General Info

File name

index.html

Full analysis
https://app.any.run/tasks/8cbd864b-ed7d-44ef-bdb0-0f8e77e6e261
Verdict
Malicious activity
Analysis date
10/9/2019, 15:35:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

adload

Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5

82d136151a981a95142191f4c3391ed1

SHA1

c274fe739ddb2fac497422a56f6a51db01b8a1a0

SHA256

21d1cd86021ae428be7c39206cf95ce21fa6c364fa44688b89803553134fe216

SSDEEP

384:3Px88cU3l7DazkHSELmpNLqyRqH94iiTBitpWizjy9p/EHtolfuGQEH:fZcU3lDaiSHPqqqHuVzP9FEHtAWP0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Downloads executable files from the Internet
  • iexplore.exe (PID: 3344)
ADLOAD was detected
  • EasyRadioPlayer-25780493.exe (PID: 2656)
Application was dropped or rewritten from another process
  • EasyRadioPlayer-25780493.exe (PID: 2656)
Starts Internet Explorer
  • EasyRadioPlayer-25780493.exe (PID: 2656)
Creates files in the user directory
  • EasyRadioPlayer-25780493.exe (PID: 2656)
Executable content was dropped or overwritten
  • EasyRadioPlayer-25780493.exe (PID: 2656)
  • iexplore.exe (PID: 3344)
  • iexplore.exe (PID: 2364)
Creates a software uninstall entry
  • EasyRadioPlayer-25780493.exe (PID: 2656)
Changes the started page of IE
  • EasyRadioPlayer-25780493.exe (PID: 2656)
Changes settings of System certificates
  • iexplore.exe (PID: 2940)
Reads internet explorer settings
  • iexplore.exe (PID: 2940)
  • iexplore.exe (PID: 3572)
  • iexplore.exe (PID: 3344)
Application launched itself
  • iexplore.exe (PID: 2364)
Creates files in the user directory
  • iexplore.exe (PID: 2940)
  • iexplore.exe (PID: 3572)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2940)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3572)
  • iexplore.exe (PID: 2364)
  • iexplore.exe (PID: 3344)
  • iexplore.exe (PID: 2940)
Reads settings of System Certificates
  • iexplore.exe (PID: 2940)
  • iexplore.exe (PID: 3572)
Changes internet zones settings
  • iexplore.exe (PID: 2364)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

EXIF
HTML
Title:
Easy Radio Player
viewport:
width=device-width, initial-scale=1.0
Description:
null
Keywords:
null

Screenshots

Processes

Total processes
43
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start iexplore.exe iexplore.exe iexplore.exe #ADLOAD easyradioplayer-25780493.exe iexplore.exe no specs iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2364
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msftedit.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\users\admin\downloads\easyradioplayer-25780493.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
2940
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\jscript.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll

PID
3344
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:203009
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\audioses.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2656
CMD
"C:\Users\admin\Downloads\EasyRadioPlayer-25780493.exe"
Path
C:\Users\admin\Downloads\EasyRadioPlayer-25780493.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SpringTech Ltd.
Description
Version
4, 6, 0, 2
Modules
Image
c:\users\admin\downloads\easyradioplayer-25780493.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll

