memory.dmp

memory/2304-1920-0x0000000000400000-0x0000000000452000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\setting.ini

MD5 a7725df600369b0721697269ad827b17
SHA1 4d1debe8d6af5fd2a72bacf92e1dfeaad0211741
SHA256 b61c9ee8e2a8a78015d3020fd5da7d09a5979e78ed7304047a4ce0223b1e7978
SHA512 519584d9b156f16642ea7cf6f5aa20f714933d86a3e0f164e65787242f9a8602d85e6b4dc4e05f6c0665dd77ef0e9bc040c725937cf423c5595fdaf192557ff4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z_Start.lnk

MD5 8f2ec3da838ecdf72282d1899853a3ac
SHA1 3e454b912c5a3b9ae0a4d33b0c95471389e04ef9
SHA256 bc79d86d8e0a80f6494718b915f9d6abf4de5d5c1b6facefe3d13742eba0c974
SHA512 44c4a4d3bf21179bf176bc8634f63cd3eaec27949a8918ebb17adb1a1848020d1ecd2972c84b10d70f71757e9b3ac7ef0c19f5d3160681955d9d0aa04662c2c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4348edec89f7cdaef4f5d1d49fa367dc
SHA1 de389987b89df4058bb0f92a93295fbe5c00acec
SHA256 28efc15a278feece63f8bbc7fae38e3dfcf79e3f379965e14d1d10541278c8b3
SHA512 e6afc2ad71ed15ebe9c504d30c658ddfb5506f4fd96bf7705e4527734e933adab42c254175825d6428c8f8e840d8e500782c2db41c126d6d449303624b3ea9b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e8274fa41c5ca6fc70493f09b641569
SHA1 c5283153c28f59c343698097530b41faceaf882d
SHA256 4504277ecf491243688adbdcaead56be5cd50354b43c3e2493003b477016e126
SHA512 4fc7afd67e4c9fa6526c58911f13a465af8ded794b547174d3f63095baffd64ef112269828b2086364e168768c8cebb0a61b3d52942e0a7c8a846e6f49a9d4b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6d3369b5068977e9c8ff3efb78528f6
SHA1 b2363758ff910d329653da0a153fe6019d1f103d
SHA256 de2a96429b033ece919640d0e542582e21754c13a86a30274e6332028896ced1
SHA512 c1dcd7abc0fefa523a843957232b31cda774caf9afef8c0c698bc4556c0ebbec646686342da62c986ce5d407a8b5c2ab5e2b0e8b2133a2046ae329271faccebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59387fd1e56738fb4b0160f8ae0f953c
SHA1 9aca8784e090b4a10ded1c049be3e9d24b00fb75
SHA256 f03f07a71969cbc99e43e038b3d7aa6cfb45033c72b46112a4488ffa26066eaa
SHA512 356010969f96c31cfd8a27f04a2d61800b9b04dde1ac86b2ecea13bb2b25a256974c478e406f1b6a665328625e2b3023d3cffbe390360ee40da2553900211905

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d733c13ef3747cdd2bbaadc0bc8125b8
SHA1 5704a8ad1274a9f55fadd37020bf815eb28900fc
SHA256 f61dcecdbde5817e6cc31eaea2944b37ec5828632451c9c3dd7145d5ff57ca59
SHA512 8ceee8535c5a820e96ff88dfc7e8c789af0788fb3e2845b77c6e8953ce4571fc721b51efa4d4645a2a833d6bb540ae8fdde7e76636b7b893318841b791bb5fc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 775d7aaf9eb2cbc14cff867d60fd4e8e
SHA1 9ff4b40604d5ff8b4dae4350112353d93dade5d1
SHA256 b67cdb6c02b4e30f6770cb9b69a0fe3fc8a938b123a8246700cdc64358b848f0
SHA512 771b0114ac9785a4bc9e8ec35a769e595249950efa473804d3f01d20d21785a88b996d7255046f8ae6c9873b1f2dcb5d6c1498be4a8380c359f96b4f0576ffee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 68e5dfdca08f2ce9d9f35cce1413e1c0
SHA1 0d8b76da088121ca2dc56b371d7f6f7160c2bc33
SHA256 35c93f7853bc5866a3f5641375787cf9089731976db6da51d77681b93d97d3b4
SHA512 25d40715bbd1e61af171f143a7956d9f35c32133f64bebaa8a4a1755810368a03995ecef03f3297658304becb83168113c3d35a18499297983406568b7d1da69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

