General Info

URL

https://fastpackagetracker.net

Full analysis
https://app.any.run/tasks/0778e724-5881-4e74-b7a9-625ce95dec87
Verdict
Malicious activity
Analysis date
6/12/2019, 00:57:29
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

adload

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Downloads executable files from the Internet
  • iexplore.exe (PID: 2836)
Application was dropped or rewritten from another process
  • download[1].exe (PID: 116)
ADLOAD was detected
  • download[1].exe (PID: 116)
Starts Internet Explorer
  • download[1].exe (PID: 116)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 908)
  • download[1].exe (PID: 116)
  • iexplore.exe (PID: 2836)
Changes the started page of IE
  • download[1].exe (PID: 116)
Creates files in the user directory
  • download[1].exe (PID: 116)
Creates a software uninstall entry
  • download[1].exe (PID: 116)
Creates files in the user directory
  • IEXPLORE.EXE (PID: 3112)
  • iexplore.exe (PID: 2836)
Reads Internet Cache Settings
  • IEXPLORE.EXE (PID: 3112)
  • iexplore.exe (PID: 2836)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 3112)
  • iexplore.exe (PID: 2836)
Changes internet zones settings
  • IEXPLORE.EXE (PID: 712)
  • iexplore.exe (PID: 908)
Reads settings of System Certificates
  • IEXPLORE.EXE (PID: 3112)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 908)
Changes settings of System certificates
  • iexplore.exe (PID: 908)
Application launched itself
  • iexplore.exe (PID: 908)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
40
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start iexplore.exe iexplore.exe #ADLOAD download[1].exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
908
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jgrr2oyx\download[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2836
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:908 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
116
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\download[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\download[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SpringTech Ltd.
Description
Version
4, 4, 0, 3
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jgrr2oyx\download[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll

