General Info

URL

https://sxh.yimg.com/jf/dyc/IEinstall/hpset_2018.06.28.01.exe

Full analysis
https://app.any.run/tasks/8273ffd3-e5ec-4ddd-8d07-130079c137e3
Verdict
Malicious activity
Analysis date
8/13/2019, 17:45:59
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Runs PING.EXE for delay simulation
  • cmd.exe (PID: 2080)
Application was dropped or rewritten from another process
  • ns6CAB.tmp (PID: 3748)
  • YSearchSetTool.exe (PID: 2292)
  • hpset_2018.06.28.01[1].exe (PID: 3356)
  • ns5644.tmp (PID: 1716)
  • webExt_DL.exe (PID: 1404)
Loads dropped or rewritten executable
  • YSearchSetTool.exe (PID: 2292)
  • webExt_DL.exe (PID: 1404)
  • hpset_2018.06.28.01[1].exe (PID: 3356)
Creates files in the user directory
  • hpset_2018.06.28.01[1].exe (PID: 3356)
  • YSearchSetTool.exe (PID: 2292)
Executes scripts
  • ns6CAB.tmp (PID: 3748)
Starts CMD.EXE for commands execution
  • wscript.exe (PID: 768)
Executable content was dropped or overwritten
  • hpset_2018.06.28.01[1].exe (PID: 3356)
  • iexplore.exe (PID: 2568)
  • iexplore.exe (PID: 4052)
  • webExt_DL.exe (PID: 1404)
Starts application with an unusual extension
  • hpset_2018.06.28.01[1].exe (PID: 3356)
Changes the started page of IE
  • YSearchSetTool.exe (PID: 2292)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2568)
  • iexplore.exe (PID: 4052)
Changes internet zones settings
  • iexplore.exe (PID: 2568)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
46
Monitored processes
10
Malicious processes
4
Suspicious processes
2

Behavior graph

+
drop and start start drop and start drop and start drop and start iexplore.exe iexplore.exe hpset_2018.06.28.01[1].exe ysearchsettool.exe ns5644.tmp no specs webext_dl.exe ns6cab.tmp no specs wscript.exe no specs cmd.exe no specs ping.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2568
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://sxh.yimg.com/jf/dyc/IEinstall/hpset_2018.06.28.01.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\hpset_2018.06.28.01[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
4052
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2568 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
3356
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\hpset_2018.06.28.01[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\hpset_2018.06.28.01[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Yahoo! Inc.
Description
Yahoo homepage Set Setup
Version
2018.06.28.01
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\hpset_2018.06.28.01[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsj55c6.tmp\system.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\yahoo\yset\ysearchsettool.exe
c:\users\admin\appdata\local\temp\nsj55c6.tmp\nsexec.dll
c:\users\admin\appdata\local\temp\nsj55c6.tmp\ns5644.tmp
c:\users\admin\appdata\local\temp\nsj55c6.tmp\ns6cab.tmp
c:\users\admin\appdata\local\temp\nsj55c6.tmp\inetc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

PID
2292
CMD
"C:\Users\admin\AppData\Local\Yahoo\yset\YSearchSetTool.exe" /partner=external-oo-hpbanner /yfrc_ie=yset_ie_syc_hp /yfrc_ff=yset_ff_syc_hp /yfrc_chr=yset_chr_syc_hp /ytc=yset_hpiebanner /ytchp=yset_hpiebanner /intl=us /setie /setchr /setff
Path
C:\Users\admin\AppData\Local\Yahoo\yset\YSearchSetTool.exe
Indicators
Parent process
hpset_2018.06.28.01[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Yahoo Inc.
Description
YSearchSetTool
Version
2018, 06, 28, 01
Modules
Image
c:\users\admin\appdata\local\yahoo\yset\ysearchsettool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\yahoo\yset\ysearchutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msxml3.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll

PID
1716
CMD
"C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\ns5644.tmp" webExt_DL.exe
Path
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\ns5644.tmp
Indicators
No indicators
Parent process
hpset_2018.06.28.01[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsj55c6.tmp\ns5644.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yahoo\yset\webext_dl.exe

PID
1404
CMD
webExt_DL.exe
Path
C:\Users\admin\AppData\Local\Yahoo\yset\webExt_DL.exe
Indicators
Parent process
ns5644.tmp
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\yahoo\yset\webext_dl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsq598f.tmp\inetc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

PID
3748
CMD
"C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\ns6CAB.tmp" wscript.exe invisible.vbs checksets.bat
Path
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\ns6CAB.tmp
Indicators
No indicators
Parent process
hpset_2018.06.28.01[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsj55c6.tmp\ns6cab.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wscript.exe
c:\windows\system32\apphelp.dll

