General Info

File name

FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe

Full analysis
https://app.any.run/tasks/11813262-460c-4258-97b0-013d50855336
Verdict
Malicious activity
Analysis date
11/8/2018, 10:49:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

mindspark

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

69013187a8d0d4fc5807c997857e6532

SHA1

7a69cb3aa35ab004dc583a695e0455dc6381d2f3

SHA256

61ac9a06d1db6ff33fb6ffe5728549a458b13b9ddfae43e2c396f8df925a6b6e

SSDEEP

6144:WbUTp1NvRbpiUPxoFM+zsT8qEJEbrPBj3A2xnvCdWYDbHIae+0U/aM4tp5iFw2Et:WIh5piUZoBJ2a2xnasspeuSLp5ieft

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
MINDSPARK was detected
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Loads dropped or rewritten executable
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Creates files in the user directory
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Executable content was dropped or overwritten
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Creates a software uninstall entry
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Changes the started page of IE
  • FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe (PID: 3744)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2000)
  • iexplore.exe (PID: 2940)
Changes internet zones settings
  • iexplore.exe (PID: 2040)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2940)
  • iexplore.exe (PID: 2040)
Reads internet explorer settings
  • iexplore.exe (PID: 2940)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2013:12:25 06:01:44+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25088
InitializedDataSize:
186368
UninitializedDataSize:
2048
EntryPoint:
0x3229
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.7.1.3000
ProductVersionNumber:
2.7.1.3000
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
ASCII
Comments:
http://www.mindspark.com
CompanyName:
Mindspark Interactive Network, Inc.
FileDescription:
FormFetcherPro Setup
FileVersion:
2.7.1.3000
InternalName:
FormFetcherPro
LegalCopyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName:
FormFetcherPro
ProductVersion:
2.7.1.3000
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
25-Dec-2013 05:01:44
Detected languages
English - United States
Comments:
http://www.mindspark.com
CompanyName:
Mindspark Interactive Network, Inc.
FileDescription:
FormFetcherPro Setup
FileVersion:
2.7.1.3000
InternalName:
FormFetcherPro
LegalCopyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName:
FormFetcherPro
ProductVersion:
2.7.1.3000
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
25-Dec-2013 05:01:44
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000606C 0x00006200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45707
.rdata 0x00008000 0x00001460 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.94596
.data 0x0000A000 0x0002AF98 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.79535
.ndata 0x00035000 0x00055000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0008A000 0x00003450 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.45805
Resources
1

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
35
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #MINDSPARK formfetcherpro.42f8852efa6c42fd9b6dc032ac59b611.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3744
CMD
"C:\Users\admin\AppData\Local\Temp\FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe"
Path
C:\Users\admin\AppData\Local\Temp\FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mindspark Interactive Network, Inc.
Description
FormFetcherPro Setup
Version
2.7.1.3000
Modules
Image
c:\users\admin\appdata\local\temp\formfetcherpro.42f8852efa6c42fd9b6dc032ac59b611.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nso313d.tmp\nsdialogs.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nso313d.tmp\system.dll
c:\windows\system32\riched20.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
2040
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
2940
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2040 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

PID
2000
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
883
Read events
762
Write events
118
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
EnableFileTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
EnableConsoleTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
FileTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
ConsoleTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
MaxFileSize
1048576
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASAPI32
FileDirectory
%windir%\tracing
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
EnableFileTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
EnableConsoleTracing
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
FileTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
ConsoleTracingMask
4294901760
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
MaxFileSize
1048576
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FormFetcherPro_RASMANCS
FileDirectory
%windir%\tracing
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://hp.myway.com/formfetcherpro/ttab02/index.html?n=C076491&p2=^Z1^mni000^TTAB02&ptb=3AC6A6B6-56E2-4819-9D1F-715952F60063&coid=42f8852efa6c42fd9b6dc032ac59b611
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\FormFetcherPro
Start Page
http://hp.myway.com/formfetcherpro/ttab02/index.html?n=C076491&p2=^Z1^mni000^TTAB02&ptb=3AC6A6B6-56E2-4819-9D1F-715952F60063&coid=42f8852efa6c42fd9b6dc032ac59b611
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
DisplayName
FormFetcherPro Internet Explorer Homepage and New Tab
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
UninstallString
Rundll32.exe "C:\Users\admin\AppData\Local\FormFetcherProTooltab\TooltabExtension.dll" U uninstall:FormFetcherPro
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
Publisher
Mindspark Interactive Network, Inc.
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
HelpLink
http://support.mindspark.com/
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FormFetcherProTooltab Uninstall Internet Explorer
URLInfoAbout
http://support.mindspark.com/
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
write
HKEY_CURRENT_USER\Software\FormFetcherPro
UnInstallSurveyUrl
http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D3AC6A6B6-56E2-4819-9D1F-715952F60063%26ptb%3D^Z1^mni000^TTAB02
2040
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2040
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B66ECFF5-E33B-11E8-9C83-5254004AAD11}
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008000900320019005A00
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008000900320019005A00
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B0004000800090032001900B800
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800090032001900D700
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
30
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000900320019001501
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Type
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Flags
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E2070B0004000800090032001A00C700
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
BCD798794877D401
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
2
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B0004000800090032001A00D700
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2040
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2940
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
57
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
57
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
260
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
203
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
308
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
251
2940
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
405
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
154
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
515
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
264
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
866
2940
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
615

