PDF

Print

ThreatScope Analysis Report

For file 4bb213.exe uploaded 2014-02-07 at 01:10:38 PM

Threat level: Malicious

Recommendation: Do not allow this file to be run in your network. Perform remediation on machines on which the file may have run.

Threat Assessment

Traffic to server hosting malicious content

Possibly injects code into remote process(es)

Writes to the filesystem in a Windows system directory

Screenshots: None

File details:

Hash MD5

a52741f5c1b87d92b4ecb466d422e86e

File size

190.50 KB

Hash SHA-1

3714ec6c027044b18f8fda2ad0e12e4f16c16b91

File uploaded

2014-02-07 01:10:38 PM

Hash SHA-256

28987481032051dab58ed888ed167088e8aa185804e1de0f4ae4c0a27159003b

Report created

2014-02-07 01:10:39 PM

Technical Details

Requested HTTP URLs

The analyzed file requests the following URLs.

URL

IP Address

Category

Details

May include user agent string, HTTP server, or encryption information.

Details

Method

Status

The first item is the response type (e.g. 200, meaning OK). The second item is the size of the response.

Status

MIME

The first item is the server-declared content type. The second item is the true content type.

MIME

http://cc9966.com/log?start|ai
d=4213|version=1.5|id=3d274d6f
-7a13-4fea-b6cc-59562ed0973a|o
s=5.1.2600_2.0_32

5.45.65.142

Netherlands

Malicious Web Sites

User agent:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)

HTTP Server:

nginx/1.2.1

GET

200
0 B

text/html

http://cc9966.com/cmd?version=
1.5&aid=4213&id=3d274d6f-7a13-
4fea-b6cc-59562ed0973a&os=5.1.
2600_2.0_32

5.45.65.142

Netherlands

Malicious Web Sites

User agent:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)

HTTP Server:

nginx/1.2.1

GET

200
0 B

text/html

http://cc9966.com/clk

5.45.65.142

Netherlands

Malicious Web Sites

User agent:

HTTP Server:

nginx/1.2.1

GET

200
35.50 KB

application/octet-stream

http://cc9966.com/log?install|
aid=4213|version=1.5|id=3d274d
6f-7a13-4fea-b6cc-59562ed0973a
|os=5.1.2600_2.0_32

5.45.65.142

Netherlands

Malicious Web Sites

User agent:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)

HTTP Server:

GET

0
0 B

Resolved hostnames

The analyzed file used DNS to resolve the following hostnames.

Hostname

Category

IP address

cc9966.com

Malicious Web Sites

5.45.65.142

IP addresses

The analyzed file requests the following IP addresses.

IP Address

ASN

5.45.65.142

AS35017 Swiftway Sp. z o.o.

Netherlands

5.45.65.142

AS35017 Swiftway Sp. z o.o.

Netherlands

5.45.65.142

AS35017 Swiftway Sp. z o.o.

Netherlands

5.45.65.142

AS35017 Swiftway Sp. z o.o.

Netherlands

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Writes file

C:\WINDOWS\Temp\3714ec6c027044b18f8fda2ad0e12e4f16c16b91.exe:del

Writes file

C:\Documents and Settings\victimo\Local Settings\Temp\sxusppe\spqfuct\wow.dll

Writes file

C:\Documents and Settings\victimo\Local Settings\Temp\sxusppe\spqfuct\wow.ini

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates process

C:\WINDOWS\explorer.exe

Creates process

C:\WINDOWS\Temp\3714ec6c027044b18f8fda2ad0e12e4f16c16b91.exe

Creates process

C:\WINDOWS\system32\rundll32.exe

Creates process

C:\WINDOWS\Temp\3714ec6c027044b18f8fda2ad0e12e4f16c16b91.exe:del

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Creates process

C:\WINDOWS\system32\dllhost.exe

Registry

The analyzed file made the following changes to the Windows Registry. Malicious files often alter the registry to ensure that the malicious software runs at system startup.

Event

Key

Value

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Data:

3714ec6c027044b18f8fda2ad0e12e4f16c16b91.exe

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID

Data:

572662306

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

Data:

C:\Documents and Settings\victimo\Local Settings\Temporary Internet Files

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

Data:

C:\Documents and Settings\victimo\Cookies

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History

Data:

C:\Documents and Settings\victimo\Local Settings\History

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

Data:

C:\Documents and Settings\All Users\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

Data:

C:\Documents and Settings\victimo\Application Data

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

Data:

0

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

Data:

0

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Data:

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

Data:

1

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Data:

1

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc\UuidSequenceNumber

Data:

31094215

Adds/Sets value

\REGISTRY\USER\S-1-5-21-1220945662-152049171-1343024091-1003\Software\Microsoft\Windows NT\CurrentVersion\EFS\CurrentKeys\numbackupattempts

Data:

-1

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Data:

3714ec6c027044b18f8fda2ad0e12e4f16c16b91.exe:del

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID

Data:

572662306

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Data:

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\advapi32.dll[MofResourceName]

Data:

LowDateTime:-403963648,HighDateTime:29653437***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\ACPI.sys[ACPIMOFResource]

Data:

LowDateTime:-1419454208,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\mssmbios.sys[MofResource]

Data:

LowDateTime:721069056,HighDateTime:29653439***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\pcntpci5.sys[NdisMofResource]

Data:

LowDateTime:-1403039488,HighDateTime:29435602***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\system32\DRIVERS\ipnat.sys[IPNATMofResource]

Data:

LowDateTime:1215513088,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]

Data:

LowDateTime:-1564486912,HighDateTime:29653421***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating

Data:

WmiApRpl

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last Counter

Data:

3360

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last Help

Data:

3361

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\Last Counter

Data:

3366

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\Last Help

Data:

3367

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\First Counter

Data:

3362

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\First Help

Data:

3363

Adds/Sets value

\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance\Object List

Data:

3362

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\advapi32.dll[MofResourceName]

Data:

LowDateTime:-403963648,HighDateTime:29653437***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\ACPI.sys[ACPIMOFResource]

Data:

LowDateTime:-1419454208,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\mssmbios.sys[MofResource]

Data:

LowDateTime:721069056,HighDateTime:29653439***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\ipnat.sys[IPNATMofResource]

Data:

LowDateTime:1215513088,HighDateTime:29653422***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]

Data:

LowDateTime:-1564486912,HighDateTime:29653421***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\system32\DRIVERS\pcntpci5.sys[NdisMofResource]

Data:

LowDateTime:-1403039488,HighDateTime:29435602***Binary mof compiled successfully

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh

Data:

0

Adds/Sets value

\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refreshed

Data:

1

Global system events


No global system events were detected.

Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result