PID
712
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hfastpackagetracker.net/?ap=appfocus1&uc=20190611&i_id=packages_spt__1.30&uid=97a16050-28cf-435e-b606-4b066d9f4cf4&source=-lp0-bb9-iei
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
download[1].exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
3112
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:712 CREDAT:71937
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\qagentrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\fveui.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
1251
Read events
1074
Write events
172
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
EnableFileTracing
0
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
EnableConsoleTracing
0
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
FileTracingMask
4294901760
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
ConsoleTracingMask
4294901760
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
MaxFileSize
1048576
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
FileDirectory
%windir%\tracing
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
EnableFileTracing
0
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
EnableConsoleTracing
0
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
FileTracingMask
4294901760
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
ConsoleTracingMask
4294901760
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
MaxFileSize
1048576
116
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
FileDirectory
%windir%\tracing
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{522EB984-B49D-40F1-AF01-22974C173455}
DisplayName
Fast Package Tracker - Powered by Yahoo!
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{522EB984-B49D-40F1-AF01-22974C173455}
URL
http://search.hfastpackagetracker.net/s?ap=appfocus1&uc=20190611&i_id=packages_spt__1.30&uid=97a16050-28cf-435e-b606-4b066d9f4cf4&source=-lp0-bb9-iei&query={searchTerms}
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{522EB984-B49D-40F1-AF01-22974C173455}
SuggestionsURL
https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}
116
download[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
6256FFB019F8FDFBD36745B06F4540E9AEAF222A25
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D10000000002000000000010660000000100002000000048B92FE3B42A7819696AF2103ADACC6F05602A6D49BC5D5E98984AA9AB78C2F1000000000E800000000200002000000059B525E684C490ABF319BA47896FBCFC50FE27D14A51E8B4D2A9D06126225B6510000000EC404B3F6D473671E5146CCAE847B3874000000081FE371B75A712C5D482E364C5FD44D960DB5CD49A8876F99CF39CD8FC9B295C80849E1ADCA8C93DB1BBF8505CA0E0F2C6A2C7D1AB8469C0C85F4C01E617F827
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D100000000020000000000106600000001000020000000CDFDE73DD8B9886E9BD6BA2C904DFF6132BFAF20FE1AA3DCEAC32CBD8100D27C000000000E80000000020000200000004BE0009BAF15863A86200F37DF5B436B89113711B75D59C3661DEDD0F4E853D0500000002E6B9907CE0F18834C5EDEFE295C1BFECECFE3436E2EB4F573B2FE92128C3B589E33167472B591748BC0B480C503A00B9402D87C434B1C333FED696BE82DE4A682FF4385D118AFAE0CCD2FC095F009574000000034CC5103DA8275331DE428C2245F206A85B4FB03A91216A73AE7CFF0F0667205AF182CD10F7A230309F531CDF658A46A7A64642F858FD50899CE7A87BE62380D
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{522EB984-B49D-40F1-AF01-22974C173455}
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://search.hfastpackagetracker.net/?ap=appfocus1&uc=20190611&i_id=packages_spt__1.30&uid=97a16050-28cf-435e-b606-4b066d9f4cf4&source=-lp0-bb9-iei
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayName
Fast Package Tracker
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayVersion
4.4.0.3
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Publisher
SpringTech Ltd.
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
InstallLocation
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallString
"C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallDialog
2
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallEngineID
{522EB984-B49D-40F1-AF01-22974C173455}
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallImpression
http://www.springdwnld2.com/impression.do?domain=hfastpackagetracker.net&implementation_id=packages_spt__1.30&offer_id=_iei_&source=-lp0-bb9-iei&sub_id=20190611&traffic_source=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560293906&sgn=def104d41379171b7a054ceb9a6fb97abbcad624&subid2=8.0.7601.17514&event={exEvent}
116
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallHomepage
http://search.hfastpackagetracker.net/?ap=appfocus1&uc=20190611&i_id=packages_spt__1.30&uid=97a16050-28cf-435e-b606-4b066d9f4cf4&source=-lp0-bb9-iei
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{52245875-8C9C-11E9-A370-5254004A04AF}
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B00160039002C004203
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B00160039002C004203
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B00160039002D000600
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
16
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B00160039002D002600
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
303
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B00160039002D003F01
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
52
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061120190612
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061120190612
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061120190612
CachePrefix
:2019061120190612:
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061120190612
CacheLimit
8192
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061120190612
CacheOptions
11
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061120190612
CacheRepair
0
908
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
FAF9F722A920D501
908
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
908
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
908
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
908
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
908
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060002000B0016003A002100B30100000000
908
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2836
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061120190612
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061120190612
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061120190612
CachePrefix
:2019061120190612:
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061120190612
CacheLimit
8192
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061120190612
CacheOptions
11
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061120190612
CacheRepair
0
2836
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{88C9681A-8C9C-11E9-A370-5254004A04AF}
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B0016003B0010001701
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B0016003B0010001701
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B0016003B0010001102
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B0016003B0010002002
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
235
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B0016003B0010003002
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
43
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
712
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
6FEF7E58A920D501
3112
IEXPLORE.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
IEXPLORE.EXE

