General Info

URL

http://flow.lavasoft.com

Full analysis
https://app.any.run/tasks/813f614b-9f59-4bc5-abce-d36b08e145c8
Verdict
Malicious activity
Analysis date
6/12/2019, 09:44:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 736)
Changes internet zones settings
  • iexplore.exe (PID: 3516)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 736)
  • iexplore.exe (PID: 3516)
  • iexplore.exe (PID: 680)
  • iexplore.exe (PID: 3792)
Reads internet explorer settings
  • iexplore.exe (PID: 3792)
  • iexplore.exe (PID: 680)
Reads Internet Cache Settings
  • iexplore.exe (PID: 680)
  • iexplore.exe (PID: 3792)
Application launched itself
  • iexplore.exe (PID: 3516)
Reads settings of System Certificates
  • iexplore.exe (PID: 3516)
  • iexplore.exe (PID: 680)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3516)
Changes settings of System certificates
  • iexplore.exe (PID: 3516)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 680)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
37
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3516
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wer.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll

PID
3792
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3516 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\feclient.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\audioses.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
736
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

PID
680
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3516 CREDAT:6403
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

Registry activity

Total events
813
Read events
653
Write events
155
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
3516
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
3516
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3516
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{F828AB0B-8CE5-11E9-A370-5254004A04AF}
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060003000C0007002C0038006202
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060003000C0007002C0038007202
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060003000C0007002C0038004D03
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
28
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060003000C0007002C0038006C03
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
367
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060003000C0007002C003900EB00
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
54
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
https://flow.lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
idnes.cz
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
lun.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
webster.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
eskimi.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
google.com.mm
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
google.com.vn
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
amazon.de
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
varzesh
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
github.io
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
soso.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
google.ru
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
https://flow.lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
idnes.cz
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
lun.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
webster.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
eskimi.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
google.com.mm
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
google.com.vn
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
amazon.de
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
varzesh
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
github.io
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
soso.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
google.ru
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307060003000C0007002D000D00E302
3516
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3516
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3516
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://google.it/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
https://flow.lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
idnes.cz
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
lun.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
webster.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
eskimi.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
google.com.mm
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
google.com.vn
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
amazon.de
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
varzesh
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
github.io
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
soso.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
google.ru
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
3516
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
9862B5D0F220D501
