General Info

URL

https://shipmenttracker.co:443/package?adprovider=AppFocus523&source={source}&subid=7ball-Package-IEFF&subid2=10205d846bb1d09732258a6433342f&AppID=2091

Full analysis
https://app.any.run/tasks/709851e2-8469-4742-b236-f88a2df91012
Verdict
Malicious activity
Analysis date
6/12/2019, 01:27:04
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

adload

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • ShipmentTracker-21403875.exe (PID: 2788)
ADLOAD was detected
  • ShipmentTracker-21403875.exe (PID: 2788)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3704)
Creates files in the user directory
  • ShipmentTracker-21403875.exe (PID: 2788)
Changes the started page of IE
  • ShipmentTracker-21403875.exe (PID: 2788)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 3704)
  • ShipmentTracker-21403875.exe (PID: 2788)
  • iexplore.exe (PID: 2676)
Creates a software uninstall entry
  • ShipmentTracker-21403875.exe (PID: 2788)
Starts Internet Explorer
  • ShipmentTracker-21403875.exe (PID: 2788)
Changes internet zones settings
  • IEXPLORE.EXE (PID: 3624)
  • iexplore.exe (PID: 2676)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 3816)
  • iexplore.exe (PID: 3704)
Reads Internet Cache Settings
  • IEXPLORE.EXE (PID: 3816)
  • iexplore.exe (PID: 2676)
  • iexplore.exe (PID: 3704)
Creates files in the user directory
  • IEXPLORE.EXE (PID: 3816)
  • iexplore.exe (PID: 2676)
  • iexplore.exe (PID: 3704)
Changes settings of System certificates
  • iexplore.exe (PID: 2676)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2676)
Application launched itself
  • iexplore.exe (PID: 2676)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start iexplore.exe iexplore.exe #ADLOAD shipmenttracker-21403875.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2676
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\sc_reader.ico
c:\users\admin\desktop\shipmenttracker-21403875.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3704
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2676 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2788
CMD
"C:\Users\admin\Desktop\ShipmentTracker-21403875.exe"
Path
C:\Users\admin\Desktop\ShipmentTracker-21403875.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SpringTech Ltd.
Description
Version
4, 6, 0, 2
Modules
Image
c:\users\admin\desktop\shipmenttracker-21403875.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll

PID
3624
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hshipmenttracker.co/?uc=20190611&ap=appfocus523&uid=01209ecd-26c5-4b0e-befe-bd65462d3d59&i_id=packages_spt__1.30&source=%7Bsource%7D_v0-bb9_v0-bb9-iei
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
ShipmentTracker-21403875.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wship6.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
3816
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3624 CREDAT:71937
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imgutil.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
1507
Read events
1264
Write events
238
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
2676
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2676
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{7469E9EB-8CA0-11E9-A370-5254004A04AF}
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B0017001B0014001101
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B0017001B0014001101
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B0017001B001400AD01
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B0017001B001400CC01
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
303
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B0017001B001400F502
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
48
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
441DE438AD20D501
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2676
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2676
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2676
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
0
43003A005C00500072006F006700720061006D002000460069006C00650073005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0069006500780070006C006F00720065002E00650078006500000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
MRUListEx
00000000FFFFFFFF
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000001000000000000000200000006000000030000000500000004000000FFFFFFFF
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\Shell
SniffedFolderType
Generic
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
4
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
1
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
16
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
1
69006500780070006C006F00720065002E0065007800650000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
0100000000000000FFFFFFFF
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
0
9200320000000000000000008000536869706D656E74547261636B65722D32313430333837352E6578650000660008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000053006800690070006D0065006E00740054007200610063006B00650072002D00320031003400300033003800370035002E0065007800650000002C000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
MRUListEx
00000000FFFFFFFF
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
9200320000000000000000008000536869706D656E74547261636B65722D32313430333837352E6578650000660008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000053006800690070006D0065006E00740054007200610063006B00650072002D00320031003400300033003800370035002E0065007800650000002C000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AE010000B000000051030000BA01000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2676
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Download Directory
C:\Users\admin\Desktop
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060002000B0017001B0028005B0100000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060002000B0017001B0028006B0100000000
2676
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3704
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASAPI32
EnableFileTracing
0
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASAPI32
EnableConsoleTracing
0
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASAPI32
FileTracingMask
4294901760
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASAPI32
ConsoleTracingMask
4294901760
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASAPI32
MaxFileSize
1048576
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASAPI32
FileDirectory
%windir%\tracing
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASMANCS
EnableFileTracing
0
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASMANCS
EnableConsoleTracing
0
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASMANCS
FileTracingMask
4294901760
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASMANCS
ConsoleTracingMask
4294901760
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASMANCS
MaxFileSize
1048576
2788
ShipmentTracker-21403875.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21403875_RASMANCS
FileDirectory
%windir%\tracing
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{298DE0AB-86B3-4456-9B3A-8F0A12D6119C}
DisplayName
Shipment Tracker - Powered by Yahoo!
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{298DE0AB-86B3-4456-9B3A-8F0A12D6119C}
URL
http://search.hshipmenttracker.co/s?uc=20190611&ap=appfocus523&uid=01209ecd-26c5-4b0e-befe-bd65462d3d59&i_id=packages_spt__1.30&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&query={searchTerms}
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{298DE0AB-86B3-4456-9B3A-8F0A12D6119C}
SuggestionsURL
https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}
2788
ShipmentTracker-21403875.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
6256FFB019F8FDFBD36745B06F4540E9AEAF222A25
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D100000000020000000000106600000001000020000000232957469CF19AE1CEAD7B6DFAE8EA437734808E0E78498DC41C82A09685A0D9000000000E8000000002000020000000BB149E6C30509783C283BFDAFADC39BD4898ED65ABC99B04E9E0AE4CDAB214B510000000E6155E2F6472796F59846C975467ABD440000000ACF971EEF0A17FCDDB9E89B0EA36A7841E0C3EFA1A497B64B9BF6A92F36F7FF9B69572ADF1DBA13E7E313042E23B434C2F4FF1238DE8799D3E25A902654510EA
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D100000000020000000000106600000001000020000000FFB56461345432EA8902F8B7D6780809E3D7CA2E7C7B4A4F58BDBA95083C65B0000000000E8000000002000020000000D80D87A4687A3CF18F213C9DD0C3699B1483345E6C32AC7298560A79B206098150000000E9ED4076DC43DB00041E5F1DBDF9C50F1BB4E7EAFB918768DABF903FC5A6AA9BBE9443A290A8A058D0715A2A247D2D806ACAC872BEB47315326A2D9CBEDAA954F729DE9FEC7C042607385D7A76300FAA4000000097AFC57686B018D90795B282474AB23E06FF8848E627990B3095B6DC9D8BC2281417449E339CE625A5354EBDAC2D01FDEF452EC4FFAFB1EF4D1AC4CD98171A8A
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{298DE0AB-86B3-4456-9B3A-8F0A12D6119C}
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://search.hshipmenttracker.co/?uc=20190611&ap=appfocus523&uid=01209ecd-26c5-4b0e-befe-bd65462d3d59&i_id=packages_spt__1.30&source=%7Bsource%7D_v0-bb9_v0-bb9-iei
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayName
Shipment Tracker
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayVersion
4.6.0.2
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Publisher
SpringTech Ltd.
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
InstallLocation
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallString
"C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallDialog
2
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallEngineID
{298DE0AB-86B3-4456-9B3A-8F0A12D6119C}
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallImpression
http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event={exEvent}
2788
ShipmentTracker-21403875.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallHomepage
http://search.hshipmenttracker.co/?uc=20190611&ap=appfocus523&uid=01209ecd-26c5-4b0e-befe-bd65462d3d59&i_id=packages_spt__1.30&source=%7Bsource%7D_v0-bb9_v0-bb9-iei
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{86F78286-8CA0-11E9-A370-5254004A04AF}
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B0017001B0033007700
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B0017001B0033007700
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B0017001B0033008001
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B0017001B0033009F01
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
235
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B0017001B003300BF01
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
40
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
B74A834AAD20D501
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
11AD854AAD20D501
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3624
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3816
IEXPLORE.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
IEXPLORE.EXE