Files activity

Executable files
3
Suspicious files
5
Text files
66
Unknown types
10

Dropped files

PID
Process
Filename
Type
116
download[1].exe
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe
executable
MD5: d1b84243c7d2f0f24d7c50a4cc9e74b1
SHA256: 86459c7c8fbdfbec3d0e9c07cf1d6034f4f4d4b97bd17f6804773d3790ee614a
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\FastPackageTracker-21402424[1].exe
executable
MD5: 0d83a645018d9c2cd6ad9d00ff721636
SHA256: 90cfabf6f24fd6298a1f11e7de6a101406b952642f303cce54ae58f35ff546aa
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\download[1].exe
executable
MD5: 0d83a645018d9c2cd6ad9d00ff721636
SHA256: 90cfabf6f24fd6298a1f11e7de6a101406b952642f303cce54ae58f35ff546aa
2836
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 3100d963d965cae8dc952a115aa718cf
SHA256: 53f6e0a4367a9a927c35adda791a0fbc3cfc12183e91cb5a4f6513f4ee4c305d
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\Sprite_Packages_V2[1].png
image
MD5: 0c39779c421185bd546486c8889f5105
SHA256: e9f8f7364bb75d4b1b8047015c7bc0124f9435dcc2b0f4c4ecd1bc006cb3d4a7
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\packages_sprite[1].jpg
image
MD5: 8083db015452147f1c1fb04459d5ddf4
SHA256: 9af1b1dedf71fa251a4d4e188e9d231f9f20f1daf3a939121c7fa9f3c9e57b20
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\common[1]
text
MD5: 2185eab81ef76112e0aa87e3d5dbd33c
SHA256: c40faf2311b9a064a55ff463c2776f3071f3dd795fe2740c37a13cb000c5625c
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\Sprite_Email_V9[1].png
image
MD5: b28e84650fd0bfeee84818c6dae1990f
SHA256: 856a3f6468b76d5e204793c0a8f7f9287674a1536e2e61ed1a8d4413700bcfa4
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\recipesIcon[1].jpg
image
MD5: 0df82b6f5e4044de09dabcd5aa755afb
SHA256: 3257d7d9d5b73b0a5fe51dc0493005d50833ea28b848e0ffb4d4b1db25425465
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: fffdf5509fa728e580e7e82e5fe4f193
SHA256: d39793eea2ce729a130cd50b4ad118d06633b06a36cd586b6835b4d04b26c026
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\saveMoney[1].png
image
MD5: a353048a16ced5eacab658f12e4db18d
SHA256: e2c368a8182d29a0fc74005f812f55b71a840b80cd7c07619db67424839f5594
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\weatherAgencyIcon[1].jpg
image
MD5: ca18bf31a2bdc6325c3839c7f47d8f6e
SHA256: 0651cf7b687ef85bbf398677789f763ca99e709ceca13c1ac3e90851fc4a07bd
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\gear-icon[1].png
image
MD5: c191c48cdc9a12101c96bac13a3a672e
SHA256: 19fce2176cb990c4773742094923ccdd17d778fd050b675b0c8ff16b945e95ca
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\static[1].txt
image
MD5: db04c7b378cb2db912c3ba8a5a774ee3
SHA256: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\packages[1].png
image
MD5: 124aa7599ad1f18e508c5841f16aa3e0
SHA256: 9f15c11e33a413d243d31bc16f854b9e8ec15233e5facdf4ac8e3ce7f62a893a
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\qzcompare[1].png
image
MD5: 2aa051060ba193719cd29fc7474bf8f3
SHA256: 7fb82c612b40e63e6d36dc37b4f334ec7f83a6e680f730a83f32539bb33ed811
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\carbuyer[1].jpg
image
MD5: ba436cba2d70a4a0a541f0fbc8394ef9
SHA256: 96238f3ccc7dab7ec043330bbf73710cc2ae01ddd9346f69afc852721c909027
