General Info

URL

https://www.mediafire.com/file/gjw7c3g1bgd8xgh/List_of_all_AC_tracks_WITH_LINKS.txt/file

Full analysis
https://app.any.run/tasks/2cd71251-fb9f-436e-b42e-8e434705f622
Verdict
Malicious activity
Analysis date
15/01/2022, 02:05:05
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3668)
Changes internet zones settings
  • iexplore.exe (PID: 3132)
Checks Windows Trust Settings
  • iexplore.exe (PID: 3132)
  • iexplore.exe (PID: 3668)
Reads settings of System Certificates
  • iexplore.exe (PID: 3132)
  • iexplore.exe (PID: 3668)
Application launched itself
  • iexplore.exe (PID: 3132)
Reads the computer name
  • iexplore.exe (PID: 3132)
  • iexplore.exe (PID: 3668)
Checks supported languages
  • iexplore.exe (PID: 3132)
  • NOTEPAD.EXE (PID: 556)
  • iexplore.exe (PID: 3668)
Changes settings of System certificates
  • iexplore.exe (PID: 3132)
Creates files in the user directory
  • iexplore.exe (PID: 3132)
  • iexplore.exe (PID: 3668)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3132)
Reads internet explorer settings
  • iexplore.exe (PID: 3668)
Modifies the phishing filter of IE
  • iexplore.exe (PID: 3132)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 3668)
  • iexplore.exe (PID: 3132)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe notepad.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3132
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.mediafire.com/file/gjw7c3g1bgd8xgh/List_of_all_AC_tracks_WITH_LINKS.txt/file"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\lpk.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\netutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ieui.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\duser.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\wshext.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieapfltr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\msisip.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\notepad.exe
c:\program files\windows defender\mpclient.dll
c:\windows\system32\sfc.dll
c:\program files\windows defender\mpoav.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\xmllite.dll

PID
3668
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3132 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\secur32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernelbase.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\dwmapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\mlang.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sxs.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\uianimation.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wevtapi.dll

PID
556
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\List of all AC tracks WITH LINKS.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\notepad.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\uxtheme.dll

Registry activity

Total events
18953
Read events
0
Write events
147
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
3132
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
(default)
3132
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
(default)
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935476
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{8FCF4DDF-75A7-11EC-BB61-12A9866C77DE}
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
F0224452B409D801
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
4A854652B409D801
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935476
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00020005000800FC02
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00020005000800FC02
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00020005000800FC02
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00020005000800FC02
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
90486A52B409D801
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
90486A52B409D801
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00020005000C009A0001000000644EA2EF78B0D01189E400C04FC9E26E
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00020005000C007F0200000000
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A60700002C7361223FF51DD5027BAE555838DAC8B1512C13B9696481E8ED4C65ABFDB4AC74F964426782DF2B8E7348636DFC54D0084E3F477493797FC5102F3BDAB48DE4DE7429ECE130FCB838098BA0EE5B77DB6FD0CE81622E4BC3D3E0D380FA649D1B2A05AA80D49F515A9E5BF472E9832FC208F7BD2B9BD9B13BF17D52F038ADEA8D75CA9009F26F9FC3118BDF4D6715F87CE4E2746361366C87E7072EC4552F0F48D2E43D26424156B89AB77A078FAF552EA0B3F5CFC9E33E77E19E732E308A34C4D7732C472BB3FB54370159F62DF30FC56489EEC6A282F8A3D762D99E315E6A0AEC988C3C4566566BEC8657E4E17F1C2A5C8418C171B2500BCD7385DF6D4B8E6A4271D91016FA36EC216B0CCD92F460FF9DC3F61E821206C787F1C4FB2BF14AC3C71FC735DF0FB662BFCBDD6F3CF3CAEAC168973AE04453CE97FCAEF59FEFDF5494C22501AA45E27C3BC91EAEBC1A7C7AED9217D031E747C59FB4A253E8E7D92B287B307A993CDBA7AB8369C04E0BCB8E3561A8B0869A4BE47A3AF975D4788E14F868D873229505BA0F1BC12FAB64DE5A71F50DC4C4FF65E76EACEFBDCD425925F2AA2EFA28EE9BAE86AF1AAD90C64BF2B06D116306B5D0107B2B9D89B7E596CE73626F1127E8256D1F6109AF09D25468DDEBEEF6905B273D79D704FC1C012A890AAE51BDF22331A6994F3FE1BD26677D138EA9EEEE93CA0451D043933E361506C5AFE562D13F7CBEE39BDC6556648FDE4476DD0615FC7FEE65365D910824E7F9BD854C71B4DC29C63E642AE6BF2AEBF49BC24DD98E35C3B0032943362D6B5B6F3C5188600F9B9D88E2C9D673711AB63FEF9442C6F4E0D7864DC941C977AB91B0EA318AFB191A71A271ECE63746D2E748ED0BE625599C5A912A36496E8C83CEBDB74621013AFA00ABD4EBFDF3B9F3871E354793CBBE0817493790EDD09695875077B1F80ACEDB5F7603E8EE52561E5C664A6831E008C662033EF77C9BEB80F5761390FBCCE25DAB55FF011609F5F191F5D08DDEFF0575C07F398BA6BFE0E420B49504E4A1D720C2793E584EC5090EEE06DCD81DB2BBB457904D6C6B91EA613EBE9B2D21689DC48659A80BCFF15F13C2F11F68AD2E5C2580C80FBAF9ABF7977DBE5C2CA6AC56EA892E353CDC40BCA1667F4A5DFB6F73679C411795F3AB0026D929011F82283C30797DB509FA120859B5C32DD79E97A619B86A081DDFB73DAE7629AB27AE8D5137C6B0119494A3E4D9689181F5B5A638DDA6EDB2726BD91BCF7A8E6F65F4A2CA9F80C5D7FB280C11C3657290D9657D135227A1FEB44A245529C7587BF7A4AFB0084605196013111BB53C3B36A2A3329517638AFD03C8AF225C93D0F9FE7E3A9D125FCD9EE179C6905004275B70