PID
2092
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.easyradioplayertab.com/?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
No indicators
Parent process
EasyRadioPlayer-25780493.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
3572
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:203010
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imgutil.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
1616
Read events
1389
Write events
222
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B97D1DD5-EA99-11E9-AB4C-5254004A04AF}
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070A00030009000D0023003A00DA03
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070A00030009000D0023003B000100
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009000D0026000700F202
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009000D00260007001103
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
67
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009000D00260007002103
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
27
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
EB110DC9A67ED501
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
0
43003A005C00500072006F006700720061006D002000460069006C00650073005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0069006500780070006C006F00720065002E00650078006500000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
MRUListEx
00000000FFFFFFFF
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
07000000020000000100000009000000080000000000000006000000030000000500000004000000FFFFFFFF
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\Shell
SniffedFolderType
Documents
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
1
69006500780070006C006F00720065002E00650078006500000014001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE230000100090E24D373F126545916439C4925E467B00000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
0100000000000000FFFFFFFF
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
0
14001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE230000100090E24D373F126545916439C4925E467B0000920032000000000000000000800045617379526164696F506C617965722D32353738303439332E6578650000660008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000450061007300790052006100640069006F0050006C0061007900650072002D00320035003700380030003400390033002E0065007800650000002C000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
MRUListEx
00000000FFFFFFFF
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
14001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE230000100090E24D373F126545916439C4925E467B0000920032000000000000000000800045617379526164696F506C617965722D32353738303439332E6578650000660008000400EFBE00000000000000002A00000000000000000000000000000000000000000000000000450061007300790052006100640069006F0050006C0061007900650072002D00320035003700380030003400390033002E0065007800650000002C000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AE010000B000000051030000BA01000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
Mode
4
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
LogicalViewMode
1
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
FFlags
1092616257
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
IconSize
16
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupView
0
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupByKey:PID
0
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupByDirection
1
2364
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
FFlags
1
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Download Directory
C:\Users\admin\Downloads
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070A00030009000D0027002D00180300000000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009000D0027003100AC00
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009000D0027003100BC00
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
58
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009000D0027003100DB00
2364
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
24
2940
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019092020190921
2940
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009000D0023003B00AD00
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009000D0023003B00DC00
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
80
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009000D0023003B00A701
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
32
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2940
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2940
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1290246418
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091620190923
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CachePrefix
:2019091620190923:
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheLimit
8192
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheOptions
11
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheRepair
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CachePrefix
:2019100920191010:
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheLimit
8192
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheOptions
11
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheRepair
0
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019100920191010
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CachePrefix
:2019100920191010:
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CacheLimit
8192
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CacheOptions
11
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CacheRepair
0
3344
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASAPI32
EnableFileTracing
0
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASAPI32
EnableConsoleTracing
0
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASAPI32
FileTracingMask
4294901760
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASAPI32
ConsoleTracingMask
4294901760
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASAPI32
MaxFileSize
1048576
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASAPI32
FileDirectory
%windir%\tracing
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASMANCS
EnableFileTracing
0
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASMANCS
EnableConsoleTracing
0
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASMANCS
FileTracingMask
4294901760
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASMANCS
ConsoleTracingMask
4294901760
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASMANCS
MaxFileSize
1048576
2656
EasyRadioPlayer-25780493.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyRadioPlayer-25780493_RASMANCS
FileDirectory
%windir%\tracing
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000095000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{18EBD057-ABF5-454D-88FC-EB20D629AABE}
DisplayName
Easy Radio Player - Powered by Yahoo!
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{18EBD057-ABF5-454D-88FC-EB20D629AABE}
URL
http://search.easyradioplayertab.com/s?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30&query={searchTerms}
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{18EBD057-ABF5-454D-88FC-EB20D629AABE}
SuggestionsURL
https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://search.easyradioplayertab.com/?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayName
Easy Radio Player
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayVersion
4.6.0.2
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Publisher
SpringTech Ltd.
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
InstallLocation
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallString
"C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallDialog
2
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallEngineID
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallImpression
http://www.springdwnld2.com/impression.do?domain=easyradioplayertab.com&implementation_id=radio_spt__1.30&offer_id=_iei_&source=_v1-bb8-iei&sub_id=20191009&traffic_source=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1570628288&sgn=238fced39682e7b7d4d8e10241992b33a81be167&subid2=8.0.7601.17514&event={exEvent}
2656
EasyRadioPlayer-25780493.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallHomepage
http://search.easyradioplayertab.com/?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30