Files activity

Executable files
3
Suspicious files
0
Text files
51
Unknown types
4

Dropped files

PID
Process
Filename
Type
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\nsDialogs.dll
executable
MD5: b9a5a272154fc0dd652ef9c59c5d63a0
SHA256: d84d810b8f8819f4a34d5e033b72951eadda1bbb5ed0b8c76874b6c25001caa9
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\System.dll
executable
MD5: 7399323923e3946fe9140132ac388132
SHA256: 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\FormFetcherProTooltab\TooltabExtension.dll
executable
MD5: 767737f00455032d893a223b78621f2d
SHA256: e71eca3ba443107880ea99520422489c4efc238b846681b6e3a5d3c9e61071bf
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\banner[1].jsonp
text
MD5: dffcef5c63c903b699c50b3a9bb7fb47
SHA256: 69c4c32cded7769f2f8782df5f3c4bf028d1c5c48ec06c8e5f719c0f3d709758
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MJRO8J62\ak.staticimgfarm[1].xml
text
MD5: b74353fd5a2edae39af64f6d91d229df
SHA256: 6ca208fc2f54a6eb2c514d40b6279812a72088e7dcc7305ac045cc907611d410
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KCX8F312\hp.myway[1].xml
text
MD5: 44d7e517260aed3b114ceb5248362f7e
SHA256: 824e07b2b2cf227e8bdf99313a3a5fbd926af8fb9b2f8a6c4fa44e0562c5daa5
2940
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0e4c92b11332a223e1119889a449c451
SHA256: 95a3768fcd71fcc656d1de564b01b1bbbc4100e019e6eed58d956b1ff69d89e5
2940
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ttdetect[1].html
html
MD5: 43ca599a05501246c367c16ed6e20393
SHA256: b61fd5ff6325e72f1a8eb9613405ada5a58fbcd984fec1411508e4934389d8f2
2940
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: 3433fd8b8557bb809804025cbdddc6b9
SHA256: 5b82524c69264d8e658acbce783e59d1693f2b8d213b6011b06e0bf8b10bbfdc
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\amazon[1].png
image
MD5: d6a0d7714f87d0a3100cb7f4cf872553
SHA256: f129ad1d943b14c936f620a5f078489b801fb60d0871f3327e2a1e3c918b6210
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\youtube[1].png
image
MD5: 9eb31c0bcbe7c0951f3f6f1d4d0a34f5
SHA256: 5a96ba8927e0b85f922dffb6404f7385052479b237aedc961ebf528a8ee30fe1
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\walmart[1].png
image
MD5: d5cc779d1769577d9d979c9d37b4976b
SHA256: 4b9c948ebde3f8c28ff5f31f4165a998288ad15e9cfe999d39f3e401a97cfdc7
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\facebook[1].png
image
MD5: 1e997e6f9059f1c4e8f12a7808d59479
SHA256: f73e587c85322597e49465d9feb5c52d1f12a6b9eb694922271a999d16274ab3
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\GFO_chiclet_healthcare[1].png
image
MD5: 9b701248ba8970f79f9937e5ee695a84
SHA256: 66174678f01f06c3196896a1c6ebded024cc1766e11845afcac6bc7b4f71d30f
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\chiclet_priceline[1].png
image
MD5: 42c2533944f8102b1c2beba419fcacd6
SHA256: d96450373455dfe3a37d4968abafa9b821e4af2d58ac64f21b053b53a3169ae8
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\chiclet_booking[1].png
image
MD5: 76262e6be07becebdc237e213eb39801
SHA256: d477de4e2d999862f5723575e1d2764467f60b215ee7205ddef98a1826444b26
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\chiclet_trivago[1].png
image
MD5: 4e891f6d5a5c6c12eb1bb8810210f9c6
SHA256: 7e431d4562c8601781d8314c7762dac4d9fb93b320058ae062d58c98eac38baa
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\GFO_chiclet_citzenship[1].png
image
MD5: ff7d5bd93679f960f9761482e65ddd40
SHA256: 551b045109b94ae5ad486c99a2aa0345b02e4f0989e56ba11fdba1cdcd333fda