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060003000C0007002E000700A401
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
24
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060003000C0007002E000700C301
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
282
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060003000C0007002E000700E201
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
44
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShowClosedTabs
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShowActivities
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Type
0
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Count
1
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Time
E307060003000C0007002E000D008901
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
urlhaus
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://google.it/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
http://lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
https://flow.lavasoft.com/
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
idnes.cz
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
lun.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
webster.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
eskimi.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
google.com.mm
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
google.com.vn
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
amazon.de
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
varzesh
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
github.io
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
soso.com
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
google.ru
3792
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\ErrorReporting
LastShipAssertTime
3C34A0C5F220D501
3792
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
3792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613
3792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
3792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
3792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
3792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheRepair
0

Files activity

Executable files
0
Suspicious files
1
Text files
162
Unknown types
15

Dropped files

PID
Process
Filename
Type
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 63cc789a4f79bb1d7037abd436906d9f
SHA256: abc2509d89d2137a09f30be6ba2e3067be873b1440d6637f84d0c62b92966d47
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\trans[2].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\Passport[1].htm
html
MD5: 232461ac46abfbe06a8a64325f27e147
SHA256: 1915cb755b5d98010425c3fedba14e8d0ad08da3ca24f3248ab159bbdfc6ed32
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\Passport[1].aspx
––
MD5:  ––
SHA256:  ––
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\c08f0499[1].js
text
MD5: ec37ef9050000d77995eb427dea8f663
SHA256: c8bf9a9bd678c401b58e1dc97eeb7aaaab02f1946a366a3f78c37fb58e3b857c
680
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: e60fb948340f182fcc532553bdf3e8c7
SHA256: 1a97dbee1a2e7236ee4fa671e7bbb85c772659945bf450b58318f83ac40472b9
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 0f70d19b164f9fae75c78a16e41256bf
SHA256: 57e6edf83020aff6b28f7dc32bd1ebe4051fbb638f6db4a57e4f41f6fb92ac62
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\ncheader[1].txt
––
MD5:  ––
SHA256:  ––
680
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\reportActivity[1].txt
––
MD5:  ––
SHA256:  ––
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\33036ea1[1].js
text
MD5: 77e5196d684493a206ff3103828bc2f0
SHA256: 1edf0a1d0b0709d73d015dcdedc9feb0a7ed7bd852fd2ff7374aed74dfcdd6c5
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\cc8437ad[1].js
text
MD5: a6c733aa5f25fedffec17814deabdf94
SHA256: 31603d185bc08890ea41eb0782454b46e63eaf17acd1f414a44411dcaa8b661b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\71b450b0[1].js
text
MD5: 52aa469570e7f09f519e54bf2e359b2f
SHA256: 30987f9f364b9657f3dee75e6365079b30ea3a166c5806d2aa065ee9a451cd49
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\f8c6dd44[1].js
text
MD5: 0fd0568e7b5068e209ac15210ae56ff2
SHA256: b87a66df064550755c00f605c7463007675490e64346a26dd60246d00e8a09de
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\37529936[1].js
text
MD5: 14f5537e827640cb6dc48af9f5054dbd
SHA256: 450c8544966cd66a9c05f9a2ba635a3649fe705cae99779091257e04be4a2ad4
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\37f3511b[1].js
text
MD5: 00056a3846a478dac418451ed533c110
SHA256: c4a2dc0ea6f2415e8fc1d1ab417fdce1e79fca658342c6371018353d152aab61
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\f1d86b5a[1].js
text
MD5: a5363c37b617d36dfd6d25bfb89ca56b
SHA256: 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\a9b12688[1].js
text
MD5: 84fd3fc97faafcf8fcca752ecbff270e
SHA256: c996e21f2e6a6aeb85d1bd1b865879f9bc57ba397860abd5bcf883ee7da24936
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\40e1b425[1].js
text
MD5: 8aa44a43984d65ffc6df173e6e7b5aa7
SHA256: 6b7edfbfcd5f21a9db2a481d0fc00059dc4125a57b835f6987953f065b6b7bdb
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\th[1].jpg
image
MD5: c155e314726d9022ace2092722fd9178