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\search_hfastpackagetracker_net[1].txt
––
MD5:  ––
SHA256:  ––
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\bookingbuddy[1].jpg
image
MD5: 928b5e556a2aeec535055318d8bf8445
SHA256: f6f55450ab57c199e6615a554e03a840188db5ac93227202f6dbe4ffefabb03c
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\itpro[1].png
image
MD5: f65054973848344b284fe5ac49d1b615
SHA256: f5dcba376232fbffdd3bb7bef1bb58f3c334cbf4f80ae5765f3a6ab542d0d9a4
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\news-1[1].png
image
MD5: 69f417a5b6fb00c16f2b1613f787878c
SHA256: 9717dfdf6c679515fa277e4ef79d0f91748c40aebc657a9e1da6b5a6aefb7888
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\setting[1].txt
text
MD5: ef9323d5935a425c7ebe28da6bc79fe3
SHA256: 1d8169ea23eb16843ce5c60a4a07191776c668bb3eb88c8695394316970c15e4
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\kelkoo[1].jpg
image
MD5: 97c7359a869578f55cfd5d2cad35437d
SHA256: 93649e2d7f85788b32f3956f21f8e399dbd74b235e29a6fa648a5616e216de40
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\quotezone[1].png
image
MD5: 78b8eebbc483604182e61cca65caaae5
SHA256: 152a3c9f21a372847722a1acced5893482cef4b6885b987d86c87f1918da9b38
3112
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\QMV4D3YP\search.hfastpackagetracker[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\header_common[1]
text
MD5: 7395e64d793177bd26a720124703786f
SHA256: e593503a6f74a91b7ca6d5ef4be3bf2a0fc2b5d45d615e6d9788512bbfec2aa4
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\impression[1]
text
MD5: 5318342d6bad0f296f894aca4d86e7c3
SHA256: 0bf4d7e68a3d34acb7ac6b3833ec889f492ab519d8f4a48359044c5ad1fe9c44
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\monetizedquicklinks[1].txt
text
MD5: c674eddee3a1c547b3f796c490f1a7bd
SHA256: 6d196023e05ee37572c83418341fd2c56ba4cbf04daa97edfbec9827bcee602f
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\packages_v1[1].txt
text
MD5: 02324178816d44dbdfe3dd86a72a98f1
SHA256: 740e6c8b92fd1efeb36a8c327d26405cc0759e6c051fc78b76297b5c932f0bb1
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\search_hfastpackagetracker_net[1].txt
––
MD5:  ––
SHA256:  ––
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\search_hfastpackagetracker_net[1].htm
html
MD5: a91fec9b4d9e72d864587600b5d90b90
SHA256: 16c6265057219f1b6afd00627826e91554454a85bffa20e0773e2950d375207a
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7742c01aac4e24b4313ff6dc858a7d7c
SHA256: 1dcb68077343d9428605bceadb4819ea9c6c5952e1fee41ad52277384ab3c6da
712
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\f8a9938a18[2].gif
image
MD5: bc32ed98d624acb4008f986349a20d26
SHA256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
116
download[1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\api[1].txt
––
MD5:  ––
SHA256:  ––
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\FastPackageTracker-21402424[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\download[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\icons-star[1].png
image
MD5: ee286d05500f9eee903e3429f8434776
SHA256: 9f71f0c0201f4781879baf4e695f4188725a8ce2953d18b8c1120865f5d32a28
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\f[1].txt
text
MD5: 02f313296c0673cfea4524e8b7271d99
SHA256: 1448d19eebf777a4b07f5f9a70629878cf9fd04c305247d95103da42cdd502bc