Files activity

Executable files
3
Suspicious files
5
Text files
64
Unknown types
13

Dropped files

PID
Process
Filename
Type
2788
ShipmentTracker-21403875.exe
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe
executable
MD5: 35966d66a5813ef87c2574e5411d413b
SHA256: 2072caa1039c367077eb576ffd20bb6e0fbb05641ff96258696b3d73bc58e294
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\ShipmentTracker-21403875[1].exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
2676
iexplore.exe
C:\Users\admin\Desktop\ShipmentTracker-21403875.exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0e93932d67a05266ff313e314e8e4817
SHA256: afa1c4bf660fefe17870fdf12e448c39352d2a2684d97470ebbf01cd06e3eb69
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\firebase-database[1].js
text
MD5: 0b73ce41f82899bdc2f3a25f0d329d8d
SHA256: c5ad5aee892d68422a84bf2e2df83f6fcb2c7de2e0506a8ec2702f1c0b856daa
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\firebase-firestore[1].js
s
MD5: 6f7a7f8cec97cf107d26a28139174bad
SHA256: c4fdb6859c7e6ad03c49f1d43ddc4165b1ba786b10a41bc00fd0c01baf33c49a
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 8f6ad01e5580005af7cc411fca39a435
SHA256: 45fef73dceccb0736b7f6e62f4fee04f5070e836b1af085ae229c098209f993f
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\firebase-auth[1].js
text
MD5: 5820c0d760b485dee2de26326f5fbecc
SHA256: e274fc6b43371232b1db34aa3b09703f88fbb05453a50bf00f89833496b06703
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\firebase-messaging[2].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\packages_sprite[1].jpg
image
MD5: 8083db015452147f1c1fb04459d5ddf4
SHA256: 9af1b1dedf71fa251a4d4e188e9d231f9f20f1daf3a939121c7fa9f3c9e57b20
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 037fe3f4835a4114c89db8609f36914e
SHA256: 8d0ba8d5d20eb144d57475909cb6b80d0886b96deb5f6f76dfb8acf67990f567
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\common[1]
text
MD5: 2185eab81ef76112e0aa87e3d5dbd33c
SHA256: c40faf2311b9a064a55ff463c2776f3071f3dd795fe2740c37a13cb000c5625c
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\Sprite_Email_V9[1].png
image
MD5: b28e84650fd0bfeee84818c6dae1990f
SHA256: 856a3f6468b76d5e204793c0a8f7f9287674a1536e2e61ed1a8d4413700bcfa4
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\recipesIcon[1].jpg
image
MD5: 0df82b6f5e4044de09dabcd5aa755afb
SHA256: 3257d7d9d5b73b0a5fe51dc0493005d50833ea28b848e0ffb4d4b1db25425465
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\static[1].txt
image
MD5: db04c7b378cb2db912c3ba8a5a774ee3
SHA256: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\Sprite_Packages_V2[1].png
image
MD5: 0c39779c421185bd546486c8889f5105
SHA256: e9f8f7364bb75d4b1b8047015c7bc0124f9435dcc2b0f4c4ecd1bc006cb3d4a7
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\gear-icon[1].png
image
MD5: c191c48cdc9a12101c96bac13a3a672e
SHA256: 19fce2176cb990c4773742094923ccdd17d778fd050b675b0c8ff16b945e95ca
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\weatherAgencyIcon[1].jpg
image
MD5: ca18bf31a2bdc6325c3839c7f47d8f6e
SHA256: 0651cf7b687ef85bbf398677789f763ca99e709ceca13c1ac3e90851fc4a07bd
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\saveMoney[1].png
image
MD5: a353048a16ced5eacab658f12e4db18d
SHA256: e2c368a8182d29a0fc74005f812f55b71a840b80cd7c07619db67424839f5594