Files activity

Executable files
3
Suspicious files
5
Text files
38
Unknown types
11

Dropped files

PID
Process
Filename
Type
2656
EasyRadioPlayer-25780493.exe
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe
executable
MD5: 35966d66a5813ef87c2574e5411d413b
SHA256: 2072caa1039c367077eb576ffd20bb6e0fbb05641ff96258696b3d73bc58e294
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\EasyRadioPlayer-25780493[1].exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
2364
iexplore.exe
C:\Users\admin\Downloads\EasyRadioPlayer-25780493.exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
2656
EasyRadioPlayer-25780493.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\api[1].txt
––
MD5:  ––
SHA256:  ––
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\radio[1].png
image
MD5: f090c1e8537569c59435a74c68d7a0c8
SHA256: 77ff4a053e0ba5c3b7dacd1f2eb80a7f29446252e91401f1951bd92501ab5868
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\static[1].txt
image
MD5: db04c7b378cb2db912c3ba8a5a774ee3
SHA256: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\common[1]
text
MD5: 811ca9465b1f71fdf5bd2619be56db6d
SHA256: cc362e8e52a6dc302a82ec28391f1e530cb7ce1b1705394ee290bfae018bc325
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\Sprite_Email_V9[1].png
image
MD5: b28e84650fd0bfeee84818c6dae1990f
SHA256: 856a3f6468b76d5e204793c0a8f7f9287674a1536e2e61ed1a8d4413700bcfa4
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\weatherAgencyIcon[1].jpg
image
MD5: ca18bf31a2bdc6325c3839c7f47d8f6e
SHA256: 0651cf7b687ef85bbf398677789f763ca99e709ceca13c1ac3e90851fc4a07bd
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: dd219cdf2d0a7aa456ce34caebe65379
SHA256: c631329fcc766ebda43af2ee927759c9a42fd3fc0d860d9e9b7059fe6a6ab693
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\saveMoney[1].png
image
MD5: a353048a16ced5eacab658f12e4db18d
SHA256: e2c368a8182d29a0fc74005f812f55b71a840b80cd7c07619db67424839f5594
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\recipesIcon[1].jpg
image
MD5: 0df82b6f5e4044de09dabcd5aa755afb
SHA256: 3257d7d9d5b73b0a5fe51dc0493005d50833ea28b848e0ffb4d4b1db25425465
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\amazon[1].png
image
MD5: 65d37a0031eefa2720aa4e20bcbfb6f2
SHA256: a279329ab261b8fc30b5ec08ccd0ceade7cf6ff1c0dae6a05cd46189191a43d1
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\Sprite_Radio_V2[1].png
image
MD5: 9d197653486607d526cbbf33e24f2ee4
SHA256: 235c741e3022370012f254f4f2e3b9a9e2ac51de177901514ff17d8837fdd5f2
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\search_easyradioplayertab_com[1].txt
html
MD5: 4765b6df9666a6752fb2d32f9cb78e4a
SHA256: a18c69bb1063a3472f41c15c523bd439a4d6590b44509bb5fcfb122e1ff8327a
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\gear-icon[1].png
image
MD5: c191c48cdc9a12101c96bac13a3a672e
SHA256: 19fce2176cb990c4773742094923ccdd17d778fd050b675b0c8ff16b945e95ca
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\news-1[1].png
image
MD5: 69f417a5b6fb00c16f2b1613f787878c
SHA256: 9717dfdf6c679515fa277e4ef79d0f91748c40aebc657a9e1da6b5a6aefb7888
3572
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 6947fba4034347c34427bb67dec8a93f
SHA256: b043da122ce9d51dcfb2d021040da81eb691e8005bf542228564b10562e5561e
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
gmc
MD5: ce338fe6899778aacfc28414f2d9498b
SHA256: 4fe7b59af6de3b665b67788cc2f99892ab827efae3a467342b3bb4e3bc8e5bfe
3572
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GJ0OO9WC\search.easyradioplayertab[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\header_common[1]
text
MD5: aa96d7aa07051f25d3c38921ee317f78
SHA256: 4674f50be8829514dc9c417b7ddff52cc0652202db15df67c4437eb7a161c6ed
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\monetizedquicklinks[1].txt
text
MD5: c009883fa05aac1589da50970d251d49
SHA256: e51f005176ecc16a4c779bf92c20a0d241d5a8dd735a3add7324377cbe3b8b07
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\impression[1]
text
MD5: 046c7dac5c0e5b35363c63e64a282cf8
SHA256: d9eb34ca1008b2ec4416b4dd1e439c0b61a91df5eb5140f386676921df0a70d1
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\setting[1].txt
text
MD5: 1c26fbe55356bd1db3da326a07c7ddab
SHA256: 28089974f1144a803616b5e6b1ac4d8620f81ac5b537a57b930b5e0468d5fa6c
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\radio_v0[1].txt
text
MD5: 36e6dd07da9d6ba3f3cc038629a39683
SHA256: 75d57017c4d0027e95c7a1bed1dbe270530b2a39fd1a2a3a38d534a9a0fdc60b
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\search_easyradioplayertab_com[1].txt
––
MD5:  ––
SHA256:  ––
3572
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 19da21da991907b079ab914034bc0f45