EAB606CEE3EEE87FFA5E9D075929819A89127A5E776D03A07AFC3A355E878B6299C8421672798F482E78B8CCBEB75EECEBB1578A890E69BC418397023B00FF9A2B3BFE8EDD6AE37EC0118B4A6DBD2712F4E0413707B2ED5490394C597B5B493751895BD832DDB2419B43AD2196B8C82D51BBFF052B38398A35EEF6D8B1E03759F9B861937C15D4B19C34BBF1F5516B5E21F89894357AFB7C990E9B20524A60203391DA5EA1E5B9EE04F4185A11CA3EC33688B784BD78434C202B3CD2A83EADAB451E20DB7C22A918081E2CFC3F0AB97DBC8062760E93DC182443D18CAB62F71C8E86DDA8E2209D4F5E560077963295ACFE59610826D36202D8E807F0B0F50392322FF667BC4CEBB39A8F356B6FC42471827957DB4647CA28962EF99CB600072D9F2D2AB7FCCA8B643F277F780D5802EA500F518F646C29ACC76CDE31CA14830C61119F376C278B8266C9753E12E48B380145D2C464A9BCAC2BCB6450049ACB516EF3FA89931D912D882BB95CF5928E7B86B7BC1A3AD9704AB0A7A0973DAFEB1BAFDD374CAB6881850297B474312723D4FA439631C2E6BBA41CC30FA80B94298A60809C1F19A366AB653ED52559F8F7615E227AAA37740BDCEB43E92114AD79BE9E31E7A48A3E77BDC864D70FC072A343585722237F98891070838DA31A0EA3D641495E7A7F8260DC115CFAD21C31799BD56B083D10A7026221B247CFE99AC5F4EDBD97403D9E752861493D0E8BA30D87F57BFF98E50FC3F0C547A04382B35237BE1DEE98CDCF56C129BB32637945E4283991D6D48440EEDC4E404CA1BD7776BFF8D36121159117C7C1180071BF60A09E6453B491B2A97E45BC2FA4875F8EBDABE7B8EB7A38DF245AB0D3A1D8A06B7F0A0DFF5370B8BFE54A2A227397B9889C1D87FAE745F688539A3A7549388FE7F48A90B7730FBD1C6A0D234B356F7AD1E73435504A21DC920EA709748A307ADD813FC7203C0F00A6C9AC7187BEB08A262410977C9AAD64AB3EA1CEDE9762B7DE714AFA4AA71020CA564980AA55FB20AE6AD1F925098B7EAA01A859D1BF6D6AA235C901F0CAB2FDC8EA02FEA5B6EE068F329657F64B5AA7252EDC76C18FF188248BDDE603B895420D53F95B716A2B0E22C7814815A4B9BA13165D6593FE8E576381A61A889959D79CAA4C43D01F5035B25FB183E73F4A0B7C044B7486CCE44AA0094508C2179F5C8B761DA6E1EFFE39C75446622775AC0C3C07C68AE80A930A3941D83CB12305258BB88AD77F34D6160667600E44BE7E42D809EE8EA4343B4F10A18043DD0C2C58843DB5B870C57685A1A41E601E1D62F95EEEE3CB951B7C957D635E9473EBB4243F87BC8A6765802555EBA277037CF7A859FEC5D9B144F64ADC209034B3C73D010000000E000000385835324E41646D516B412533640200000000000000
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F5DA722365A9C44D94EBFFB7D4CD6A1900000000020000000000106600000001000020000000CF7CB0DF9CD5AF25C87DB623D01FAFDEF5FCDF17B4DA90F16DDD1E7E08247D85000000000E8000000002000020000000F6823528E0637DDDE33336D78B071189751608923924C837C4FABCFE3DDF8697100000004007A4826BE236EE8B58B1183CA6E5C04000000051B2F0E90B5FB24680FD6D1E76C2B6DB303F58FC6B93F518476A618ABF31C3364F2BC7065065F1B5886AA0D031E084D9230683E856B51037D77F6523D093ECDC
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F5DA722365A9C44D94EBFFB7D4CD6A1900000000020000000000106600000001000020000000C12B6A5CE79DE298F13C82021AB96B706DF01CC0441C3F57E14029CE0FA469D4000000000E80000000020000200000001CB8F5CE8EF3885870FCBD0D836173A4A57A97BD144ABBC4E2A724DE351F63AF500000004AD5CB7EE4E62CFA44C6EF83D3B19AE7FC2C630DBBDD5B21D0602D0841196C106EA8324F73DEBDCC5C1B7B8EED48D278412E33C81FDBE95A6F8EF5395087C5525797E158DE03E5719AE62468C5851B614000000019474515341722A76FD85FD5498874EC76EC076197468BD25D667EEFC72EDF18A9D5DC561527225869C8DA45E3C7D25A72894FD19692E5142C356721F288917C
3132
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F5DA722365A9C44D94EBFFB7D4CD6A1900000000020000000000106600000001000020000000522230F5DD3F95797C9C9D241AFD39DCAAE2C9825EBAF23289A4F5D17B5014D0000000000E8000000002000020000000B3D06F79A02C01F27D453DBA9851D5DBD6B9C322298ADBC9826B6A0E4F1811735000000058362307D17BD5DF9A79DA8A0438F4FD57E51E30709B2589B44B216165115959D11689EAD4BD816ACBDD19DC40C09C163FC923680CECCDF96F510680321FC1F6D50E2D0C7DA6384F0EA22ADCBFF7578840000000B9C2118BF0B5D4DA4FE935E471B2AC3E2794034D9B1A1902FFCA2F356DA34B6F45CC2565245012B55D5FD1DA095C8E6099A4684392663600739B9F6A4B62DC04
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F5DA722365A9C44D94EBFFB7D4CD6A190000000002000000000010660000000100002000000013B212C7C9F33A7560FB1FB67B61C7768C07DEC32C89382A8FB502D9D2786DB8000000000E8000000002000020000000632C58B3BEE79B71D8B02A0E7CDA616400364899BC11BD4FCCC3B0181B86E454100000007A51B08167E33F6AC7345847AAB413E840000000DEB7B532127C8C0F8A611C574146CF49ABF92C2F076AF01840E490FFC2F335584E671451A7F3644581E8E886343963BF626D43BDC337D72CC037E50BD57DE39A
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000ABC2FB70C2C2E9D479DE6AE1A5CA765ADE2858FD2C6096ED13963649BE5F8F4A53BF54F8CA6C11C765002FC7AE71705B529AFB11CBACF9E2CAD03778F9501BAC960CB0BDBC23A3940CFB5272AC2021E64EAC318C5716C3E16DB4BEDF03468C30CF4B7C47B507E1E1696F454D4D6555A425FFA3B5CDBCF850EFE0CF9274617BD1251BA2118738B7FB73FCFD1A185E8A473A33F88536C0BC179EF5EA6C95C0F03DAF1BFD458FD613C27342BC3AD72C5ABBD4E8381CBD40DC323894E95FDB85AEF1C4ED0477C201A35DDEE0F281B9EF239DF6BE974F7B5E1010F65B0D53B6CF349A7730407BC8D93DC7F878A69D74C8410DB15520439B3888C31DEC9E927EBE0EC7D383E147307F42248EA9930EF1D5D5C5764EF31309F0920494E57ACB507263F3FB880CE67E11CDEA9F13BBABFB37E68D3047B491C0A4C2FF90E7B39BBF0A38D658DE22797FB0DADDEB5621B96A0F63EF0CE1300C18761BF708933CB1CFA85009EB24DF4A547CFED30E124091527B2F48A4BC862ABB8481B3FA8767772C6B84FDBCFCFDF10F954C4F6AE78DD8CA9C5F25FE7840D7C0F062C41C6568550173263F02052E83681BE1E707756245B19219EFA6B5F63A0ED9828E99CB5E7DF8DFF408DBDEA6D4322EED812D5C47F53C7E5BE50F145BC4965E4230015B7B4BC0D14B2A8329B8CF4EEE3158653C7055AB7E536C5633A84777A1F32F0BB3DA32E668893D0585D4D32D7B8DD3D2B47997BFB37BAA33B32625C7C0BDFAA174A03C6FC46627A691912738F50434D866C9B7673E7671E634D4834DDDD4386D3F5F186A0583ED08EF837E747C5A09ACF10916373D317EDB56B79DCD16F7EAC0B211B6874A88DF423ED5883F30877893F5709BC5D15705A0B95B195A8D045B616F2E7BD3B5EC05AE1DF4940F31665BE512026C851A948B8BFD2874BB60FEE00314CBF9076593E5162E1F450D9F1B1FF1E85C364F393A1842C3C07D3CB1EE6BAE42EC445D7AEF9C7C10DA51069AD5874B17FA01194C68AC3BA9A0E1B99EC1E7099AAFCB6914E43CAB6299574742982E3C3FF698FE744D111250D8C12A49D06DC6BAFFCA8052648602C610C0EAB7C0E240006B7F4AD249F7CD584C61DBD0C0425444EB46C35675EA21DB22B0FA19E1CB18FA53791184C35DF76171DE615520A8D9D6C09E303F33E0CF405C0AA8882B6522CD629FEBABF454C10B67FF9FF6617E86115CA8432D5C890E97C683E924AC46941820078767D80328F7280843D584B13A96335F893F9BA4687F74C6F60DD4BCAF7DF5FA5FD91F0B19C342AB741148808C037423F59750D6E79767A0DA63232FA09B3ABB011F952E1310D4FDC8C9AF834BFAFA864554F1381E818149