General Info

File name

SystemExplorerSetup.exe

Full analysis
https://app.any.run/tasks/c2df85f8-5eb5-45da-9c27-72826c3ae6ef
Verdict
Malicious activity
Analysis date
7/18/2019, 15:08:08
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

73a47ba6e089d1ec812ece690be0fc54

SHA1

7411f16d51d2444764b5ca651bca8d4a65e82eba

SHA256

2d8c97b48757126bc6de5dce670323a33602b6d90d21183ffdd8131716dec268

SSDEEP

24576:HQi0wIkJ2IOyeZAEedE5Cits16JM5s0csjsztx7dPcv/XBGMwVXYwwX2SfhGK/:H91y5yHEe25SyosxfGBGBG/xfcK/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • SystemExplorer.exe (PID: 3152)
  • SystemExplorer.exe (PID: 3484)
  • SystemExplorerService.exe (PID: 4064)
Changes the autorun value in the registry
  • SystemExplorer.exe (PID: 3484)
Loads the Task Scheduler COM API
  • SystemExplorer.exe (PID: 3484)
Creates files in the user directory
  • SystemExplorerSetup.tmp (PID: 548)
Executable content was dropped or overwritten
  • SystemExplorerSetup.exe (PID: 3040)
  • SystemExplorerSetup.tmp (PID: 548)
  • SystemExplorerSetup.exe (PID: 3812)
Reads Internet Cache Settings
  • SystemExplorer.exe (PID: 2240)
  • SystemExplorer.exe (PID: 3484)
  • SystemExplorer.exe (PID: 3152)
Creates files in the program directory
  • SystemExplorer.exe (PID: 3484)
Starts Internet Explorer
  • SystemExplorer.exe (PID: 3484)
Executed as Windows Service
  • SystemExplorerService.exe (PID: 4064)
Reads mouse settings
  • SystemExplorer.exe (PID: 3152)
Application was dropped or rewritten from another process
  • SystemExplorer.exe (PID: 2240)
  • SystemExplorerSetup.tmp (PID: 548)
  • SystemExplorerSetup.tmp (PID: 3776)
Loads dropped or rewritten executable
  • SystemExplorerSetup.tmp (PID: 548)
Application launched itself
  • iexplore.exe (PID: 3752)
Creates a software uninstall entry
  • SystemExplorerSetup.tmp (PID: 548)
Creates files in the program directory
  • SystemExplorerSetup.tmp (PID: 548)
Changes internet zones settings
  • iexplore.exe (PID: 3752)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2880)
Creates files in the user directory
  • iexplore.exe (PID: 2880)
Reads internet explorer settings
  • iexplore.exe (PID: 2880)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (71.1%)
.exe
|   Win32 Executable Delphi generic (9.1%)
.scr
|   Windows screen saver (8.4%)
.dll
|   Win32 Dynamic Link Library (generic) (4.2%)
.exe
|   Win32 Executable (generic) (2.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
40448
InitializedDataSize:
17920
UninitializedDataSize:
null
EntryPoint:
0xa5f8
OSVersion:
1
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
7.0.0.0
ProductVersionNumber:
7.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
Mister Group
FileDescription:
System Explorer 7.0.0 Installer
FileVersion:
7.0.0
LegalCopyright:
Mister Group
ProductName:
System Explorer
ProductVersion:
7.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Mister Group
FileDescription:
System Explorer 7.0.0 Installer
FileVersion:
7.0.0
LegalCopyright:
Mister Group
ProductName:
System Explorer
ProductVersion:
7.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x00009D30 0x00009E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.63177
DATA 0x0000B000 0x00000250 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.75182
BSS 0x0000C000 0x00000E8C 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0000D000 0x00000950 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.43073
.tls 0x0000E000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0000F000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.204488
.reloc 0x00010000 0x000008C4 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0
.rsrc 0x00011000 0x00002C00 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 4.55166
Resources
1

2

3

4

4089

4090

4091

4093

4094

4095

11111

MAINICON

Imports
    kernel32.dll

    user32.dll

    oleaut32.dll

    advapi32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
46
Monitored processes
10
Malicious processes
3
Suspicious processes
3