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_passporttravel[1].png
image
MD5: b3379e52a898bd47d8a65d21ea5a03c1
SHA256: 8dd3220490611e6050b152228681c7b2ba55bc7b13dfffa83f953d889faf75a9
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_taxation[1].png
image
MD5: 1a039b6f70a1ff4c138e9cd1143b2180
SHA256: a31aa5c80f5b8ece618077bd0374973e10bdf9b1a2e4942c50c823dc2b56bd98
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_transportation[1].png
image
MD5: 42ea83727a9f95888b50ceba0e4646e8
SHA256: 2b6d8f5af7543512c345a23007254d662d49ff314ec081b8ab172f8f06ee533c
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\GFO_chiclet_email[1].png
image
MD5: c27c7b84ef2bd5ba081e4277b84b9ec3
SHA256: c24b3cc7f6890b2189791e95ff18131ddca87f448deae84a52c522474e9f7a61
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\230586025[1].png
image
MD5: 04c1af7dd5e8a1dddcd3e234e59eaf35
SHA256: 1cdb1e0e5bcc168e370991f14ce12e1f54e3af33a1f20da1cda96061facd6b8a
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\230586027[1].png
image
MD5: aed2f1a807816c0692bfd96569d06068
SHA256: fc8480fd273f59d27bc8011c77d92899d37453cbc8c280ad6935065d62b97b7e
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\224099359[1].png
image
MD5: e7c1a5f21053c1d653eb80e1ae1d06e0
SHA256: 3139a2deeebacdfc1007efd8bed049e39a337c8db9de96438cdba97bfeed6905
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\230586026[1].png
image
MD5: b9865be47c305b464f9b2bccfdd982f5
SHA256: d424983f081b668a7aa23cec05567b12188ac41b2a896e186d4a944ea0244dda
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\230586024[1].png
image
MD5: dd6f04275e489a17bbe75e24894f82ef
SHA256: 5b15279cdb7a7af5774ef317a61d5df0520b7860c18b55cbd35dc6c1650c6b6a
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\230586023[1].png
image
MD5: e136f442dd334fd032363cd340e27ac4
SHA256: 618af6e2ef7b4ef624f13b9cb54232c01fdd5c36167c55d6cd11095724595605
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\230586022[1].png
image
MD5: 8adeb2f3f95500831f0daad6e432f157
SHA256: 3d3077f60018ac523f36c8cb5c21ef9157f52841cb5b34c4ca816aacaec353dd
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\230586007[1].png
image
MD5: 794568797f23276d7dd996a071d0e64a
SHA256: 23813c0b9ea2a480e61126a89f15177df81d708042edb71a26f726db29e3cabe
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\down-arrow[1].png
image
MD5: 3724b871993686b0c1e8098d714afbbc
SHA256: d8715d730c57514730ba40d9ed08db6e8946d9709905070203a858c343fd490e
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\en[1].png
image
MD5: 96e02ad54706267ad7b18ba797dddfbd
SHA256: 857579b5466da4b80cf6cdb6490d7c756f3d78ac72f25342c455afc8599565bf
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\223754551[1].png
image
MD5: e8d7c88590d60cf3ad4ad0ae6a1c84b5
SHA256: 9b18caf884a0e0c3fc18d4291060f2e5c5f5f72b6a13354eb7ce28a65d4fbf3f
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KCX8F312\hp.myway[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 7e79adbf420f6e55e2c99481304910a5
SHA256: 3b3d825fd168db6a9c5130840138893c7a58e9210afdea892ec0f6c796e80483
2940
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: bba70636fa68c5526df8c09b66775102
SHA256: f3ae1d8e96147986b3e6eafc88cc9e5c5944a33d2073094bb7e9f6020299bbc6
2000
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2040
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\CNI[1].ico
image
MD5: 07b38df87794faafc506f3057dd6b862
SHA256: 2b06579b1e27df59eff6b56f4f078b4df8fda273694937370e3ec24a54c7f829