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\f8a9938a18[1]
text
MD5: 5c9da71976fb9d00f82e61c7e496ba06
SHA256: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\f8a9938a18[1].gif
image
MD5: bc32ed98d624acb4008f986349a20d26
SHA256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\fastpackagetracker_net[1].txt
html
MD5: e79d21bae6ed7ce4a146431b01f3989d
SHA256: 46ffc9686c1ac4e2ce5c515ddf3a989c64838aec4f846dd344b45b8a9ae94a04
2836
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: d08fd0ea317788198b6ff831d9891733
SHA256: 82b6334329fbefbc58277d7264fd84e253c44018c8b08c61cfac15b4be0f384f
2836
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 986bb3a0d6dd0fa632285fb812b9f5e0
SHA256: 579b6c9c8540078f60916b1487a6affa03b8755f1632ee98bb1d27b90edf1aee
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\nr-1123.min[1].js
text
MD5: 7ffb242072196e9db5f4f1bfbfa2ed7d
SHA256: 94cdf5b7f868883de0e1248cd80b42dd84e3f38685f2b234747550c02190dc82
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061120190612\index.dat
dat
MD5: 09397f5e0370b5daa4b847e7688780a3
SHA256: b826e93934ac8865b2ca58c64bfb949c5639f935b8bd8dd5e24b9e4d1ecd62a7
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061120190612\index.dat
dat
MD5: 106e7013803018eb5a5a8a4f3a5b559b
SHA256: 9379f5e19ee762afb50f0f1a11798429c3d4d3c21966587b123986736aeab24a
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: e07fd07d89397f60382ad8632213e10e
SHA256: f722bb9b7382662cf6b6ea08f5650d20016176f76409c7d67d62a8683ed24fdd
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\package-dolly[1].png
image
MD5: 2868ad5bf1bd7cea3480c290b225b847
SHA256: de2e7f9f05576695a8f528a72d01d1260ce1050adbdc6a57fcce6b0abd0c287d
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\fastPackageTracker-NewTab[1].png
image
MD5: 5116f7b60c6141cf1d0da8d471a05850
SHA256: 1e6686e5994cf73ac0381bdb3259ad81cf48e7fbdf908eea4db42ae674494757
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\package-umbrella[1].png
image
MD5: b1f35f4f7e4bbd340f6d58d167e9ba75
SHA256: 1bdd785ddeee49b21ffd025039075b8a027d48c0a7baddea3d59cc5f77ff186f
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\packages3step[1].png
image
MD5: 2e7f484aca847fb25d5ea47f9050fe04
SHA256: 30cf1bca49e49aa5cb2541a579d146a1297167282b940102f752a889814a1f8e
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\free[1].png
image
MD5: 792adb010c98237fbba2749dca8f0563
SHA256: c59b68c039dae254a3edd4222bdcf40655d089d4740fe2b23936fe499b98356e
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\world[1].png
image
MD5: 7cd58ff673d9573d093ad112f8a68267
SHA256: 5d1fdeb9414658ea2da348b9887f9ec8961fab8db1dc70d6af5925d419d3bb7c
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\plane[1].png
image
MD5: 28e4b9ddd88eac9e0311bc314c3f9392
SHA256: 4464d188b0e8d17e74dd4f6801d09ff1be3e5e2c488f9f72fedf9c6200421f63
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\Green-arrow-right[1].png
image
MD5: a6534de0b14e13628793ceba72591671
SHA256: 5b1cbf7b110dab190164b870e76e903131c77aa1f4a13854e4b3705fac3d13e4
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\logo-black[1].png
image
MD5: 2f6d4f7e9fa7167d80c7a5b55933590d
SHA256: fc9abcc40a609d70f9e00cba0fd8b3c41dae02465ec348e466d7436faef0873b