Behavior graph

+
drop and start start drop and start drop and start drop and start systemexplorersetup.exe systemexplorersetup.tmp no specs systemexplorersetup.exe systemexplorersetup.tmp systemexplorer.exe no specs systemexplorer.exe iexplore.exe iexplore.exe systemexplorer.exe systemexplorerservice.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3040
CMD
"C:\Users\admin\AppData\Local\Temp\SystemExplorerSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\SystemExplorerSetup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mister Group
Description
System Explorer 7.0.0 Installer
Version
7.0.0
Modules
Image
c:\users\admin\appdata\local\temp\systemexplorersetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-877ed.tmp\systemexplorersetup.tmp

PID
3776
CMD
"C:\Users\admin\AppData\Local\Temp\is-877ED.tmp\SystemExplorerSetup.tmp" /SL5="$70148,1641629,56832,C:\Users\admin\AppData\Local\Temp\SystemExplorerSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-877ED.tmp\SystemExplorerSetup.tmp
Indicators
No indicators
Parent process
SystemExplorerSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-877ed.tmp\systemexplorersetup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll

PID
3812
CMD
"C:\Users\admin\AppData\Local\Temp\SystemExplorerSetup.exe" /SPAWNWND=$14019C /NOTIFYWND=$70148
Path
C:\Users\admin\AppData\Local\Temp\SystemExplorerSetup.exe
Indicators
Parent process
SystemExplorerSetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mister Group
Description
System Explorer 7.0.0 Installer
Version
7.0.0
Modules
Image
c:\users\admin\appdata\local\temp\systemexplorersetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-ehlo7.tmp\systemexplorersetup.tmp

PID
548
CMD
"C:\Users\admin\AppData\Local\Temp\is-EHLO7.tmp\SystemExplorerSetup.tmp" /SL5="$B01DA,1641629,56832,C:\Users\admin\AppData\Local\Temp\SystemExplorerSetup.exe" /SPAWNWND=$14019C /NOTIFYWND=$70148
Path
C:\Users\admin\AppData\Local\Temp\is-EHLO7.tmp\SystemExplorerSetup.tmp
Indicators
Parent process
SystemExplorerSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-ehlo7.tmp\systemexplorersetup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\is-r8i3e.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-r8i3e.tmp\systemexplorer.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\system explorer\systemexplorer.exe
c:\program files\system explorer\unins000.exe
c:\windows\system32\netutils.dll

PID
2240
CMD
"C:\Users\admin\AppData\Local\Temp\is-R8I3E.tmp\SystemExplorer.exe" /PREPAREINSTALL
Path
C:\Users\admin\AppData\Local\Temp\is-R8I3E.tmp\SystemExplorer.exe
Indicators
No indicators
Parent process
SystemExplorerSetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mister Group
Description
System Explorer
Version
7.0.0.5356
Modules
Image
c:\users\admin\appdata\local\temp\is-r8i3e.tmp\systemexplorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\olepro32.dll

PID
3484
CMD
"C:\Program Files\System Explorer\SystemExplorer.exe" /INSTALL english.ini AutoUpdate Startup
Path
C:\Program Files\System Explorer\SystemExplorer.exe
Indicators
Parent process
SystemExplorerSetup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mister Group
Description
System Explorer
Version
7.0.0.5356
Modules
Image
c:\program files\system explorer\systemexplorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\taskschd.dll

PID
3752
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://systemexplorer.net/installdone.php?v=7.0.0.5356&au=1&iu=0
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
SystemExplorer.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
2880
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3752 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll

PID
3152
CMD
"C:\Program Files\System Explorer\SystemExplorer.exe"
Path
C:\Program Files\System Explorer\SystemExplorer.exe
Indicators
Parent process
SystemExplorerSetup.tmp
User
admin
Integrity Level
MEDIUM
Version:
Company
Mister Group
Description
System Explorer
Version
7.0.0.5356
Modules
Image
c:\program files\system explorer\systemexplorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\olepro32.dll
c:\program files\system explorer\service\systemexplorerservice.exe
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\wininit.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\lsm.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\qemu-ga\qemu-ga.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\audiodg.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\windanr.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netevent.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll

PID
4064
CMD
"C:\Program Files\System Explorer\service\SystemExplorerService.exe"
Path
C:\Program Files\System Explorer\service\SystemExplorerService.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Mister Group
Description
System Explorer Service
Version
6.2.0.248
Modules
Image
c:\program files\system explorer\service\systemexplorerservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pdh.dll
c:\windows\system32\psapi.dll
c:\windows\system32\perfproc.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\perfos.dll

Registry activity

Total events
1123
Read events
1009
Write events
113
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: Setup Version
5.5.5 (a)
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: App Path
C:\Program Files\System Explorer
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
InstallLocation
C:\Program Files\System Explorer\
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: Icon Group
System Explorer
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: User
admin
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: Selected Tasks
desktopicon,quicklaunchicon,startup,autoupdate
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: Deselected Tasks
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup: Language
english
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
DisplayName
System Explorer 7.0.0
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
UninstallString
"C:\Program Files\System Explorer\unins000.exe"
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
QuietUninstallString
"C:\Program Files\System Explorer\unins000.exe" /SILENT
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Publisher
Mister Group
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
URLInfoAbout
http://www.systemexplorer.net
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
HelpLink
http://www.systemexplorer.net
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
URLUpdateInfo
http://www.systemexplorer.net
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
NoModify
1
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
NoRepair
1
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
InstallDate
20190718
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
EstimatedSize
6451
548
SystemExplorerSetup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1
Inno Setup CodeFile: UsageMode
taskmanager
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SystemExplorer
NPV
1
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemExplorerAutoStart
"C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
3484
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3484
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASAPI32
EnableFileTracing
0
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASAPI32
EnableConsoleTracing
0
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASAPI32
FileTracingMask
4294901760
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASAPI32
ConsoleTracingMask
4294901760
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASAPI32
MaxFileSize
1048576
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASAPI32
FileDirectory
%windir%\tracing
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASMANCS
EnableFileTracing
0
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASMANCS
EnableConsoleTracing
0
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASMANCS
FileTracingMask
4294901760
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASMANCS
ConsoleTracingMask
4294901760
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASMANCS
MaxFileSize
1048576
3484
SystemExplorer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemExplorer_RASMANCS
FileDirectory
%windir%\tracing
3484
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3484
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{2DA6D837-A95D-11E9-A9B1-5254004A04AF}
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070700040012000D00080032000900
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070700040012000D00080032005700
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
9814B3F4693DD501
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
F276B5F4693DD501
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3752
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2880
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000079000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070700040012000D0008003300A001
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
97
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070700040012000D00080033000D02
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
185
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070700040012000D0008003300A902
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
63
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070700040012000D00080034004201
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071820190719
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CachePrefix
:2019071820190719:
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CacheLimit
8192
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CacheOptions
11
2880
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CacheRepair
0
3152
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3152
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000007A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3152
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3152
SystemExplorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
11
Suspicious files
3
Text files
50
Unknown types
8