PID
768
CMD
wscript.exe invisible.vbs checksets.bat
Path
C:\Windows\system32\wscript.exe
Indicators
No indicators
Parent process
ns6CAB.tmp
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Windows Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll

PID
2080
CMD
cmd /c ""C:\Users\admin\AppData\Local\Yahoo\yset\checksets.bat" "
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
wscript.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll

PID
2956
CMD
PING 127.0.0.1 -n 1800
Path
C:\Windows\system32\PING.EXE
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

Registry activity

Total events
1664
Read events
1489
Write events
173
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2568
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{7B6FDF35-BDE1-11E9-9885-5254004A04AF}
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D000F002E0010003600
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D000F002E0010003600
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D000F002E001000D200
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D000F002E001000F100
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
66
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D000F002E001000AD01
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
27
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307080002000D000F002E002C00650000000000
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
2568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
4052
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
4052
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814
4052
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
4052
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
4052
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
4052
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
clientID
{57C3E116-E458-954A-9EE0-1A577252B299}
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
firstRun
1
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
INSTDIR
C:\Users\admin\AppData\Local\Yahoo\yset
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
checkSetParams
/partner=external-oo-hpbanner /yfrc_ie=yset_ie_syc_hp /yfrc_ff=yset_ff_syc_hp /yfrc_chr=yset_chr_syc_hp /ytc=yset_hpiebanner /ytchp=yset_hpiebanner /intl=us
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASAPI32
EnableFileTracing
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASAPI32
EnableConsoleTracing
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASAPI32
FileTracingMask
4294901760
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASAPI32
ConsoleTracingMask
4294901760
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASAPI32
MaxFileSize
1048576
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASAPI32
FileDirectory
%windir%\tracing
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASMANCS
EnableFileTracing
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASMANCS
EnableConsoleTracing
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASMANCS
FileTracingMask
4294901760
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASMANCS
ConsoleTracingMask
4294901760
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASMANCS
MaxFileSize
1048576
3356
hpset_2018.06.28.01[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\hpset_2018_RASMANCS
FileDirectory
%windir%\tracing
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000095000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3356
hpset_2018.06.28.01[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
checkSetParams
/partner=external-oo-hpbanner /yfrc_ie=yset_ie_syc_hp /yfrc_ff=yset_ff_syc_hp /yfrc_chr=yset_chr_syc_hp /ytc=yset_hpiebanner /ytchp=yset_hpiebanner /intl=us
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
intl
us
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASAPI32
EnableFileTracing
0
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASAPI32
EnableConsoleTracing
0
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASAPI32
FileTracingMask
4294901760
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASAPI32
ConsoleTracingMask
4294901760
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASAPI32
MaxFileSize
1048576
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASAPI32
FileDirectory
%windir%\tracing
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASMANCS
EnableFileTracing
0
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASMANCS
EnableConsoleTracing
0
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASMANCS
FileTracingMask
4294901760
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASMANCS
ConsoleTracingMask
4294901760
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASMANCS
MaxFileSize
1048576
2292
YSearchSetTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YSearchSetTool_RASMANCS
FileDirectory
%windir%\tracing
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2292
YSearchSetTool.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
origSP_chr
https://www.google.com/
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\jfcjhdijahefmfgcceakfkkialaekpfl
update_url
https://clients2.google.com/service/update2/crx
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
chromeExtID
jfcjhdijahefmfgcceakfkkialaekpfl
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
origSP_ff
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
origSP_ie
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}
DisplayName
Yahoo Search
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}
URL
https://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_hp&type=yset_hpiebanner
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}
OSDFileURL
file:///C:/Users/admin/AppData/Roaming/Yahoo/search.xml
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}
FaviconURL
https://search.yahoo.com/favicon.ico
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}.ico
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
https://www.yahoo.com/?fr=yset_ie_syc_hp&type=yset_hpiebanner
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
pendingExtActivates
chr;ff;
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
pendingExtActivateParams
"C:\Users\admin\AppData\Local\Yahoo\yset\YSearchSetTool.exe" /partner=external-oo-hpbanner /yfrc_ie=yset_ie_syc_hp /yfrc_ff=yset_ff_syc_hp /yfrc_chr=yset_chr_syc_hp /ytc=yset_hpiebanner /ytchp=yset_hpiebanner /intl=us /setie /setchr /setff
2292
YSearchSetTool.exe
write
HKEY_CURRENT_USER\Software\Yahoo\ss
successfulSets
chr;ff;ie;
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASAPI32
EnableFileTracing
0
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASAPI32
EnableConsoleTracing
0
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASAPI32
FileTracingMask
4294901760
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASAPI32
ConsoleTracingMask
4294901760
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASAPI32
MaxFileSize
1048576
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASAPI32
FileDirectory
%windir%\tracing
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASMANCS
EnableFileTracing
0
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASMANCS
EnableConsoleTracing
0
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASMANCS
FileTracingMask
4294901760
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASMANCS
ConsoleTracingMask
4294901760
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASMANCS
MaxFileSize
1048576
1404
webExt_DL.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\webExt_DL_RASMANCS
FileDirectory
%windir%\tracing
1404
webExt_DL.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1404
webExt_DL.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1404
webExt_DL.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1404
webExt_DL.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1404
webExt_DL.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
1404
webExt_DL.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions
C:\Users\admin\AppData\Local\Yahoo\yset\[email protected]
1404
webExt_DL.exe
write
HKEY_CURRENT_USER\Software\Mozilla\ManagedStorage\[email protected]
C:\Users\admin\AppData\Local\Yahoo\yset\[email protected]
768
wscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
768
wscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
13
Suspicious files
3
Text files
16
Unknown types
4

