General Info

URL

http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hyourmapview.com&implementation_id=maps_spt_&source=Bing_v1-bb9&adprovider=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&dfn=Your%20Map%20View&spo=0&appname=Your%20Map%20View&appdesc=Get%20directions%20or%20lookup%20maps%20for%20free.%20Search%20Maps,%20Local%20Traffic,%20and%20Driving%20Directions.&ies=s,h&sso=

Full analysis
https://app.any.run/tasks/45ecb25d-38a5-4352-b390-e8f27f8427d2
Verdict
Malicious activity
Analysis date
5/15/2019, 15:38:16
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

adload

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Downloads executable files from the Internet
  • iexplore.exe (PID: 352)
ADLOAD was detected
  • download[1].exe (PID: 1244)
Application was dropped or rewritten from another process
  • download[1].exe (PID: 1244)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 584)
  • download[1].exe (PID: 1244)
  • iexplore.exe (PID: 352)
Creates files in the user directory
  • download[1].exe (PID: 1244)
Starts Internet Explorer
  • download[1].exe (PID: 1244)
Changes the started page of IE
  • download[1].exe (PID: 1244)
Creates a software uninstall entry
  • download[1].exe (PID: 1244)
Creates files in the user directory
  • IEXPLORE.EXE (PID: 1920)
  • iexplore.exe (PID: 352)
Dropped object may contain Bitcoin addresses
  • IEXPLORE.EXE (PID: 1920)
Reads Internet Cache Settings
  • IEXPLORE.EXE (PID: 1920)
  • iexplore.exe (PID: 584)
  • iexplore.exe (PID: 352)
Changes internet zones settings
  • IEXPLORE.EXE (PID: 3648)
  • iexplore.exe (PID: 584)
Application launched itself
  • IEXPLORE.EXE (PID: 3648)
  • iexplore.exe (PID: 584)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 1920)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
37
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start iexplore.exe iexplore.exe #ADLOAD download[1].exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
584
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\download[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mlang.dll

PID
352
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:584 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
1244
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\download[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\download[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SpringTech Ltd.
Description
Version
4, 6, 0, 2
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\download[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll

PID
3648
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hyourmapview.com/?ap=appfocus523&source=Bing_v1-bb9-iei&i_id=maps_spt__1.30&uid=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&uc=20190515
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
download[1].exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
1920
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3648 CREDAT:71937
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imgutil.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
1102
Read events
946
Write events
154
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
EnableFileTracing
0
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
EnableConsoleTracing
0
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
FileTracingMask
4294901760
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
ConsoleTracingMask
4294901760
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
MaxFileSize
1048576
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
FileDirectory
%windir%\tracing
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
EnableFileTracing
0
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
EnableConsoleTracing
0
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
FileTracingMask
4294901760
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
ConsoleTracingMask
4294901760
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
MaxFileSize
1048576
1244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
FileDirectory
%windir%\tracing
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA572675-55A8-4309-BC9B-CAD31E2282C7}
DisplayName
Your Map View - Powered by Yahoo!
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA572675-55A8-4309-BC9B-CAD31E2282C7}
URL
http://search.hyourmapview.com/s?ap=appfocus523&source=Bing_v1-bb9-iei&i_id=maps_spt__1.30&uid=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&uc=20190515&query={searchTerms}
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA572675-55A8-4309-BC9B-CAD31E2282C7}
SuggestionsURL
https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}
1244
download[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
6256FFB019F8FDFBD36745B06F4540E9AEAF222A25
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D100000000020000000000106600000001000020000000904F3FF3B3F1A2BFE853E3D960534069B734A71D59B0513F0953C8F95758C6AF000000000E8000000002000020000000D1FBEA135F2D0B9FD2A5043797D14B48D65DDE5815E7695962EBAFF850B559A21000000097BCD92730F33BE7E61D6102371D9117400000003906B9BBEEC2FAFC13899C2020D0FA0D656D0C46A04128A2FD79B7AE91E748FD0D9CEB39BC66BE3DF2B74F2E87A5155BA8893C9322129F53785273481BCB0A05
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D1000000000200000000001066000000010000200000007B0DBAF87C267851B9DECC70CD904D70A13B1D5FE3582F2821428B5188F512AC000000000E8000000002000020000000A2FB7F78905E8C56A17530E114202DECC78C4AB87227135E25939DA6CA90B6E450000000445AF23DD7A4572E28522DD62716515B866D1765D6CFB54A9118D39A6DA06C5544CE2848034319C2F30713095BB8FB9692CCAFB9253941204F8E717D65887D20F5CBB02C11B8F844AE433D14CDC204FF400000002806148F9E03A809F35F0FDC9C16E8A718994AD0B61D6E3D652A03A7A29008EFF8B2BB269AB9254B7FAAC8F7648D0C80493284B387E236558CC19BDC76A764AE
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{FA572675-55A8-4309-BC9B-CAD31E2282C7}
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://search.hyourmapview.com/?ap=appfocus523&source=Bing_v1-bb9-iei&i_id=maps_spt__1.30&uid=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&uc=20190515
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayName
Your Map View
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayVersion
4.6.0.2
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Publisher
SpringTech Ltd.
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
InstallLocation
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallString
"C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallDialog
2
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallEngineID
{FA572675-55A8-4309-BC9B-CAD31E2282C7}
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallImpression
http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event={exEvent}
1244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallHomepage
http://search.hyourmapview.com/?ap=appfocus523&source=Bing_v1-bb9-iei&i_id=maps_spt__1.30&uid=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&uc=20190515
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B975163B-7716-11E9-B63D-5254004A04AF}
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F000D0026001F00BD00
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F000D0026001F00BD00
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000D0026001F005901
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000D0026001F006901
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
285
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000D0026001F008202
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
52
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F000D0026003A005D0300000000
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
584
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
584
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032020190321
352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516
352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
352
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{D3BD4257-7716-11E9-B63D-5254004A04AF}
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F000D0027000F001100
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F000D0027000F001100
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000D0027000F00BD00
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000D0027000F00DC00
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
224
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000D0027000F00EC00
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
43
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
DCF47397230BD501
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3648
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1920
IEXPLORE.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
IEXPLORE.EXE