E046235D9F12ECDBCC5AA651B27E7187531F3598B1199EAD50969542A3DC0EB7D2D60761E18272253EABA2C398AD8157E931FB87C701E83B617DABFBCC470AF9A133AB8E108BF00C3F3069DDBE3DC83645216C8E6E532BD2ED28578120648CB1AB7D7B1606CDB9BCC00A0AEC75CF09D9DD0D76A89FADC220EAB902D9C6D15C9697D4B17F1EE828A8BD59AA714C0178307417BBB359B15080264F7D19F13088FFE758E2F3707C1FB3763EEEAB65745FBFCE5DC561B4FD06256D0A2FD87B20F790F129B652BD29CAE804D77E740BC8F20B7C0172F4DE324FDB8709AEF4DD406DE683677C1E628F69C1D745336BCA9D9E11BD2182D138F1A754DB6EA3A9A4322458CF3212309E4D2CF99DA8B676AC93C7D302DFA2E3B3D84E0AF358ECF1659507D088AA5446E80591F70121878BA44AAFF1BF59E4C74A89B4A60AE7153B9308DBA844F00156EF564DC5B1CE2FCC5A633D5532B12ECFC3A2D808603B6F70AE2DB7A04F2265BA95E05290C0D0C8F4E77CC0EB8605C9D28DC43CCFE273524514A38CDD65613727A34306C77548FC160836C56F157748CE0C90E277D3B15FE48209F7FF79CD88754A1F3CBC595482A5E431B4459F25D654AAA4230E3C1401DBF901F34051862B3B7B1459DCDE154BD6820D3D64C33183CF62A2B06A51BC3F65502AA2AA68ACF9313DC2BD75B2ABF345B56A345033BA9D8FDC287000ACC8ABFB89235758425F896F10C9130F793778FB3FE9AA2683DF3AAD53D99B3AA85AC23DF78E2EC700BF41733AC9324EF4D7BAB1192814B677C279B80E50E76DEB910E21460A6D3B33ECE7F79061836CE2AC37752CC81CACDE810939A0319053358D577BAA3612303106D19E8033AB4066D75C8FEF6990CC4B3E0402541CA11B656EFCD016B47CDD202D446AA8DEECD161768AC2C3ABB73DD8172D4FD4AFD7078753E97E5E234FC63781C803CD02E37FCDAA25DAA32EC9E2032E42B5608C189B925E962AAA2229603522BBD4F93F8CB984938781D99237C5A9A129E41951305B19AE7C8C1B530DC1573045F0EC35E3450E5228764878FE9106928C37B09F571A5063E17B66554F6501CBB3C90E8476131505FCFF217E1E1FB31FF41626172ED8749D795BB8C765FF1F1363BF26CCD0A5A7CD3EBE1E45550D306A1823CC57F931AF7BD1C91F4B4E5BA428907072ADBE0941CB26C8D66DA36AA8913A3D42011D5CB61FC8A670802D53DF2A76E914C7475B541D0214C7963C736EB6355143B3DDB70DA8CB67DE05CECEE139F5966CBA4FDCF1E45C3781604E59B7F70BF9910E36E9413613BC027CEDD7D6752A139625009A8840BB70786C5E1D2276E8ED20B34A8E9AE84C8378843FBBC4FE1CBD81AA3DA74252B6075A58457D6852CB44C540D775F5E0FA0DC3BC303DC5F43A20A0E834DE283826F502C553ECF8AA0C847A5788730B3D90B45BC66ADAB277BC2CAD7FD439C81396E3FF53C89C39A00182E6960DBC6E1F11BE6A41DC1AC8A75940E60F51BB62043B7999A2359DF152ED13C69E17D37FA6AE90C2CC7EF4A9A47D00423874E1252998F4B452690062E2588E6510490BE3F13B376609F03CEC8E2B00049AF5ADF3A3F01B6604A217CB6EC319C28AF793F92236369C96632EB385893A28D5213CFA92EC734C56BFC05A1898CE1CAE4416135868B2C215F2F6BFA9985A508982E9411736D22AE98FBCDDFE47A8E71AE4E75AB37CE03825A85CDF1A20D37E56B0090250CB370D5DE81B3542A9428C6FFBC3010000000E000000385835324E41646D516B412533640200000000000000
3132
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
040000000100000010000000497904B0EB8719AC47B0BC11519B74D0090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000140000003E8E6487F8FD27D322A269A71EDAAC5D57811286030000000100000014000000D1EB23A46D17D68FD92564C2F1F1601764D8E3491D00000001000000100000002E0D6875874A44C820912E85E964CFDB140000000100000014000000A0110A233E96F107ECE2AF29EF82A57FD030A4B40B000000010000001C0000005300650063007400690067006F002000280041004100410029000000620000000100000020000000D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF41900000001000000100000002AA1C05E2AE606F198C2C5E937C97AA253000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0200000000100000036040000308204323082031AA003020102020101300D06092A864886F70D0101050500307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C18414141204365727469666963617465205365727669636573301E170D3034303130313030303030305A170D3238313233313233353935395A307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C1841414120436572746966696361746520536572766963657330820122300D06092A864886F70D01010105000382010F003082010A0282010100BE409DF46EE1EA76871C4D45448EBE46C883069DC12AFE181F8EE402FAF3AB5D508A16310B9A06D0C57022CD492D5463CCB66E68460B53EACB4C24C0BC724EEAF115AEF4549A120AC37AB23360E2DA8955F32258F3DEDCCFEF8386A28C944F9F68F29890468427C776BFE3CC352C8B5E07646582C048B0A891F9619F762050A891C766B5EB78620356F08A1A13EA31A31EA099FD38F6F62732586F07F56BB8FB142BAFB7AACCD6635F738CDA0599A838A8CB17783651ACE99EF4783A8DCF0FD942E2980CAB2F9F0E01DEEF9F9949F12DDFAC744D1B98B547C5E529D1F99018C7629CBE83C7267B3E8A25C7C0DD9DE6356810209D8FD8DED2C3849C0D5EE82FC90203010001A381C03081BD301D0603551D0E04160414A0110A233E96F107ECE2AF29EF82A57FD030A4B4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF307B0603551D1F047430723038A036A0348632687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F414141436572746966696361746553657276696365732E63726C3036A034A0328630687474703A2F2F63726C2E636F6D6F646F2E6E65742F414141436572746966696361746553657276696365732E63726C300D06092A864886F70D010105050003820101000856FC02F09BE8FFA4FAD67BC64480CE4FC4C5F60058CCA6B6BC1449680476E8E6EE5DEC020F60D68D50184F264E01E3E6B0A5EEBFBC745441BFFDFC12B8C74F5AF48960057F60B7054AF3F6F1C2BFC4B97486B62D7D6BCCD2F346DD2FC6E06AC3C334032C7D96DD5AC20EA70A99C1058BAB0C2FF35C3ACF6C37550987DE53406C58EFFCB6AB656E04F61BDC3CE05A15C69ED9F15948302165036CECE92173EC9B03A1E037ADA015188FFABA02CEA72CA910132CD4E50826AB229760F8905E74D4A29A53BDF2A968E0A26EC2D76CB1A30F9EBFEB68E756F2AEF2E32B383A0981B56B85D7BE2DED3F1AB7B263E2F5622C82D46A004150F139839F95E93696986E
3132
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Blob
5C000000010000000400000000100000090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F000000010000003000000066B764A96581128168CF208E374DDA479D54E311F32457F4AEE0DBD2A6C8D171D531289E1CD22BFDBBD4CFD9796254830300000001000000140000002B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E0B00000001000000100000005300650063007400690067006F0000001D0000000100000010000000885010358D29A38F059B028559C95F901400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB620000000100000020000000E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD2190000000100000010000000EA6089055218053DD01E37E1D806EEDF53000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000E2050000308205DE308203C6A003020102021001FD6D30FCA3CA51A81BBC640E35032D300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3130303230313030303030305A170D3338303131383233353935395A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A3423040301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