Dropped files

PID
Process
Filename
Type
3040
SystemExplorerSetup.exe
C:\Users\admin\AppData\Local\Temp\is-877ED.tmp\SystemExplorerSetup.tmp
executable
MD5: 9303156631ee2436db23827e27337be4
SHA256: bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\SEDriver64.sys
executable
MD5: 02010455521fa84424e9976fe76e13c4
SHA256: 5dd1fa3b17a05a296109b6a6583ec04682c7b144b762ef8def05088654c88798
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\SystemExplorerService64.exe
executable
MD5: 00068cd7bd0a2bfa6acc1f75671394ff
SHA256: be2235923006b300910404020d8fa3e4b6f4798778e03d1afd3a04d995411c72
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\SystemExplorer.exe
executable
MD5: e6563f7f05cb9664542b7d9035515ecd
SHA256: 16177c3a3bbf5bfb65b0a5ae948757e1886b45321ffd16b8f2328eca34baec53
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\SEDriverXP.sys
executable
MD5: f43cd9a97102b9d452666afdd454a7e2
SHA256: 50cba7ea5d1feda0d313687b886ad16ce908e340127ba69356e2c5afa8d01f81
548
SystemExplorerSetup.tmp
C:\Users\admin\AppData\Local\Temp\is-R8I3E.tmp\SystemExplorer.exe
executable
MD5: e6563f7f05cb9664542b7d9035515ecd
SHA256: 16177c3a3bbf5bfb65b0a5ae948757e1886b45321ffd16b8f2328eca34baec53
548
SystemExplorerSetup.tmp
C:\Users\admin\AppData\Local\Temp\is-R8I3E.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
3812
SystemExplorerSetup.exe
C:\Users\admin\AppData\Local\Temp\is-EHLO7.tmp\SystemExplorerSetup.tmp
executable
MD5: 9303156631ee2436db23827e27337be4
SHA256: bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\SEDriverVista.sys
executable
MD5: 89cb8dc79a36994d17178d7690d5da15
SHA256: 2e0e271849cd1e71c57f2f4f23abcbe36ea2ce1d554a5c2ff9a47dbe3676299d
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\SystemExplorerService.exe
executable
MD5: f7ce757fe4ea0641483a5725f5e26194
SHA256: 9b17da41dc3e5b421ea0d9582d6fc2b9384855026cfe29abf01300c58eb325ed
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\unins000.exe
executable
MD5: 8e3a1e57c5c8489b283298abfbf9d5dd
SHA256: f808a3776dd38abdd5a1fef7fe818a642a940f2850bdbef943878ba0c081f6ab
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\smile_lol[1].png
image
MD5: ba7c8f2c70c98b5f1129d8547c9f1ada
SHA256: a208fd2ae7562cef9b25227fd5ea762f9e8aef7536c5ecdb9bb59559e2d24655
3152
SystemExplorer.exe
C:\ProgramData\SystemExplorer\config.ini
text
MD5: 060dcc79936939de8ead2f290911c2f4
SHA256: 77e4e753a8eaab4833e05147c7dabc99417db94aa2a09e0aaf150b8dffafcd0a
3484
SystemExplorer.exe
C:\ProgramData\SystemExplorer\config.ini
text
MD5: 060dcc79936939de8ead2f290911c2f4
SHA256: 77e4e753a8eaab4833e05147c7dabc99417db94aa2a09e0aaf150b8dffafcd0a
3484
SystemExplorer.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\installhit[1].php
text
MD5: 6ef9f8e3c23af1297db6e19970835c79
SHA256: 8f3ef4f525fb733da6d14e69bc9ada2a6885c424902eb4a1855b541650265459
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 4be1a572fca40bcb2202504cb17aed91
SHA256: 64d06eeb18abad7d4ef1b1ef7409cf108bd4774c50a64e2c7b49ffb708ff24f4
2880
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 1b6a5721df1690174066d7ce8f9745dd
SHA256: 876699f10e677859ab8101c14b92fe83fa5368a5f143f1d848df672d9ff767bd
2880
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\fr_scan[1].png
image
MD5: bb24ecf11418a565fe45e7b839b9d5d5
SHA256: 220bdac2532057a919e3ba57255bcd414d9e8c98c032ea4942d838b3b63c7873
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\analytics[1].js
text
MD5: 4d88a66690f3506e6a2112b1c4dce0b4
SHA256: a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\jquery.min[1].js
text
MD5: 0652da382b6fceb033dfe2b6c06d4d11
SHA256: 7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\f[1].txt
text
MD5: 1f7eff0e676d0af29b464e4cc05091c0
SHA256: 54a7b3ab33e3fa661289f747ae417af85a15bd0da1a6bed0b3ead405fcf756be
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3752
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2880
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: b50f6c0639d06b784248f431e1c7d2b4