SHA256: 42d3c39c5b51c082746162b995c6c605ba97734e48345cfd9fb91dc56970f339
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0cf84f11c94494f895e9fdd6a5c6426f
SHA256: 162b17f10438747dab2938bd952e99621f16c364cae2a7b4d11e129766a5535d
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\9a358300[1].js
text
MD5: 26d5c5dd7c280fa90f88a152bb557441
SHA256: 63bf2c3d1a4b69ec7d9681bef931c76713da9c94cc5c1cf9d9f8b142917c9362
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\search[1].txt
––
MD5:  ––
SHA256:  ––
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\search[1].htm
html
MD5: 3993d3976b68137247792e428caed247
SHA256: cb566b93cd027959170b76e95fe21c718aa78d4e5f444a6d8ce05a3557b29ec1
680
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7b1b66cbd80b2040767f0b47a437301b
SHA256: 852903fbb004d58f1b7564e3f6c25f68a75f2db2e091323c32ba3f8fc553dc42
680
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 267e5c75e8493e3d12c751fb88123c53
SHA256: a7af0dbb8d6f39f72cf8f2c62f2b9fbb7b44ac6bce0a8c93a4491bf398613c3b
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\collapse_nor[1]
image
MD5: 1db46b84e85cdb17503ae7207aaf7b0b
SHA256: 07d2d752739539b205d0f7f3e3ac3a84538151e817f647fa55d7cf2470abd6e8
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\close_nor[1]
image
MD5: 073ad35b460551cc0f0bb93b8a1c0264
SHA256: d9a4409feaafcd35f6261941963177a508524c526c87c5171bc85707d165fe9f
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\top[1]
image
MD5: 90ef16b85e7f5469a2e66ea877706854
SHA256: 4b39669bcc31b750e718fcebad952e058dd5f047bcaaf132aa285e8bc72c9996
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\help_16[1]
image
MD5: 0c82e0f286a6f7ad80c8ae1f16836d20
SHA256: 8ec0948024268565e2c956c3b0b29b8e83a93f5a12ca9f8142814ceacc047811
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\expand_nor[1]
image
MD5: 897ad8408a1cb6a37f8c8a1756c6e3fa
SHA256: 1d0059946a9c05b0747fe7208a96be14b5ee888f33fbf3eab2d9a01518eb3569
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\NewTabPageScripts[1]
text
MD5: 765888745d8041977e869cca85899ebb
SHA256: c5b5bfe1e05239c4546c50c7e37ee89c0c34a9fd12a923321d93d54602131055
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\tabswelcome[1]
html
MD5: feeadc5ac2822eba76af190dd5697011
SHA256: a61b3cbcbfa0f127739d8a73ad6375db85fa725938318e5c7cb7f187a69aaa43
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\images[1].jpg
image
MD5: 0c9373f56ad13e280b640a6ead7cd27d
SHA256: 8e29987e58814e2a5fcb1548cbec834906e0a5ea0d02cf7d963f3c446a1d08c1
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\images[2].png
image
MD5: e8cb64172cf52ecf653a8e8b9a6ff746
SHA256: 38510a96b5fe84c68ad8fce1485da0ae1bbfd271bf64dd2436e3909a668dfc5e
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\images[2].png
image
MD5: 2aaaad56c6b903edd5410267e625cc9b
SHA256: a02d270e8e180cbb2c4158964b8356b8734bd04868cbe0aaf629c5d150d1ebcc
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\images[2].png
image
MD5: 9dbddf11c9740cdc78607c55bf16e47c
SHA256: 14863b4cecf4989c7c7783d78e6dca8873f469ee0685a6f079c5b7f80d160403
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\images[1].png
image
MD5: ef4da63abf89ed4988f63adec86dee02
SHA256: 135622b9612bf3c246830365f0e935c4aec0c5ab6ee9c9e5077e2b5f1d2c1655
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\images[1].png
image
MD5: fc0c4c8aedf8f09ace067e261ad5122b
SHA256: ba3a609ae2cde8c72cdd16e5c3650e1caa545d924520b74cbd9858e8ad6bea2d
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\images[1].jpg
image
MD5: ef17c665362ea1568e5f1079368da6a9
SHA256: 7ed573b5aa25fbb4cc7f6791867f2a2962cda6218f6e1975195fc96178f4ad67
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\default[1].jpg
image
MD5: f826305b245d8d4cf0d62f252e97c1ed
SHA256: ad4a639dbf288132758a1323c404f5b45cd9b04ceedf1127a7c2f9d6e805b127
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\images[1].png
image
MD5: ed0b6bcab339b230c100ab6eab80368e
SHA256: f74bdad1e4a331bff4428bb88094f88ae04365ba389e79fb090c80c0040a6cce
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
text
MD5: 29620200baada512a2ed80e3a24a3def
SHA256: e13eccae6e202ddeb1062859a8030cef516674f01833048ec85bad6b259eef09
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\search[1].txt
––
MD5:  ––
SHA256:  ––
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\search[1].htm
html
MD5: 3d001937f41d2afaa970e526d586e5e7
SHA256: 3afca83c06604ce0132ea8d9cdc8f8ebe47eb9a6ed84a5f833653fd0c1f93d75
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: 3022d834fcebc8295beb61f3f552272e
SHA256: 50c991ad2f8ddb4cdd03b0bc75c9250d24caddccf19adb803a76b7ddf1618e34
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 4c35b8360f7ec7d5368a1936e9c2ed41
SHA256: fd8c307bffc62a1db96db3575a62e646e9cb2282492df6c6bfd5eb65eb6452de
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 8561f8c98dd3fb9493d7918a3ffad0a8
SHA256: 4e93efe3d474f2fde0bddec1d1ba66bd0953ff117fdb9aa5d840a7a2a58e1e35
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: f3418a443e7d841097c714d69ec4bcb8
SHA256: 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: 6a54ace280b71fb26774f9ba5b2ba18f
SHA256: 111d4b30aa4ff416e88fdbf06492c122ede300e28fb3f680104f294390a7fe70
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: afd4efe49f41cb5f006e2d77a503480b