Dropped files

PID
Process
Filename
Type
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJ81ZQXG\hpset_2018.06.28.01[1].exe
executable
MD5: 159905dc2c40959349fe72ba2c729b80
SHA256: b3f9edc6d66ebede32029914970e7f657a3084cce1c8776c9e20878ee62f7e84
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\nsExec.dll
executable
MD5: b5a1f9dc73e2944a388a61411bdd8c70
SHA256: 288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\ns6CAB.tmp
executable
MD5: 37707a29bd8efbeb912019737bb2b584
SHA256: 4751809ef6fd3ced738392e7c5df6d4e3938d85711daa0b52b045b5092913c27
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\ypanel.exe
executable
MD5: aaa84f9e858c4bfad3e86807094c030d
SHA256: 41a0c48ac1097c843dca9577c66aca095adbaf2615e40c7dc48c5ac745a8aee7
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\ns5644.tmp
executable
MD5: 37707a29bd8efbeb912019737bb2b584
SHA256: 4751809ef6fd3ced738392e7c5df6d4e3938d85711daa0b52b045b5092913c27
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\YSearchSetTool.exe
executable
MD5: 8cf6891b39f55057e958766fcba08f89
SHA256: 3c9971115278e434f0f7d1c0234988ac1ffba2bd5ede32985cea3de135dff773
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\System.dll
executable
MD5: 3f176d1ee13b0d7d6bd92e1c7a0b9bae
SHA256: fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\hpset_2018.06.28.01[1].exe
executable
MD5: 159905dc2c40959349fe72ba2c729b80
SHA256: b3f9edc6d66ebede32029914970e7f657a3084cce1c8776c9e20878ee62f7e84
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\inetc.dll
executable
MD5: 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA256: 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\webExt_DL.exe
executable
MD5: b359a583fc4f5cb0ebbe03495d5449de
SHA256: 2b078c508999c9321d9b0155d283d7ef695e560ece8ce55e5863d3cf72ae6b4a
1404
webExt_DL.exe
C:\Users\admin\AppData\Local\Temp\nsq598F.tmp\inetc.dll
executable
MD5: 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA256: 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\unset.exe
executable
MD5: 123c7afac8985a90a25e58c7bb4dd301
SHA256: 63fa11cc14cafce8fa7e746e5807b7cacb4b0a515facc13d1bfe1a041558c28f
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\YSearchUtil.dll
executable
MD5: 9356f12a9fafb0cfc91213ae727f7b9c
SHA256: eb654863fd6230e2470e66b933675e153e007dab33df8204bf39aaca69b6c928
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\invisible.vbs
text
MD5: c578d9653b22800c3eb6b6a51219bbb8
SHA256: 20a98a7e6e137bb1b9bd5ef6911a479cb8eac925b80d6db4e70b19f62a40cce2
1404
webExt_DL.exe
C:\Users\admin\AppData\Local\Yahoo\yset\[email protected]
text
MD5: de2d7d3f5a543c716052bea2c41a7123
SHA256: ff5d7a6caeb3a17f006eca16ebb6ab612a59af9ee6c2e5c6283aaac54af82625
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 73d738d44202b99ae62fb128a358cf32
SHA256: c721a40d227142ca6522c8a9c215722b3b2f90ca65813857f46d3aea5514ffb9
1404
webExt_DL.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\yahoo_homepage-1.5.2-fx[1].xpi
compressed
MD5: 932ff4ba098232adf882e69f4a4052ec
SHA256: 0c70ff6c1117af5d8670ae411a52c6997a26a071da813a015661df8fa2130db7
1404
webExt_DL.exe
C:\Users\admin\AppData\Local\Yahoo\yset\[email protected]
compressed
MD5: 932ff4ba098232adf882e69f4a4052ec
SHA256: 0c70ff6c1117af5d8670ae411a52c6997a26a071da813a015661df8fa2130db7
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7B6FDF35-BDE1-11E9-9885-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2568
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF232ACC1F8A3EFBA2.TMP
––
MD5:  ––
SHA256:  ––
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Yahoo\yset\checksets.bat
text
MD5: 53136b74d9ae0821c34cf0f0ea545032
SHA256: 2081d047667212399fc1369dc47c3a1e19f896ec68428b6fa48c3a52d3c0c044
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 8e04426cc4b1f87e6394a3f6bbb1d470
SHA256: 6c723c0c1f58bde65830d996d37b357ac7fbd721e2baf389aeec15af8a80a475