memory/1184-2374-0x0000000000400000-0x0000000000447000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b71ac24364c548334d89f7823afb07a0
SHA1 1ade5ffb5f5231c70ff6ebde50ec0ffdfa7e515c
SHA256 0178a298d9e38261ea0a0cbf6925b3e6d3587a62f6c61287770cbc8b6b7fc8fc
SHA512 b931f74d5315baa760b753cc16db070e5507e2e1f5878ebffc069ca6ed02d2f414511eb6152aadb7449e04ba5d1a90f40ee89b0dd3f8b7176fc5b58135c9f962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9628e07c35e562dd374e1772125056ef
SHA1 c7857fb305fb07633c557a61b0d2342aeab91127
SHA256 894cb7e456ec3c90d9727b8b87166fe389782e8c42c1aecaf03919df18ff516a
SHA512 a885325536896540824d69fc1465efb7ea7eb20344a5e64ac4ee1c2ffb3c698b8dd7aa881d98ee46f48fb3f5c71bdc4bbe521fc981ea5fe6e5b9b935e14d6ecf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0cbe95bffa4cf250956402d76641637
SHA1 889af4795d13a66838de4e816649d950aaadec03
SHA256 467562c8f308c9e92264f01f778b4ff35c9fa647ccae9b240eabca47f10539dc
SHA512 eff1f4d24da23dc139d9b6fc64a4c13897f844b803265f8e6d14ddee3a7afdaeb62836ffe8b1c4e521712000df4e2e1f166a17fc79247b61af5d506f0912e359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab418b994809858eeff7f6b01c5cf130
SHA1 d1c4873d543e07f6885aa80d6a3f28603dc2434c
SHA256 75ee2669514f866b1a17e01e4abe6379acf88e7d4cd4918793d633980332f19b
SHA512 b6b4ec463949c5f23f46d6f8a76b2294066b77f8a6747f3ba5b19f89ea2352dfa6be77967c820d3d7276c10dd0ecc57d4d257a567ad9a30eeeca480145f0f523

memory/1752-2596-0x0000000000400000-0x0000000000642000-memory.dmp

memory/1928-2595-0x0000000002BF0000-0x0000000002C37000-memory.dmp

memory/1184-2611-0x0000000000300000-0x0000000000347000-memory.dmp

memory/1928-2612-0x0000000002BF0000-0x0000000002C07000-memory.dmp

memory/1928-2613-0x0000000002BF0000-0x0000000002C4C000-memory.dmp

memory/1272-2617-0x0000000000400000-0x000000000042E8B0-memory.dmp

memory/1548-2622-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2828-2630-0x0000000000400000-0x0000000000436000-memory.dmp

memory/760-2635-0x0000000000390000-0x00000000003EC000-memory.dmp

memory/2500-2634-0x0000000000400000-0x00000000004C4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 00:46

Reported

2024-06-03 00:48

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows installer = "C:\\winstall.exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 456 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 456 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 456 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe C:\Windows\SysWOW64\cmd.exe
PID 4476 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe
PID 4476 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe
PID 4476 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe

Processes

C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe

"C:\Users\Admin\AppData\Local\Temp\goggle.com trojan.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\Blaster.bat" "

C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe

"anr0129.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
CA 69.50.175.180:80 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Blaster.bat

MD5 6a83b03054f53cb002fdca262b76b102
SHA1 1bbafe19ae5bcdd4f3710f13d06332128a5d54f7
SHA256 7952248cb4ec97bc0d2ab3b51c126c7b0704a7f9d42bddf6adcb04b5657c7a4e
SHA512 fa8d907bb187f32de1cfbe1b092982072632456fd429e4dd92f62e482f2ad23e602cf845a2fd655d0e4b8314c1d7a086dc9545d4d82996afbccb364ddc1e9eae

memory/2824-317-0x0000000000400000-0x000000000040D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\anr0129.exe

MD5 eb790be93afb8481cfc43515b00976ab
SHA1 3e2a4c1393f7c09e5c1ae989aea0eb1d3b8c1e6d
SHA256 f6dec10d8bc56fc09673e544007654553c99848c8a211c64dbee0758ec9ddbd2
SHA512 6604a81c584bba8fcd4b96b895f29d43b311c99bcfb5065300d1f3f423b1857ce9faacea6d54e0e7b624c3c5aed1b4037ddae130e8b3499e9aca5ae4b8dcd99a

C:\Users\Admin\AppData\Local\Temp\RarSFX0\fun (1).exe

MD5 8a84d8b3c4044c3f4eca7127d1cad349
SHA1 e3c9335b805c858bae6d64d176fcc259fa4f12ee
SHA256 7f27eac0d3e5ce33ba5dea3a0dcd07e33e7ba9b9f5783abe99d20eba9f783bd3
SHA512 fc019f613c9167ca3832e5ab4a798f8d441930f1bba246d5901a12ad36e410bab2be1b467b82aaacb57250b0eb887dc6d26265f6f4b783c937f951a3548f8879

memory/2824-321-0x0000000000400000-0x000000000040D000-memory.dmp