SHA256: 4e50a5b1fd46a66141fa0bbbb71fa53ae389f82e7f14eba7ec52e154e6c6d62f
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\rs=ACT90oHJ05CcayxGT_XVUFgq3P-a2hspYw[1]
text
MD5: bf6d64f3587505571291dced66e5c9f3
SHA256: 73092b13587fb53db87191f5207b7b3453952dc6630be780227fc24b4151512f
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\nav_logo229[1].png
image
MD5: 1b12cab0347f8728af450fe2457e79c3
SHA256: ca858453ce21cabdf9911c6fa3291aa630df344244bc183a4d5ae9972e59f675
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 8331e9f4da3eba29a5d9c8e9a100e5da
SHA256: 7f19040f9ee949abbce70039456b0086c13a34a4936aed322c236f726eb65808
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\googlelogo_white_background_color_272x92dp[1].png
image
MD5: b593548ac0f25135c059a0aae302ab4d
SHA256: 44fc041cb8145b4ef97007f85bdb9abdb9a50d744e258b0c4bb01f1d196bf105
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 42bcf882130932037b418a68bfc3f395
SHA256: 9630e4a044df263569b7dcf0c7306cb011c2ce250fc4180c01f00e790f594a16
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\google_it[1].htm
html
MD5: fad0b62f39566a9ff53707c3074c983c
SHA256: 9916d35b3798a12dc0c48c14a8aa983a142ff722d3f42eac067dfad3ca8fcf37
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\google_it[1].txt
––
MD5:  ––
SHA256:  ––
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
image
MD5: 4b41c7c0c55a6e77b3fdae54791cd49c
SHA256: 41011eb22ed6c851f9701e0572020af7465555819407033584a29edae53aef6f
3516
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 2925b9feff4b0dc78f9762451d132f53
SHA256: b33348101cc278630461a006da347260e93fcc9ae15cb183f852aaee8a0f79d9
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\antivirus_total_slide[1].jpg
image
MD5: 1d5d7d9159f7bb5a73b099c27a685c5b
SHA256: 75d9d79a723b46a34cca054ca741b9902cec4d9e3853303b924dcd3164cc30cb
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\antivirus_pro_slide[1].jpg
image
MD5: b64d57722c388fb4b3e29d127b256911
SHA256: 147a38dad92ab355a7a902bf0b3642074ce121471ec4ede8637add9e6cc90943
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\adblock_homepage_0[1].jpg
image
MD5: b4cbf55a8e19f4ceedb175d57e10ecaa
SHA256: f0e435dbf3bd5971a67be7fcaf521f3b8042fafa3433c02d13b21e282d954797
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\orange-underline[1].png
image
MD5: d511a885e9391c2f873ee1ae429dd576
SHA256: aa8dcadca7892eb0b26f84169c6c1da552938550d2f9b93eff911a4d93060cb1
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\sticky-password-iphone[1].png
image
MD5: 958407ec5f01ea3d43611d5cf38fa30b
SHA256: 4d9a831e626df42cc772fad0f238b2b9bbf3bcf7fd87f2fcef43381bd8aae89b
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: 9b60308ea277bcf622d316d03cac2507
SHA256: 0297c144f130beff9755a509d3851917dcc2674a31a1c01fdf5a7c01f6fe9674
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\antivirus_free_slide[1].jpg
image
MD5: 1dd899784c51be72f42c71b867b0282e
SHA256: 537e900589046be9d3369398c57b1dcf29fcfc65b9bb073a5c4bbeff8a37a574
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\js_hLml0JgwycosUpAGUvMJ6hZq1KJ3t5KUrkAQhpLocLI[1].js
text
MD5: 82597786a41afc5c163b977271947f4f
SHA256: 84b9a5d09830c9ca2c52900652f309ea166ad4a277b79294ae40108692e870b2
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\ab_ui_homepage[1].png
image
MD5: 599d317aacce65fbfd6f814fdf868d09
SHA256: e23b45d5ea9d5dc8a9fe57438b62465f04cca2145950a25b45eaac39aa3979b6
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\ab_background_homepage[1].jpg
image
MD5: 7ee4ab582ee9e706cc6347feea7a1e3c
SHA256: 0cc4b9560ddf2c2892e6575ddbde2c8aab7248c723bc2b048ec2c970ce91495f
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\avcomparatives_logo[1].png
image
MD5: 1503c67a09bad2f657c8e6f74e7ab9fd
SHA256: 70ee8dd772751e683a0cf8768c1f5817af94161a77777a1cb4d5d5e161352d65
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\softpedia_logo[1].png
image
MD5: d0b10733fead37ee09140118c1a8c011
SHA256: 6c75c22f51b40c770c0a4049b3e0c87892a34922a26c86ee420729fa112e18d1
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\dlc_logo[1].png
image
MD5: adf13a4d55dd873d255053c3e88e916b
SHA256: 9338d3c0161986e3ea82a278a7e4eb50c57db780330c9094f4d9d46fb1a0e229
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\pcmag_logo[1].png
image
MD5: 9ec8605cf24f08a0c114316b93c75395
SHA256: 3f1baac8993e133f8836436c7e899d89e24fa8964f6940b7bb22004b45335523
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\cdm_logo[1].png
image
MD5: 5387f0970151001906d04e23bdf38673
SHA256: a67c25a0821c183c591491e591f1dd7d9edefc7a11b2c5bb2592c862039a4331
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\cnet_logo[1].png
image
MD5: 5078b7be9ad811600220536c5cc93e67
SHA256: 8db5b7976fffdb7d89d429a7501da9c76bb82acf9497e4cfb6f461b6b7f7864d
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\downloadcentral_logo[1].png
image
MD5: bec2575f52d5183fae7f2c2cf06d2301
SHA256: db6ad2b6e16e7c6c8cb89eee9b10e465335cef7b485b5bdfe6611c463e199f2b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\logo-adaware-antivirus[1].png
image
MD5: 89341230de0e3bff36bf173383e19384
SHA256: f7ee0737b7293f3722ee0d69acad027e6ebdc5d8c2183890e7f66782202768f7
680
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\logo_fd_adv_mar2017_0[1].png
image
MD5: e5d3d1fa2ed471b47761ac29025cd5c4