SHA256: 93351eba18f1185f14c160c18e7ac2b71c343cb59d8d16f788fe0f1abe2e23e0
3572
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: bc40a525001701d5ea96217db6ee279a
SHA256: 278d460a1983d62dcdc11844bd0b72c3cb53e77cb4f5cf1a1e225eb96ff0159a
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\search_easyradioplayertab_com[1].htm
html
MD5: fe3bfad7e7df7852f70444d548a2c261
SHA256: e2370296f42bf099b4512a7b8701f013ed5057eaf6a9df69df5e18778b1ae645
3572
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2364
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\firebase-database[1].js
text
MD5: 0b73ce41f82899bdc2f3a25f0d329d8d
SHA256: c5ad5aee892d68422a84bf2e2df83f6fcb2c7de2e0506a8ec2702f1c0b856daa
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\css[1].txt
text
MD5: 583eeb8c76fc402b59587bae634c7c9d
SHA256: b94ad164bf353693418daa002dec81bedfb4ba81cadb889fac4c337e782ab349
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019100920191010\index.dat
dat
MD5: aa01821648d2e7088b724b010330e320
SHA256: 2674c4bdc858095ea13e50072fac52b6f6b328a874e40ee0b69ef1038ab1a0e5
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 03859f8f4ae02f4870ee375df95c21a5
SHA256: 742f95f40fe3be77092ca66348566d9ef8cb6e58ad3dcf6726b0cbea1626bca6
2364
iexplore.exe
C:\Users\admin\Downloads\EasyRadioPlayer-25780493.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\firebase-auth[1].js
text
MD5: 5820c0d760b485dee2de26326f5fbecc
SHA256: e274fc6b43371232b1db34aa3b09703f88fbb05453a50bf00f89833496b06703
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\firebase-firestore[1].js
s
MD5: 6f7a7f8cec97cf107d26a28139174bad
SHA256: c4fdb6859c7e6ad03c49f1d43ddc4165b1ba786b10a41bc00fd0c01baf33c49a
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMM33KQS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPOZMAOR\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 21262c994af9ac89efcea76de7240c6c
SHA256: 6faf467a1efa5c6048a7c2f7e4c7485b41a36d9026ff3343206de5bcb996d7c6
3344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TS2WWKE\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\easyradioplayer_com[1].txt
html
MD5: 0e3e67b39f3c9bed2b123bcf184ae5bb
SHA256: 172f6ef9835c2a8ab361dec36afdc30632dab72601328c0ffde94b3177ad8ea2
2940
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: abd32d4c9a72b2bbf2e469b43cf76928
SHA256: a22496f977fa28afc125e10e3d6aac350a448ca11a59743b69eb0bb2c4a30fff
2940
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: aa0b3677387b20f573fe9344105d0f86
SHA256: 9a1432ac626a8375ac5cc25fa9ff0b1525d435d1dc5b2c40d9a7ffe9453c6cd9
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010\index.dat
dat
MD5: 135d8ad0b0ad4852de005c3d2c39b12a
SHA256: 5ac1e799a8dce80bf17b559390eff0724fa4cd3a17acbf93179c1a4fbf84d962
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019092020190921\index.dat
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\prompt[1]
text
MD5: e00ff25d2c343e11685741ce399fdd70
SHA256: 5b5e426bcd25b27e3bff5f3584ff8b4a740d501aa30fec3e110ccd29a4be0b65
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: f60d00f260f434826b58fe4c8029329c
SHA256: 6c0bcdfe827e5492628f9a8b58936f94d927ee629db70721aa6bc5bb5ad59583
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 93871e1433144c58cab0deddd1d46925
SHA256: 3193f3035a4f457d66bab3048880aac2eb8557027f6373e606d4621609af1068
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: ba60bd1e322afbfba6694a39fa746aa6
SHA256: 6cccd2d6e1cba3ee30bfaf367ec8e0d7a07f1b76f109474fa8c5a9a1d1b4ac74
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Cab9B7B.tmp
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Tar9B7C.tmp
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Tar9743.tmp
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Cab9742.tmp
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Cab9731.tmp
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Tar9732.tmp
––
MD5:  ––
SHA256:  ––
2364
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2364
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 4be1a572fca40bcb2202504cb17aed91
SHA256: 64d06eeb18abad7d4ef1b1ef7409cf108bd4774c50a64e2c7b49ffb708ff24f4
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\css[1].txt
text
MD5: 583eeb8c76fc402b59587bae634c7c9d
SHA256: b94ad164bf353693418daa002dec81bedfb4ba81cadb889fac4c337e782ab349
3572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SYWDT18Q\prompt[1]
text
MD5: c02415decdc9fcd5855b8a3f2aac3251
SHA256: 84590b96931ef06bd158cbe7f16cfd629f06f1acefbd52606a0f659fe42de14a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
27
TCP/UDP connections
40
DNS requests
23
Threats
8