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: ff575a176f50f76a49ba2878839c0ab9
SHA256: 2800d3ccbfc5717c93c5dfe44995a7a2494a8cfde158b6245a45d9f3226a2f28
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\js[1]
text
MD5: cf01a0abc42ec281760d8d227baa89e0
SHA256: f4da44ddb0559d2784e03237e618fa03fe14f0ee5a7003b8803b30a13e7b158e
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\prompt[1]
text
MD5: b28c7a6aff7d99ac4f93e70f24bdc971
SHA256: b1deb910f0811a67b1fbfc79d22fc4c23079addda0b611cefb8dc06bd44f9220
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\sendImpression[1]
text
MD5: a296bfcd3ebdd09af961b8ccbd1b62a7
SHA256: c44bd1103460de3c7b116f8dcdeb431012123849625d6e1c34fe83429e00e844
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\styles_v11[1].css
text
MD5: 05ed5f458531e0d59e7b755d29570ac7
SHA256: 63e0b5d9424fc85019b9b73a56ffa486b79733eda5ce6acf030e3c94cf623fbe
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\jquery[1]
text
MD5: ce7092c9dcc6af3c74423729abe80447
SHA256: 5aa42812961402a87076bc7a833aac5cd2c6dba847ed399bf836e025b7749b6e
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: c59ef3c2bebf3708757943b6ec358611
SHA256: 90057ca956f83a2fdcdd6c230a3c3100bf3a67349791590141b9bc959ad774d9
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DB07T0H5\fastpackagetracker[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: f0e13941b48dba4f735d69f3dba65b8e
SHA256: c495854f5786ea71a1fe133329ff884495c61b771f02307a32282af67ae0e671
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\fastpackagetracker_net[1].txt
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\fastpackagetracker_net[1].htm
html
MD5: e9e0a5fca08c9e4fb487fefceaf381f9
SHA256: 27b917aac4b9f63294115f75aee26b7217253b19b60af37db4d6c673a43dbe24
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: f40dc58f99da2fc08c3cbce4976b179c
SHA256: 670dd1753a13bcac5b68764a0443c52099060b1a0b457c46d3dcd2a3237e5382
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar456E.tmp
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 41577a5ab6a7d917cddeeddc2ef52d53
SHA256: 695fcbf6d5b0a83f6671ea2063aa9e2d45d263a108e826f21186b4a7f05925ff
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab456D.tmp
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar4433.tmp
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab4423.tmp
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar43E3.tmp
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab43D2.tmp
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 973c7fc10973a910c0b6151e70f209f3
SHA256: 3ef5c24ac129dd3b1749c79fb40a8e1a3640a8f6768441c85cee582d875254b8
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
908
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: f47dc28c068015f8e6d88ee9158477b3
SHA256: 30d94f83f102f68cbc5b83bf394a0345dfdfcbf499b3b7840a54aa394233ce3d
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
908
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQU27M4V\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLYA7DL3\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVF9DH2F\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3112
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRMIY7G\amazon[1].png
image
MD5: 65d37a0031eefa2720aa4e20bcbfb6f2
SHA256: a279329ab261b8fc30b5ec08ccd0ceade7cf6ff1c0dae6a05cd46189191a43d1