201005CD47C0DCFF7017D4199650C73C5529FCBF8CF99067F1BDA43159F9E0255579614F1523C27879428ED1F3A0137A276FC5350C0849BC66B4EBA8C214FA28E556291F36915D8BC88E3C4AA0BFDEFA8E94B552A06206D55782919EE5F305C4B241155FF249A6E5E2A2BEE0B4D9F7FF70138941495430709FB60A9EE1CAB128CA09A5EA7986A596D8B3F08FBC8D145AF18156490120F73282EC5E2244EFC58ECF0F445FE22B3EB2F8ED2D9456105C1976FA876728F8B8C36AFBF0D05CE718DE6A66F1F6CA67162C5D8D083720CF16711890C9C134C7234DFBCD571DFAA71DDE1B96C8C3C125D65DABD5712B6436BFFE5DE4D661151CF99AEEC17B6E871918CDE49FEDD3571A21527941CCF61E326BB6FA36725215DE6DD1D0B2E681B3B82AFEC836785D4985174B1B9998089FF7F78195C794A602E9240AE4C372A2CC9C762C80E5DF7365BCAE0252501B4DD1A079C77003FD0DCD5EC3DD4FABB3FCC85D66F7FA92DDFB902F7F5979AB535DAC367B0874AA9289E238EFF5C276BE1B04FF307EE002ED45987CB524195EAF447D7EE6441557C8D590295DD629DC2B9EE5A287484A59BB790C70C07DFF589367432D628C1B0B00BE09C4CC31CD6FCE369B54746812FA282ABD3634470C48DFF2D33BAAD8F7BB57088AE3E19CF4028D8FCC890BB5D9922F552E658C51F883143EE881DD7C68E3C436A1DA718DE7D3D16F162F9CA90A8FD
3132
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
5C000000010000000400000000080000090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000140000003E8E6487F8FD27D322A269A71EDAAC5D57811286030000000100000014000000D1EB23A46D17D68FD92564C2F1F1601764D8E3491D00000001000000100000002E0D6875874A44C820912E85E964CFDB140000000100000014000000A0110A233E96F107ECE2AF29EF82A57FD030A4B40B000000010000001C0000005300650063007400690067006F002000280041004100410029000000620000000100000020000000D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF41900000001000000100000002AA1C05E2AE606F198C2C5E937C97AA253000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0200000000100000036040000308204323082031AA003020102020101300D06092A864886F70D0101050500307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C18414141204365727469666963617465205365727669636573301E170D3034303130313030303030305A170D3238313233313233353935395A307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C1841414120436572746966696361746520536572766963657330820122300D06092A864886F70D01010105000382010F003082010A0282010100BE409DF46EE1EA76871C4D45448EBE46C883069DC12AFE181F8EE402FAF3AB5D508A16310B9A06D0C57022CD492D5463CCB66E68460B53EACB4C24C0BC724EEAF115AEF4549A120AC37AB23360E2DA8955F32258F3DEDCCFEF8386A28C944F9F68F29890468427C776BFE3CC352C8B5E07646582C048B0A891F9619F762050A891C766B5EB78620356F08A1A13EA31A31EA099FD38F6F62732586F07F56BB8FB142BAFB7AACCD6635F738CDA0599A838A8CB17783651ACE99EF4783A8DCF0FD942E2980CAB2F9F0E01DEEF9F9949F12DDFAC744D1B98B547C5E529D1F99018C7629CBE83C7267B3E8A25C7C0DD9DE6356810209D8FD8DED2C3849C0D5EE82FC90203010001A381C03081BD301D0603551D0E04160414A0110A233E96F107ECE2AF29EF82A57FD030A4B4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF307B0603551D1F047430723038A036A0348632687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F414141436572746966696361746553657276696365732E63726C3036A034A0328630687474703A2F2F63726C2E636F6D6F646F2E6E65742F414141436572746966696361746553657276696365732E63726C300D06092A864886F70D010105050003820101000856FC02F09BE8FFA4FAD67BC64480CE4FC4C5F60058CCA6B6BC1449680476E8E6EE5DEC020F60D68D50184F264E01E3E6B0A5EEBFBC745441BFFDFC12B8C74F5AF48960057F60B7054AF3F6F1C2BFC4B97486B62D7D6BCCD2F346DD2FC6E06AC3C334032C7D96DD5AC20EA70A99C1058BAB0C2FF35C3ACF6C37550987DE53406C58EFFCB6AB656E04F61BDC3CE05A15C69ED9F15948302165036CECE92173EC9B03A1E037ADA015188FFABA02CEA72CA910132CD4E50826AB229760F8905E74D4A29A53BDF2A968E0A26EC2D76CB1A30F9EBFEB68E756F2AEF2E32B383A0981B56B85D7BE2DED3F1AB7B263E2F5622C82D46A004150F139839F95E93696986E
3132
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Blob
0400000001000000100000001BFE69D191B71933A372A80FE155E5B5090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F000000010000003000000066B764A96581128168CF208E374DDA479D54E311F32457F4AEE0DBD2A6C8D171D531289E1CD22BFDBBD4CFD9796254830300000001000000140000002B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E0B00000001000000100000005300650063007400690067006F0000001D0000000100000010000000885010358D29A38F059B028559C95F901400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB620000000100000020000000E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD2190000000100000010000000EA6089055218053DD01E37E1D806EEDF53000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000E2050000308205DE308203C6A003020102021001FD6D30FCA3CA51A81BBC640E35032D300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3130303230313030303030305A170D3338303131383233353935395A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A3423040301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201005CD47C0DCFF7017D4199650C73C5529FCBF8CF99067F1BDA43159F9E0255579614F1523C27879428ED1F3A0137A276FC5350C0849BC66B4EBA8C214FA28E556291F36915D8BC88E3C4AA0BFDEFA8E94B552A06206D55782919EE5F305C4B241155FF249A6E5E2A2BEE0B4D9F7FF70138941495430709FB60A9EE1CAB128CA09A5EA7986A596D8B3F08FBC8D145AF18156490120F73282EC5E2244EFC58ECF0F445FE22B3EB2F8ED2D9456105C1976FA876728F8B8C36AFBF0D05CE718DE6A66F1F6CA67162C5D8D083720CF16711890C9C134C7234DFBCD571DFAA71DDE1B96C8C3C125D65DABD5712B6436BFFE5DE4D661151CF99AEEC17B6E871918CDE49FEDD3571A21527941CCF61E326BB6FA36725215DE6DD1D0B2E681B3B82AFEC836785D4985174B1B9998089FF7F78195C794A602E9240AE4C372A2CC9C762C80E5DF7365BCAE0252501B4DD1A079C77003FD0DCD5EC3DD4FABB3FCC85D66F7FA92DDFB902F7F5979AB535DAC367B0874AA9289E238EFF5C276BE1B04FF307EE002ED45987CB524195EAF447D7EE6441557C8D590295DD629DC2B9EE5A287484A59BB790C70C07DFF589367432D628C1B0B00BE09C4CC31CD6FCE369B54746812FA282ABD3634470C48DFF2D33BAAD8F7BB57088AE3E19CF4028D8FCC890BB5D9922F552E658C51F883143EE881DD7C68E3C436A1DA718DE7D3D16F162F9CA90A8FD
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
ClientSupported_MigrationTime
3391055AB409D801
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00020005001800F400
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00020005001800F400
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00020005001800F400
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00020005001800F400
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010006000F00020005001B00C303010000001E768127E028094199FEB9D127C57AFE