Files activity

Executable files
3
Suspicious files
7
Text files
39
Unknown types
11

Dropped files

PID
Process
Filename
Type
1244
download[1].exe
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe
executable
MD5: 35966d66a5813ef87c2574e5411d413b
SHA256: 2072caa1039c367077eb576ffd20bb6e0fbb05641ff96258696b3d73bc58e294
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\YourMapView-19741043[1].exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\download[1].exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\CabBFD6.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\CabBFB4.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\TarBFB5.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 7eb117d4f238090940dbe43efbcdf1f4
SHA256: a45a77d256628943190f8aa0f4673496d11dba6bc3569796b6f733465fd005e4
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\firebase-database[1].js
text
MD5: 0b73ce41f82899bdc2f3a25f0d329d8d
SHA256: c5ad5aee892d68422a84bf2e2df83f6fcb2c7de2e0506a8ec2702f1c0b856daa
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\firebase-firestore[1].js
s
MD5: 6f7a7f8cec97cf107d26a28139174bad
SHA256: c4fdb6859c7e6ad03c49f1d43ddc4165b1ba786b10a41bc00fd0c01baf33c49a
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\firebase-auth[1].js
text
MD5: 5820c0d760b485dee2de26326f5fbecc
SHA256: e274fc6b43371232b1db34aa3b09703f88fbb05453a50bf00f89833496b06703
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\CabBEE7.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\TarBEF8.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\CabBEE5.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\TarBEE6.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: ca32ab56713b14a6fc64576d905b4eb9
SHA256: 4ffc6bc2f97ebe87d60929a0f583715f6947d5238b912cfc9d53cd087ff78c96
1920
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\TarBED5.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\CabBED4.tmp
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\Sprite_Email_V9[1].png
image
MD5: b28e84650fd0bfeee84818c6dae1990f
SHA256: 856a3f6468b76d5e204793c0a8f7f9287674a1536e2e61ed1a8d4413700bcfa4
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\common[1]
text
MD5: cbc0d9f98681397b3651db5d6a78ec9d
SHA256: cd88b03843bd96c2b9ddfcf332850e3da722b509f4a00f08490fdb2325465a27
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\gear-icon[1].png
image
MD5: c191c48cdc9a12101c96bac13a3a672e
SHA256: 19fce2176cb990c4773742094923ccdd17d778fd050b675b0c8ff16b945e95ca
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\Sprite_Maps_V0[1].png
image
MD5: be1f0e0af3633338781b7a0bc93ef7e9
SHA256: 80460b923d79b6fcb4b3b05aee5187c5c721720e2efee4a988c8dc0188400c1d
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\mapsIcon[1].png
image
MD5: 4f86f7f905261217dc055b4fd22735ca
SHA256: 64430f36c745695f22d8999681c7449059bdbcf6be326b8bea96ff09d873dc80
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\recipesIcon[1].jpg
image
MD5: 0df82b6f5e4044de09dabcd5aa755afb
SHA256: 3257d7d9d5b73b0a5fe51dc0493005d50833ea28b848e0ffb4d4b1db25425465
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\maps[1].png
image
MD5: 1954af91338eedbb8ef6695eb19923b1
SHA256: 8391fa6f7611cef647509ea1864aca9d3d8efcc981e8d1eb89ad65214a6b7e4a
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: ba9c770dfd878ab2bee0d7c3fb3e1171
SHA256: 227785b3e46d1f83e4fc64d11ece50f62b62dc8676be86f133b88fb93aca722b
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\weatherAgencyIcon[1].jpg
image
MD5: ca18bf31a2bdc6325c3839c7f47d8f6e
SHA256: 0651cf7b687ef85bbf398677789f763ca99e709ceca13c1ac3e90851fc4a07bd
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\saveMoney[1].png
image
MD5: a353048a16ced5eacab658f12e4db18d
SHA256: e2c368a8182d29a0fc74005f812f55b71a840b80cd7c07619db67424839f5594
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\facebook[1].png
image
MD5: 4f876fc8fe7f09d2507b283f1edd8919
SHA256: fed8fdfd1088496540260f565f9bd9942e1785481b0de9fdbeccf0b39ab44cd4
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\news-1[1].png
image
MD5: 69f417a5b6fb00c16f2b1613f787878c
SHA256: 9717dfdf6c679515fa277e4ef79d0f91748c40aebc657a9e1da6b5a6aefb7888
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\amazon[1].png
image
MD5: 65d37a0031eefa2720aa4e20bcbfb6f2
SHA256: a279329ab261b8fc30b5ec08ccd0ceade7cf6ff1c0dae6a05cd46189191a43d1
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\toolbar-yahoo-maps[1].png
image
MD5: b02956010a8f8a456e280d135e3c72bb
SHA256: 1e738b9a1d5ccec05f72f3ada32029c46117bc58ba9909dbd5ba3fe1f2c9ba5c
