General Info

File name

file

Full analysis
https://app.any.run/tasks/a581333f-0c93-4a54-a190-b76e6180f440
Verdict
Malicious activity
Analysis date
15/01/2022, 00:24:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5

c5d5b3bffcb31b3d4f1ea78239be0f34

SHA1

9685158e52f722b583887036ff90ba887066c5b9

SHA256

931d7d0346e10950d6e25c00e8d2e75d1b0e5dcfa4c354469dc89f5b4808306f

SSDEEP

3072:Bi2gAkHnjPhQ6KScOq4oNF5Hw4HilQaW+LN7vxRLlzglKhyTi:bgAkHnjPhQBScOqv9ByQCN7vBhyu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
  • iexplore.exe (PID: 956)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 956)
Checks supported languages
  • notepad++.exe (PID: 2140)
Reads the computer name
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
  • iexplore.exe (PID: 956)
  • explorer.exe (PID: 2684)
Application launched itself
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
Changes internet zones settings
  • iexplore.exe (PID: 1404)
Checks supported languages
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
  • iexplore.exe (PID: 956)
  • explorer.exe (PID: 2684)
Reads settings of System Certificates
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
  • iexplore.exe (PID: 956)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
Creates files in the user directory
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
Changes settings of System certificates
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 3460)
Reads internet explorer settings
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
Checks Windows Trust Settings
  • iexplore.exe (PID: 1404)
  • iexplore.exe (PID: 964)
  • iexplore.exe (PID: 3460)
  • iexplore.exe (PID: 956)
Modifies the phishing filter of IE
  • iexplore.exe (PID: 1404)
Manual execution by user
  • notepad++.exe (PID: 2140)
  • explorer.exe (PID: 2684)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.htm/html
|   HyperText Markup Language with DOCTYPE (80.6%)
.html
|   HyperText Markup Language (19.3%)
EXIF
HTML
HTTPEquivXUaCompatible:
ie=edge
viewport:
width=device-width, initial-scale=1, shrink-to-fit=no
Title:
JakeAdventure
Keywords:
online storage, free storage, cloud Storage, collaboration, backup file Sharing, share Files, photo backup, photo sharing, ftp replacement, cross platform, remote access, mobile access, send large files, recover files, file versioning, undelete, Windows, PC, Mac, OS X, Linux, iPhone, iPad, Android
Description:
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
Robots:
noindex,nofollow
GoogleBot:
noindex,nofollow
slurp:
noindex,nofollow
googleTranslateCustomization:
5587c1b0a958bf07-62a8e309de686e87-gc92f61279a2c8524-11
twitterCard:
summary_large_image
twitterSite:
@MediaFire
twitterUrl:
https://www.mediafire.com/file/9j9rfb27z5g6qge/JakeAdventure.exe/file
twitterTitle:
JakeAdventure
twitterImage:
https://static.mediafire.com/images/filetype/download/app.jpg
twitterDescription:
null

Screenshots

Processes

Total processes
42
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe explorer.exe no specs notepad++.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1404
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\file.htm"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\advapi32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleaut32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\nsi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\credssp.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\duser.dll
c:\windows\system32\wship6.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dui70.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\url.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\imagehlp.dll
c:\program files\windows defender\mpclient.dll
c:\program files\windows defender\mpoav.dll

PID
964
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1404 CREDAT:144385 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\normaliz.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mshtml.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ieui.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\mlang.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\sxs.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx

PID
3460
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1404 CREDAT:1717255 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wininet.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ieui.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll

PID
956
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1404 CREDAT:529665 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\normaliz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ieframe.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\webio.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\iphlpapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\ieui.dll
c:\windows\system32\schannel.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\sensapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\propsys.dll

PID
2684
CMD
"C:\Windows\explorer.exe"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\actxprxy.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dui70.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\slc.dll
c:\windows\explorer.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\advapi32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\duser.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

PID
2140
CMD
"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Downloads\JakeAdventure.exe"
Path
C:\Program Files\Notepad++\notepad++.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Don HO [email protected]
Description
Notepad++ : a free (GNU) source code editor
Version
7.91
Modules
Image
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\notepad++\notepad++.exe
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\msasn1.dll
c:\program files\notepad++\scilexer.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\rsaenh.dll
c:\program files\notepad++\plugins\nppconverter\nppconverter.dll
c:\program files\notepad++\plugins\mimetools\mimetools.dll
c:\windows\system32\clbcatq.dll
c:\program files\notepad++\plugins\nppexport\nppexport.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll

Registry activity

Total events
34663
Read events
0
Write events
293
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
1404
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
(default)
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
869999248
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935462
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935462
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
06B5F033A609D801
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{7180A4A9-7599-11EC-A20C-12A9866C77DE}
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00000018000400A303
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00000018000400A303
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00000018000400A303
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00000018000400A303
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
68C62234A609D801
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
68C62234A609D801
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00000018000800550300000000
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00000018000800700101000000644EA2EF78B0D01189E400C04FC9E26E
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A607000097404169FEF84FDBCD2B5497818226198AC0C26C2849A4B61FCB655BC2F07CB7BF7CC11886E4785D3189A9B2440792EB4349D76B054F469F32D918088366722885392F47604D0D7FB76FEAA597F394DFF4A288A053E25B6944402B9B53D28E1F211879CFF552E821017F4A85C0655097836D697F0A22B9B026A00D5AC1526A740EB73C2D331503CB5E5770BFBE7CEEBB1F49BF2F702F1880D098BE90FC0784FC19B77BABE3B4C52CE59807976658CF85EBD5A103782985FAD6CAFA966912877E8CB89A9B2A51EF6F38E372351419D48D7FB39CF853306ED0C0D5A764589160E8675AB5A1A40A2A57F3D7A24588DE57F45782FE4760645A8A9A591DBCD4A5CDDFF93D460E5701C22F6E131F25CBC9D3D2A6E1570A13E565A2F0F699DEC26EFC9C8C01F948BE542F910038B9A115F960030A7242ED11D31469E04C34D2460D6A174F477D4A2B2574EEB4E69547458E683276D4C8F1004EBAC308FBAA3841A0E28223AD0F28B892B7F434BE564167A8AE45BEA6453F1776F1AE2DA32CB7AD48111B03D40EAF63BDBDBFC05E5CC3F266F70F0A8A8408D56B5F9959E4E3EB6426CB42B95C310C89C4A4D57968CF0DF9EA99527B1F5C7DB74D538E4C5E81F26E5898EAA8E5AE8726C993FA107A6AF930538518C60458C9E13C7A2B6EB1E180F5FFFC54810F6C5193EAABD08635411554C1A05418DB902CFF589269867CE184873BDD1A7E7BD057104997462C3AE1578F538CD77F43061A84C1E2379261DF61612D298F76C728365505D4DB8127CB59962BA997D0DB786BFF978CDFF4FF20B474F33D676794342D8E3D61AC6D9E7A2908687E417445AEA1C5FA6842DAF65DA8DEAE3EB8E182DA2D38132A55EE3DF2A26F2A511D6620D83AC80AE6DCFDE6A1E1757F7544CC3165F2FBA55CA49BA5266460917645CE0B2F12AFE75AA3006F58EF3F84CD15BC41CD2A6F1537167C77B449BFBC592801A825D4B9B166A90931F755B2DEAC6C485313B8E381B82AF051577CCCCD9D5ECB95297FF488EB982ECC1C2189ADA9FB1E0513F4360BBB8021D5610E60E388CFD7747DF7AA8CD4FB1AE07D1053122C7320F87C0DDCD140CBE7A1FE2F061EBE2424E464A8CDDDFE55780D72481E2BA35E17CC8D7137F5E18E8A56FBE4959D198E8184E338829B9A0860F3909AD9196951DA21EE48BD95C1B33A957D5AF1825ED9B6F6E74B97E638129F31245F94FC1861A09744FE70D376E58EFCEAC2CDEC5CD10AD91754A9DEFE90E5697AD662F598F694CE60DC8BCDAEC2182D9CC348FB88F8EBCC497602A4F01CC93A8721FC2224E63067B2B611A578E1E6C6367572CF2489FD710A7C2456A1F1CA44B5CBFBA4BBDC220070A49C79B8989168FEEFA98792CB4067C6D4771542E7FF27EFDB749CFE1E0A3A80C91B6B51A91CB48A6BD3455FBA804DC0A85301CD375883747D01289B91E5B57D36969989A6A648DDEE4E28A1F5C4C536FE6F3A2F1A14F88337E269B51BEC11CAC9A025223D52C6848A6550740B026E5FE82AE0A22A4526ABB4F47F964C93EE77337E2E7F3FB6CC932C8FDC6406ACE7AACB5013D6A243ADFF12128B805D60ED46F9B9D3B48664FCA5FAB2EEA956EBD24FAF4BF37A616E2DEBD2E1ABF77B45AC1E95763645A60CF4DE42E5A5350656CEC4A131A0B0C39E450B488500576472CCD99EC3758D67A355F0F83821E93ABC7A96286C3A324EAA9771A359ABFE52CEEDCD0260B26C206DC008C53E82A00B1878B6C507E1B024FCC224855CCA183DAFAF8350B60B01CCD5D35DA590E7F8A70C673A863BB5C452DC666C28C67EAF5EB9B2051910A2670466308615877233C7B8E6A6A80ED65FE3FC239A159CE7CF16C0962C4DB39543B90375B4D54D4238720097374E0B64B0CBE699A16C6026451355FCEAC33D0683C8FF43AE3159771F147019543C067FB2A11668C4B71D595FCE2882BEBDB