SHA256: c558c611785e30ed20534789c9a562a4b1e64176fa740b5e93530c76869a60c8
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\css[2].txt
text
MD5: 2f4250d7db28253dfd4b4f9794e42f0c
SHA256: 24a9532d7a0e34fdd66e79853cd68a7d9397bbf41c3d1a1650a413436a4f5514
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\css[1].txt
––
MD5:  ––
SHA256:  ––
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\styles[1].css
text
MD5: 860bfd913f0ff0e0dd50509182d37a2d
SHA256: 2d4d9c86dbee1f8f5bf310d5d074f940f22284471367274e0519fe2bb03331b9
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\installdone[1].php
––
MD5:  ––
SHA256:  ––
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\installdone[1].htm
html
MD5: 76ae893a502ff27e9955b481298d8708
SHA256: 018945484b606895fe813d4f3009b34611972d338f6fa968aecf93a3ff7b1944
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3484
SystemExplorer.exe
C:\ProgramData\SystemExplorer\config.ini
text
MD5: ea002898d2dce33774cd06e76740a939
SHA256: c179fa01fff4e6b46663cffcb7ec0fcf45f502192c1db74356d893c8652baa7e
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\unins000.dat
dat
MD5: 0708aaa13d7c5ca0614cd070d0d75bc0
SHA256: c9004c28646030ed32008af66567794e00fa7ac6f35b545648c258db9cff4e3f
548
SystemExplorerSetup.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
lnk
MD5: 0dcf4d28e3da0dd335421569a5cb8af6
SHA256: 83616c25bc2480dd42a3d4653f574a9c5a06719a10a36ad4a1c4d434aef4bad6
548
SystemExplorerSetup.tmp
C:\Users\Public\Desktop\System Explorer.lnk
lnk
MD5: 6485cc17b89d95ead6535327b6f1fbf8
SHA256: a8b6d19be79ce440901c838b2c72560e8c5f2d06d6ae56dbd274e976c47fefee
548
SystemExplorerSetup.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer\Uninstall System Explorer.lnk
lnk
MD5: 25a00ee12ef196d3a7dade46e9cd4cc1
SHA256: 5eee35f22b5af9079a355c6491fa420b05f8d0fa3533850fa265aecd6f0dc67e
548
SystemExplorerSetup.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer\System Explorer.lnk
lnk
MD5: 9a20fa302b21a65229f01c5af4a767c5
SHA256: a876d86d1cb59c284ec861ee6ca501eed7c553334e32a2ad7360162da8aefe13
3152
SystemExplorer.exe
C:\ProgramData\SystemExplorer\config.ini
text
MD5: c78f898dd3560a182233897940401bbd
SHA256: d0df33601cc147354e13d3f7edc4132f6c7278da74ca7e5f21ed4ad23d03c8b3
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\is-8DHE7.tmp
––
MD5:  ––
SHA256:  ––
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2DA6D837-A95D-11E9-A9B1-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\is-E6AB8.tmp
––
MD5:  ––
SHA256:  ––
2880
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 482e0b6be57ea3b4bbfc968e7bd0549c
SHA256: 37a01bf8fd100dbe887b52e0982db40478d110c58abc068a6568a2b3eea87496
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Ukrainian.ini
text
MD5: 59c509ead7c63a9d42ae33e719831c01
SHA256: 73cd4f9ee941a5f3ca23f359e3b0d246ea84792258309177b3ff92ad31db11cc
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2DA6D838-A95D-11E9-A9B1-5254004A04AF}.dat
binary
MD5: d74dbe79766d42114812df3daebd9cdd
SHA256: 48832d25c2656e243c39616f57f7d010792a2e74a2efa25a65b251a13f563ad7
3752
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2C07C25BEA9A7EE6.TMP
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\is-91P1N.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\is-S4KL2.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\service\is-OMN3I.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-7QP7A.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Slovenian.ini
text
MD5: 86d9c8eca9f2de14ad25fb4f8ad3d6e2
SHA256: 68840229695fa035c0ceba69804b549a464bce57f37ee2933fe31a9ef7622a58
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Turkish.ini
text
MD5: 1f9b91fdd8f9a12c445652c2b081a2af
SHA256: c046904bc82ddb2df35fbe31faacb32738fb05585c6ff1aa631bc2ca07f95905
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Swedish.ini
text
MD5: 1c4fc87b66975c13fd1e7bca7a673d6a
SHA256: 8abe8d9551b43b8868e5298bc1074fa8ec1eefbca085130aecbf58e5d4c6a29f