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\search_hyourmapview_com[1].txt
html
MD5: 469c54bb1b679a277b5727b26bd4fa2c
SHA256: 87ae914dd61a56654fce5b2eeba92e7365d4d1bc98c6deb2a10a822983af43ee
1920
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 58e34c861b6ae92e2cb61a7c3f09eb50
SHA256: 80eeffb75fdfa778f261dd3bbe583b9413a8acba7b752f41937f05763d1804f9
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1920
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0YJE3AYA\search.hyourmapview[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\impression[1]
text
MD5: 9e4f0c2dbc20b43cb242ecd4cafe68c2
SHA256: 1bab8c7fd5da3f53cc2c261845edb320f54d2f62abf30e05a1bdf4d96a6505ce
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\header_common[1]
text
MD5: 7395e64d793177bd26a720124703786f
SHA256: e593503a6f74a91b7ca6d5ef4be3bf2a0fc2b5d45d615e6d9788512bbfec2aa4
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\setting[1].txt
text
MD5: ef9323d5935a425c7ebe28da6bc79fe3
SHA256: 1d8169ea23eb16843ce5c60a4a07191776c668bb3eb88c8695394316970c15e4
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\monetizedquicklinks[1].txt
text
MD5: 34fae68233e2f231ca1300f8e505259b
SHA256: 762c66c1489b7f34d3792e1dffb5e991a1324a5b1ae958b275f84b01af243c8f
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\maps_v0[1].txt
text
MD5: 5cf9b1009e87bce656441da0c348014e
SHA256: fbf9f634dbf75876a4ce26122f84d02fbc686215bc33c54a6f6db630f6dcba55
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\search_hyourmapview_com[1].txt
––
MD5:  ––
SHA256:  ––
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\search_hyourmapview_com[1].htm
html
MD5: 202ca06a0022b3059d685658a2c082ac
SHA256: 30d1eb6436ca8ced8a0bbe15ff81c5362fb322b186aebc9ddcfbfb947b4e05d5
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ac15244b5b0619e7d41a1411cd5e5648
SHA256: 26a9b484a5a090c42ed88718a7a108dfc42c1ab87eafba2993d08a427f167050
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 7ee09607eb6ad559defdb6e26030579b
SHA256: 41e46ce21cf3eced859122a602c3704285891f46c1b414797bd05ae009b987b2
3648
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B975163B-7716-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
584
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF6B2B4F21BF3B09EA.TMP
––
MD5:  ––
SHA256:  ––
352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
352
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 36e41bed952c993b38b3daf309685c3d
SHA256: e75cb458c5423621815bfb115e63e26cc82b466866b7ac739b06cadbd485e930
1244
download[1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\api[1].txt
––
MD5:  ––
SHA256:  ––
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: 18e41673c9a65affe0bf97bb6f2e3117
SHA256: 8c3eda85be10b8f95d2c737b40af70e947b63e7e73d4c83903059da45b888a98
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: 0c34b1c3f726ae88b0fc83790f1c64dd
SHA256: 85d008e7fe3393063971180374df58db3852702d7dd2ce0beb5333749785c58a
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: a05522980576d1aab46e156f1089f89d
SHA256: 879bdfa844ae4f24390920a2c4dde16ebb9c48774563b72deaf2006c615e0fe8
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\YourMapView-19741043[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\download[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1920
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: eff08114e649f7c4ec972ae2ee330f90
SHA256: de6b5645adacd94c0881df0bd387b94f0048ce596e6ae6df8a3aff43b0e60c34
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Temp\Low\TarBFD7.tmp
––
MD5:  ––
SHA256:  ––
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B975163C-7716-11E9-B63D-5254004A04AF}.dat
binary
MD5: 02cef14491f4e6def6971d2eecd51bb3
SHA256: 80273da421e8e531e78a64ec7a831568a7911230aff405703a162a06e9872794
584
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF26B617F176484FAA.TMP
––
MD5:  ––
SHA256:  ––
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
584
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 14e3b52783025f022e364874e489efea
SHA256: 1208341109277c8d8237c3f0a1f2c1e4168b2ef8e88f2e0f3de02ba6449d32d4
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B26SQGMI\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DWQR9NPP\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8KVKBFC3\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
584
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1920
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\630K0FIY\prompt[1]
text
MD5: da794d7d095b8c23960fd9f7881aca36
SHA256: 7f29e495eca7ffad9b86a616c2b86bdef5010abe22c17a8cd6cf9d05ec7ab53f