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935526
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935476
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935476
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
3030B16AB409D801
3132
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F5DA722365A9C44D94EBFFB7D4CD6A19000000000200000000001066000000010000200000005B0A85073D906FA611814BDCA617EA5DEC5A8B9ECD59E9E7742309B9F31868AB000000000E80000000020000200000000C5221F78489E9448016D2A5B749D217995494DDCFC235861D11BE3E0ED5E81C2000000090F5F4FD1CB54CCAA698D89FD27E3A26AB24D004AF882A482CF48B351AC9DDF840000000AA582D5C9EB41B93A2ED043EA500F033FBE63954A0A58A2E0D256D953FEC0360C57B2758484B7D7EFEDEFA892BF553E447EEA1199A3841E9710D855A872ACE17
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
0
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
51
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
111
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
106
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
51
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
111
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
106
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
0
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
789
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
111
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
789
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
106
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
789
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
0
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
NumberOfSubdomains
1
3668
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
51

Files activity

Executable files
0
Suspicious files
26
Text files
47
Unknown types
26

Dropped files

PID
Process
Filename
Type
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
3132
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: 73a78c53cb9f296ab9364e10a2db2af5
SHA256: 3c477a0629f01a1a140d54d8ceec6a32d1f4f732bbebf931a9f792f93275242d
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\List of all AC tracks WITH LINKS.txt
text
MD5: 351e92df125766bae0080aaed04ed620
SHA256: a7076291e8d2734d8ed148a85b76d8f431c753118f23439cd2f57822a7286d16
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verA227.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\List of all AC tracks WITH LINKS[1].txt
text
MD5: d0a30a63b3dc39b4e1e8e2ecff6333c7
SHA256: 836bc79b7140a8d90d33399116e7648e9e135031687a08a92e600a5b41a361a4
3132
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\List of all AC tracks WITH LINKS.txt.cxu29b8.partial
text
MD5: 351e92df125766bae0080aaed04ed620
SHA256: a7076291e8d2734d8ed148a85b76d8f431c753118f23439cd2f57822a7286d16
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\List of all AC tracks WITH LINKS.txt.cxu29b8.partial:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_7113AA81F59D5AD048438D6378810119
binary
MD5: 8db31a33559418e4227631f1540ab20d
SHA256: 8b1faf250a35d6055d7f295a48790144f87657657f593de404401989896d47fd
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_7113AA81F59D5AD048438D6378810119
der
MD5: 72b384963928aa3f960a6c1c55e7310a
SHA256: 2780105d26cd012ec030a41e8ed657debd99b359a9b5c49f8a24296e2108a2df
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_27FCFF74F3AB171085E6241958A04627
binary
MD5: f60d926408779cd6dbfd098258a029ae
SHA256: e2b7fc1f47f53d0c92e389c582fbf283686aeea98a80a76d5b13e737b4749297
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
binary
MD5: af34f50b4d269a2dd0e39aed3de56e05
SHA256: 1e58ee764ebc4e3609f40dccbcd6998d680d845de7ce5a654b18f4f81664f267
3132
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\79G2252Q.txt
text
MD5: 0effc55993b3586c194558e10cbc5281
SHA256: 274a1c2a886f3fcf6432938b51cd9336f44f34cda4b23f1f4efb5edd46a09201
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_27FCFF74F3AB171085E6241958A04627
der
MD5: 37a064dbb6f9f783e5046cd02f8c4fef
SHA256: 83404d114b9dc26bbbd4dba16c1f6a9b08e437b2bd601e3a261f1810ef45930e
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat
binary
MD5: 7016236bc956e242ee69b6b1302d7525
SHA256: 28ba770a2f03df2a0a09086615e1981f696c975cb3669d4ffcf016a130655a5e
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
der
MD5: 5695d88f26ccf02a6f7eb225475719f0
SHA256: 08b60d1a574a2bd20da6ab1e59e97b49a373af85cc51575e7c57f770fea20d6b
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
binary
MD5: 1eb33e4dc390d4fbdc879decc25a351c
SHA256: 4b1ca9aba23afa98556cf7f6db7e1b071f5480f760197393a66ca71398c0057b
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico
image
MD5: a301c91c118c9e041739ad0c85dfe8c5
SHA256: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
der
MD5: d03ab18331b1dc62e284df6894ec5e6b
SHA256: bea9c460f75b2495164979f6e00ac455b09f0763603e3e61680af677a7c16db4
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LKMCTCJS.txt
text
MD5: 02b84c8ef84a04021eebe10382e62a47
SHA256: 18d21635960c700c8aaa7b041668d6587a1435aaadd9c34de9b67ecc3a179725
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VEQ9966O.txt
text
MD5: 7aaa77d767aac98b91c75f8633dad6e4
SHA256: 69b1cfd3b00927e22777b65b1bc159b600ff17177d65bd29ceac4d5f84fc1dda
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBB4VFRA.txt
text
MD5: fbc3727921f93113287587d0b323a432
SHA256: c0eda3f2de9f3eeed74be65c373db31e3a04de21e110defa351602ea93db1478
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8RX6YDT.txt
text
MD5: acf875a23f477bd8133ee890c2d61a1b
SHA256: 03d9e348889289401aa2f76dc9479180f0e3d12b41e91c8569b782c041f361a9
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\unnamed[1].png
image
MD5: f232511b689198ef4eac18e967da3040
SHA256: cf7137aae8e21d7b4a5d0a322b25dfc27c7a1e9b1a06bb4d5f813ef9e3459df3
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
der
MD5: 029fb7dd858601813ae129d575d2b242
SHA256: 98dba01c5b1a4c1dd4abe3819dbb8a9846fecc746bee19bc15b4626d4c7b62de
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\03MBH5W1.txt
text
MD5: 2151128a95936d8021891428e930f5cb
SHA256: ef8a6a4ee84db78bb51978acb40390287f9182132684ff52f6ff30602692d83b