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2364 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2940 iexplore.exe GET 200 205.185.216.42:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2940 iexplore.exe GET 200 52.222.149.254:80 http://x.ss2.us/x.cer US
der
whitelisted
3344 iexplore.exe GET 200 34.192.88.201:80 http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=easyradioplayertab.com&implementation_id=radio_spt_&source=_v1-bb8&adprovider=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&dfn=Easy%20Radio%20Player&spo=0&appname=Easy%20Radio%20Player&appdesc=Search%20your%20favorite%20Radio%20sites%20instantly%20from%20your%20home%20and%20new%20tab%20page!&ies=s,h&sso= US
executable
shared
2656 EasyRadioPlayer-25780493.exe GET 200 23.23.51.23:80 http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=RWFzeVJhZGlvUGxheWVyLTI1NzgwNDkzLmV4ZQ==&rf=0&proto=1 US
text
shared
2656 EasyRadioPlayer-25780493.exe GET 200 34.192.88.201:80 http://www.springdwnld2.com/impression.do?domain=easyradioplayertab.com&implementation_id=radio_spt__1.30&offer_id=_iei_&source=_v1-bb8-iei&sub_id=20191009&traffic_source=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1570628288&sgn=238fced39682e7b7d4d8e10241992b33a81be167&subid2=8.0.7601.17514&event=ex_accepted US
––
––
shared
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/?ap=appfocus154&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&uc=20191009&source=_v1-bb8-iei&i_id=radio_spt__1.30 US
html
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/styles/home/radio_v0?v=aIemU4Na4slV1VHiBpcDkKeVPHtPM8pDv141HvrEoiM1 US
text
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/get/js/impression?uc=20191009&ap=appfocus154&source=_v1-bb8-iei&uid=b89c2276-dc9e-424c-a06a-ce42b5417e97&i_id=radio_spt__1.30&cid= US
text
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/styles/home/monetizedquicklinks?v=hfTCeRafbop5tZSUADzuYAXraeNOLI1QxPZmcvDjC601 US
text
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/styles/home/setting?v=afdvy5eLG8dNaxuP72vIVdUdRwaXdSWUNJV2319aslM1 US
text
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/scripts/home/header_common?v=PU2rYNCahj4gR1fxkytfO2mCom2Puo08ln7KHS9YKBk1 US
text
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/scripts/home/common?v=62mYeklMSXtpwP5f1h49X0YUO797qby-SSpniuapkZM1 US
text
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/ US
html
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/Content/Home/Shared/Images/gear-icon.png US
image
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/Content/Home/Radio/Sprites/Sprite_Radio_V2.png US
image
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/Content/Home/Email/Sprites/Sprite_Email_V9.png US
image
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/Content/Images/saveMoney.png US
image
unknown
3572 iexplore.exe GET 200 143.204.208.96:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/news-1.png US
image
whitelisted
3572 iexplore.exe GET 200 143.204.208.96:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/amazon.png US
image
whitelisted
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/Content/img/Icons/weatherAgencyIcon.jpg US
image
unknown
3572 iexplore.exe GET 200 54.210.223.173:80 http://search.easyradioplayertab.com/Content/img/Icons/recipesIcon.jpg US
image
unknown
3572 iexplore.exe GET –– 54.210.223.173:80 http://search.easyradioplayertab.com/Content/Slick/images/icons-star.png US
––
––
unknown
2656 EasyRadioPlayer-25780493.exe GET 200 34.192.88.201:80 http://www.springdwnld2.com/impression.do?domain=easyradioplayertab.com&implementation_id=radio_spt__1.30&offer_id=_iei_&source=_v1-bb8-iei&sub_id=20191009&traffic_source=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1570628288&sgn=238fced39682e7b7d4d8e10241992b33a81be167&subid2=8.0.7601.17514&event=ex_set_hp US
––
––
shared
2656 EasyRadioPlayer-25780493.exe GET 200 34.192.88.201:80 http://www.springdwnld2.com/impression.do?domain=easyradioplayertab.com&implementation_id=radio_spt__1.30&offer_id=_iei_&source=_v1-bb8-iei&sub_id=20191009&traffic_source=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1570628288&sgn=238fced39682e7b7d4d8e10241992b33a81be167&subid2=8.0.7601.17514&event=ex_installed US
––
––
shared
2656 EasyRadioPlayer-25780493.exe GET 200 34.192.88.201:80 http://www.springdwnld2.com/impression.do?domain=easyradioplayertab.com&implementation_id=radio_spt__1.30&offer_id=_iei_&source=_v1-bb8-iei&sub_id=20191009&traffic_source=appfocus154&user_id=b89c2276-dc9e-424c-a06a-ce42b5417e97&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1570628288&sgn=238fced39682e7b7d4d8e10241992b33a81be167&subid2=8.0.7601.17514&event=ex_executed US
––
––
shared
2656 EasyRadioPlayer-25780493.exe POST 200 23.23.51.23:80 http://www.springtechdld.com/ies/api.cgi?act=postStat&id=RWFzeVJhZGlvUGxheWVyLTI1NzgwNDkzLmV4ZQ==&rf=0&proto=1 US
text
compressed
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2940 iexplore.exe 172.217.22.106:443 Google Inc. US whitelisted
2364 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
2940 iexplore.exe 172.217.22.35:443 Google Inc. US whitelisted
2940 iexplore.exe 216.58.210.3:443 Google Inc. US whitelisted
2940 iexplore.exe 34.197.23.58:443 Amazon.com, Inc. US unknown
2940 iexplore.exe 52.222.149.253:80 Amazon.com, Inc. US unknown
2364 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2940 iexplore.exe 205.185.216.42:80 Highwinds Network Group, Inc. US whitelisted
2940 iexplore.exe 52.50.109.222:443 Amazon.com, Inc. IE suspicious
2940 iexplore.exe 52.222.149.254:80 Amazon.com, Inc. US malicious
2940 iexplore.exe 54.72.199.154:443 Amazon.com, Inc. IE suspicious
2940 iexplore.exe 54.173.225.117:443 Amazon.com, Inc. US unknown
3344 iexplore.exe 34.192.88.201:80 Amazon.com, Inc. US malicious
2656 EasyRadioPlayer-25780493.exe 23.23.51.23:80 Amazon.com, Inc. US malicious
2656 EasyRadioPlayer-25780493.exe 34.192.88.201:80 Amazon.com, Inc. US malicious
3572 iexplore.exe 54.210.223.173:80 Amazon.com, Inc. US unknown
3572 iexplore.exe 52.30.52.254:443 Amazon.com, Inc. IE suspicious
3572 iexplore.exe 216.58.210.3:443 Google Inc. US whitelisted
3572 iexplore.exe 184.30.209.143:443 Akamai International B.V. NL whitelisted
3572 iexplore.exe 35.168.129.108:443 Amazon.com, Inc. US unknown
3572 iexplore.exe 34.224.59.58:443 Amazon.com, Inc. US unknown
3572 iexplore.exe 143.204.208.49:443 US suspicious
3572 iexplore.exe 143.204.208.96:80 US unknown