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
32
TCP/UDP connections
26
DNS requests
14
Threats
10

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
584 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
352 iexplore.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hyourmapview.com&implementation_id=maps_spt_&source=Bing_v1-bb9&adprovider=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&dfn=Your%20Map%20View&spo=0&appname=Your%20Map%20View&appdesc=Get%20directions%20or%20lookup%20maps%20for%20free.%20Search%20Maps,%20Local%20Traffic,%20and%20Driving%20Directions.&ies=s,h&sso= US
executable
shared
1244 download[1].exe GET 200 34.192.66.209:80 http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=ZG93bmxvYWRbMV0uZXhl&rf=0&proto=1 US
text
shared
1244 download[1].exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event=ex_accepted US
––
––
shared
1244 download[1].exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event=ex_shown_ds US
––
––
shared
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/?ap=appfocus523&source=Bing_v1-bb9-iei&i_id=maps_spt__1.30&uid=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&uc=20190515 US
html
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/styles/home/maps_v0?v=Yz8XtZkeG7j2ZEPk_hFMPUWO3-Y1QVlPEJhbSP8xnhU1 US
text
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/get/js/impression?uc=20190515&ap=appfocus523&source=Bing_v1-bb9-iei&uid=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&i_id=maps_spt__1.30&cid= US
text
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/styles/home/monetizedquicklinks?v=bq-qjnJKIdP158TdiPbryytiEg8Ladbsf4GjeYgFJ481 US
text
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/styles/home/setting?v=ryUN9ROxMocKoOuvctYLZZeK4BqnEgMfzTl9evNnkcM1 US
text
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81 US
text
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/ US
html
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/scripts/home/common?v=wedub8r0Lbkwr37xyJtAL2Xiy6XG4S0_fLeDx9molJw1 US
text
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/Home/Maps/Sprites/Sprite_Maps_V0.png US
image
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/Images/toolbar-yahoo-maps.png US
image
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/Images/saveMoney.png US
image
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/Microsite/News/mapsIcon.png US
image
unknown
1920 IEXPLORE.EXE GET 200 143.204.98.167:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/amazon.png US
image
whitelisted
1920 IEXPLORE.EXE GET 200 143.204.98.167:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/news-1.png US
image
whitelisted
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/img/Icons/weatherAgencyIcon.jpg US
image
unknown
1920 IEXPLORE.EXE GET 200 143.204.98.167:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/facebook.png US
image
whitelisted
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/img/Icons/recipesIcon.jpg US
image
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/Home/Shared/Images/gear-icon.png US
image
unknown
1920 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/Content/Home/Email/Sprites/Sprite_Email_V9.png US
image
unknown
1920 IEXPLORE.EXE GET 200 143.204.98.76:80 http://x.ss2.us/x.cer US
der
whitelisted
1920 IEXPLORE.EXE GET 200 205.185.216.10:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3648 IEXPLORE.EXE GET 200 52.6.170.180:80 http://search.hyourmapview.com/favicon.ico US
