Ga naar inhoud

Aanbevolen berichten

Geplaatst:

hallo,

al de tekst die op de werkbalk staat als op het bureaublad maar ook op uitwerkingen van forums kleurt rood, evenals gezichten...ik heb daarstraks een scan gedaan, niks helpt...

 

ik doe er printscreen bij...

 

 

ScreenShot009.bmp

Geplaatst:

Nine,

welkom op PCH

 

alleen: je plaatje lijkt me een doodgewoon plaatje, zonder enige overdreven vorm van rood...

Dus vermoed ik dat het aan je scherm zal liggen. Alleen ben ik geen hardwarekenner

dus... hardwarekenners: zien jullie er licht in ?

 

Geplaatst:

mijn logje...

 

2016-12-13 11:33:19    Modify driver or service    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\P1481625159AM\[Start]
Content: 1
Process: C:\Users\louisa-jeaninne\AppData\Local\Temp\bk52CE.tmp\p1481625159.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-12-13 11:32:47    Modify driver or service    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\P1481625159AM\[Type]
Content: 1
Process: C:\Users\louisa-jeaninne\AppData\Local\Temp\bk52CE.tmp\p1481625159.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-12-13 11:32:33    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi1E21.tmp\ClearLog.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-12-13 11:32:33    Modify pending file operation    [Auto-blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi1E21.tmp

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0)
2016-12-11 21:46:51    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-12-11 21:46:51    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-12-11 18:39:30    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[]
Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1"
Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-12-11 18:13:36    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MSK_AUTO_FILE\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde
Process: C:\WINDOWS\Sysnative\OpenWith.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-12-11 18:11:41    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[]
Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE
Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-12-09 19:58:45    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-12-09 19:58:44    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-12-09 19:29:36    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension]
Content: .wma
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:29:36    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension]
Content: .wav
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP\[Extension]
Content: .3gp
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-MS-WMV\[Extension]
Content: .wmv
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/MP4\[Extension]
Content: .mp4
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-MATROSKA\[Extension]
Content: .mkv
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-M4V\[Extension]
Content: .m4v
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP\[Extension]
Content: .3gpp
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP2\[Extension]
Content: .3gp2
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-09 19:28:52    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP2\[Extension]
Content: .3g2
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-08 17:34:02    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\TEXT/VCARD\[Extension]
Content: .vcf
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process: , (0)
2016-12-06 20:30:21    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E886174-DC88-4B83-8BC5-66409EC75F16}\LOCALSERVER32\[]
Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE"
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-06 20:30:14    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BOOTSTRAP.VSTO.1\SHELL\OPEN\COMMAND\[]
Content: rundll32.exe "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution %1
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-06 20:29:04    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-VISIO.VIEWER\[Extension]
Content: .vdx
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-12-06 20:29:04    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-VISIO.VIEWER\[Extension]
Content: .vsd
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-12-06 20:29:02    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.MSG.15\SHELL\PRINT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\NEW\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\PRINT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.PST.15\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /pst "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.VCF.15\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /v "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020D09-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F005-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F006-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F020-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F01E-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F01F-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F023-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F024-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F011-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:02    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F030-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:01    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.EML.15\SHELL\OPEN\COMMAND\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:01    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.HOL.15\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /hol "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:01    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.ICS.15\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:29:01    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.MSG.15\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F063-0000-0000-C000-000000000046}\TREATAS\[]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:58    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/MSACCESS.FTEMPLATE\[Extension]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:58    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\TEXT/CALENDAR\[Extension]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 20:28:58    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F033-0000-0000-C000-000000000046}\TREATAS\[]
Content: 
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process: , (0)
2016-12-06 19:00:35    Detected Trojan: Win32/Application.0fd    [Removed]
Details: 
Trojan name: Win32/Application.0fd
Path: C:\WINDOWS\TEMP\nsi725F.tmp\update.dll-201612061623.dll.exe
2016-12-06 19:00:22    Process Creation    [Auto-blocked]
Details: 
Process: C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe
Action: Process creation
Path: C:\Windows\SysWOW64\rundll32.exe
2016-12-02 11:16:49    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-12-02 11:16:49    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-12-01 21:58:24    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0)
2016-12-01 21:58:24    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension]
Content: .wma
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension]
Content: .wav
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/MP3\[Extension]
Content: .mp3
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4R\[Extension]
Content: .m4r
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4A\[Extension]
Content: .m4a
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AAC\[Extension]
Content: .aac
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-12-01 15:33:59    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AMR\[Extension]
Content: .amr
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-30 21:46:15    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[]
Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE
Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-29 20:49:18    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[]
Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1"
Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-29 18:05:22    Modify driver or service    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\THEMES\[DependOnService]
Content: 
iThemes5
Process: C:\Windows\Temp\nsi68A5.tmp\de_svr.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-29 18:05:15    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi68A5.tmp\Lancer.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-29 18:05:05    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi68A5.tmp\ClearLog.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-29 18:05:05    Modify pending file operation    [Auto-blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\waitlist.dat