713295C243B7EE42631F0E1A20B2BAF0D47FF243130BA53ACA1AC5A0CC9DC843BDED717C4FBE682B08F358A020FEC3EF6DC8F964091A1677E1FB47FE87190118385211D7625F87DE4B3BC4068C46ACDEF5E53E5572BCA6823F15327A21A80CA092AB5DA0D5763AE7EBC010BDEC9BE8CE6ED3AA0629E9532D43833178664664B9EEBCAACDC32027449CA846C59C0E211FFA9D7C381898AAE8B146E025FF03B3E17EA734D2157DF6695FC08554D483072F0B2A14FE08EF00769A6CDDF6B5C104C5546BC14C164608F8D74BB67F6005B7D9A2831B2D34C5E72F80CBF9B2449AE11D21E4B0B6AFBF63A0A511B90078A98F8D62B66FDC463D883E067C512FF572B2B529462C8F5BAD2571CB354E66C855AF7DBDBBBF0D973451773D8455CFA262F51FDC6B32286420E6467BA49E1DF9045388B5826D4091C42C53E7DD769BA56528006D626B329343FEDBC857EDF214D889BB8C2BD1C36FEF9E9E67767F26E881234CBE27B23E52E4C9B8F36D6F6295AECA5BA3909E739B9F03AE6E6ECAD005AA6B4590C4A4C4CD2B3D203ECBB1DCC59C10EB5DDA14041ED64EE47EB89E33A6D7C6CD8724B2CE5BE4CE246C7879B64E98166AECEAB3D733A137225A4C0464261BD557636DEA1C993AEBFC6E654D09FA994C8842C24E4704068B2D3327E1F9AD61374A27684FF37F20958CD6B2546FC3B7B9D8F1754E39E9E61EC9DB570CBAA6C26612D545B6CA279776FEC7518182F3E016A8CAF291CB9F69119624E0C8898C300E2AAEEBE1048CABF093C24D3A69051B4B96D154AFAC9E726E6ED1B9E916B7C29986666010000000E000000385835324E41646D516B412533640200000000000000
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000001456B3E3BED54288F8ACBC593B0B4E000000000200000000001066000000010000200000002F768AE59457594E7642B6119567AABC5A9B558C11730318BDD1075BAA8374B0000000000E80000000020000200000008B22EC7010F310AEFBF8A1CE33DD1774458EC65FEB55F377D3D5DA3713DF6A8350000000B2F780FC85DE218AE69D64134EA16FD381262388429D9AFEE1D0F0A0560AD2CC00F0C6CA12D0FEF459C19DD15738E7A15BD96D33BA7E8237E78C938D5286AA35091D67115AF5BBA273F4DF30DF613AB040000000733A0799837B26A813DCA2B4ACB9BCCD825FBDB314D3AA81D1BFAE94D3DD3FC57309A2E5337C8325977EDAE3AFCF8CC1902753887B2D878BF8846C34290B1C8D
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000001456B3E3BED54288F8ACBC593B0B4E00000000020000000000106600000001000020000000B3820BD9E1EBEFFF7E3423216884277A3BC32A480762CA75ACD2E3B7AB3916E5000000000E80000000020000200000009D779E50B5C2F6EDA6065BBBB4780B8279AEDA2F617E5C1E8B8F3B63438B8ADC10000000335BB291539B207835FDD2617F41B7D0400000003486F0AC66744584EE71DB1AFF07B79357F4AA90642D77C84B9B4ECAE900B78F60C74EA4B12CF8020157D4FF9C5FA3AC698D4FE73F25BFA101E5656C6161BC59
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000001456B3E3BED54288F8ACBC593B0B4E000000000200000000001066000000010000200000004F4566C26ECEF5844D48AD0B7B23D5E040FDBC7FFBEF7E0CF16AA639F7BFA3A7000000000E80000000020000200000005B38EE45EE38857568E01ED9319C964FF59DD70F45B090DFAF8AF2DE6C23C6E4500000001600CEC823983FBB2896E46FF4D4286DC3C141495DBD846DCC9A9E27C1A8CCE92D476BA827D493183F073A1D0966460CFA2AF14A70EB7A0F3F87659DEAD929FB4D37A21AD74AD6EF4ED79732FEADFD6E400000004A1610329BAFBF476849D62308AF0145500CA6F752AF4D68105E4B135DAA89724030BC38F5A0CF62935B546004B1A957AA45411DA2993D77379B9A9B67F33E11
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000001456B3E3BED54288F8ACBC593B0B4E00000000020000000000106600000001000020000000113D8776E80B867902C819ED9F164D31C96236E4D211ECF21731850F22EBAB49000000000E800000000200002000000055FE984C889C8CC6507E1E9ECD76374F4D498C1FB075CED66FD2FF76E5D26E08100000005CA7A90EF64F09616AB31A62DBD4B7F1400000001CBAECDB8277C09F32D8059BD7AC7BDA670EA2EECD695C75271697F50E52C6B9E019186D82B03626DC53AC2EA8739C0FD6F9AE2A42F4BB8424FE0A0BBB0A119C
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000E41CCE5E17D814FA7A329323A0825046E984DF0C01B08DC7E07A085CB3361C3F2CAEDAA03F44BC4E068E4EBC8B8C950FE5FC4800D668D3E4D9F0766CA4F4F4F51914AE7E0931C0A2CF66D62969235FEA19D906E03AF2A56CFEF3C6F4CE0B9B21D06F1528E03F8B974ADC8DF7E8E2F8E7323B6F5970EDCDB6DCA34FEAC91B56046AE0AF89D20E526AF00EB1719D6A462A4D426CF6DBF8E745AD20E34718C41E181085DBE8BA3EAB19501E8223325CBC62A30D4FA920B56D3EAB8A5DB606A6BB1ECB7F76CF3770ABA79D2A162BFC5652DEA1BE279DD6C214E7E501C7067B6165B1E8EE3B4A1D42605E1B54745611FAC0242674485BE6C1CE3DEEA54E7A0395016A1CF3DE746555142C8DBAA315F4E67C28414F664024519596E796DFD95DE2419B04