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\packages[1].png
image
MD5: 124aa7599ad1f18e508c5841f16aa3e0
SHA256: 9f15c11e33a413d243d31bc16f854b9e8ec15233e5facdf4ac8e3ce7f62a893a
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\carbuyer[1].jpg
image
MD5: ba436cba2d70a4a0a541f0fbc8394ef9
SHA256: 96238f3ccc7dab7ec043330bbf73710cc2ae01ddd9346f69afc852721c909027
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\bookingbuddy[1].jpg
image
MD5: 928b5e556a2aeec535055318d8bf8445
SHA256: f6f55450ab57c199e6615a554e03a840188db5ac93227202f6dbe4ffefabb03c
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\search_hshipmenttracker_co[1].txt
html
MD5: a780851b4bc38a7321d8aa019361695c
SHA256: e034ae391a27156052a681db02e8417587fbc368a12f4afe9e473e84f8a4deea
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\setting[1].txt
text
MD5: ef9323d5935a425c7ebe28da6bc79fe3
SHA256: 1d8169ea23eb16843ce5c60a4a07191776c668bb3eb88c8695394316970c15e4
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\amazon[1].png
image
MD5: 65d37a0031eefa2720aa4e20bcbfb6f2
SHA256: a279329ab261b8fc30b5ec08ccd0ceade7cf6ff1c0dae6a05cd46189191a43d1
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\news-1[1].png
image
MD5: 69f417a5b6fb00c16f2b1613f787878c
SHA256: 9717dfdf6c679515fa277e4ef79d0f91748c40aebc657a9e1da6b5a6aefb7888
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\kelkoo[1].jpg
image
MD5: 97c7359a869578f55cfd5d2cad35437d
SHA256: 93649e2d7f85788b32f3956f21f8e399dbd74b235e29a6fa648a5616e216de40
3816
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: f7ab2cbfc2a37f38dbf73a66793a176e
SHA256: 72a376802598b09521a6e67336ab6614ec758dcdb7cee848f90e071b4cb9793a
3816
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7JV3G77U\search.hshipmenttracker[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\impression[1]
text
MD5: 46e56fce3ecf796977d267ca285048f8
SHA256: 44fdd554d8a2eb6c72314a5fc6831eeb8a55042f70922ec9e0b03d9b722d2af9
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\monetizedquicklinks[1].txt
text
MD5: c674eddee3a1c547b3f796c490f1a7bd
SHA256: 6d196023e05ee37572c83418341fd2c56ba4cbf04daa97edfbec9827bcee602f
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\header_common[1]
text
MD5: 7395e64d793177bd26a720124703786f
SHA256: e593503a6f74a91b7ca6d5ef4be3bf2a0fc2b5d45d615e6d9788512bbfec2aa4
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\packages_v1[1].txt
text
MD5: 14deeb3a5a9716efa97437353dbf8d39
SHA256: e2c64a16bfaabd7e9a587ea6aa9818412f0dced4f75f54116c06409a10360c16
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\search_hshipmenttracker_co[1].txt
––
MD5:  ––
SHA256:  ––
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: d1915a940d17ef00a3fa885d31ed7c71
SHA256: c8e0960f3bdce2355eb3af140ded1e5be593a5aad31c9ec61b6a2ba3458a1681
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\search_hshipmenttracker_co[1].htm
html
MD5: 7a4ae27316c4951e433b789859da88a6
SHA256: 8f7c820c2a01e9741440bf7c7d16e689a79aa425932a2627a535a5d68cf31d6c
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\icons-star[1].png
image
MD5: ee286d05500f9eee903e3429f8434776
SHA256: 9f71f0c0201f4781879baf4e695f4188725a8ce2953d18b8c1120865f5d32a28
2788
ShipmentTracker-21403875.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\api[1].txt
––
MD5:  ––
SHA256:  ––
2676
iexplore.exe