4052
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 8b8b56f2f38265467a81ffdb8ce297ca
SHA256: 1ef3b8582310e800f0bacc1bfd0dfc6638063f432410f2362fcf2d91276837ee
2292
YSearchSetTool.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: 9796ed786d95606d51be9dab54fb5350
SHA256: 74368197cb53191e522e3a73aab974d53eae8e38da694a1ed2cfa06f39176e58
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 9df2beaed5cb00b2bcd1b7d84e2d8b84
SHA256: ae535260cf9729921bd18b0568cfa4b9ed9dda6917fcd5b6fa1729d8c21b1a73
2292
YSearchSetTool.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4BDEF398-5941-4125-A1F9-717CF3CEB1EF}.ico
image
MD5: 9796ed786d95606d51be9dab54fb5350
SHA256: 74368197cb53191e522e3a73aab974d53eae8e38da694a1ed2cfa06f39176e58
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 58362bf4b1c7f704bee5fd5462c0d682
SHA256: d83d86ead2f2eddbcd317193b11443cd109666456e1c7396343146c9e4dd6a25
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 7028553dda0257c20468a22d5ca8d65b
SHA256: 4232b2371596f6979bc6e8d69c1e370d4fa2bb4140d6df920e343f6b21394deb
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJ81ZQXG\hpset_2018.06.28.01[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\hpset_2018.06.28.01[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2292
YSearchSetTool.exe
C:\Users\admin\AppData\Roaming\Yahoo\search.xml
xml
MD5: a2bbc5e38683fe0c241cb0cab4402b02
SHA256: 54e4c649c3016841550aef5c1c485d459eeb47f3789ef1118214fb947d961ed8
2292
YSearchSetTool.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: c4756668f00c7aeb7cc39e139aebca9f
SHA256: 7769057567a6a671b8ba8c2a55aaa72939768cf06a341a871cecedb011998b6c
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7B6FDF36-BDE1-11E9-9885-5254004A04AF}.dat
binary
MD5: da36ca11161618aad273561a4b1e369a
SHA256: 4493c9283bb5d8c89cc11c3cdabe806928d3ff4fd1c764e497e1d0670dcd4904
2568
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB44294F66F3BF91E.TMP
––
MD5:  ––
SHA256:  ––
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2568
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GX1E4DMK\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QPOV97QM\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P7B4WK4D\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4052
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJ81ZQXG\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3356
hpset_2018.06.28.01[1].exe
C:\Users\admin\AppData\Local\Temp\nsj55C6.tmp\nsj6EDF.tmp.htm
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
8
DNS requests
6
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2568 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4052 iexplore.exe 87.248.116.11:443 Yahoo! UK Services Limited GB shared
2568 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
4052 iexplore.exe 87.248.116.12:443 Yahoo! UK Services Limited GB shared
2292 YSearchSetTool.exe 188.125.72.139:443 CH unknown
1404 webExt_DL.exe 35.167.70.13:443 Amazon.com, Inc. US unknown
2292 YSearchSetTool.exe 212.82.100.137:443 Yahoo! UK Services Limited CH shared
1404 webExt_DL.exe 54.192.200.156:443 Amazon.com, Inc. US unknown
3356 hpset_2018.06.28.01[1].exe 188.125.72.139:443 CH unknown

DNS requests

Domain IP Reputation
sxh.yimg.com 87.248.116.11
87.248.116.12
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
geo.yahoo.com 188.125.72.139
whitelisted
addons.mozilla.org 35.167.70.13
52.35.252.165
52.24.202.223
34.216.10.43
52.27.79.31
52.42.149.107
whitelisted
search.yahoo.com 212.82.100.137
whitelisted
addons.cdn.mozilla.net 54.192.200.156
suspicious

Threats

No threats detected.

Debug output strings

Process Message
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail
YSearchSetTool.exe 8-13-2019 16:46:46.523[2292,2952]: SUCCESS: CYSearchSetIE::prvSetYahooNewTab succeeded in setting new tab page to Yahoo because of search set fail