ACB3540B4990107C7EA73DDEBB9E03876E5F3EDD11974F83F48A5E62E86D93D73A6408CABE9793A8BEF4932F1A1748DBF3D9F4F5A3C8959BDFDB6C82464E75F4BDD93F815404512D9C3D32F7A1B5DCB3FD891206A6AC33C9777518919EDE9E73562F0EDAABA493E93635B74FF2106A09AC0A0CADB957762FDD51818C8F969EBD2392015D6477FF24AE1F45D4AB115E5120791E937EC51E0A2F17F9A5B988BAD445C492471DD24BEE224154F96D7A75D878E5A23B94EB66128EDEFD8DBCE1071CDDAFDF1B77AA0E06B4AB514ED9EDDCC1D6CEB78A9AE20D781AE7001B38DE0B4A093AB9F812AB96D182F810BA8D22DE04591230EA321A8352F380FE62CD47FDD9EA40FFCD8E77D5BBAE590B422BC92051215CDB50FB94127E39E7EB371B208087A0314CC18BB0586F571E72F2514E758C4D2117A0940329530C9DE54AC255025D4CB8F36AAA0159B09C640F60A11B36B7FFABB6E79F78A7528CD5436E62339EE10C5E4D5A89B8D0669FE6F100B9CB36FC56FA3556BB254230D93C698A9ACE95A9013C5138C96DA6D27E92F3AA3AC73E3572143CA18787F83D13B270800C5F54734CC885F30ACAE7085B11075CC5A21B6C73867414A55C951A5A91A4A4575A08340B5C3A92ECBD16DF54D8589BF8E33E857802B057B4D43D35CE41C7FD1B10C8CD5F2515BF0FC780438BE13D4F75C9E9FAA38959F6530019278FBE29CEF8A94ADE681FF08F137EAAFB1E49F734DA61EF40138D3B7C24F900CABD4298ED8E98294047BB031D9965C9612F1D40AEC8150116E8809372C6BA421578B60E0E7DDEBD111A85643C3FC050B7DC86B022E01A8E3F425379FED83C7409E04E433465C37FA70294CF23A65F892C477EECDAC08630EE40288E19FCC254BF15C7FE78E695025820B4C7EF6E6E3D838EC3A1640AD0ADE404F40755D1D9BFD837694418A05179119281FF9537B0725CD3ED5E095C558265AD2BFFFEF68CAFA266A74A1D3325CB3C796D1987A18B348234882DDB571E030F5BFA19140D6451B4C2C6449C3ED93D83F5B6B0744D377113D3F3073A9C520B892DAC7868B51D239D6B8CF8E063D0A85F2727B85ED939DF65CFDC13E5C97239C245E803C08D542D8C81152BB741013D492D8E2622E612FCDD47AAB7788016BE1BC222F71937393DCA24CFD4EB780FDDEE2837F2B214F715535D5C7AD35FC4BD72C40CCE7352E43E8774372CD0A81F003439215EA403F4633E2F6CB08107163A7C6BA572917D0399ED91747F0A716E2B627E1495B6535D3441DF5E013219E394BDD601C5205A7CA6AB9BA3D8067319F6AB18D9993AA50A23DD8BD9B4D833679AFB27A76EAF876031A0B2487D3E4ED6A4FA27AB7D5D97AB680B55CBD364F7CE23337DE707C2A67E0BB9F6442F77A2D0485CCCBAF311CABA2FEC5B4419B403EA446DF886891F567DADB0874E4A6D0FC87C5125D5273ADEEB0376BF2CB3E5F8400750B756179B36BAEA9E855DAB3F35C1A79B53F7EDD0738A48E09FB9D230771EBDDFDCBD0DF8E85CB49F100A679EB368D69D76FD3DAC296FC8691DE80CFC1E53DEF386796A220B79E99948A455812B771D36AF7E0084A03848F8578F885B8F417475D5097FAE3ECE3A514E9168DC3C7A94EF1C0F2A5D79453A1E6F1605D768111C42E9C9F8AE23F91F4F400CD5F186D4D986DE712B3752A871D38321A3BC4AAF94E8E1202F2E5949D4403EAF0AE5A97B2A6816D8A755CC4EF159B5FA8B11D681D98EDFE2CE8A7F846E7D6B267D1645A10609E2A286E687B8C39323E15BE7AA69D71B02B5C8F3378C0153E41B3C38FAAA6BD5630E4EC42379E7E3EFA26743686FA3586A159B562055CD47CAA45D3868F69699B957D09540A8466B38BBCBA4AEBD4F94369FE2B5D9CA82473DED334A2F3C5D41050C26627FA1C6EE1DA54A681E2A48B4885F41BE046897535DCC552FEFF613E5656BFE607E065D7AC077000156003FAE7FAF8F444071A52A4AC57A9447A202A4FA983662DE1A3ECF3F4ADFEBF700AE3F3B63669B2CFEDF2324D11F8DD9F16F69E502CDF43FA8144DBC470550A27EE376DCFBEC1E6AA094350BEC01B944AF3027447417CA41314EC555E1D8C2F50B9E8981A7024D99A4BF3F1F1E64D2284BD5D038D151F1845F74712CFAF944929543E14C57B2855810AC3180032DBB25055B8FE1A67CAAA85C98F75F8A037117AC95705C09F3734937A7504EF9C9D0DB3B7751605887544E8DCC2F108E1CB425CE0656D195C35A0B74C402A91AE80CEA16681DD3D5CC031445B1B55D9B562D5DEA956FCBCC879F3D92AB13B15A0227F26461B75B0FE0119BC50A02688BDFC75DC63DAD6999C00581B082F68667B27893E87C7C1924ABF0836B70834FDF014DC75AF4F5CD6E12657673D9E94808DE566D9D45542B58D7C76C65036E3452F40D39DB362816F29394BBEAADF5178BAF23201ECDF5B2148C9DF66B3E8535137C87549D2A0E64FA780CF23F81B513DF5B824B92508DCE597D7CC230C84174D65D20B9AC4B83D6B9014FBA1C78965C7DBBEE90877019A0CF42196E256667103E99D606FFA8D18E05C4D6B2C88CD112BAB4A48EF9F61346EE0A069B00F2EB2811803FDD22B31BAB573C377C13D38F55A773DEE5092CDDE18290EAE9EF6673DE2793E4DC1C9F3D4DCFB160B7C0CAD445C971E735C3C277924E6F8AF830F7FD50173287A475507A94CB6ED802E5BFBF022A4E010000000E000000385835324E41646D516B412533640200000000000000
1404
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000000180014009F01