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
37
TCP/UDP connections
48
DNS requests
24
Threats
9

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
908 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2836 iexplore.exe GET 200 143.204.178.140:80 http://x.ss2.us/x.cer US
der
whitelisted
2836 iexplore.exe GET 200 205.185.216.42:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2836 iexplore.exe GET 302 18.214.173.235:80 http://fastpackagetracker.net/?adprovider=AppFocus1&source=-lp0&subid=&subid2=10288509ae4264d36a774153d1cd94&AppID=1238&keyword= US
html
unknown
2836 iexplore.exe GET 200 107.23.13.37:80 http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hfastpackagetracker.net&implementation_id=packages_spt_&source=-lp0-bb9&adprovider=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&dfn=Fast%20Package%20Tracker&spo=0&appname=Fast%20Package%20Tracker&appdesc=Get%20your%20package%20info%20%20instantly%20from%20your%20home%20and%20new%20tab%20page!&ies=s,h&sso= US
executable
shared
116 download[1].exe GET 200 107.23.13.37:80 http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=ZG93bmxvYWRbMV0uZXhl&rf=0&proto=1 US
text
shared
116 download[1].exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hfastpackagetracker.net&implementation_id=packages_spt__1.30&offer_id=_iei_&source=-lp0-bb9-iei&sub_id=20190611&traffic_source=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560293906&sgn=def104d41379171b7a054ceb9a6fb97abbcad624&subid2=8.0.7601.17514&event=ex_accepted US
––
––
shared
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/?ap=appfocus1&uc=20190611&i_id=packages_spt__1.30&uid=97a16050-28cf-435e-b606-4b066d9f4cf4&source=-lp0-bb9-iei US
html
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/styles/home/packages_v1?v=KxIMxx8jd63sVbKxVWG0Tpm3c7ckQObbaTpHG8fBZ3Y1 US
text
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/get/js/impression?uc=20190611&ap=appfocus1&source=-lp0-bb9-iei&uid=97a16050-28cf-435e-b606-4b066d9f4cf4&i_id=packages_spt__1.30&cid= US
text
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/styles/home/monetizedquicklinks?v=gJHlzDmEaHpGOsrgbxBB8fvVZ_OkkCeXVVHkJAPS47A1 US
text
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81 US
text
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/styles/home/setting?v=ryUN9ROxMocKoOuvctYLZZeK4BqnEgMfzTl9evNnkcM1 US
text
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/scripts/home/common?v=EuIy2lerC3sucsvrktGFFhoc5c0KLvN9crdBl8oVyrw1 US
text
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/ US
html
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/Home/Shared/Images/gear-icon.png US
image
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/Home/Email/Sprites/Sprite_Email_V9.png US
image
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/Images/saveMoney.png US
image
unknown
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/news-1.png US
image
whitelisted
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/kelkoo.jpg US
image
whitelisted
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/itpro.png US
image
whitelisted
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/bookingbuddy.jpg US
image
whitelisted
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/quotezone.png US
image
whitelisted
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/carbuyer.jpg US
image
whitelisted
3112 IEXPLORE.EXE GET 200 143.204.178.65:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/qzcompare.png US
image
whitelisted
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/img/Icons/weatherAgencyIcon.jpg US
image
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/Home/Packages/Sprites/Sprite_Packages_V2.png US
image
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/img/Icons/recipesIcon.jpg US
image
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/Home/Packages/Sprites/packages_sprite.jpg US
image
unknown
3112 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/Content/Slick/images/icons-star.png US
image
unknown
116 download[1].exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hfastpackagetracker.net&implementation_id=packages_spt__1.30&offer_id=_iei_&source=-lp0-bb9-iei&sub_id=20190611&traffic_source=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560293906&sgn=def104d41379171b7a054ceb9a6fb97abbcad624&subid2=8.0.7601.17514&event=ex_set_ds US
––
––
shared
116 download[1].exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hfastpackagetracker.net&implementation_id=packages_spt__1.30&offer_id=_iei_&source=-lp0-bb9-iei&sub_id=20190611&traffic_source=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560293906&sgn=def104d41379171b7a054ceb9a6fb97abbcad624&subid2=8.0.7601.17514&event=ex_set_hp US