C:\Users\admin\Desktop\ShipmentTracker-21403875.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\prompt[2]
text
MD5: a06932738363e5d1733bf9615d803ced
SHA256: fe042512a4e560814513a3adc21b696187a211bebab126781168daeb56acbc8d
3816
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b311cd6bf777ab2a7b07faa6ee497a70
SHA256: b30d8ae79d5a6d6c47e070ebb26f6a0ca48024c6e6c88c7a428d73dd60fcaeb8
2676
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
image
MD5: 4859e39ae6c0f1f428f2126a6bb32bd9
SHA256: a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\package[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 11c8e2407085f0d0e268535a22f94ac0
SHA256: beb075ed979dcc7c175d0c41d7b226505a49de8f0b09d7b2602732a6dc21c652
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e9d663d67d14664865742030c41b8034
SHA256: 3c954305a483b899c40e2fa499e23538cadc7e2ea2f48f4036756f0071dede37
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2676
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: bf7a4ea1ad0a2d59a1a9aa569b6b5c34
SHA256: a9816343888a15fd3882bbf25cda2f6f3ad3b266757d745da4c4e92f7c4fbf06
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: ef183231428013f6ccaa916a93f53b07
SHA256: 5ce580718b92f29b06553bac54b25e94fc1c555bf3ad22fbf263ebc60a2c1715
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\Package[1].jpg
image
MD5: 56206913faf90571db7eaa907283bb53
SHA256: 7878193f62e342e657b5c4f67006adf9bf5c9343a134be118421c63c7709d5b7
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\btnIcon[1].png
image
MD5: b6c1d6d1746ddf779bec16296b785afe
SHA256: 5abc08a29d97624fc13042b8602e95cd18d2bf90a0e7babd24e58bbd49eea408
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\world[1].png
image
MD5: 7cd58ff673d9573d093ad112f8a68267
SHA256: 5d1fdeb9414658ea2da348b9887f9ec8961fab8db1dc70d6af5925d419d3bb7c
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 3ff3a55fa1981934b03146b4a2844341
SHA256: f24d7899fb444f548433dcccd371da488c944e33a8fdbb62b898811f5db6d837
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\rightArrow[1].png
image
MD5: 1a62abd3ff759b9a18fdbfc594b3851a
SHA256: 6b007a870bf5422732d8d9cb18386c84d55c5f13fdd2c452f69e5b97cb214e77
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\plane[1].png
image
MD5: 28e4b9ddd88eac9e0311bc314c3f9392
SHA256: 4464d188b0e8d17e74dd4f6801d09ff1be3e5e2c488f9f72fedf9c6200421f63
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\leftArrow[1].png
image
MD5: db23b75d8fe757906f6fba31f2f59438
SHA256: bf1e4c4961f6ba7848d14065cce15d0beab2601dfbc1c2286df7a3a2d7b7a080
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\logo[1].png
image
MD5: 86cd48283c6f2d27744ef0ef1a4beabe
SHA256: 14cd23c556aecbfb354e8b6056a6597ab4692687615aae0faa21819b1300052c
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 82640e8daad4a7056b958bec4ea6cc2f
SHA256: 90629252dcc49cde10e28fd029cd1e0ce058c77d05d539e5e00272f2e9fb0c92
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\js[1]
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\prompt[1]
text
MD5: af9ee93c85a8ed8f1641e8750a3b6c8e
SHA256: 536df838a03e80433fc8baa9da4718c03f66d36eb0fcfb11d6096ec12474a338
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 4be1a572fca40bcb2202504cb17aed91
SHA256: 64d06eeb18abad7d4ef1b1ef7409cf108bd4774c50a64e2c7b49ffb708ff24f4
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\u-4x0qWljRw-Pd8w__k[1].eot
eot