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000000180014009F01
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000000180014009F01
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000000180014009F01
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00000018001900C500
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00000018001900C500
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00000018001900C500
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
27
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00000018001900C500
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00000018001B00D601
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00000018001B00D601
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00000018001B00D601
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
28
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00000018001B00D601
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935512
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935462
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935462
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00000018002C001701
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000001456B3E3BED54288F8ACBC593B0B4E000000000200000000001066000000010000200000003CC77639F13667F70CCE624C7448B0EF53037F974FABEC35E62F012AA0F25DC5000000000E8000000002000020000000B9807D3EE82E7849210DC2618AB3D1B4E6821D26EB279D3A26A20584D227B7F420000000AECF46C7796993113AB3C357A464C7730AB2C2380B36E14AE0175F1FA20E060A40000000553D93801E929E48688114E206D702804D87F1D3229CB87F3E89900A4E91BE56B36EDBEF32B38870E2D8D1A1306C5A257259C7DDB392744B85952C0B385D226B
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
80B26B4BA609D801
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00000018002C001701
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00000018002C001701
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00000018002C001701
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
29
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
ClientSupported_MigrationTime
622B854CA609D801
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000000180038002A03
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
30
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000000180038002A03
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000000180038002A03
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000000180038002A03
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
348971218
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames
en-US
en-US.4
1404
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
5C000000010000000400000000080000530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
1404
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
040000000100000010000000E4A68AC854AC5242460AFD72481B2A44530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NextNTPConfigUpdateDate
349019804
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarCancelText
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPOnlinePortalVer
3
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarOKText
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarText
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPRestoreBarLimit
1
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPMSNintervalInDays
20
1404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010006000F000000190032008A00010000001E768127E028094199FEB9D127C57AFE
964
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
(default)
964
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
(default)
964
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
(default)
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
964
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
040000000100000010000000821AEFD4D24AF29FE23D970614707285190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
964
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