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Spanish.ini
text
MD5: 5231bcda86a100594015d74b066b7bd2
SHA256: 6a45ae4b5197f3cc46db6625c0c1601c3b78449c6675d5b36de8f18ad96f2cf9
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-5OGMA.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-ADJ8V.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-UHJ1O.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-68NL5.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Slovak.ini
text
MD5: a2ff9ac54ba56033bfbbe8ce4d8c225a
SHA256: 534511b64a9d77e3b2bf0dae21394f46e54c36bad744cf981ea5f885f9a75381
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\SimpleChinese.ini
text
MD5: 64dd7186f2386bc35f5e07aeb38dc72b
SHA256: 265ebba2fd9f8083de665948f90ddd14401781bc882af6f56368539fa6215a35
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Serbian.ini
text
MD5: 9d026114759527d1be97634e4f78f525
SHA256: 9de2760501f11438a6d85a85c39918cae8d696aec592f69228718451a8298e1a
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-6124T.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-QDU59.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-VTDO1.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Russian.ini
text
MD5: 987b162950bf1b9d7113dc5bbafa56a9
SHA256: 23318e7e42a61af2b7ac220b3f8f768bf6aae33c1219bc9f6829e98a1e2b7395
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Romanian.ini
text
MD5: 57fed088e51db255fde6622bafb16eb3
SHA256: 8aaf72faee21bc87e626eb5934ff08f62e114248f475aa30b933b53c6cb0a0a3
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Portuguese.ini
text
MD5: 4390a60e952bac5b83cdc97d5a99e303
SHA256: 69e1a0bcc75d97fdfdb44e96ccc37b1344e1acdfe53adedd5f6426b151a98727
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-09VB1.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-VRGUL.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-50QQ8.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Polish.ini
text
MD5: ff2c5d62a30c0b031ce513e9a2bf8938
SHA256: d4b4beec878cdaec4975115563d68e8b8b66e0b2898868853d9e937aa1e4559d
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Korean.ini
text
MD5: a3e619914694f077a48b7dae25c428fb
SHA256: 277c7b5bfa3f0dbe209bf9d4f768739827a983e63e1d72ec6a6ff2ac74591bf8
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Norwegian.ini
text
MD5: 93be44c1087bbd89c9de070d50dcd393
SHA256: 877aa5700ccac7ac42e59366e1a2082edd49c1f394f163941b6c269a2a6897bf
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Persian.ini
text
MD5: 5df4546431503cc8c1fe10dbb8fe4619
SHA256: c7cb664007620a39d804ae0772822b5202fc4029bae28d86f5185cc0cafc001e
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-HN09K.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-I3Q34.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-H6A8S.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-CD3S3.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Japanese.ini
text
MD5: 2b682fc95ff0eddf587282bdca88758f
SHA256: d50e1888c82295f88e24b65b90d2480dc15237e57a270b036e11fb894f3c4c59
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Italian.ini
text
MD5: fd955387bb077f749f2f88a026d51a54
SHA256: 1e91217fc5447debbf2b4a71552c2df4874de239907a2517ce3fa65b9dc0f116
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Greek.ini
text
MD5: a7f94a16a620df85f85ad911e70f2e0b
SHA256: f52f607b690a93eab319daf35cbf045b6549e8c48db486f721f676ec320da755
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Hungarian.ini
text
MD5: 8d168a5d52205cac1951c4a07116f98c
SHA256: 66c26e3b8924a78f26647c25660bd183b2afeaa47569d7430e553a0e3a14312a
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-NPEDP.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-6DJRP.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-IVESQ.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\German.ini
text
MD5: bb8874bf29b80beaf94a4c03424f70d8
SHA256: 17ab3cbee163a02aee622fcae4b41409cb64261cf3072351ad9369bad2a9eb9f