SHA256: 8ae14f0d6cf5f4c28ac9a0411087dfd1996fb54404e00820a9e449a636131cc4
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\ad_block_logo[1].png
image
MD5: d402b06dd324ff5bd1c0014fbc27684c
SHA256: 93224fbaa42d22c5a390121f0d0e6c00fca67927604a1119d3f146c55009319a
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\02[1].gif
image
MD5: 89cc430b2ce7c9f4939559c627357562
SHA256: 3ef9b6721f3bdb48a7db6f2b1c68d4d5e78fdd9b2cee40ba8a7f98e48c2f632b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\geekcorner[1].jpg
image
MD5: 95c3ee871bc2f680320091bf80135130
SHA256: 5d07144e8000f91c10e27dcc34f2718ebff6273c7617aada8996551dfe8509c1
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\av_logo_free[1].png
image
MD5: 375e1b62b7e8d7902380bf90312ca769
SHA256: aacb5283d42126f490ed4157ed296c5e9a5592f49ea08e74382f2da4c11f55b7
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\av_logo_total[1].png
image
MD5: 87e389e35b428c454dec765bb6d1d839
SHA256: fdf70bafd6643e28d00461feefd310aa6742065b332433043cfc264a18ea1bfb
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\logo-adaware-adblock[1].png
image
MD5: b8062170b1c7256fc86946ac88d935ce
SHA256: 360f7cdcf46193342f176b7a14fd3cbe33659fb049a9e8d245d12efbd7e7e057
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\av_logo_pro[1].png
image
MD5: 28d55af9cbcff8efcf9dd1bbef748ed7
SHA256: 4682df9051c073115c2f25d17a3988051945615d1ee9bd75574682e7f245eed6
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\Adaware_Logo_Antivirus_Total[1].png
image
MD5: ccd542dc89ed5a3bbe1893d0a53d58cc
SHA256: 83e14ea00526655f8326e213730c4273470c43dd0ca045b3477dd3bf7ea8f555
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\canaro-medium[1].eot
eot
MD5: e074507d045429e7f8d2fb74f9d96ae9
SHA256: 5a8ee1f831b0e4bad4d11a9603488ddd3b0dc6c09f14523d657132b5ac660f1b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\Adaware_Logo_Antivirus_Pro[1].png
image
MD5: bdfc93af40d8df03674a925a2ac3d89d
SHA256: 3c203db5b1b626108c175fdf7663d6b008c4ebad0e0fe47e755f1e63fabeb11a
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\StayConnected[1].png
image
MD5: 7cee61503695f9e460d7e12e052f5d76
SHA256: 4b9213fcc9eca59d23ab9688ab4afbc15f5b62010404d6a5db233553e23533f0
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\adaware[1].eot
eot
MD5: f162993ecf20d9fc36736a33d060f778
SHA256: 74aa897d71d19e40f4dfe0567cdb8f2fb2f1bb0d8304e9e9158a63975c448039
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\NoInterruptions[1].png
image
MD5: f92e98298a941cf91b8854f1bae1b457
SHA256: e1e8d0df18d64ffd611a247fdd23da7831047b951fc6317f9bcfe4fda0d0f1ce
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\customizedforyou[1].png
image
MD5: f0326b0438bddc27b779d166f4924d42
SHA256: abbe901382b07db384b9fd99a01c5a49cc92beea8849e7b45170ef92efc58260
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\logo-adaware[1].svg
image
MD5: a9f96b652fe5373953fbabd15fc0a31a
SHA256: b917cf2599abc588ce06f87190791fd871ec901d882586d57f618e4d198903ac
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_12df8271b62395a348f102b12959f9768e2baf9_0daf8550\Report.wer
binary
MD5: ecb0b625bef09e83624065c09b6ff64d
SHA256: 379cb8886fd81b23f89487e2421d86241550883e78333b471a4f118e90a3c607
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\canaro-light[1].ttf
odttf
MD5: 075b13f2afe38ac091d0ae52c1850e6f
SHA256: 5ec2a5984cf8ad7c1bbdce54160df024c32488869c7802103eb795555fbff0d1
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\canaro-book[1].ttf
odttf
MD5: 05a85b882f710a77afc9673a17a4e125
SHA256: 42313967a0898e50ff7b02fd9f586a13a4341e1d33f4fda7b05ee366c7240afb
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\logo-adaware_horizontal[1].svg
image
MD5: 4a0ec311a0e94039cfc46edcd33ddef2
SHA256: cce69d6dd0852b83410abdc2f1732ab6b30473512cdde26c13376f30ab14b5e1
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\JTUSjIg1_i6t8kCHKm459Wlhzw[1].eot
eot
MD5: 5cc74ef8a4c422084726eb9dd1163b82
SHA256: eec8b88b5a332c41c42a8448b558ba84058405b1d02ff466cb7afe94801d6323
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\canaro-semibold[1].ttf
odttf
MD5: 495e93cc9cc85e9f46a04758b6f34fa9
SHA256: ee36c5fed6471203b115e53c083661d8d20dffe05db8f7d5f77b9720787a57ea
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\jquery.cookie[1].js
text
MD5: d5528dde0006c78be04817327c2f9b6f
SHA256: b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: d008d1846c9496ede73dd7b3455eca02
SHA256: 278935c80e908c066d16993dfc00b66bed15bdb11d38f4ef1bb2bf6129b9cd0e
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\styles[1].css
text
MD5: 3cbd3212c5b2c6a0e5ad023b3d350a74
SHA256: ff1b0983140c3c23b206b66cc638a250543eb559d8df021626a38524d58cf124
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\js[1]
text
MD5: 7820ec36cb83408a908f3f39cb990f4e
SHA256: 4d63f855c042a87c79c89f40fe62f65885a2016bc54fc0731f6302d839f01e28
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: 0f70d19b164f9fae75c78a16e41256bf
SHA256: 57e6edf83020aff6b28f7dc32bd1ebe4051fbb638f6db4a57e4f41f6fb92ac62
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\js_mQNtdNfYeoOXMO9wC9UXAe_bvM1fpEBQr3LLnmlR-1w[1].js
text
MD5: 47ba1905e6509179ecc550a48da90426
SHA256: 99036d74d7d87a839730ef700bd51701efdbbccd5fa44050af72cb9e6951fb5c
736