5C000000010000000400000000100000190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
964
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935462
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935462
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Size
10
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Enable
1
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
InitHits
100
964
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Factor
20
964
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Blob
5C000000010000000400000000100000090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F0000000100000030000000761613F4CD8607508C3D520FBEFE68773735FC73746F42A9FD6254BA3B72F0047994E5AF57677CF6D2C1965984965DF1030000000100000014000000AFE5D244A8D1194230FF479FE2F897BBCD7A8CB41D0000000100000010000000CB39C3D4272CDF63774E1DB810C5A89E140000000100000014000000BBAF7E023DFAA6F13C848EADEE3898ECD93232D462000000010000002000000052F0E1C4E58EC629291B60317F074671B85D7EA80D5B07273463534B32B402340B000000010000003A0000005300650063007400690067006F002000280066006F0072006D00650072006C007900200043006F006D006F0064006F002000430041002900000019000000010000001000000082218FFB91733E64136BE5719F57C3A153000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000DC050000308205D8308203C0A00302010202104CAAF9CADB636FE01FF74ED85B03869D300D06092A864886F70D01010C0500308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F72697479301E170D3130303131393030303030305A170D3338303131383233353935395A308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010091E85492D20A56B1AC0D24DDC5CF446774992B37A37D23700071BC53DFC4FA2A128F4B7F1056BD9F7072B7617FC94B0F17A73DE3B00461EEFF1197C7F4863E0AFA3E5CF993E6347AD9146BE79CB385A0827A76AF7190D7ECFD0DFA9C6CFADFB082F4147EF9BEC4A62F4F7F997FB5FC674372BD0C00D689EB6B2CD3ED8F981C14AB7EE5E36EFCD8A8E49224DA436B62B855FDEAC1BC6CB68BF30E8D9AE49B6C6999F878483045D5ADE10D3C4560FC32965127BC67C3CA2EB66BEA46C7C720A0B11F65DE4808BAA44EA9F283463784EBE8CC814843674E722A9B5CBD4C1B288A5C227BB4AB98D9EEE05183C309464E6D3E99FA9517DA7C3357413C8D51ED0BB65CAF2C631ADF57C83FBCE95DC49BAF4599E2A35A24B4BAA9563DCF6FAAFF4958BEF0A8FFF4B8ADE937FBBAB8F40B3AF9E843421E89D884CB13F1D9BBE18960B88C2856AC141D9C0AE771EBCF0EDD3DA996A148BD3CF7AFB50D224CC01181EC563BF6D3A2E25BB7B204225295809369E88E4C65F191032D707402EA8B671529695202BBD7DF506A5546BFA0A328617F70D0C3A2AA2C21AA47CE289C064576BF821827B4D5AEB4CB50E66BF44C867130E9A6DF1686E0D8FF40DDFBD042887FA3333A2E5C1E41118163CE18716B2BECA68AB7315C3A6A47E0C37959D6201AAFF26A98AA72BC574AD24B9DBB10FCB04C41E5ED1D3D5E289D9CCCBFB351DAA747E584530203010001A3423040301D0603551D0E04160414BBAF7E023DFAA6F13C848EADEE3898ECD93232D4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201000AF1D54684B7AE51BB6CB24D411400934C9CCBE5C054CFA0258E02F9FDB0A20DF520983C132DAC56A2B0D67E1192E92EBA9E2E9A72B1BD19446C6135A29AB41612695A8CE1D73EA41AE82F03F4AE611D101B2AA48B7AC5FE05A6E1C0D6C8FE9EAE8F2BBA3D99F8D8730958466EA69CF4D727D395DA3783721CD373E0A2479903385DD5497900291CC7EC9B201C0724695778B239FC3A84A0B59C7C8DBF2E936227B739DA1718AEBD3C0968FF849B3CD5D60B03E3579E14F7D1EB4FC8BD8723B7B6494379855CBAEB920BA1C6E868A84C16B11A990AE8532C92BBA10918750C65A87BCB23B71AC22885C31BFFD02B62EFA47B099198678C1401CD68066A6321750380888A6E81C685F2A9A42DE7F4A524104783CACDF48D7958B1069BE71A2AD99D01D7947DED034ACAF0DBE8A9013EF55699C91E8E493DBBE509B9E04F49923D168240CCCC59C6E63AED122E693C6C95B1FDAA1D7B7F86BE1E0E3246FBFB138F757F4C8B4B4663FE00344070C1C3B9A1DDA670E204B341BCE98091EA649C7AE12203A99C6E6F0E654F6C87875EF36EA0F975A59B40E853B2279D4AB9C077218DFF87F2DEBC8CEF17DFB7490BD1F26E300B1A0E4E76ED11FCF5E956B27DBFC76D0A938CA5D0C0B61DBE3A4E94A2D76E6C0BC28A7CFA20F3C4E4E5CD0DA8CB9192B17C85ECB51469660E82E7CDCEC82DA6517F21C1355385064A5D9FADBB1B5F74
964
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Blob