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-VIB32.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-JK0FP.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\English.ini
text
MD5: 0786f5d7727b93404f59babd943cc142
SHA256: 63ed9435c58ed3148f2b0c5828d1a92ccb567253404fe5c4bb1cd243c31e70fc
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\French.ini
text
MD5: b376d5f48d448a642b2cd08b4ff1b750
SHA256: 78e0887ec144e664c0290c489a8d7ec1757896fcef7cd9d0993f499c5e34c624
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Dutch.ini
text
MD5: 0e09bdb17922272e2620017ae4c4a0c1
SHA256: 73321e1964e90312381193129a850db898154455931b7bce575450a0c9847a5d
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Finnish.ini
text
MD5: 7223c54d472ad608d2b6216220cf0c92
SHA256: dc96963f6e980bb08aca28eb08b74cdc0392c1fa5b8e863fc0b45d697edaa064
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-S8CN5.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-52T7M.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-FERBE.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-G4TER.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Chinese.ini
text
MD5: 444ceacee1b03a56d375b1354cc6c481
SHA256: 0c904a86a8c6dfbbf7c97d356b84cddb9f29798d291e9b773a4a4d3f151ef18f
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Czech.ini
text
MD5: a74337782e58f418673833ec46f9b63f
SHA256: f84d7ab22ada703bc6eccfe46b81ced66c04db8e038cc8827532ea0e5424f8e1
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Danish.ini
text
MD5: e49a55e7f716e09164ece7f43d5f655f
SHA256: ebe88326f5d9c9a65266e691081472fd2d332ad0d37a115e815b7d68e2cd0a72
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-5NARJ.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-5LRAP.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-6EQLF.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\BrazilianPortuguese.ini
text
MD5: eecf2b4fe7cac9c5b615e895e4051007
SHA256: 195ad930f5fcde813c1aab25143f9b83cd4d1dee39b6e8f0404ea07b42402586
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Bulgarian.ini
text
MD5: f1b668f9405273b90ed3327616e591e0
SHA256: ade8032e9aa083b480abb574acbc9aa07e96cb715a5b8578913f62205fd78234
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Catalan.ini
text
MD5: 45644d66ff2bfc2016a57de40fc800f2
SHA256: 60c0e6d06429056ff3479435e499a51b6f267f9a73b1ba07b88ed560ec86b642
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-194U8.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-49CJ8.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-EF0RA.tmp
––
MD5:  ––
SHA256:  ––
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{3B8C0CBD-A95D-11E9-A9B1-5254004A04AF}.dat
binary
MD5: df7dd46dfc27072c786389402c855b46
SHA256: 48c19a9bb1bde7ef144ee8778136d2e2f853f53343a9b6d019e6634b9a45aba7
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Arabic.ini
text
MD5: e62986b71d2187ce45a177619f2cafba
SHA256: f39ff62dfcb7014b003ea3451717639e650c21a09faac9807fe7a26e2ff98283
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\Belarusian.ini
text
MD5: f8f48a64251e03436ecfdbc9503cd9ef
SHA256: 9711e0d6316a7f6a2dea9b3e8f8477dec5ad89d606f1ef11a7109308e8738877
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-QKC5C.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\languages\is-LH958.tmp
––
MD5:  ––
SHA256:  ––
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\is-F3QCF.tmp
––
MD5:  ––
SHA256:  ––
3752
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{3B8C0CBC-A95D-11E9-A9B1-5254004A04AF}.dat
binary
MD5: 6706fa0deaf6e1ae266fe5b79b501e6b
SHA256: 709dc677cfb887cfff5a4756d3f3b141faf61f5bab583349f03f16d3ee4e9813
548
SystemExplorerSetup.tmp
C:\Program Files\System Explorer\is-QC12I.tmp
––
MD5:  ––
SHA256:  ––
3752
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF29100392CA8E770D.TMP
––
MD5:  ––
SHA256:  ––
3752
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF95E4EBDE25E7DBF8.TMP
––
MD5:  ––
SHA256:  ––
2880
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071820190719\index.dat
dat
MD5: 4f6e87c21b347c835ad420999d9be7cf