\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

\??\C:\Windows.old\windows\System32\DriverStore\FileReposi
Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0)
2016-11-29 17:47:15    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 3B 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-29 17:47:15    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 3A 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-28 23:18:15    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 36 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-28 23:18:15    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 37 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-28 19:04:51    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 34 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-28 19:04:51    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 35 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-28 08:49:13    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-28 08:49:13    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-27 20:58:51    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[]
Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1"
Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe
Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0)
2016-11-27 20:53:13    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\JGD_AUTO_FILE\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde
Process: C:\WINDOWS\Sysnative\OpenWith.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-24 21:05:34    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-24 21:05:34    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-24 10:34:22    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 18 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-24 10:34:22    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 19 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-22 11:23:53    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-COMPRESSED\[Extension]
Content: .solitairetheme8
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-21 11:20:50    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\AG64.dll

Process: C:\WINDOWS\Sysnative\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-21 11:20:50    Modify pending file operation    [Auto-blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\ClearLog.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0)
2016-11-21 11:20:40    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\AG.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-21 11:20:40    Modify pending file operation    [Auto-blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\AG64.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0)
2016-11-21 11:20:40    Modify pending file operation    [Auto-blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\Lancer.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0)
2016-11-21 11:20:06    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsiE314.tmp\Aa.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-19 21:05:31    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[]
Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE
Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-19 21:04:56    Modify search engine    [Allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}\
Content: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
Process: C:\Program Files\Internet Explorer\iexplore.exe
Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0)
2016-11-19 21:04:56    Modify search engine    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\[DefaultScope]
Content: {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Process: C:\Program Files\Internet Explorer\iexplore.exe
Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0)
2016-11-19 21:04:22    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\EDIT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE
Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0)
2016-11-19 21:04:22    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\PRINT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE
Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0)
2016-11-19 21:04:22    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\EDIT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE
Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0)
2016-11-19 21:04:22    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\PRINT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE
Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0)
2016-11-19 21:04:21    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1"
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:21    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\EDIT\COMMAND\[]
Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb edit "%1"
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[]
Content: {0D452EE1-E08F-101A-852E-02608C4D0BB4}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[Version]
Content: 2.0
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[]
Content: {00024517-0000-0000-C000-000000000046}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[Version]
Content: 1.0
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\PROXYSTUBCLSID\[]
Content: {00020424-0000-0000-C000-000000000046}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[]
Content: {00020424-0000-0000-C000-000000000046}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\TYPELIB\[]
Content: {C04E4E5E-89E6-43C0-92BD-D3F2C7FBA5C4}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:20    Modify browser communication protocol    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\MS-HELP\[CLSID]
Content: {314111c7-a502-11d2-bbca-00c04f8ec294}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:19    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELLEX\ICONHANDLER\[]
Content: 
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:19    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020906-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:15    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELLEX\ICONHANDLER\[]
Content: {AB968F1E-E20B-403A-9EB8-72EB0EB6797E}
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:15    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1"
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:15    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\EDIT\COMMAND\[]
Content: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb edit "%1"
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:04:07    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ODCFILE\SHELL\EDITTEXT\COMMAND\[]
Content: NOTEPAD.EXE "%1"
Process: C:\WINDOWS\Sysnative\msiexec.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-19 21:01:23    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-19 21:01:23    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-19 18:03:00    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-11-19 18:03:00    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.DOCUMENT.12\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.TEMPLATE.12\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-POWERPOINT.12\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-EXCEL.12\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-COMPRESSED\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/ZIP\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.TEXT\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.PRESENTATION\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.SPREADSHEET\[Extension]
