General Info Watch the FULL Interactive Analysis at ANY.RUN!

File name

FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe

Verdict
Malicious activity
Analysis date
11/8/2018, 10:49:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
mindspark
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

69013187a8d0d4fc5807c997857e6532

SHA1

7a69cb3aa35ab004dc583a695e0455dc6381d2f3

SHA256

61ac9a06d1db6ff33fb6ffe5728549a458b13b9ddfae43e2c396f8df925a6b6e

SSDEEP

6144:WbUTp1NvRbpiUPxoFM+zsT8qEJEbrPBj3A2xnvCdWYDbHIae+0U/aM4tp5iFw2Et:WIh5piUZoBJ2a2xnasspeuSLp5ieft

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
MINDSPARK was detected
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Loads dropped or rewritten executable
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Creates files in the user directory
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Executable content was dropped or overwritten
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Changes the started page of IE
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Creates a software uninstall entry
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2000)
  • iexplore.exe (PID: 2940)
Changes internet zones settings
  • iexplore.exe (PID: 2040)
Reads internet explorer settings
  • iexplore.exe (PID: 2940)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2040)
  • iexplore.exe (PID: 2940)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2013:12:25 06:01:44+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25088
InitializedDataSize:
186368
UninitializedDataSize:
2048
EntryPoint:
0x3229
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.7.1.3000
ProductVersionNumber:
2.7.1.3000
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
ASCII
Comments:
http://www.mindspark.com
CompanyName:
Mindspark Interactive Network, Inc.
FileDescription:
FormFetcherPro Setup
FileVersion:
2.7.1.3000
InternalName:
FormFetcherPro
LegalCopyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName:
FormFetcherPro
ProductVersion:
2.7.1.3000
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
25-Dec-2013 05:01:44
Detected languages
English - United States
Comments:
http://www.mindspark.com
CompanyName:
Mindspark Interactive Network, Inc.
FileDescription:
FormFetcherPro Setup
FileVersion:
2.7.1.3000
InternalName:
FormFetcherPro
LegalCopyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName:
FormFetcherPro
ProductVersion:
2.7.1.3000
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
25-Dec-2013 05:01:44
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000606C 0x00006200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45707
.rdata 0x00008000 0x00001460 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.94596
.data 0x0000A000 0x0002AF98 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.79535
.ndata 0x00035000 0x00055000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0008A000 0x00003450 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.45805
Resources
1

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
35
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #MINDSPARK formfetcherpro.42f8852efa6c42fd9b6dc032ac59b611.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3744
CMD
"C:\Users\admin\AppData\Local\Temp\FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe"
Path
C:\Users\admin\AppData\Local\Temp\FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mindspark Interactive Network, Inc.
Description
FormFetcherPro Setup
Version
2.7.1.3000
Modules
Image
c:\users\admin\appdata\local\temp\formfetcherpro.42f8852efa6c42fd9b6dc032ac59b611.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nso313d.tmp\nsdialogs.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nso313d.tmp\system.dll
c:\windows\system32\riched20.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
2040
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
2940
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2040 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

PID
2000
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
883
Read events
762
Write events
118
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
EnableFileTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
EnableConsoleTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
FileTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
ConsoleTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
MaxFileSize
1048576
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
FileDirectory
%windir%\tracing
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
EnableFileTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
EnableConsoleTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
FileTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
ConsoleTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
MaxFileSize
1048576
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
FileDirectory
%windir%\tracing
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://hp.myway.com/formfetcherpro/ttab02/index.html?n=C076491&p2=^Z1^mni000^TTAB02&ptb=3AC6A6B6-56E2-4819-9D1F-715952F60063&coid=42f8852efa6c42fd9b6dc032ac59b611
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\FormFetcherPro
Start Page
http://hp.myway.com/formfetcherpro/ttab02/index.html?n=C076491&p2=^Z1^mni000^TTAB02&ptb=3AC6A6B6-56E2-4819-9D1F-715952F60063&coid=42f8852efa6c42fd9b6dc032ac59b611
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
DisplayName
FormFetcherPro Internet Explorer Homepage and New Tab
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
UninstallString
Rundll32.exe "C:\Users\admin\AppData\Local\FormFetcherProTooltab\TooltabExtension.dll" U uninstall:FormFetcherPro
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
Publisher
Mindspark Interactive Network, Inc.
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
HelpLink
http://support.mindspark.com/
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
URLInfoAbout
http://support.mindspark.com/
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\FormFetcherPro
UnInstallSurveyUrl
http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D3AC6A6B6-56E2-4819-9D1F-715952F60063%26ptb%3D^Z1^mni000^TTAB02
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B66ECFF5-E33B-11E8-9C83-5254004AAD11}
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008000900320019005A00
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008000900320019005A00
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B0004000800090032001900B800
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800090032001900D700
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
30
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000900320019001501
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2040
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2040
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Type
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Flags
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E2070B0004000800090032001A00C700
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
BCD798794877D401
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
2
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B0004000800090032001A00D700
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2940
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
57
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
57
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
260
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
203
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
308
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
251
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
405
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
154
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
515
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
264
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
866
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
615