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVQ[1].woff
woff
MD5: 3d1b06f2d8f36c86fa679ff135335fa3
SHA256: b1fda8d891e6e8beeb38acc3ccce3369b8e6529154da0f28fcdd35d3b1319dae
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
binary
MD5: e699dede00be29638476d872ecdeaaa4
SHA256: 8a2bfcb7e83b8b357ef15e86ece4ea08b4c86023aa9840262581f505176ba2c8
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CJ4W23N.txt
text
MD5: 2151128a95936d8021891428e930f5cb
SHA256: ef8a6a4ee84db78bb51978acb40390287f9182132684ff52f6ff30602692d83b
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4PC61TK.txt
text
MD5: 2151128a95936d8021891428e930f5cb
SHA256: ef8a6a4ee84db78bb51978acb40390287f9182132684ff52f6ff30602692d83b
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\www.mediafire[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_9C8E6C5FB9E3D40F20E88EBE4D99260A
der
MD5: c228bd569dce3cf4ae119987803b05af
SHA256: eb2449347f7d18e08ce45ad592db0758189042e8b4f1238b56a1242c7ed6da56
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\amplitude-8.5.0-min.gz[1].js
text
MD5: c43d9f000a09bd500ed8728606a09de3
SHA256: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVQ[1].woff
woff
MD5: 73c35c138bb57f5694dae3baede8f147
SHA256: 1bf4e85dd06d98328e51a7f0863e923de386f9bf6491a52f42d61458aceb3072
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff
woff
MD5: 49f2e1a9a8773894fe6d04032611fad6
SHA256: fd413633e735f978738967411199967aae37bb32c2cf209f88eddc38987b3590
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ[1].woff
woff
MD5: 07f8c319707ddebe0ee6cfe483d52d5b
SHA256: d74109965066b25f13a8f7992b811fdcac88ba83e618b3dbbf689a12c55e4923
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_9C8E6C5FB9E3D40F20E88EBE4D99260A
binary
MD5: f22434c0926f42c49fcbf27a54df60ec
SHA256: 5e519f4b2015aa705379eaefa93912df3f1b7335a192921f5a4518df0aeaf408
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_BA334993752447F604AFDE6BD0E2382A
binary
MD5: b0976254d976c8f33582663e136abf4a
SHA256: aefa6c2c930cfee45022f0925a5fe76071f57ba5bdd12e3b51f83179977ae9b2
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_BA334993752447F604AFDE6BD0E2382A
der
MD5: c8af701a9deec2cbf83854f72d47c1f8
SHA256: 62bcb6b120e6bd2b069cec506a4e408b507089ab2c45d76dd89cd59a7a730998
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_B78A6612B283D1A84CF6D906F0526853
der
MD5: 9b2b4118bb5fa225427cf7c1dfb093ca
SHA256: d569f35b80fe7cdce7f9e11f70d234dab02ca798d1fade2655dc5567c3071cdc
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E0990A7CF057A22E5C656F7713BE4EB4
binary
MD5: f4102477c0e835342bc72a1a90454c58
SHA256: 9ca08a854d7067afc6bb8f847ad7f7385a300e958b239e72648e767e287ea424
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\m=el_main[1].js
text
MD5: 79ab4b2e4ff8bc45148f3d0b0cd07859
SHA256: 57d62338df87edb27bea5f0c7fa90ab316b50fc59241c967f23b6603899e146a
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
der
MD5: c4815bbdddd37a45a6df78b6c330d07c
SHA256: 29e78bf056e19e529bd143d9c325ae9ff506c0b25b5b8c477171575d5d081186
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NYI1FBWF.txt
text
MD5: 9a8c361cde7b7e5cb952acea72b56a95
SHA256: 66ae28a19800930b9058532ae3d58f6e3ebe8eca648e6fd2c924caae08e9fc23
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\AS1CUEX3.txt
text
MD5: b624045e1b9fe5ff509845932c731807
SHA256: 41eb80c0bd84512b90435e9805987d0a0f3311558483ccaef3888d8310791fc4
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
binary
MD5: 7a2f9747da70f3bd1739858ea1e46bc3
SHA256: 2d2705c25c1b4ba773c891db646680106d8ab8c35214fd29fc80cc66dd79b464
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
der
MD5: 16d3f9ab9906795a97d054c743d7e35f
SHA256: 35eab9b4604650214054008310c2665f30fb12bc3fc3865a1277318786f67a3b
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
binary
MD5: ff1cd9e530105f9eee0bed270610285e
SHA256: 73bed7b66b3be50f0cc850f2d13992eee53ad3df226becaafbfd1cf0dc2f896b
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\css[1].css
text
MD5: 12b551aa4ce71d33464acf7dd14a0f8f
SHA256: e65ca7fe334566896deb69d01e4b048b61a86a6d170d297b30e43f95011a2f3d
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\translateelement[1].css
text
MD5: 15ab5dfc566a9a19f6e89a72b7819e43
SHA256: 5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_B78A6612B283D1A84CF6D906F0526853
binary
MD5: 814640a34cc6625ed54b519a08a16ce4
SHA256: 9efecd836e82239b0752a4f67bea485dfc1d5c9fe5be3c7c1ef71b3bf18fd0fd
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E0990A7CF057A22E5C656F7713BE4EB4
der
MD5: 6db8179c1b6f6cbac6cc02ec5b11ede1
SHA256: 6e2c10a5909297c7514cea94712a17fe2ffec69e59305e3f70993677cb14f41e
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\analytics[1].js
text
MD5: d40531c5e99a6f84e42535859476fe35
SHA256: a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1WOX0TGI.txt
text
MD5: cc73eaf3814398dfe5be21dff78fa86c
SHA256: f3650ad3efeb87cd893323f98ee45f0583d4ced8d281a7bc0eb7d46e00ad7aef
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8
binary
MD5: 1ea8c528fd068cda08545acb8f553e11
SHA256: 2e3a7964720715be45656af2bf769cdfd80a5698c13b62a4b783b5643b86937a
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\infinity.js[1].js
text
MD5: 570c577b0b0cd20de6f62417c032361a
SHA256: 857b4290fdf795f3d84206fe417d2b58307ff9dbc3c94d86d500b66c6e9829b4
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3132
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_A8E307474B7EEECDE82731B5F335EEAF
der
MD5: 7bf0284e4702da4fabcfec8c2e268d8e
SHA256: 659fae11a4270a5161255bc30db5113c2a0a88499b9280bfb25a197dda9d6683
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8
der
MD5: 8568135856bb7a64dc01cd86ddfeedf3
SHA256: b6f9ebc6817249a914aca6c071d1e0051a1edb3c49dd2863b44520053d201472
3132
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
binary
MD5: 590c215144d196378016a7fcb760f382
SHA256: 5a555fcb0ca375f1fce63b163ac17898acde8c811151042c310b6e1a0a65a822
3132
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
der
MD5: ac68acf50745357d4ea92b214d9e7132
SHA256: ae3f7fde380d2d90571a61378e52b1bc284b4c4c6a1e099f6f022395ebed6154
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
der
MD5: 1ba78c901bf35f9710be47ae2a6b3d25