0400000001000000100000001B31B0714036CC143691ADC43EFDEC18090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F0000000100000030000000761613F4CD8607508C3D520FBEFE68773735FC73746F42A9FD6254BA3B72F0047994E5AF57677CF6D2C1965984965DF1030000000100000014000000AFE5D244A8D1194230FF479FE2F897BBCD7A8CB41D0000000100000010000000CB39C3D4272CDF63774E1DB810C5A89E140000000100000014000000BBAF7E023DFAA6F13C848EADEE3898ECD93232D462000000010000002000000052F0E1C4E58EC629291B60317F074671B85D7EA80D5B07273463534B32B402340B000000010000003A0000005300650063007400690067006F002000280066006F0072006D00650072006C007900200043006F006D006F0064006F002000430041002900000019000000010000001000000082218FFB91733E64136BE5719F57C3A153000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000DC050000308205D8308203C0A00302010202104CAAF9CADB636FE01FF74ED85B03869D300D06092A864886F70D01010C0500308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F72697479301E170D3130303131393030303030305A170D3338303131383233353935395A308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010091E85492D20A56B1AC0D24DDC5CF446774992B37A37D23700071BC53DFC4FA2A128F4B7F1056BD9F7072B7617FC94B0F17A73DE3B00461EEFF1197C7F4863E0AFA3E5CF993E6347AD9146BE79CB385A0827A76AF7190D7ECFD0DFA9C6CFADFB082F4147EF9BEC4A62F4F7F997FB5FC674372BD0C00D689EB6B2CD3ED8F981C14AB7EE5E36EFCD8A8E49224DA436B62B855FDEAC1BC6CB68BF30E8D9AE49B6C6999F878483045D5ADE10D3C4560FC32965127BC67C3CA2EB66BEA46C7C720A0B11F65DE4808BAA44EA9F283463784EBE8CC814843674E722A9B5CBD4C1B288A5C227BB4AB98D9EEE05183C309464E6D3E99FA9517DA7C3357413C8D51ED0BB65CAF2C631ADF57C83FBCE95DC49BAF4599E2A35A24B4BAA9563DCF6FAAFF4958BEF0A8FFF4B8ADE937FBBAB8F40B3AF9E843421E89D884CB13F1D9BBE18960B88C2856AC141D9C0AE771EBCF0EDD3DA996A148BD3CF7AFB50D224CC01181EC563BF6D3A2E25BB7B204225295809369E88E4C65F191032D707402EA8B671529695202BBD7DF506A5546BFA0A328617F70D0C3A2AA2C21AA47CE289C064576BF821827B4D5AEB4CB50E66BF44C867130E9A6DF1686E0D8FF40DDFBD042887FA3333A2E5C1E41118163CE18716B2BECA68AB7315C3A6A47E0C37959D6201AAFF26A98AA72BC574AD24B9DBB10FCB04C41E5ED1D3D5E289D9CCCBFB351DAA747E584530203010001A3423040301D0603551D0E04160414BBAF7E023DFAA6F13C848EADEE3898ECD93232D4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201000AF1D54684B7AE51BB6CB24D411400934C9CCBE5C054CFA0258E02F9FDB0A20DF520983C132DAC56A2B0D67E1192E92EBA9E2E9A72B1BD19446C6135A29AB41612695A8CE1D73EA41AE82F03F4AE611D101B2AA48B7AC5FE05A6E1C0D6C8FE9EAE8F2BBA3D99F8D8730958466EA69CF4D727D395DA3783721CD373E0A2479903385DD5497900291CC7EC9B201C0724695778B239FC3A84A0B59C7C8DBF2E936227B739DA1718AEBD3C0968FF849B3CD5D60B03E3579E14F7D1EB4FC8BD8723B7B6494379855CBAEB920BA1C6E868A84C16B11A990AE8532C92BBA10918750C65A87BCB23B71AC22885C31BFFD02B62EFA47B099198678C1401CD68066A6321750380888A6E81C685F2A9A42DE7F4A524104783CACDF48D7958B1069BE71A2AD99D01D7947DED034ACAF0DBE8A9013EF55699C91E8E493DBBE509B9E04F49923D168240CCCC59C6E63AED122E693C6C95B1FDAA1D7B7F86BE1E0E3246FBFB138F757F4C8B4B4663FE00344070C1C3B9A1DDA670E204B341BCE98091EA649C7AE12203A99C6E6F0E654F6C87875EF36EA0F975A59B40E853B2279D4AB9C077218DFF87F2DEBC8CEF17DFB7490BD1F26E300B1A0E4E76ED11FCF5E956B27DBFC76D0A938CA5D0C0B61DBE3A4E94A2D76E6C0BC28A7CFA20F3C4E4E5CD0DA8CB9192B17C85ECB51469660E82E7CDCEC82DA6517F21C1355385064A5D9FADBB1B5F74
964
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
040000000100000010000000497904B0EB8719AC47B0BC11519B74D0090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000140000003E8E6487F8FD27D322A269A71EDAAC5D57811286030000000100000014000000D1EB23A46D17D68FD92564C2F1F1601764D8E3491D00000001000000100000002E0D6875874A44C820912E85E964CFDB140000000100000014000000A0110A233E96F107ECE2AF29EF82A57FD030A4B40B000000010000001C0000005300650063007400690067006F002000280041004100410029000000620000000100000020000000D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF41900000001000000100000002AA1C05E2AE606F198C2C5E937C97AA253000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0200000000100000036040000308204323082031AA003020102020101300D06092A864886F70D0101050500307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C18414141204365727469666963617465205365727669636573301E170D3034303130313030303030305A170D3238313233313233353935395A307