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\anchor_link[1].css
text
MD5: d37257ca296655614d12e807d5a6e38b
SHA256: 7b72e31c314f08423c0d775b79f30d0df51f25a48ff26fe298abd8aedcf87351
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\eu_cookie_compliance.bare[1].css
text
MD5: 1310faec99bbb998c1717fc6ec27dae1
SHA256: d6525e96e9b9e417e7ac05146ae2d6995fd6373bcb44ed1ae8de4f21ab6f7ef2
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\tree-child.module[1].css
text
MD5: 50ca567c3a83f0f669e0ad776c17e177
SHA256: 7b01b36d9b978726eeb935eb9cf4ca4b7ac06e7191264f079068f6b0f3a51e90
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\js_VtafjXmRvoUgAzqzYTA3Wrjkx9wcWhjP0G4ZnnqRamA[1].js
html
MD5: 6df73ae1a09cd528c17c8ffce0c599a9
SHA256: 56d69f8d7991be8520033ab36130375ab8e4c7dc1c5a18cfd06e199e7a916a60
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: c931eefe863c45ca3ffa7c055dda1238
SHA256: 91f4b7d4eb48029f00aeff9bf4a9bada403fb91c68266daf2acd3ce0b2eea416
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\tablesort.module[1].css
text
MD5: e11e089ee392bd55db655e64114a0ecc
SHA256: be31814d3fd5339769bb897ba3ddb79b6ce4ec009471ed1244ed7c7cde98bcb6
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\sticky-header.module[1].css
text
MD5: 3114173f9eafb9697ff8187902d4b259
SHA256: 4a5eacd228b0fa4a2233a06adbb68d43aa8fa00a2a59f3c644e2e9a61ac2a037
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\tabledrag.module[1].css
text
MD5: 8ea1bc036a7ee56543314c1fc47f84d5
SHA256: b87e91f5a6ef9cdd6b394d4dfea2a7b0d25a723ee2f56b0cb23b0aa826908876
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\resize.module[1].css
text
MD5: 72218b68b5d1dcf2d2ac798305aef247
SHA256: 4a3e143479ecf4a37fdc45e49812c42fac8d5118c14d725545759f0cae8f432c
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\js.module[1].css
text
MD5: ac3a25c1a721ff659377d3b401a42f7d
SHA256: 132298c08776faea963092e83b7c30712bde095c62530bd3a613322987c4663e
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\position-container.module[1].css
text
MD5: a203bfb5819742d466b5e99af480009a
SHA256: 92931ceb6a0ad1c9b3e8fc6f335b9dfd6f0c7c8ee36f089bb10241c142a78faa
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\progress.module[1].css
text
MD5: 800ff91f90e98a989b24d723dc137bcc
SHA256: a79ffba56cef03b2ae236da067dc8e67c76a14049d2c48a5ede62e58b6abbf68
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\nowrap.module[1].css
text
MD5: 02de344715c6ec9a3745ff2186d32b9d
SHA256: 4a4fa2a793d87c88f1509f370dbc40b6deec2188b6a918f92365f873b7bc566d
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\reset-appearance.module[1].css
text
MD5: 1a41b4376e4531e8c59ca03965d251cc
SHA256: c49ffcc9f73757eebbd1cd8defec2eddc2cda35077d1237173820bdb66f0ff31
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\container-inline.module[1].css
text
MD5: 6b29a6ec09e466adf3c0b39a630506af
SHA256: c5730d19f43f160faa47af29f7e1dc2bafc393be75aa71d21dc93c775a1833c0
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 5610a7bb67a98e48e86ce581b684940f
SHA256: ee4c4fc869438ec4ba55ea3843e3c7066025c52dd463bc8445395904b840eefe
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\clearfix.module[1].css
text
MD5: 6b1fa065daf98ceb994e185fa63c528a
SHA256: 47b6311616c4b69c8e30186ba84b674b16e0f5fa22a04a8d12e0f50b80b59fa5
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\fieldgroup.module[1].css
text
MD5: 1cc8cee981494211f2f6f0941667fb96
SHA256: a95ef1cde0a9f7c63d102712a9faf99e022fd71f8d1a769bac75ca95e0afd4ad
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\item-list.module[1].css
text
MD5: 8c9b6bec7c9ebfb5351d874b356a38d1
SHA256: 5251ec9a6d7f9cc54b205363d70eb38bf67517f8e02b3ae04e85c9cf5f908228
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\hidden.module[1].css
text
MD5: 5735663d5580b8b302b2a52552937066
SHA256: d0e2f71c8685e3025594a103957a78374877415963ffcdc425bad7c0e452289f
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\autocomplete-loading.module[1].css
text
MD5: d5e2dc4f8d47720e4fb995fc52fafb1c
SHA256: e45aff424eef5d3767f72d953fd43808fdbd8b3ca10fa8c057f252bd62c2e38f
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\align.module[1].css
text
MD5: ec7d5e81cb819c04f45a3ecd3dbfb69b
SHA256: d674d860db690b411118a55ac6dcbbef7a03f8dd0291f193363fa423d4445dc3
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\details.module[1].css
text
MD5: a3d07af30e7dc57b0647e417e27ac938
SHA256: f31746cbb75773acc9358471805e24d2f80184a9686f2e4dfbf57530c3a583c0
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\analytics[1].js
text
MD5: 80e9f663857fe3a4f3b2826ec5ab4377
SHA256: 8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\css[1].txt
text
MD5: 5ec56718124cfdc39ccee9d8cc7a21f3
SHA256: 41fa67af6eba32add99ea84a05bffc5e59fe372e13f0e0d307fb335afe58f8dc
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\ajax-progress.module[1].css
text
MD5: f8fc2b4e392fd9d41080f1795f58d9e4
SHA256: 106b203351c346b2b7790e9dd9576558dfc10ed9187c5bd10700d4c02db76d20
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b0989166100b90224014594b4754e177
SHA256: 68c80eed363bae8e464f41a93a0fc74f532d5477076eb099bd0e9bff741c544a
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\adaware_com[1].htm
html
MD5: d0dfe78c64f42586d8d7c9f39b292ce6