SHA256: 7e96651546ae845fcfeb2a1b3149e6b9edb3198cfb4e6a8155c60951c1874585
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\gtm[1].js
text
MD5: 52073a5a12d6789ca56728a9211cc7b9
SHA256: 5c8da0a10c29a9ca8ddc0dd80e1b8a8426ac2c33c16971e5461e9178c9ff2cc2
3132
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\v652eace1692a40cfa3763df669d7439c1639079717194[1].js
text
MD5: 19514b1be5ee33b45d32c1fcd4c67ec2
SHA256: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\js[1].js
text
MD5: 3a758028f775201eda556beffd6fbbc6
SHA256: f15bb5ca35f1da46ff7b48ecc4aa3a0fc66d84bc923a8f07a1541db70f5fbe82
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
binary
MD5: 6d08f8359ff76f7edfb3a6693c294c65
SHA256: 250e401505f7e101d828f6e11573249a107492d2aba43278a5788e717dc7eec9
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: 42d69e5d8d0e844cbacff03cb651e878
SHA256: b9995d9b21fefede62e1720daa1149eb74fe0a7b6b6d8426266f0d5ff9558969
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
binary
MD5: b66a72fa3d37854ad5f10ef8e3e6b440
SHA256: 593306f5d481065d77557403b33a3d5c6d6236ccaa6a579bc842e42941eb5385
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_A8E307474B7EEECDE82731B5F335EEAF
binary
MD5: ece880223776f2a44c5753f159158fa2
SHA256: 4d94490ed201cbb4e78596e992b8678c63122776b279113046e0db9c949c6ea0
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: 9ee5e64e5a2d8ba91ea4fb714db5c2df
SHA256: a74b102c21dd884a415e301c0c749fff66854b0b09ad8133d8aab4b310fe10bf
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
der
MD5: 9b980225c891790166a8a8535bb4e178
SHA256: eefabcf46b58056a1447b6a084046fafdbe7d8f512415eff473544202fe1e047
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
binary
MD5: 88d20964d37df235127956d341783d41
SHA256: 893ff1f3f020b2eb76113f2c1418b5897210a9d623651feac7c126c936c3823c
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
der
MD5: beab9da0aa8e569dd7b0dedba4676d02
SHA256: 7c5ee0ff5ecd229ba442c639096cfb79d50d7fc6841a8e99693393a920a70c33
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\tag[1].js
text
MD5: 2c40d38b7c56ced0bb074c08682ffd6c
SHA256: b4547b3870614e9b0d061afb54d9935489e48faf06c1a3c7035932c2109e76bf
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\footerIcons[1].png
image
MD5: e0abc4fea89d2c5153b73cd02ac5ba13
SHA256: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\dl_promo_logo[1].png
image
MD5: 6c600d768576cac11d18fbfcace25277
SHA256: 174d0ce23ddaa3923575af7a8e047e1dbf75199ebee7df1aca5e5713c4a1dd62
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\apps_list_sprite-v6[1].png
image
MD5: d3df203853c4482e8753a856e13b0b07
SHA256: dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file-txt[1].png
image
MD5: 651ae9cee91119f3c7ad454c65f9e0fc
SHA256: c8944c81be74d88491a6ef54b866d5d43e553df4d2a3c47154831269101116d2
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\icons_sprite[1].svg
image
MD5: 78ba220259933f24dc696a3b1e085444
SHA256: 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\fb_16x16[1].png
image
MD5: 78226526732869add09512e9b4be3090
SHA256: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\check_circle_green[1].svg
image
MD5: 6c560d3b737954cbf3bfc2b909448443
SHA256: 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file[1].htm
html
MD5: 03b231eae1d58250288efab0e1638ca6
SHA256: f46e7748d98f63888b9da2895136d8eddd1ff5b258a0857e25d39077de3d44e3
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\67025LME.txt
text
MD5: d72c9a3b5825219c66746b26d81c4ed0
SHA256: 18a0850be81134c233b0730757ebd1fc0bc29041e11ccbc3a2af3e6d416e6cf2
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\arrow_dropdown[1].svg
image
MD5: 34bd6069c9f08bb444c86b8d099a000e
SHA256: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EUC0KL3K.txt
text
MD5: 265b2ab304fee0ed2a521b6243f6240c
SHA256: 5336b4744d54e4b3fec82b89e80dd5d93561dacdb38dfc3bc71e09c24250aed6
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VFJY7C4Z.txt
text
MD5: e88c1be6d55272a2c94987b21e2ec21a
SHA256: 7e264bae36735f3e010c814ea15dfb51915b0b04d03b4eadddd92237d05c7cde
3668
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\mf_logo_full_color[1].svg
image
MD5: b3bb5bf9102f80054d199f293046db84
SHA256: 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
3668
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JDHSNIY.txt
text
MD5: 7fd845ac832932591c706ce872ac3300
SHA256: 2f921d6e523846aa5049a8ef671c80ecc8b53bf624de34eb33a96599be0cbe4e
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
binary
MD5: 312f062554ba74067e32b6d328c77e31
SHA256: 42e15c3c3ba8de874ad8927fbeccb028fb2f96afa8360dd39117890e881d7e84
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
binary
MD5: 94f1d9713d2f6233f46f09688a05e38c
SHA256: bc13da0bd3cbac0bd690d1529a7b716d1f9326ba674432ae6864dc3ae42b4e72
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
der
MD5: 6dc758dafca329c85c8bbc01cc0ad57b
SHA256: a3d5afda772958b0ae1a2f3cc1f2657836a732c54266ef7eb9df5844e4a19973
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
der
MD5: 796b200a8ef84ed3a6dcad135db38647
SHA256: 8616df7d2d7a69b5ce4872f37c2cc9329b81a50c9cee29b8d4043953693992af
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 00cf65fbd1311cdfaf110689b3009129
SHA256: 2d968e663901970288abda562f0285c221895e35e9b4fc515c678666cde32430
3668
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
25
TCP/UDP connections
75
DNS requests
42
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3668 iexplore.exe GET 200 209.197.3.8:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fd23828c78f5ef85 US
compressed
whitelisted
3668 iexplore.exe GET 200 209.197.3.8:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3cf67cdddcf03084 US
compressed
whitelisted
3668 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D US
der
shared
3668 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D US
der
whitelisted
3668 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D US
der
shared
3668 iexplore.exe GET 200 142.250.186.99:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
3668 iexplore.exe GET 200 18.66.92.207:80 http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D US
der
shared