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE}
Content: 
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:42:00    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.DOCUMENT.12\[Extension]
Content: .docx
Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0)
2016-11-18 10:41:56    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020906-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ODCFILE\SHELL\EDITTEXT\COMMAND\[]
Content: "C:\Program Files (x86)\Microsoft Office\root\client\appvlp.exe" NOTEPAD.EXE "%1"
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F023-0000-0000-C000-000000000046}\LOCALSERVER32\[]
Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020912-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020913-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020914-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020915-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020916-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020917-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020918-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:55    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020919-0000-0000-C000-000000000046}\TYPELIB\[Version]
Content: 8.7
Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-18 10:41:25    Modify key system file    [Auto-allowed]
Detailed description:
Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.7466.2038\OfficeClickToRun.exe
Action:Rename
Path:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
2016-11-17 20:25:51    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[]
Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1"
Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-17 20:24:44    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-17 20:24:44    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-17 19:59:23    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-17 19:59:23    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-17 19:51:35    Detected Trojan: Win32/Virus.Downloader.6e5    [Removed]
Details: 
Trojan name: Win32/Virus.Downloader.6e5
Path: C:\WINDOWS\TEMP\nsi542.tmp\update.dll-201611171511.dll.exe
2016-11-17 19:51:06    Process Creation    [Auto-blocked]
Details: 
Process: C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe
Action: Process creation
Path: C:\Windows\SysWOW64\rundll32.exe
2016-11-16 21:31:29    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\APPLICATION/PDF\[Extension]
Content: .pdf
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-16 19:59:06    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 14 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-16 19:59:06    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 15 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-16 18:14:08    Detected Trojan: Win32/Trojan.68f    [Removed]
Details: 
Trojan name: Win32/Trojan.68f
Path: C:\WINDOWS\TEMP\nsiAFD8.tmp\update.dll-201611161632.dll.exe
2016-11-13 16:32:49    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-11-13 16:32:49    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-11-13 10:57:38    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-13 10:57:38    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-12 17:59:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[]
Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE
Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-12 10:57:40    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0)
2016-11-12 10:57:40    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0)
2016-11-12 10:57:26    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DropboxExt
Content: 
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\Programmable
Content: 
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32
Content: 
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[]
Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[]
Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\BACKGROUND\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[]
Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\COPYHOOKHANDLERS\DROPBOXCOPYHOOK\[]
Content: {FBC9D74C-AF55-4309-9FB2-C426E071637F}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[]
Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[]
Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[]
Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[]
Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[]
Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[]
Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[]
Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[]
Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[]
Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[]
Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\Windows\SysWOW64\regsvr32.exe
Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\[]
Content: ContextMenuHandler Class
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[]
Content: C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[ThreadingModel]
Content: Apartment
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[]
Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DropboxExt
Content: 
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[]
Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\BACKGROUND\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[]
Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\COPYHOOKHANDLERS\DROPBOXCOPYHOOK\[]
Content: {FBC9D74C-AF55-4309-9FB2-C426E071637F}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[]
Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[]
Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[]
Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[]
Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[]
Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[]
Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[]
Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[]
Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[]
Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:26    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[]
Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-12 10:57:25    Modify context menu    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[ThreadingModel]
Content: 
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-11-11 10:56:03    Modify pending file operation    [Allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi861A.tmp\A2.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-11 10:55:30    Modify pending file operation    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi861A.tmp\ClearLog.dll

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-11-11 10:55:30    Modify pending file operation    [Auto-blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\WINDOWS\TEMP\nsi861A.tmp\waitlist.dat

