nine

Lid
  • Aantal items

    47
  • Registratiedatum

  • Laatst bezocht

Over nine

  • Titel
    Geregeld Bezoeker
  • Verjaardag
  1. Beste Wensen voor iedereen
  2. dit mag afgesloten worden Droske, ik wil iedereen bedanken voor de geboden hulp...fijn weekend nog
  3. dacht dat ik dat gedaan had Droske....niet dus...beter oogskes open houden, bedankt voor de reactie..
  4. Hallo, ik heb er een ander scherm aangehangen en dan heb ik het probleem niet, dus terug m'n alledaags scherm eraan, en ja hoor, het werkt, ik ga in de toekomst eerst de bekabeling checken...dat zal al een uitsluitsel geven iedereen bedankt voor de spontane hulp groetjes
  5. falstring, bedoel je dat het m'n beeldscherm is? zou best kunnen, is al zo'n 10 jaar oud, m'n pc 3 maanden...als het dat is zal het snel opgelost zijn...bedankt voor je reactie Falstring, ben ik blij mee
  6. hallo Louisa, fijn dat je reageert, eerst..het is geen laptop maar een nieuwe desktop...alleen het scherm is al 10 jaar oud...ik dacht eerst dat het daaraan zou kunnen liggen, de pc zelf is zo'n maand of 3 oude... ScreenShot010.bmp ScreenShot009.bmp
  7. hallo, ik krijg rode lijntjes in m'n tekst maar ook op gezichten enzo, ik doe beelbewerking, dus knap lastig.. enig idee hoe dit komt? ik doe er een printscreen bij... ScreenShot007.bmp ScreenShot009.bmp
  8. mijn logje... 2016-12-13 11:33:19 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\P1481625159AM\[Start] Content: 1 Process: C:\Users\louisa-jeaninne\AppData\Local\Temp\bk52CE.tmp\p1481625159.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-12-13 11:32:47 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\P1481625159AM\[Type] Content: 1 Process: C:\Users\louisa-jeaninne\AppData\Local\Temp\bk52CE.tmp\p1481625159.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-12-13 11:32:33 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi1E21.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-12-13 11:32:33 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi1E21.tmp Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-12-11 21:46:51 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-11 21:46:51 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-11 18:39:30 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-12-11 18:13:36 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MSK_AUTO_FILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde Process: C:\WINDOWS\Sysnative\OpenWith.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-12-11 18:11:41 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-12-09 19:58:45 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-12-09 19:58:44 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-12-09 19:29:36 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension] Content: .wma Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:29:36 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension] Content: .wav Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP\[Extension] Content: .3gp Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-MS-WMV\[Extension] Content: .wmv Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/MP4\[Extension] Content: .mp4 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-MATROSKA\[Extension] Content: .mkv Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-M4V\[Extension] Content: .m4v Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP\[Extension] Content: .3gpp Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP2\[Extension] Content: .3gp2 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP2\[Extension] Content: .3g2 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-08 17:34:02 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\TEXT/VCARD\[Extension] Content: .vcf Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-06 20:30:21 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E886174-DC88-4B83-8BC5-66409EC75F16}\LOCALSERVER32\[] Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-06 20:30:14 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BOOTSTRAP.VSTO.1\SHELL\OPEN\COMMAND\[] Content: rundll32.exe "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution %1 Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-06 20:29:04 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-VISIO.VIEWER\[Extension] Content: .vdx Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-12-06 20:29:04 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-VISIO.VIEWER\[Extension] Content: .vsd Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.MSG.15\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\NEW\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.PST.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /pst "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.VCF.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /v "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020D09-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F005-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F006-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F020-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F01E-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F01F-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F023-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F024-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F011-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F030-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.EML.15\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.HOL.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /hol "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.ICS.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.MSG.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F063-0000-0000-C000-000000000046}\TREATAS\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:58 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/MSACCESS.FTEMPLATE\[Extension] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:58 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\TEXT/CALENDAR\[Extension] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:58 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F033-0000-0000-C000-000000000046}\TREATAS\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 19:00:35 Detected Trojan: Win32/Application.0fd [Removed] Details: Trojan name: Win32/Application.0fd Path: C:\WINDOWS\TEMP\nsi725F.tmp\update.dll-201612061623.dll.exe 2016-12-06 19:00:22 Process Creation [Auto-blocked] Details: Process: C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe Action: Process creation Path: C:\Windows\SysWOW64\rundll32.exe 2016-12-02 11:16:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-02 11:16:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-01 21:58:24 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-12-01 21:58:24 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension] Content: .wma Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension] Content: .wav Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/MP3\[Extension] Content: .mp3 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4R\[Extension] Content: .m4r Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4A\[Extension] Content: .m4a Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AAC\[Extension] Content: .aac Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AMR\[Extension] Content: .amr Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-30 21:46:15 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-29 20:49:18 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-29 18:05:22 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\THEMES\[DependOnService] Content: iThemes5 Process: C:\Windows\Temp\nsi68A5.tmp\de_svr.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-29 18:05:15 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi68A5.tmp\Lancer.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-29 18:05:05 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi68A5.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-29 18:05:05 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\waitlist.dat \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys \??\C:\Windows.old\windows\System32\DriverStore\FileReposi Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-29 17:47:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 3B 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-29 17:47:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 3A 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 23:18:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 36 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 23:18:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 37 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 19:04:51 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 34 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 19:04:51 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 35 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 08:49:13 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-28 08:49:13 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-27 20:58:51 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0) 2016-11-27 20:53:13 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\JGD_AUTO_FILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde Process: C:\WINDOWS\Sysnative\OpenWith.