3668 iexplore.exe GET 200 142.250.186.99:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
3668 iexplore.exe GET 200 13.225.84.49:80 http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D US
der
whitelisted
3668 iexplore.exe GET 200 142.250.186.99:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAnDacZA1UWwoAAAABJ9nq US
der
shared
3132 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D US
der
shared
3668 iexplore.exe GET 200 142.250.186.35:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCCq2t14DFKuAoAAAABJ9n3 US
der
shared
3668 iexplore.exe GET 200 142.250.186.99:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D US
der
shared
3668 iexplore.exe GET 200 142.250.186.35:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD1gKWbifArxwoAAAABJ9nk US
der
shared
3668 iexplore.exe GET 200 142.250.186.99:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD1gKWbifArxwoAAAABJ9nk US
der
shared
3668 iexplore.exe GET 200 142.250.186.35:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG9FXshPqpwWCgAAAAEn3MY%3D US
der
shared
3668 iexplore.exe GET 200 142.250.186.99:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEE6xdoJrIAA%2BCgAAAAEn3EY%3D US
der
shared
3668 iexplore.exe GET 200 142.250.186.35:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD0u1o6ejgsaAoAAAABJ949 US
der
shared
3668 iexplore.exe GET 200 142.250.186.35:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFH4IX2ergnoCgAAAAEn4hA%3D US
der
shared
3668 iexplore.exe GET 200 13.225.84.145:80 http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D US
der
whitelisted
3668 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D US
der
shared
3668 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D US
der
shared
3668 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQDsCXYdUL4EYo7T3qwnuV1j US
der
shared
3668 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEFr3KD%2BSUISekGKz6JjTwGw%3D US
der
whitelisted
3132 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3668 iexplore.exe 104.16.202.237:443 Cloudflare Inc US suspicious
3668 iexplore.exe 209.197.3.8:80 Highwinds Network Group, Inc. US suspicious
3668 iexplore.exe 104.18.31.182:80 Cloudflare Inc US suspicious
3668 iexplore.exe 142.250.186.40:443 Google Inc. US suspicious
3668 iexplore.exe 104.26.7.139:443 Cloudflare Inc US suspicious
3668 iexplore.exe 142.250.74.206:443 Google Inc. US whitelisted
3668 iexplore.exe 104.16.95.65:443 Cloudflare Inc US shared
3668 iexplore.exe 13.224.194.62:443 US unknown
3668 iexplore.exe 104.19.214.37:443 Cloudflare Inc US shared
3668 iexplore.exe 104.16.203.237:443 Cloudflare Inc US malicious
3132 iexplore.exe 13.107.21.200:443 Microsoft Corporation US whitelisted
3668 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3668 iexplore.exe 142.250.186.99:80 Google Inc. US whitelisted
3668 iexplore.exe 18.66.92.207:80 Massachusetts Institute of Technology US unknown
3668 iexplore.exe 13.225.84.49:80 US whitelisted
3132 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3668 iexplore.exe 142.250.186.46:443 Google Inc. US whitelisted
3668 iexplore.exe 74.125.206.154:443 Google Inc. US whitelisted
3668 iexplore.exe 142.250.185.161:443 Google Inc. US whitelisted
3668 iexplore.exe 216.58.212.138:443 Google Inc. US whitelisted
3668 iexplore.exe 142.250.185.196:443 Google Inc. US whitelisted
3668 iexplore.exe 142.250.186.35:80 Google Inc. US whitelisted
3668 iexplore.exe 142.250.184.195:443 Google Inc. US whitelisted
3668 iexplore.exe 13.225.84.145:80 US whitelisted
3668 iexplore.exe 142.250.185.99:443 Google Inc. US whitelisted
3668 iexplore.exe 142.250.186.174:443 Google Inc. US whitelisted
3668 iexplore.exe 35.83.9.142:443 Merit Network Inc. US unknown
3668 iexplore.exe 104.19.215.37:443 Cloudflare Inc US shared
3132 iexplore.exe 104.16.202.237:443 Cloudflare Inc US suspicious
3668 iexplore.exe 199.91.155.15:443 MediaFire, LLC US unknown
3668 iexplore.exe 104.18.30.182:80 Cloudflare Inc US suspicious
3668 iexplore.exe 142.250.186.67:443 Google Inc. US whitelisted
3668 iexplore.exe 142.250.184.202:443 Google Inc. US whitelisted
3132 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
www.mediafire.com 104.16.202.237
104.16.203.237
shared
ctldl.windowsupdate.com 209.197.3.8
whitelisted
api.bing.com 13.107.5.80
whitelisted
ocsp.comodoca.com 104.18.31.182
104.18.30.182
shared
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
ocsp.usertrust.com 104.18.31.182
104.18.30.182
whitelisted
btloader.com 104.26.7.139
172.67.70.134
104.26.6.139
malicious
translate.google.com 142.250.74.206
whitelisted
www.googletagmanager.com 142.250.186.40
whitelisted
static.cloudflareinsights.com 104.16.95.65
104.16.94.65
whitelisted
cdn.amplitude.com 13.224.194.62
13.224.194.151
13.224.194.169
13.224.194.86
whitelisted
fundingchoicesmessages.google.com 142.250.186.174
whitelisted
cdn.otnolatrnup.com 104.19.214.37
104.19.215.37
whitelisted
static.mediafire.com 104.16.203.237
104.16.202.237
shared
ocsp.pki.goog 142.250.186.35
142.250.186.99
shared
o.ss2.us 18.66.92.207
18.66.92.73
18.66.92.70
18.66.92.28
143.204.101.123
143.204.101.177
143.204.101.99
143.204.101.195
shared
ocsp.digicert.com 93.184.220.29
shared
ocsp.rootg2.amazontrust.com 13.225.84.49
13.225.84.13
13.225.84.145
13.225.84.175
whitelisted
ocsp.rootca1.amazontrust.com 13.225.84.145
13.225.84.175
13.225.84.13
13.225.84.49
whitelisted
www.google-analytics.com 142.250.186.46
shared
lh3.googleusercontent.com 142.250.185.161
whitelisted
stats.g.doubleclick.net 74.125.206.154
74.125.206.156
74.125.206.157
74.125.206.155
whitelisted
translate.googleapis.com 142.250.184.202
whitelisted
fonts.googleapis.com 216.58.212.138
whitelisted
www.gstatic.com 142.250.185.99
shared
www.google.com 142.250.185.196
shared
fonts.gstatic.com 142.250.184.195
shared
www.google.no 142.250.186.67
whitelisted
api.amplitude.com 35.83.9.142
35.80.111.170
35.160.50.174
34.208.96.147
52.38.124.83
52.37.191.219
54.69.222.186
34.218.83.136
whitelisted
otnolatrnup.com 104.19.215.37
104.19.214.37
whitelisted
download2274.mediafire.com 199.91.155.15
unknown
ocsp.sectigo.com 104.18.30.182
104.18.31.182
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.