MD5: 491d2a5b23b87654b77616d254463eb6
SHA256: 9323a60117e78ca1be8c1a8fb3f755d7bea48fc4dc275cf4223bf319f26e6657
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\jquery[1]
text
MD5: ce7092c9dcc6af3c74423729abe80447
SHA256: 5aa42812961402a87076bc7a833aac5cd2c6dba847ed399bf836e025b7749b6e
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\bootstrap.min[1].css
text
MD5: 91720dab4998d2b67ee2b9488e939b39
SHA256: 5668d0f89e9183da01b58f023c3d56e5fc32c23a5328b7973cfc736230318eed
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\sendImpression[1]
text
MD5: 020a2d40895e2639f320e3330311436c
SHA256: 5f2463d232403ddeece2d4408e56b3c38d3849635e892a759d642e3a3f2a40e4
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\css[1].txt
text
MD5: fcf83902aee973885603e1c1bb2af86b
SHA256: d7341b190233872f5f2689aa7ec954668529f6e72295ac2b8a81daed414b0636
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\css[1].txt
text
MD5: 9d884a8d52acac785d18e4adc5fb42a9
SHA256: f05b8631b23eb9eba46207a49e22c97e4226aa66d0dd0248d127a9aa22531fb1
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\master_style[1].css
text
MD5: 8cedbf3248fd50d21caed8f9ffe7c090
SHA256: 31c976d20a66cc5706e587d75265d92f7fc6ee33d7ebd642c352a774e81ceee0
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\package[1].txt
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: d35f39633ba2a3aef52a12f64cab4b1b
SHA256: 2d41b0583bf194049a242df6999fe9cad421f530db10ec3dfd40629b8df7d181
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\package[1].htm
html
MD5: fd20205aa01bb0dfcab92b0480371ff2
SHA256: 848b6443b08ffcc956540e69810289d25a48b9127b745e8731c3560616c32e59
3704
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 2d9a53811950b184d0f02825545c157b
SHA256: 8ac5002ed72fa7271a63af5b702e70fa1e6ba2c6e47c5d048fdf82f68845143f
3704
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar457D.tmp
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 41577a5ab6a7d917cddeeddc2ef52d53
SHA256: 695fcbf6d5b0a83f6671ea2063aa9e2d45d263a108e826f21186b4a7f05925ff
3704
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab457C.tmp
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar44C0.tmp
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab44BF.tmp
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar44AE.tmp
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: a70cfa758542d1ae96f9ac0713b87ed7
SHA256: 5cf5230b3cac39e033bba784bfa89f60beb122e49822405b3255677ffc67ccb5
3704
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
3704
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab44AD.tmp
––
MD5:  ––
SHA256:  ––
2676
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2676
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2676
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1ae803b32d6f0435f696c001ffbb57ea
SHA256: b1f3eaf4783645197cb6d25bb1d4ec2921b7bac02f4612ba9a4d70889f8781a7
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\270EM098\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81J5Z902\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAETTR77\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3YPN95JV\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2676
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3624
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
34
TCP/UDP connections
47
DNS requests
21
Threats
10