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\app[1].js
text
MD5: 682690160e7b7d933c692e1f954526fe
SHA256: 38e16fd5084f86d8b88a780daa6b9c08a8d116c3faa36db97819bfcf58d71de5
2040
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: a4c23d7f7d17175e4d6e032d1c340de5
SHA256: 135b7b46601d12a8f4ecb91f73f7e3d40930542d292065877469359c4bf633b8
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: 7fb0f7bdc5d8ccf283ca3bb2f23b99f7
SHA256: 08543bdb26b2e01d7bc28b49ecea250b52ef0f7f903faad0193d94a053358dea
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\google[1].png
image
MD5: 953f6562d9c856bbe67943b342ef3812
SHA256: 089f2a53201e9ec91ba795d1c4a785b4c61b819702761436396d3380ff7015c4
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ie8[1].js
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\CNI[1].png
image
MD5: dd23ef50c8d614dfaead7bc1b436465a
SHA256: 32a1f96115bd07e2357c5497c3b66cd7f55a550ec3b080917c441855e129536d
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\final_logo_newtab[1].png
image
MD5: b8ce9a5ce1fee01c806aac4e6c5182b2
SHA256: a6a62412261bd620d6b34035a3bd2739b8b030907b1a2818c4058ef61578f72f
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].html
html
MD5: 0e85f38cc7796d11f4562525307741c8
SHA256: 5d45da21d830449666fa9361538354b31b3fa5c9b053ba89d168f37d0e972d29
2040
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2040
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2040
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2940
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KCX8F312\hp.myway[1].xml
text
MD5: a99b09d1f9027b3cab8eb3369d4f0e99
SHA256: 086637a3c270b6be6a48131b8fb43d283e58d5c6a66331321643c3445dd7326d
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\FFP_msi_bg-copy_1501775583592.bmp
image
MD5: e86ece7ee1119c17bcf0a15283645396
SHA256: 1263f78458fdffd80fd5c7935b9a02018a5a1c4b7becccc1457cba29b954ad02
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\installerParams[1].jhtml
text
MD5: 7527fe195eb2905e27a1db9c07582e6e
SHA256: b4a3fa20353a36736c2888a4c81cca96748d500cf1ab5936b3f5cd11e09194a7
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\installerParams
text
MD5: 7527fe195eb2905e27a1db9c07582e6e
SHA256: b4a3fa20353a36736c2888a4c81cca96748d500cf1ab5936b3f5cd11e09194a7
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 2b794846c883e5f806604991fdf81026
SHA256: f5dc843431bd9873d4f23d86ed0327813043eff21075c4820e214780286ff541
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\Install_ENG_1436200260055.bmp
image
MD5: 7078777f775a58435028c19515955085
SHA256: df2bd2e2781daa4d3270ff3bac2cfae49fcb42e2a331d10f4f0cbda2e3b1dddc
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\cancel_blue_1473354968093.bmp
image
MD5: c20f972bb1e321bcf007a11d1433496c
SHA256: ddeb1a235c5fbb989fadf287a627736894f62406c0258b2a8b73379ada7a6775
3744
FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe
C:\Users\admin\AppData\Local\Temp\nso313D.tmp\FFP_msi_bg-copy_1501775570724.bmp
image
MD5: d12853552cc4e3f01a9657d94fd2cd62
SHA256: 58e37969b8e86140739ef04b89f8ef401f324ef1a8bf7dfb6f828b98c3bfe755
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\async-iac_centerbanner_ui.center_banner_ui[1].js
text
MD5: 1b1bc77851a94d586b4b47ceb81600b9
SHA256: d1fdbc71ff006fd461602277ec1acf80a5ab7014774279740cceea2b6938a8f7
2940
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\singlesday_banner_2018_600x50[1].png
image
MD5: 6b192e784073245b63dc6b12538c3d57
SHA256: cee415c34ea96679078585d72fedd45c1c039857818573cf0a387095cbb217e6