SHA256: 76649f877f8c5d7ada03f86d9166f96e50fe29979fa656cd87bdd54d593c320b
3752
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFE3DE367558798EA9.TMP
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
15
TCP/UDP connections
12
DNS requests
11
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3484 SystemExplorer.exe GET 200 83.167.234.14:80 http://systemexplorer.net/installhit.php?v=7.0.0.5356 CZ
text
suspicious
2880 iexplore.exe GET 200 83.167.234.14:80 http://systemexplorer.net/installdone.php?v=7.0.0.5356&au=1&iu=0 CZ
html
suspicious
2880 iexplore.exe GET 200 83.167.234.14:80 http://systemexplorer.net/media/styles.css?v=1 CZ
text
suspicious
2880 iexplore.exe GET 200 216.58.206.10:80 http://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,500,500italic,400italic,700,700italic,900italic,900 US
text
whitelisted
2880 iexplore.exe GET 200 216.58.206.10:80 http://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,500,500italic,400italic,700,700italic,900italic,900 US
text
whitelisted
2880 iexplore.exe GET 200 172.217.22.34:80 http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js US
text
whitelisted
2880 iexplore.exe GET 200 172.217.16.138:80 http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js US
text
whitelisted
3752 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2880 iexplore.exe GET 200 172.217.16.131:80 http://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxO.eot US
eot
whitelisted
2880 iexplore.exe GET 200 83.167.234.14:80 http://systemexplorer.net/media/fr_scan.png CZ
image
suspicious
2880 iexplore.exe GET 200 216.58.207.46:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
2880 iexplore.exe GET 200 216.58.207.46:80 http://www.google-analytics.com/r/collect?v=1&_v=j77&a=1439375138&t=pageview&_s=1&dl=http%3A%2F%2Fsystemexplorer.net%2Finstalldone.php%3Fv%3D7.0.0.5356%26au%3D1%26iu%3D0&ul=en-us&de=utf-8&dt=System%20Explorer%20is%20succesfully%20installed&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=IEBAAE~&jid=754704778&gjid=874975622&cid=157577422.1563455332&tid=UA-5036703-2&_gid=1130492534.1563455332&_r=1&z=1965598164 US
image
whitelisted
2880 iexplore.exe GET 200 83.167.234.14:80 http://systemexplorer.net/media/smile_lol.png CZ
image
suspicious
2880 iexplore.exe GET –– 83.167.234.14:80 http://systemexplorer.net/favicon.ico CZ
––
––
suspicious
3152 SystemExplorer.exe GET –– 83.167.234.14:80 http://systemexplorer.net/seccheckser.php CZ
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3484 SystemExplorer.exe 83.167.234.14:80 Master Internet s.r.o. CZ suspicious
2880 iexplore.exe 83.167.234.14:80 Master Internet s.r.o. CZ suspicious
2880 iexplore.exe 216.58.206.10:80 Google Inc. US whitelisted
2880 iexplore.exe 172.217.22.34:80 Google Inc. US whitelisted
2880 iexplore.exe 172.217.16.138:80 Google Inc. US whitelisted
3752 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
2880 iexplore.exe 172.217.16.131:80 Google Inc. US whitelisted
2880 iexplore.exe 216.58.207.46:80 Google Inc. US whitelisted
3152 SystemExplorer.exe 83.167.234.14:80 Master Internet s.r.o. CZ suspicious
–– –– 13.107.21.200:137 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
systemexplorer.net 83.167.234.14
suspicious
fonts.googleapis.com 216.58.206.10
whitelisted
pagead2.googlesyndication.com 172.217.22.34
whitelisted
ajax.googleapis.com 172.217.16.138
172.217.22.42
172.217.22.106
216.58.210.10
172.217.18.106
172.217.23.170
216.58.205.234
172.217.22.10
172.217.18.10
172.217.18.170
172.217.23.138
216.58.206.10
216.58.207.42
216.58.207.74
whitelisted
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
fonts.gstatic.com 172.217.16.131
whitelisted
www.google-analytics.com 216.58.207.46
whitelisted
14.234.167.83.in-addr.arpa No response unknown
46.207.58.216.in-addr.arpa No response unknown
200.21.107.13.in-addr.arpa No response unknown
131.16.217.172.in-addr.arpa No response unknown

Threats

No threats detected.

Debug output strings

No debug info.