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2676 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3704 iexplore.exe GET 200 143.204.178.195:80 http://x.ss2.us/x.cer US
der
whitelisted
3704 iexplore.exe GET 200 2.16.186.66:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab unknown
compressed
whitelisted
3704 iexplore.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hshipmenttracker.co&implementation_id=packages_spt_&source={source}_v0-bb9_v0-bb9&adprovider=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&dfn=Shipment%20Tracker&spo=0&appname=Shipment%20Tracker&appdesc=Get%20your%20package%20info%20%20instantly%20from%20your%20home%20and%20new%20tab%20page!&ies=s,h&sso= US
executable
shared
2788 ShipmentTracker-21403875.exe GET 200 34.192.66.209:80 http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=U2hpcG1lbnRUcmFja2VyLTIxNDAzODc1LmV4ZQ==&rf=0&proto=1 US
text
shared
2788 ShipmentTracker-21403875.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event=ex_accepted US
––
––
shared
2788 ShipmentTracker-21403875.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event=ex_shown_ds US
––
––
shared
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/?uc=20190611&ap=appfocus523&uid=01209ecd-26c5-4b0e-befe-bd65462d3d59&i_id=packages_spt__1.30&source=%7Bsource%7D_v0-bb9_v0-bb9-iei US
html
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/styles/home/packages_v1?v=x1BZmimwCuTPrxEKkON02bLwNE7X3DWDcBAeymH_VyI1 US
text
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81 US
text
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/styles/home/monetizedquicklinks?v=gJHlzDmEaHpGOsrgbxBB8fvVZ_OkkCeXVVHkJAPS47A1 US
text
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/get/js/impression?uc=20190611&ap=appfocus523&source={source}_v0-bb9_v0-bb9-iei&uid=01209ecd-26c5-4b0e-befe-bd65462d3d59&i_id=packages_spt__1.30&cid= US
text
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/styles/home/setting?v=ryUN9ROxMocKoOuvctYLZZeK4BqnEgMfzTl9evNnkcM1 US
text
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/ US
html
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/scripts/home/common?v=EuIy2lerC3sucsvrktGFFhoc5c0KLvN9crdBl8oVyrw1 US
text
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Shared/Images/gear-icon.png US
image
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Email/Sprites/Sprite_Email_V9.png US
image
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/img/Icons/weatherAgencyIcon.jpg US
image
unknown
3816 IEXPLORE.EXE GET 200 143.204.178.209:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/kelkoo.jpg US
image
whitelisted
3816 IEXPLORE.EXE GET 200 143.204.178.209:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/amazon.png US
image
whitelisted
3816 IEXPLORE.EXE GET 200 143.204.178.209:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/news-1.png US
image
whitelisted
3816 IEXPLORE.EXE GET 200 143.204.178.209:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/bookingbuddy.jpg US
image
whitelisted
3816 IEXPLORE.EXE GET 200 143.204.178.209:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/carbuyer.jpg US
image
whitelisted
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Images/saveMoney.png US
image
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Packages/Sprites/Sprite_Packages_V2.png US
image
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/img/Icons/recipesIcon.jpg US
image
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Packages/Sprites/packages_sprite.jpg US
image
unknown
3624 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/favicon.ico US
image
unknown
3816 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Slick/images/icons-star.png US
image
unknown
2788 ShipmentTracker-21403875.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event=ex_set_ds US
––
––
shared