Files activity

Executable files
3
Suspicious files
0
Text files
51
Unknown types
4

Dropped files

PID Process Filename Type
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\nsDialogs.dll executable
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\System.dll executable
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\FormFetcherProTooltab\TooltabExtension.dll executable
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\banner[1].jsonp text
2940 iexplore.exe C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MJRO8J62\ak.staticimgfarm[1].xml text
2940 iexplore.exe C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KCX8F312\hp.myway[1].xml text
2940 iexplore.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@myway[1].txt text
2940 iexplore.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@myway[2].txt ––
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ttdetect[1].html html
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\amazon[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat dat
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\youtube[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\walmart[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\facebook[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\chiclet_priceline[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\GFO_chiclet_healthcare[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\chiclet_booking[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\chiclet_trivago[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_transportation[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_taxation[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_passporttravel[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\GFO_chiclet_citzenship[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_email[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\224099359[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\230586025[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\230586027[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\230586026[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\230586024[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\230586022[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\230586023[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\230586007[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\down-arrow[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\en[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\223754551[1].png image
2940 iexplore.exe C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KCX8F312\hp.myway[1].xml text
2940 iexplore.exe C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat dat
2940 iexplore.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@myway[1].txt text
2000 FlashUtil32_26_0_0_131_ActiveX.exe C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier text
2040 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\CNI[1].ico image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\app[1].js text
2040 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109\index.dat dat
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109\index.dat dat
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\google[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ie8[1].js ––
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\final_logo_newtab[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\CNI[1].png image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].html html
2040 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].png image
2040 iexplore.exe C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ––
2040 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico ––
2940 iexplore.exe C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KCX8F312\hp.myway[1].xml text
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\FFP_msi_bg-copy_1501775583592.bmp image
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tb.ask[1].txt text
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\installerParams text
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\installerParams[1].jhtml text
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\Install_ENG_1436200260055.bmp image
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\FFP_msi_bg-copy_1501775570724.bmp image
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe C:\Users\admin\AppData\Local\Temp\nso313D.tmp\cancel_blue_1473354968093.bmp image
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\async-iac_centerbanner_ui.center_banner_ui[1].js text
2940 iexplore.exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\singlesday_banner_2018_600x50[1].png image

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
44
TCP/UDP connections
18
DNS requests
6
Threats
12

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=42f8852efa6c42fd9b6dc032ac59b611&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2067566160&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-13&errorType=nsisError&errorDetails=EmptyPartnerId&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2074847465&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerInvoked&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2013125562&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
–– –– GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/index.html?n=C076491&p2=^Z1^mni000^TTAB02&ptb=3AC6A6B6-56E2-4819-9D1F-715952F60063&coid=42f8852efa6c42fd9b6dc032ac59b611 unknown
html
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/assets/1541015452143/ie8.js unknown
html
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/final_logo_newtab.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/CNI.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/search/google.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/assets/1541015452143/app.js unknown
text
whitelisted
2040 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/vicinio/chrome/spent/images/favicon/CNI.ico unknown
image
whitelisted
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerFinished&tbUID=3AC6A6B6-56E2-4819-9D1F-715952F60063&tbVer=&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2046757183&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html unknown
html
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223754551.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/down-arrow.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586007.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586022.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586023.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/localization/searchbuttons/en.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586024.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586025.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586026.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586027.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/224099359.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_email.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_citzenship.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_transportation.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_passporttravel.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_taxation.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_trivago.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_booking.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_priceline.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/facebook.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_healthcare.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/walmart.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/youtube.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/amazon.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/banner.jsonp?v=1541670627246&callback=fn unknown
text
whitelisted
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=CAPSearch&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=1541670627356&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=5&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&productData=%7B%22pageLoad%22%3A1%7D&anxe=TabPageView&anxr=1793108132 US
––
––
unknown
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=0&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&productData=%7B%22coid%22%3A%2242f8852efa6c42fd9b6dc032ac59b611%22%2C%22pageLoad%22%3A1%7D&anxe=Heartbeat&anxr=2091154665 US
––
––
unknown
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=CAPOne&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=1541670627340&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&anxtv=webtooltab-2.1.1&fParameter=00000050&coid=42f8852efa6c42fd9b6dc032ac59b611&productData=%7B%22pageLoad%22%3A1%7D&anxe=ToolbarConfig&anxr=312747731 US
––
––
unknown
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/assets/1541015452143/async-iac_centerbanner_ui.center_banner_ui.js unknown
text
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/banners/singlesday_banner_2018_600x50.png unknown
image
whitelisted
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=1541670627340&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=4&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&productData=%7B%22queryString%22%3A%7B%22n%22%3A%22C076491%22%2C%22coid%22%3A%2242f8852efa6c42fd9b6dc032ac59b611%22%2C%22dpr%22%3A%22%22%2C%22pixelUrl%22%3A%22%22%7D%2C%22innerWidth%22%3A788%2C%22innerHeight%22%3A460%2C%22userFontSize%22%3A16%2C%22pageLoad%22%3A1%7D&anxe=PageView&anxr=1506122658 US
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe 74.113.233.192:80 Mindspark Interactive Network, Inc. US suspicious
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe 74.113.235.138:443 Mindspark Interactive Network, Inc. IE unknown
–– –– 204.79.197.200:80 Microsoft Corporation US whitelisted
2940 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
2040 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
2940 iexplore.exe 74.113.233.187:80 Mindspark Interactive Network, Inc. US unknown

DNS requests

Domain IP Reputation
anx.mindspark.com 74.113.233.192
malicious
dp.tb.ask.com 74.113.235.138
whitelisted
hp.myway.com 2.18.232.251
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
ak.staticimgfarm.com 2.18.232.251
whitelisted
anx.tb.ask.com 74.113.233.187
unknown

Threats

PID Process Class Message
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent

4 ETPRO signatures available at the full report

Debug output strings

No debug info.