image
unknown
1244 download[1].exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event=ex_set_ds US
––
––
shared
1244 download[1].exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event=ex_set_hp US
––
––
shared
1244 download[1].exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event=ex_installed US
––
––
shared
1244 download[1].exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/impression.do?domain=hyourmapview.com&implementation_id=maps_spt__1.30&offer_id=_iei_&source=Bing_v1-bb9-iei&sub_id=20190515&traffic_source=appfocus523&user_id=652e5b7e-5ddf-492e-9b23-4bf0c48d0dc0&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1557927533&sgn=0bf7e685c7186a5289c6752c72114f9febe4e216&subid2=8.0.7601.17514&event=ex_executed US
––
––
shared
1244 download[1].exe POST 200 34.192.66.209:80 http://www.springtechdld.com/advplatform/api.cgi?act=postStat&id=ZG93bmxvYWRbMV0uZXhl&rf=0&proto=1 US
text
compressed
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
584 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
352 iexplore.exe 107.23.13.37:80 Amazon.com, Inc. US malicious
584 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
352 iexplore.exe 34.192.66.209:80 Amazon.com, Inc. US shared
1244 download[1].exe 34.192.66.209:80 Amazon.com, Inc. US shared
1244 download[1].exe 107.23.13.37:80 Amazon.com, Inc. US malicious
1920 IEXPLORE.EXE 52.6.170.180:80 Amazon.com, Inc. US unknown
1920 IEXPLORE.EXE 52.30.52.254:443 Amazon.com, Inc. IE unknown
1920 IEXPLORE.EXE 143.204.98.33:443 US unknown
1920 IEXPLORE.EXE 52.22.227.196:443 Amazon.com, Inc. US unknown
1920 IEXPLORE.EXE 143.204.98.167:80 US unknown
1920 IEXPLORE.EXE 172.217.18.163:443 Google Inc. US whitelisted
1920 IEXPLORE.EXE 3.214.73.124:443 US unknown
1920 IEXPLORE.EXE 143.204.98.76:80 US suspicious
1920 IEXPLORE.EXE 205.185.216.10:80 Highwinds Network Group, Inc. US whitelisted
3648 IEXPLORE.EXE 52.6.170.180:80 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.springdwnld2.com 107.23.13.37
34.192.66.209
shared
dns.msftncsi.com 131.107.255.255
whitelisted
www.springtechdld.com 34.192.66.209
107.23.13.37
shared
search.hyourmapview.com 52.6.170.180
18.215.37.163
unknown
appfocus.go2cloud.org 52.30.52.254
52.50.109.222
54.72.199.154
malicious
d3ff8olul1r3ot.cloudfront.net 143.204.98.33
143.204.98.96
143.204.98.88
143.204.98.207
whitelisted
imp.onesearch.org 52.22.227.196
54.174.5.12
malicious
dap2y8k6nefku.cloudfront.net 143.204.98.167
143.204.98.31
143.204.98.3
143.204.98.214
whitelisted
www.gstatic.com 172.217.18.163
whitelisted
pushible.com 3.214.73.124
54.209.28.202
unknown
x.ss2.us 143.204.98.76
143.204.98.54
143.204.98.159
143.204.98.221
whitelisted
www.download.windowsupdate.com 205.185.216.10
205.185.216.42
whitelisted

Threats

PID Process Class Message
352 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
352 iexplore.exe Misc activity ET INFO EXE - Served Attached HTTP
1244 download[1].exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
1244 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
1244 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
1244 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
1244 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
1244 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
1244 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
1244 download[1].exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent

Debug output strings

No debug info.