Process: C:\Windows\SysWOW64\rundll32.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0)
2016-11-09 18:02:56    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-09 18:02:56    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-09 09:23:49    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-11-09 09:23:49    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-11-08 21:28:52    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[]
Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1"
Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-08 20:59:59    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[]
Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE
Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-11-08 11:33:25    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-08 11:33:25    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-08 08:45:43    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-08 08:45:43    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-06 16:13:57    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\TUB_AUTO_FILE\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde
Process: C:\WINDOWS\Sysnative\OpenWith.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-05 14:00:51    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\TEXT/VCARD\[Extension]
Content: .vcf
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-11-04 19:25:38    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 26 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-04 19:25:38    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 27 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 23:14:03    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[Hash]
Content: Zg1nRwMfrtY=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:14:02    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:14:00    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[Hash]
Content: bikSZHjOReg=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:58    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash]
Content: cTovoZkWtOg=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:57    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:55    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId]
Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:54    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[Hash]
Content: 3TH2eBS2PZ4=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash]
Content: uTblUkIpZmo=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:51    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash]
Content: zz6OqJCK4+E=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash]
Content: LlJ/LQ3kTsc=
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 23:13:23    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash]
Content: 3iDrjnA6LNk=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 22:07:58    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 20 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 22:07:58    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 21 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 18:57:32    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1F 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 18:57:32    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1E 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 18:15:01    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 18:15:01    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 16:35:09    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.INI\OPENWITHPROGIDS\[inifile]
Content: 
Process: C:\Windows\explorer.exe
Parent Process:C:\Windows\System32\userinit.exe , (0)
2016-11-03 11:26:08    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 19 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 11:26:07    Modify key settings    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F]
Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 18 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 
Process: C:\WINDOWS\Sysnative\lsass.exe
Parent Process: , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash]
Content: I4cjQNQpLKI=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash]
Content: /FZhjjIbfaE=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash]
Content: Nkf6dYM+70w=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:02:04    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash]
Content: a405RB8L8Uc=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash]
Content: D42M701QEZc=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId]
Content: AppXq0fevzme2pys62n3e0fbqa7peapykr8v
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash]
Content: H1JwgYOi9Zg=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId]
Content: AppX90nv6nhay5n6a98fnetv7tpk64pp35es
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:50    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\CLIENTS\STARTMENUINTERNET\[]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:50    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash]
Content: WpHe5ma/2UA=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:50    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId]
Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:50    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash]
Content: kNLX/SUjuWs=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:50    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId]
Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:50    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[Hash]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.3GP\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.ASF\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.AVI\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.M2TS\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHT\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHT\USERCHOICE\[Hash]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHTML\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHTML\USERCHOICE\[Hash]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MKV\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MOV\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MP2V\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MP4\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MPEG\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify file association    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MPG\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:49    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[ProgId]
Content: 
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-11-03 09:01:27    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash]
Content: mTQKxCMp5xE=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-29 18:05:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash]
Content: ryqSYkx1BYo=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-29 18:05:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-29 18:05:52    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash]
Content: 9CDhmCG+ImA=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-29 18:05:51    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash]
Content: +NSxWkB1IJc=
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-29 18:05:51    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId]
Content: ChromeHTML
Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[]
Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[]
Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[]
Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[]
Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[]
Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[]
Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[]
Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[]
Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[]
Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-28 20:27:23    Modify sensitive system setting    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[]
Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}
Process: C:\WINDOWS\Sysnative\regsvr32.exe
Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension]
Content: .wma
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension]
Content: .wav
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/MP3\[Extension]
Content: .mp3
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4R\[Extension]
Content: .m4r
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AMR\[Extension]
Content: .amr
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AAC\[Extension]
Content: .aac
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 20:03:28    Modify key COM component    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4A\[Extension]
Content: .m4a
Process: C:\WINDOWS\Sysnative\svchost.exe
Parent Process:C:\WINDOWS\Sysnative\services.exe , (0)
2016-10-27 19:57:01    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: Dropbox
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-10-27 19:56:59    Modify SHELL namespace    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[]
Content: dropbox-NamespaceExtensionRole.Personal
Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Parent Process: , (0)
2016-10-27 14:50:59    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-27 14:50:59    Modify pending file operation    [Auto-allowed]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations]
Content: 
\??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys

Process: C:\WINDOWS\Sysnative\taskhostw.exe
Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0)
2016-10-26 11:39:09    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash]
Content: fTzROqo8x+U=
Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-10-26 11:39:09    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId]
Content: AppXq0fevzme2pys62n3e0fbqa7peapykr8v
Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-10-26 11:39:09    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash]
Content: 22q9GIhyELI=
Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-10-26 11:39:09    Modify default browser    [Auto-allowed]
Detailed description: 
Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId]
Content: AppX90nv6nhay5n6a98fnetv7tpk64pp35es
Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe
Parent Process:C:\Windows\explorer.exe , (0)
2016-10-26 11:38:21    Modify default browser    [Blocked]
Detailed description: 
Registry: HKEY_CURRENT_USER\Software\Classes\HTTPS\SHELL\OPEN\COMMAND\[]
Content: "C:\Program Files (x86)\Nolarry\Application\chrome.exe" "%1"
Process: C:\Windows\Temp\nsiF190.tmp\ttff.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
2016-10-26 11:38:11    Modify driver or service    [Blocked]
Detailed description: 
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\ILS\PARAMETERS\[ServiceDll]
Content: C:\ProgramData\Tencent\QQ\qmdr\dr.dll
Process: C:\Windows\Temp\nsiF190.tmp\ttff.exe
Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)
 

Geplaatst:

tja, die printscreens zien er absoluut normaal uit, zoals passer ook al vaststelde. bekijk ze zelf maar eens op een andere pc...

daaruit mag je concluderen: wat de videoprocessor naar het scherm stuurt is in orde, en vervolgens: het scherm zelf faalt.

je kan e.e.a. zelf nog eens checken door een ander beeldscherm eraan te hangen, maar ik denk dat de conclusie al duidelijk is, en je zoektocht in de software lijkt me dus overbodig.

 

 

Geplaatst:
4 uren geleden, nine zei:

hallo,

 

ik krijg rode lijntjes in m'n tekst maar ook op gezichten enzo, ik doe beelbewerking, dus knap lastig..

 

enig idee hoe dit komt?

 

ik doe er een printscreen bij...

 

 

ScreenShot007.bmp

ScreenShot009.bmp

Hoi,

kan je er een foto van trekken ? omdat het hardware is kan de PC deze lijnen niet zien en maakt een screenshot van het scherm zoals hij het projecteert !

Het kan zijn dat (zoals bij vele pc's) de grafische chip problemen geeft ! Als daar één van de honderden connecties (bolletjes) tussen de grafische chip (GPU) en het Mobo (moederbord) loszit en de GPU warmt op, warmen de bolletjes eronder ook op die zetten uit en diegene die loszitten verbreken contact. (dit gebeurt soms onmiddellijk of soms na een kwartiertje) en afhankelijk van de bolletjes die losokmen geeft het een andere fout (zwart scherm, strepen over het scherm of andere...)

Mijn oplossing is niet zo complex maar neemt een paar uurtjes in beslag.

Laptop uit elkaar, Mobo eruit, grafische chip opwarmen met professioneel materiaal tot een 200°C en weer in elkaar steken (is mij zondag weer eens gelukt op een laptop van Compaq) dan weer in elkaar steken en klaar is kees.

Ofwel Grafische kaart uit de pc halen, alle losse onderdelen eraf vijzen, zelfde procedure met de grafische chip als hierboven, weer in elkaar vijzen en inbouwen in de PC.

 

Indien daar help bij nodig is wil ik daar graag mee helpen. Heb hier al een 20tal PC's mee gerepareerd !

 

Laat maar weten,

Groetjes, Louise.

Geplaatst:
7 uren geleden, falstring zei:

tja, die printscreens zien er absoluut normaal uit, zoals passer ook al vaststelde. bekijk ze zelf maar eens op een andere pc...

daaruit mag je concluderen: wat de videoprocessor naar het scherm stuurt is in orde, en vervolgens: het scherm zelf faalt.

je kan e.e.a. zelf nog eens checken door een ander beeldscherm eraan te hangen, maar ik denk dat de conclusie al duidelijk is, en je zoektocht in de software lijkt me dus overbodig.

 

falstring, bedoel je dat het m'n beeldscherm is? zou best kunnen, is al zo'n 10 jaar oud, m'n pc 3 maanden...als het dat is zal het snel opgelost zijn...bedankt voor je reactie Falstring, ben ik blij mee

Geplaatst:
8 uren geleden, LouisePorkolt zei:

kan je er een foto van trekken ?

 

Dus een foto maken met je fototoestel en die foto in bijlage toevoegen. Dus geen screenshot!

Liefst een jpg of png bestand in plaats van een BMP.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.