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
44
TCP/UDP connections
18
DNS requests
6
Threats
12

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=42f8852efa6c42fd9b6dc032ac59b611&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2067566160&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-13&errorType=nsisError&errorDetails=EmptyPartnerId&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2074847465&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerInvoked&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2013125562&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
–– –– GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/index.html?n=C076491&p2=^Z1^mni000^TTAB02&ptb=3AC6A6B6-56E2-4819-9D1F-715952F60063&coid=42f8852efa6c42fd9b6dc032ac59b611 unknown
html
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/assets/1541015452143/ie8.js unknown
html
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/CNI.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/final_logo_newtab.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/search/google.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/assets/1541015452143/app.js unknown
text
whitelisted
2040 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/vicinio/chrome/spent/images/favicon/CNI.ico unknown
image
whitelisted
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe GET 204 74.113.233.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerFinished&tbUID=3AC6A6B6-56E2-4819-9D1F-715952F60063&tbVer=&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-17&coid=42f8852efa6c42fd9b6dc032ac59b611&refPartner=^Z1^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2046757183&refCobrand=Z1&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html unknown
html
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223754551.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586007.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/down-arrow.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586022.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586023.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/localization/searchbuttons/en.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586024.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586025.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586026.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/230586027.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/224099359.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_email.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_citzenship.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_transportation.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_passporttravel.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_taxation.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_trivago.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_booking.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_priceline.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/facebook.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/GetFormsOnline/GFO_chiclet_healthcare.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/walmart.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/youtube.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/amazon.png unknown
image
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/banner.jsonp?v=1541670627246&callback=fn unknown
text
whitelisted
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=0&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&productData=%7B%22coid%22%3A%2242f8852efa6c42fd9b6dc032ac59b611%22%2C%22pageLoad%22%3A1%7D&anxe=Heartbeat&anxr=2091154665 US
––
––
unknown
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=CAPOne&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=1541670627340&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&anxtv=webtooltab-2.1.1&fParameter=00000050&coid=42f8852efa6c42fd9b6dc032ac59b611&productData=%7B%22pageLoad%22%3A1%7D&anxe=ToolbarConfig&anxr=312747731 US
––
––
unknown
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=CAPSearch&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=1541670627356&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=5&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&productData=%7B%22pageLoad%22%3A1%7D&anxe=TabPageView&anxr=1793108132 US
––
––
unknown
2940 iexplore.exe GET 200 2.18.232.251:80 http://hp.myway.com/formfetcherpro/ttab02/assets/1541015452143/async-iac_centerbanner_ui.center_banner_ui.js unknown
text
whitelisted
2940 iexplore.exe GET 200 2.18.232.251:80 http://ak.staticimgfarm.com/images/webtooltab/assets/banners/singlesday_banner_2018_600x50.png unknown
image
whitelisted
2940 iexplore.exe GET 204 74.113.233.187:80 http://anx.tb.ask.com/anx.gif?anxuu=139AA4DA-A2B0-422C-899F-F45785EC1377&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fformfetcherpro%2Fttab02%2Findex.html&anxl=en&anxlv=1541670627340&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=4&anxt=3AC6A6B6-56E2-4819-9D1F-715952F60063&anxp=%5EZ1%5Emni000%5ETTAB02&anxsi=&buid=f462545c-eb9b-4edf-8b11-50af7d650719&pageType=tab&productData=%7B%22queryString%22%3A%7B%22n%22%3A%22C076491%22%2C%22coid%22%3A%2242f8852efa6c42fd9b6dc032ac59b611%22%2C%22dpr%22%3A%22%22%2C%22pixelUrl%22%3A%22%22%7D%2C%22innerWidth%22%3A788%2C%22innerHeight%22%3A460%2C%22userFontSize%22%3A16%2C%22pageLoad%22%3A1%7D&anxe=PageView&anxr=1506122658 US
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe 74.113.233.192:80 Mindspark Interactive Network, Inc. US suspicious
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe 74.113.235.138:443 Mindspark Interactive Network, Inc. IE malicious
–– –– 204.79.197.200:80 Microsoft Corporation US whitelisted
2940 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
2040 iexplore.exe 2.18.232.251:80 Akamai International B.V. –– whitelisted
2940 iexplore.exe 74.113.233.187:80 Mindspark Interactive Network, Inc. US unknown

DNS requests

Domain IP Reputation
anx.mindspark.com 74.113.233.192
malicious
dp.tb.ask.com 74.113.235.138
whitelisted
hp.myway.com 2.18.232.251
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
ak.staticimgfarm.com 2.18.232.251
whitelisted
anx.tb.ask.com 74.113.233.187
unknown

Threats

PID Process Class Message
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
3744 FormFetcherPro.42f8852efa6c42fd9b6dc032ac59b611.exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent

4 ETPRO signatures available at the full report

Debug output strings

No debug info.