SHA256: 10ce22cc82e6592b3a8f2fc6199a7abd3cc1ad47bdeb9567b07c893593280b4b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\adaware_com[1].txt
––
MD5:  ––
SHA256:  ––
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\http_404[2]
html
MD5: 4cd84a1b063bf6dea53e06755ef9e24d
SHA256: 988cc4b451673f847d823c9d9ba14ad50d3ca1141bc1e17c6415b8f64b6e1c22
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3516
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 5f048a0c38184bcc9cf91b13a7e3535d
SHA256: 347f47e529b6111e007f3748ab177115b1adb8164a30d810119703ab7f2d2e07
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 66d20d9cf2322c4b662ea6e754325cd7
SHA256: d6a4c1df6554cdc6d56f1d92fd09f3d7991e3620151f00db51d55c8ee260c3cc
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\http_404[1]
html
MD5: 4cd84a1b063bf6dea53e06755ef9e24d
SHA256: 988cc4b451673f847d823c9d9ba14ad50d3ca1141bc1e17c6415b8f64b6e1c22
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: e87271920f143c1d01dba63059992c76
SHA256: 50e4c1bf5d23ded47c97b4b255f0736a082c0853ecdf96c9ec94b89267e6bb6c
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 5bf6452898cf19b515de11f806965816
SHA256: 2b53797d887eb39a43452d97062a611a1dae95c3b9650603c53b7f768b3c3409
3792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 2c695ad8b8deb6c3144cb35ffef8841e
SHA256: 543c39fe0ce3def6b6a6cc8c28b61d225c09f525ea0d0dd292871145924e2999
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3516
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 45a70f3a67a9f05516da9c0316d40f50
SHA256: b6657da186288ba95de2dba4e26b8a41ad346ffd6e6beb24d28f20f0337341a2
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV92LUWX\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PHCC6TCG\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
35
TCP/UDP connections
64
DNS requests
27
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3792 iexplore.exe GET 404 104.18.87.101:80 http://flow.lavasoft.com/ US
––
––
malicious
3516 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3792 iexplore.exe GET 301 64.18.87.102:80 http://lavasoft.com/ CA
html
whitelisted
3792 iexplore.exe GET 301 172.217.18.163:80 http://google.it/ US
html
whitelisted
3792 iexplore.exe GET 302 172.217.23.131:80 http://www.google.it/ US
html
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/search?q=urlhaus&src=IE-SearchBox&FORM=IE8SRC US
html
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/sa/simg/SharedSpriteDesktopRewards_022118.png US
image
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=CB8517ECB20D45DFA7C972FD49086D86&CID=131812D2F77B6228274C1FABF623635B&Type=Event.CPT&DATA={"pp":{"S":"L","FC":31,"BC":265,"SE":-1,"TC":-1,"H":312,"BP":344,"CT":359,"IL":3},"ad":[-1,-1,1260,560,1260,498,0]}&P=SERP&DA=DUB02 US
image
whitelisted
3516 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/5n/cj,nj/c44ec255/9a358300.js?bu=Eqsfzh_vHvQe4QSCH4Qf2h-GH40flx_GH8QftB-gHqwdrx2jHg US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/th?id=AMMS_f20a8665db5de9cbea48acc4685c5f2e&w=72&h=72&c=7&rs=1&qlt=80&cdv=1&pid=16.1 US
image
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/16/cj,nj/1b7dfb88/cc8437ad.js?bu=DikuYnJ6fm5marYBugEuqgEu US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/32/23/cj,nj/4c7364c5/40e1b425.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/32/2l/cj,nj/bf587ad6/f1d86b5a.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/4Z/36/cj,nj/8e81c8c7/37f3511b.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/6J/vz/cj,nj/d695a46a/a9b12688.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/4Z/3b/cj,nj/a55b4fc5/71b450b0.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/32/1N/cj,nj/3f1e2270/f8c6dd44.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/6q/4S/cj,nj/347afee2/33036ea1.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5e/2p/cj,nj/8bb625e8/37529936.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/16/cj,nj/1b7dfb88/cc8437ad.js?bu=DikuYnJ6fm5marYBugEuqgEu US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=CB8517ECB20D45DFA7C972FD49086D86&CID=131812D2F77B6228274C1FABF623635B&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27SVGElement%27%20is%20undefined","Meta":"http%3A//www.bing.com/search%3Fq%3Durlhaus%26src%3DIE-SearchBox%26FORM%3DIE8SRC","Line":22558959,"Char":%20undefined}] US
compressed
whitelisted
680 iexplore.exe POST 200 204.79.197.200:80 http://www.bing.com/rewardsapp/ncheader?ver=8_1_2_6225016&IID=SERP.5027&IG=CB8517ECB20D45DFA7C972FD49086D86 US
text
html
whitelisted
680 iexplore.exe POST 200 204.79.197.200:80 http://www.bing.com/rewardsapp/reportActivity?IG=CB8517ECB20D45DFA7C972FD49086D86&IID=SERP.5052&q=urlhaus&src=IE-SearchBox&FORM=IE8SRC US
text
html
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=CB8517ECB20D45DFA7C972FD49086D86&CID=131812D2F77B6228274C1FABF623635B&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Member%20not%20found.%0D%0A","Meta":"http%3A//www.bing.com/rb/16/cj%2Cnj/1b7dfb88/cc8437ad.js%3Fbu%3DDikuYnJ6fm5marYBugEuqgEu","Line":2,"Char":%20undefined}] US
compressed
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/4Z/2S/cj,nj/97640e40/c08f0499.js US
text
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/Passport.aspx?popup=1 US
text
html
whitelisted