DNS requests

Domain IP Reputation
fonts.googleapis.com 172.217.22.106
whitelisted
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
fonts.gstatic.com 172.217.22.35
whitelisted
www.gstatic.com 216.58.210.3
whitelisted
pushible.com 34.197.23.58
34.224.59.58
suspicious
x.ss2.us 52.222.149.253
52.222.149.254
52.222.149.113
52.222.149.36
whitelisted
www.download.windowsupdate.com 205.185.216.42
205.185.216.10
whitelisted
appfocus.go2cloud.org 52.50.109.222
54.72.199.154
52.30.52.254
malicious
easyradioplayer.com 54.173.225.117
18.233.215.199
unknown
www.springdwnld2.com 34.192.88.201
23.23.51.23
shared
www.springtechdld.com 23.23.51.23
34.192.88.201
shared
search.easyradioplayertab.com 54.210.223.173
3.89.51.155
unknown
imp.mt48.net 184.30.209.143
unknown
d3ff8olul1r3ot.cloudfront.net 143.204.208.49
143.204.208.54
143.204.208.215
143.204.208.39
whitelisted
imp.onesearch.org 35.168.129.108
35.173.75.18
malicious
dap2y8k6nefku.cloudfront.net 143.204.208.96
143.204.208.224
143.204.208.40
143.204.208.154
whitelisted

Threats

PID Process Class Message
3344 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3344 iexplore.exe Misc activity ET INFO EXE - Served Attached HTTP
2656 EasyRadioPlayer-25780493.exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
2656 EasyRadioPlayer-25780493.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2656 EasyRadioPlayer-25780493.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2656 EasyRadioPlayer-25780493.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2656 EasyRadioPlayer-25780493.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
2656 EasyRadioPlayer-25780493.exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent

Debug output strings

No debug info.