––
––
shared
116 download[1].exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hfastpackagetracker.net&implementation_id=packages_spt__1.30&offer_id=_iei_&source=-lp0-bb9-iei&sub_id=20190611&traffic_source=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560293906&sgn=def104d41379171b7a054ceb9a6fb97abbcad624&subid2=8.0.7601.17514&event=ex_installed US
––
––
shared
116 download[1].exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hfastpackagetracker.net&implementation_id=packages_spt__1.30&offer_id=_iei_&source=-lp0-bb9-iei&sub_id=20190611&traffic_source=appfocus1&user_id=97a16050-28cf-435e-b606-4b066d9f4cf4&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560293906&sgn=def104d41379171b7a054ceb9a6fb97abbcad624&subid2=8.0.7601.17514&event=ex_executed US
––
––
shared
116 download[1].exe POST 200 107.23.13.37:80 http://www.springtechdld.com/advplatform/api.cgi?act=postStat US
text
compressed
shared
3112 IEXPLORE.EXE GET 200 143.204.178.203:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/amazon.png US
image
whitelisted
712 IEXPLORE.EXE GET 200 35.170.247.2:80 http://search.hfastpackagetracker.net/favicon.ico US
image
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
908 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2836 iexplore.exe 18.214.173.235:443 US unknown
2836 iexplore.exe 143.204.178.140:80 US unknown
2836 iexplore.exe 205.185.216.42:80 Highwinds Network Group, Inc. US whitelisted
2836 iexplore.exe 172.217.18.168:443 Google Inc. US whitelisted
2836 iexplore.exe 35.170.247.2:443 Amazon.com, Inc. US unknown
2836 iexplore.exe 216.58.206.3:443 Google Inc. US whitelisted
2836 iexplore.exe 54.173.109.10:443 Amazon.com, Inc. US unknown
2836 iexplore.exe 34.232.74.160:443 Amazon.com, Inc. US unknown
2836 iexplore.exe 54.87.172.192:443 Amazon.com, Inc. US malicious
2836 iexplore.exe 151.101.2.110:443 Fastly US suspicious
2836 iexplore.exe 54.72.199.154:443 Amazon.com, Inc. IE suspicious
908 iexplore.exe 18.214.173.235:443 US unknown
2836 iexplore.exe 162.247.242.19:443 New Relic US whitelisted
2836 iexplore.exe 18.214.173.235:80 US unknown
2836 iexplore.exe 107.23.13.37:80 Amazon.com, Inc. US malicious
116 download[1].exe 107.23.13.37:80 Amazon.com, Inc. US malicious
116 download[1].exe 34.192.66.209:80 Amazon.com, Inc. US shared
3112 IEXPLORE.EXE 35.170.247.2:80 Amazon.com, Inc. US unknown
3112 IEXPLORE.EXE 54.72.199.154:443 Amazon.com, Inc. IE suspicious
3112 IEXPLORE.EXE 104.111.241.173:443 Akamai International B.V. NL unknown
3112 IEXPLORE.EXE 143.204.178.5:443 US unknown
3112 IEXPLORE.EXE 54.174.5.12:443 Amazon.com, Inc. US unknown
3112 IEXPLORE.EXE 143.204.178.65:80 US unknown
3112 IEXPLORE.EXE 172.217.23.130:443 Google Inc. US whitelisted
3112 IEXPLORE.EXE 143.204.178.203:80 US unknown
712 IEXPLORE.EXE 35.170.247.2:80 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
fastpackagetracker.net 18.214.173.235
35.172.197.89
unknown
x.ss2.us 143.204.178.140
143.204.178.195
143.204.178.38
143.204.178.201
whitelisted
www.download.windowsupdate.com 205.185.216.42
205.185.216.10
whitelisted
www.googletagmanager.com 172.217.18.168
whitelisted
config.hfastpackagetracker.net 35.170.247.2
52.22.222.235
unknown
www.gstatic.com 216.58.206.3
whitelisted
pushible.com 54.173.109.10
34.194.5.215
unknown
config.hquickmapsanddirections.com 34.232.74.160
52.0.189.180
unknown
imp.hfastpackagetracker.net 54.87.172.192
3.94.51.151
unknown
appfocus.go2cloud.org 54.72.199.154
52.50.109.222
52.30.52.254
malicious
js-agent.newrelic.com 151.101.2.110
151.101.66.110
151.101.130.110
151.101.194.110
whitelisted
bam.nr-data.net 162.247.242.19
162.247.242.18
162.247.242.21
162.247.242.20
whitelisted
www.springdwnld2.com 107.23.13.37
34.192.66.209
shared
www.springtechdld.com 107.23.13.37
34.192.66.209
shared
search.hfastpackagetracker.net 35.170.247.2
52.22.222.235
unknown
imp.mt48.net 104.111.241.173
unknown
d3ff8olul1r3ot.cloudfront.net 143.204.178.5
143.204.178.91
143.204.178.35
143.204.178.210
whitelisted
imp.onesearch.org 54.174.5.12
52.22.227.196
malicious
dap2y8k6nefku.cloudfront.net 143.204.178.65
143.204.178.203
143.204.178.209
143.204.178.138
whitelisted
www.googleadservices.com 172.217.23.130
whitelisted

Threats

PID Process Class Message
2836 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
2836 iexplore.exe Misc activity ET INFO EXE - Served Attached HTTP
116 download[1].exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
116 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 download[1].exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 download[1].exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent

Debug output strings

No debug info.