680 iexplore.exe GET 200 65.52.143.224:80 http://5e36aff66faf63d42286faeed13511fa.clo.footprintdns.com/apc/trans.gif NL
image
whitelisted
680 iexplore.exe GET 200 204.79.197.222:80 http://d356f5f88a089a13f2bd41301a691682.clo.footprintdns.com/apc/trans.gif US
image
whitelisted
680 iexplore.exe GET 200 111.221.104.12:80 http://c97025a04c7982f94d6db7c23faf7872.clo.footprintdns.com/apc/trans.gif SG
image
whitelisted
680 iexplore.exe GET 200 204.79.197.222:80 http://d356f5f88a089a13f2bd41301a691682.clo.footprintdns.com/apc/trans.gif?d356f5f88a089a13f2bd41301a691682 US
image
whitelisted
680 iexplore.exe GET 200 111.221.104.12:80 http://c97025a04c7982f94d6db7c23faf7872.clo.footprintdns.com/apc/trans.gif?c97025a04c7982f94d6db7c23faf7872 SG
image
whitelisted
680 iexplore.exe GET 200 65.52.143.224:80 http://5e36aff66faf63d42286faeed13511fa.clo.footprintdns.com/apc/trans.gif?5e36aff66faf63d42286faeed13511fa NL
image
whitelisted
680 iexplore.exe GET 200 204.79.197.222:80 http://fp.msedge.net/r.gif?&MonitorID=AZR&rid=CB8517ECB20D45DFA7C972FD49086D86&w3c=false&prot=http:&v=4&DATA=[{"MonitorID":"CLO","RequestID":"c97025a04c7982f94d6db7c23faf7872","Result":219},{"MonitorID":"CLO","RequestID":"5e36aff66faf63d42286faeed13511fa","Result":47},{"MonitorID":"CLO","RequestID":"d356f5f88a089a13f2bd41301a691682","Result":15}] US
image
whitelisted
680 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/GLinkPing.aspx?IG=CB8517ECB20D45DFA7C972FD49086D86&CID=131812D2F77B6228274C1FABF623635B&&ID=SERP,5122.1&url=https%3A%2F%2Furlhaus.abuse.ch%2Fbrowse%2F US
text
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3792 iexplore.exe 104.18.87.101:80 Cloudflare Inc US malicious
3516 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3792 iexplore.exe 104.18.87.101:443 Cloudflare Inc US malicious
3792 iexplore.exe 64.18.87.102:80 COGECODATA CA unknown
3792 iexplore.exe 64.18.87.82:443 COGECODATA CA unknown
3792 iexplore.exe 172.217.18.170:443 Google Inc. US whitelisted
3792 iexplore.exe 172.217.23.174:443 Google Inc. US whitelisted
3792 iexplore.exe 104.18.72.113:443 Cloudflare Inc US shared
3792 iexplore.exe 104.19.198.151:443 Cloudflare Inc US shared
3792 iexplore.exe 64.18.92.73:443 COGECODATA CA unknown
3792 iexplore.exe 172.217.22.3:443 Google Inc. US whitelisted
3792 iexplore.exe 64.233.166.157:443 Google Inc. US whitelisted
3792 iexplore.exe 172.217.18.4:443 Google Inc. US whitelisted
3792 iexplore.exe 172.217.18.99:443 Google Inc. US whitelisted
3516 iexplore.exe 64.18.87.82:443 COGECODATA CA unknown
3792 iexplore.exe 172.217.18.163:80 Google Inc. US whitelisted
3792 iexplore.exe 172.217.23.131:80 Google Inc. US whitelisted
3792 iexplore.exe 172.217.23.131:443 Google Inc. US whitelisted
3516 iexplore.exe 172.217.23.131:443 Google Inc. US whitelisted
3792 iexplore.exe 172.217.18.174:443 Google Inc. US whitelisted
3792 iexplore.exe 216.58.208.46:443 Google Inc. US whitelisted
3792 iexplore.exe 172.217.16.174:443 Google Inc. US whitelisted
3792 iexplore.exe 216.58.206.14:443 Google Inc. US whitelisted
680 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
680 iexplore.exe 157.55.134.142:443 Microsoft Corporation US whitelisted
680 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
680 iexplore.exe 65.52.143.224:80 Microsoft Corporation NL whitelisted
680 iexplore.exe 204.79.197.222:80 Microsoft Corporation US whitelisted
680 iexplore.exe 111.221.104.12:80 Microsoft Corporation SG whitelisted
680 iexplore.exe 151.101.2.49:443 Fastly US suspicious

DNS requests

Domain IP Reputation
flow.lavasoft.com 104.18.87.101
104.18.88.101
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
lavasoft.com 64.18.87.102
whitelisted
www.adaware.com 64.18.87.82
64.18.87.81
unknown
fonts.googleapis.com 172.217.18.170
whitelisted
www.google-analytics.com 172.217.23.174
whitelisted
static.zdassets.com 104.18.72.113
104.18.71.113
104.18.70.113
104.18.73.113
104.18.74.113
whitelisted
cdnjs.cloudflare.com 104.19.198.151
104.19.195.151
104.19.197.151
104.19.199.151
104.19.196.151
whitelisted
store.adaware.com 64.18.92.73
unknown
fonts.gstatic.com 172.217.22.3
whitelisted
stats.g.doubleclick.net 64.233.166.157
64.233.166.154
64.233.166.156
64.233.166.155
whitelisted
www.google.com 172.217.18.4
whitelisted
www.google.co.uk 172.217.18.99
whitelisted
google.it 172.217.18.163
whitelisted
www.google.it 172.217.23.131
whitelisted
img.youtube.com 216.58.208.46
172.217.16.142
172.217.22.46
172.217.22.78
172.217.22.110
172.217.16.206
172.217.18.110
172.217.21.206
216.58.205.238
172.217.21.238
172.217.22.14
172.217.18.14
172.217.18.174
172.217.23.142
216.58.206.14
216.58.207.46
whitelisted
encrypted-tbn0.gstatic.com 172.217.16.174
whitelisted
encrypted-tbn1.gstatic.com 172.217.18.174
whitelisted
encrypted-tbn3.gstatic.com 216.58.208.46
whitelisted
encrypted-tbn2.gstatic.com 216.58.206.14
whitelisted
login.live.com 157.55.134.142
157.55.134.140
157.55.135.134
whitelisted
5e36aff66faf63d42286faeed13511fa.clo.footprintdns.com 65.52.143.224
unknown
d356f5f88a089a13f2bd41301a691682.clo.footprintdns.com 204.79.197.222
unknown
c97025a04c7982f94d6db7c23faf7872.clo.footprintdns.com 111.221.104.12
unknown
fp.msedge.net 204.79.197.222
whitelisted
urlhaus.abuse.ch 151.101.2.49
151.101.66.49
151.101.130.49
151.101.194.49
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.