2788 ShipmentTracker-21403875.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event=ex_set_hp US
––
––
shared
2788 ShipmentTracker-21403875.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event=ex_installed US
––
––
shared
2788 ShipmentTracker-21403875.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=%7Bsource%7D_v0-bb9_v0-bb9-iei&sub_id=20190611&traffic_source=appfocus523&user_id=01209ecd-26c5-4b0e-befe-bd65462d3d59&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560295649&sgn=3b202f3cac60eea327a6ddc6b3c024fd7c07462d&subid2=8.0.7601.17514&event=ex_executed US
––
––
shared
2788 ShipmentTracker-21403875.exe POST 200 34.192.66.209:80 http://www.springtechdld.com/advplatform/api.cgi?act=postStat&id=U2hpcG1lbnRUcmFja2VyLTIxNDAzODc1LmV4ZQ==&rf=0&proto=1 US
text
compressed
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2676 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3704 iexplore.exe 18.214.213.187:443 US unknown
3704 iexplore.exe 143.204.178.195:80 US malicious
3704 iexplore.exe 2.16.186.66:80 Akamai International B.V. –– whitelisted
3704 iexplore.exe 216.58.208.35:443 Google Inc. US whitelisted
3704 iexplore.exe 172.217.22.42:443 Google Inc. US whitelisted
3704 iexplore.exe 34.194.5.215:443 Amazon.com, Inc. US unknown
3704 iexplore.exe 52.21.108.235:443 Amazon.com, Inc. US unknown
3704 iexplore.exe 172.217.21.227:443 Google Inc. US whitelisted
3704 iexplore.exe 54.72.199.154:443 Amazon.com, Inc. IE suspicious
2676 iexplore.exe 18.214.213.187:443 US unknown
3704 iexplore.exe 107.23.13.37:80 Amazon.com, Inc. US malicious
2788 ShipmentTracker-21403875.exe 34.192.66.209:80 Amazon.com, Inc. US shared
2788 ShipmentTracker-21403875.exe 107.23.13.37:80 Amazon.com, Inc. US malicious
3816 IEXPLORE.EXE 52.21.108.235:80 Amazon.com, Inc. US unknown
3816 IEXPLORE.EXE 54.72.199.154:443 Amazon.com, Inc. IE suspicious
3816 IEXPLORE.EXE 143.204.178.91:443 US unknown
3816 IEXPLORE.EXE 54.174.5.12:443 Amazon.com, Inc. US unknown
3816 IEXPLORE.EXE 104.111.241.173:443 Akamai International B.V. NL unknown
3816 IEXPLORE.EXE 143.204.178.209:80 US unknown
3816 IEXPLORE.EXE 34.194.5.215:443 Amazon.com, Inc. US unknown
3816 IEXPLORE.EXE 104.24.102.103:443 Cloudflare Inc US unknown
3816 IEXPLORE.EXE 172.217.16.131:443 Google Inc. US whitelisted
3816 IEXPLORE.EXE 104.28.30.66:443 Cloudflare Inc US unknown
3624 IEXPLORE.EXE 52.21.108.235:80 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
shipmenttracker.co 18.214.213.187
52.44.224.39
unknown
x.ss2.us 143.204.178.195
143.204.178.201
143.204.178.140
143.204.178.38
whitelisted
www.download.windowsupdate.com 2.16.186.66
2.16.186.81
whitelisted
config.hshipmenttracker.co 52.21.108.235
54.236.122.112
unknown
www.gstatic.com 216.58.208.35
whitelisted
fonts.googleapis.com 172.217.22.42
whitelisted
pushible.com 34.194.5.215
54.173.109.10
unknown
fonts.gstatic.com 172.217.21.227
whitelisted
appfocus.go2cloud.org 54.72.199.154
52.30.52.254
52.50.109.222
malicious
www.springdwnld2.com 107.23.13.37
34.192.66.209
shared
www.springtechdld.com 34.192.66.209
107.23.13.37
shared
search.hshipmenttracker.co 52.21.108.235
54.236.122.112
unknown
imp.mt48.net 104.111.241.173
unknown
d3ff8olul1r3ot.cloudfront.net 143.204.178.91
143.204.178.210
143.204.178.35
143.204.178.5
whitelisted
dap2y8k6nefku.cloudfront.net 143.204.178.209
143.204.178.138
143.204.178.203
143.204.178.65
whitelisted
imp.onesearch.org 54.174.5.12
52.22.227.196
malicious
mypackagetracking.net 104.24.102.103
104.24.103.103
unknown
trackpackageapp.com 104.28.30.66
104.28.31.66
unknown

Threats

PID Process Class Message
3704 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3704 iexplore.exe Misc activity ET INFO EXE - Served Attached HTTP
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
2788 ShipmentTracker-21403875.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon

Debug output strings

No debug info.