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-24 21:05:34 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-24 21:05:34 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-24 10:34:22 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 18 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-24 10:34:22 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 19 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-22 11:23:53 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-COMPRESSED\[Extension] Content: .solitairetheme8 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-21 11:20:50 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\AG64.dll Process: C:\WINDOWS\Sysnative\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-21 11:20:50 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-21 11:20:40 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\AG.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-21 11:20:40 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\AG64.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-21 11:20:40 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\Lancer.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-21 11:20:06 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\Aa.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-19 21:05:31 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-19 21:04:56 Modify search engine [Allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}\ Content: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 Process: C:\Program Files\Internet Explorer\iexplore.exe Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0) 2016-11-19 21:04:56 Modify search engine [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\[DefaultScope] Content: {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Process: C:\Program Files\Internet Explorer\iexplore.exe Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:21 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:21 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb edit "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[] Content: {0D452EE1-E08F-101A-852E-02608C4D0BB4} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[Version] Content: 2.0 Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[] Content: {00024517-0000-0000-C000-000000000046} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[Version] Content: 1.0 Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\PROXYSTUBCLSID\[] Content: {00020424-0000-0000-C000-000000000046} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[] Content: {00020424-0000-0000-C000-000000000046} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\TYPELIB\[] Content: {C04E4E5E-89E6-43C0-92BD-D3F2C7FBA5C4} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify browser communication protocol [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\MS-HELP\[CLSID] Content: {314111c7-a502-11d2-bbca-00c04f8ec294} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:19 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELLEX\ICONHANDLER\[] Content: Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:19 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020906-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:15 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELLEX\ICONHANDLER\[] Content: {AB968F1E-E20B-403A-9EB8-72EB0EB6797E} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:15 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:15 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb edit "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:07 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ODCFILE\SHELL\EDITTEXT\COMMAND\[] Content: NOTEPAD.EXE "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:01:23 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-19 21:01:23 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-19 18:03:00 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-19 18:03:00 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.DOCUMENT.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.TEMPLATE.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-POWERPOINT.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-EXCEL.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-COMPRESSED\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/ZIP\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.TEXT\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.PRESENTATION\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.SPREADSHEET\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.DOCUMENT.12\[Extension] Content: .docx Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:41:56 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020906-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ODCFILE\SHELL\EDITTEXT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\root\client\appvlp.exe" NOTEPAD.EXE "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F023-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020912-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020913-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020914-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020915-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020916-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020917-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020918-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020919-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:25 Modify key system file [Auto-allowed] Detailed description: Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.7466.2038\OfficeClickToRun.exe Action:Rename Path:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe 2016-11-17 20:25:51 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-17 20:24:44 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-17 20:24:44 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-17 19:59:23 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-17 19:59:23 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-17 19:51:35 Detected Trojan: Win32/Virus.Downloader.6e5 [Removed] Details: Trojan name: Win32/Virus.Downloader.6e5 Path: C:\WINDOWS\TEMP\nsi542.tmp\update.dll-201611171511.dll.exe 2016-11-17 19:51:06 Process Creation [Auto-blocked] Details: Process: C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe Action: Process creation Path: C:\Windows\SysWOW64\rundll32.exe 2016-11-16 21:31:29 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\APPLICATION/PDF\[Extension] Content: .pdf Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-16 19:59:06 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 14 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-16 19:59:06 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 15 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-16 18:14:08 Detected Trojan: Win32/Trojan.68f [Removed] Details: Trojan name: Win32/Trojan.68f Path: C:\WINDOWS\TEMP\nsiAFD8.tmp\update.dll-201611161632.dll.exe 2016-11-13 16:32:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-13 16:32:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-13 10:57:38 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-13 10:57:38 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-12 17:59:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-12 10:57:40 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-11-12 10:57:40 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-11-12 10:57:26 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DropboxExt Content: Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\Programmable Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\BACKGROUND\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\COPYHOOKHANDLERS\DROPBOXCOPYHOOK\[] Content: {FBC9D74C-AF55-4309-9FB2-C426E071637F} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[] Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[] Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[] Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[] Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[] Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[] Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[] Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[] Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[] Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[] Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\[] Content: ContextMenuHandler Class Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[] Content: C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[ThreadingModel] Content: Apartment Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DropboxExt Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\BACKGROUND\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\COPYHOOKHANDLERS\DROPBOXCOPYHOOK\[] Content: {FBC9D74C-AF55-4309-9FB2-C426E071637F} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[] Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[] Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[] Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[] Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[] Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[] Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[] Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[] Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[] Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[] Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:25 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[ThreadingModel] Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-11 10:56:03 Modify pending file operation [Allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi861A.tmp\A2.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-11 10:55:30 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi861A.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-11 10:55:30 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi861A.tmp\waitlist.dat Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-09 18:02:56 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-09 18:02:56 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-09 09:23:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-09 09:23:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-08 21:28:52 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-08 20:59:59 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-08 11:33:25 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-08 11:33:25 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-08 08:45:43 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-08 08:45:43 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-06 16:13:57 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\TUB_AUTO_FILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde Process: C:\WINDOWS\Sysnative\OpenWith.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-05 14:00:51 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\TEXT/VCARD\[Extension] Content: .vcf Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-04 19:25:38 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 26 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-04 19:25:38 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 27 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 23:14:03 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[Hash] Content: Zg1nRwMfrtY= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:14:02 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:14:00 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[Hash] Content: bikSZHjOReg= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:58 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: cTovoZkWtOg= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:57 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:55 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:54 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[Hash] Content: 3TH2eBS2PZ4= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: uTblUkIpZmo= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:51 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: zz6OqJCK4+E= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: LlJ/LQ3kTsc= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:23 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: 3iDrjnA6LNk= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 22:07:58 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 20 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 22:07:58 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 21 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:57:32 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1F 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:57:32 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1E 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:15:01 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:15:01 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 16:35:09 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.INI\OPENWITHPROGIDS\[inifile] Content: Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 11:26:08 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 19 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 11:26:07 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 18 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: I4cjQNQpLKI= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: /FZhjjIbfaE= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: Nkf6dYM+70w= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: a405RB8L8Uc= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: D42M701QEZc= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: AppXq0fevzme2pys62n3e0fbqa7peapykr8v Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: H1JwgYOi9Zg= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: AppX90nv6nhay5n6a98fnetv7tpk64pp35es Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\CLIENTS\STARTMENUINTERNET\[] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: WpHe5ma/2UA= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId] Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: kNLX/SUjuWs= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.3GP\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.ASF\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.AVI\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.M2TS\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHT\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHT\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHTML\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHTML\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MKV\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MOV\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MP2V\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MP4\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MPEG\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MPG\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:27 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: mTQKxCMp5xE= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: ryqSYkx1BYo= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: 9CDhmCG+ImA= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:51 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: +NSxWkB1IJc= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:51 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[] Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[] Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[] Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[] Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[] Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[] Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[] Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[] Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[] Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[] Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension] Content: .wma Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension] Content: .wav Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/MP3\[Extension] Content: .mp3 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4R\[Extension] Content: .m4r Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AMR\[Extension] Content: .amr Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AAC\[Extension] Content: .aac Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4A\[Extension] Content: .m4a Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 19:57:01 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-10-27 19:56:59 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-10-27 14:50:59 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-27 14:50:59 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: fTzROqo8x+U= Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: AppXq0fevzme2pys62n3e0fbqa7peapykr8v Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: 22q9GIhyELI= Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: AppX90nv6nhay5n6a98fnetv7tpk64pp35es Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:38:21 Modify default browser [Blocked] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\HTTPS\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Nolarry\Application\chrome.exe" "%1" Process: C:\Windows\Temp\nsiF190.tmp\ttff.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-10-26 11:38:11 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\ILS\PARAMETERS\[ServiceDll] Content: C:\ProgramData\Tencent\QQ\qmdr\dr.dll Process: C:\Windows\Temp\nsiF190.tmp\ttff.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
  9. thx voor je reactie Passer, ik wacht wel even tot iemand zich aandient die er iets van weet, ik weet het ook niet...fijne avond nog
  10. hallo, al de tekst die op de werkbalk staat als op het bureaublad maar ook op uitwerkingen van forums kleurt rood, evenals gezichten...ik heb daarstraks een scan gedaan, niks helpt... ik doe er printscreen bij... ScreenShot009.bmp
  11. ok dank je wel, het lijkt allemaal terug ok te zijn...bedankt maar weeral...ik kan weer verder...
  12. ik ga dat straks doen bij het afsluiten, maar even een vraag, bij instellingen in het kadertje staat "google chrome instellen als mijn standaard browser" daarnet onder staat "google chrome is momenteel niet je standaard browser" is dit normaal?
  13. heb de instellingen voor google chrome terug gezet zoals hierboven beschreven, nu heb ik die L....Y 123 weer...het spookt hier serieus, halloween is toch voorbij hé enig woordje uitleg is altijd welkom...alvast bedankt
  14. nu snap ik er niks meer van, ik start m'n pc op en nu heb ik weer geen google chrom meer maar (en ik laat de klinkers weg) D.Z.N S..RCH C.M enig idee hoe dit nu weer kan???