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C1841414120436572746966696361746520536572766963657330820122300D06092A864886F70D01010105000382010F003082010A0282010100BE409DF46EE1EA76871C4D45448EBE46C883069DC12AFE181F8EE402FAF3AB5D508A16310B9A06D0C57022CD492D5463CCB66E68460B53EACB4C24C0BC724EEAF115AEF4549A120AC37AB23360E2DA8955F32258F3DEDCCFEF8386A28C944F9F68F29890468427C776BFE3CC352C8B5E07646582C048B0A891F9619F762050A891C766B5EB78620356F08A1A13EA31A31EA099FD38F6F62732586F07F56BB8FB142BAFB7AACCD6635F738CDA0599A838A8CB17783651ACE99EF4783A8DCF0FD942E2980CAB2F9F0E01DEEF9F9949F12DDFAC744D1B98B547C5E529D1F99018C7629CBE83C7267B3E8A25C7C0DD9DE6356810209D8FD8DED2C3849C0D5EE82FC90203010001A381C03081BD301D0603551D0E04160414A0110A233E96F107ECE2AF29EF82A57FD030A4B4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF307B0603551D1F047430723038A036A0348632687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F414141436572746966696361746553657276696365732E63726C3036A034A0328630687474703A2F2F63726C2E636F6D6F646F2E6E65742F414141436572746966696361746553657276696365732E63726C300D06092A864886F70D010105050003820101000856FC02F09BE8FFA4FAD67BC64480CE4FC4C5F60058CCA6B6BC1449680476E8E6EE5DEC020F60D68D50184F264E01E3E6B0A5EEBFBC745441BFFDFC12B8C74F5AF48960057F60B7054AF3F6F1C2BFC4B97486B62D7D6BCCD2F346DD2FC6E06AC3C334032C7D96DD5AC20EA70A99C1058BAB0C2FF35C3ACF6C37550987DE53406C58EFFCB6AB656E04F61BDC3CE05A15C69ED9F15948302165036CECE92173EC9B03A1E037ADA015188FFABA02CEA72CA910132CD4E50826AB229760F8905E74D4A29A53BDF2A968E0A26EC2D76CB1A30F9EBFEB68E756F2AEF2E32B383A0981B56B85D7BE2DED3F1AB7B263E2F5622C82D46A004150F139839F95E93696986E
964
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
5C000000010000000400000000080000090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000140000003E8E6487F8FD27D322A269A71EDAAC5D57811286030000000100000014000000D1EB23A46D17D68FD92564C2F1F1601764D8E3491D00000001000000100000002E0D6875874A44C820912E85E964CFDB140000000100000014000000A0110A233E96F107ECE2AF29EF82A57FD030A4B40B000000010000001C0000005300650063007400690067006F002000280041004100410029000000620000000100000020000000D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF41900000001000000100000002AA1C05E2AE606F198C2C5E937C97AA253000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0200000000100000036040000308204323082031AA003020102020101300D06092A864886F70D0101050500307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C18414141204365727469666963617465205365727669636573301E170D3034303130313030303030305A170D3238313233313233353935395A307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C1841414120436572746966696361746520536572766963657330820122300D06092A864886F70D01010105000382010F003082010A0282010100BE409DF46EE1EA76871C4D45448EBE46C883069DC12AFE181F8EE402FAF3AB5D508A16310B9A06D0C57022CD492D5463CCB66E68460B53EACB4C24C0BC724EEAF115AEF4549A120AC37AB23360E2DA8955F32258F3DEDCCFEF8386A28C944F9F68F29890468427C776BFE3CC352C8B5E07646582C048B0A891F9619F762050A891C766B5EB78620356F08A1A13EA31A31EA099FD38F6F62732586F07F56BB8FB142BAFB7AACCD6635F738CDA0599A838A8CB17783651ACE99EF4783A8DCF0FD942E2980CAB2F9F0E01DEEF9F9949F12DDFAC744D1B98B547C5E529D1F99018C7629CBE83C7267B3E8A25C7C0DD9DE6356810209D8FD8DED2C3849C0D5EE82FC90203010001A381C03081BD301D0603551D0E04160414A0110A233E96F107ECE2AF29EF82A57FD030A4B4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF307B0603551D1F047430723038A036A0348632687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F414141436572746966696361746553657276696365732E63726C3036A034A0328630687474703A2F2F63726C2E636F6D6F646F2E6E65742F414141436572746966696361746553657276696365732E63726C300D06092A864886F70D010105050003820101000856FC02F09BE8FFA4FAD67BC64480CE4FC4C5F60058CCA6B6BC1449680476E8E6EE5DEC020F60D68D50184F264E01E3E6B0A5EEBFBC745441BFFDFC12B8C74F5AF48960057F60B7054AF3F6F1C2BFC4B97486B62D7D6BCCD2F346DD2FC6E06AC3C334032C7D96DD5AC20EA70A99C1058BAB0C2FF35C3ACF6C37550987DE53406C58EFFCB6AB656E04F61BDC3CE05A15C69ED9F15948302165036CECE92173EC9B03A1E037ADA015188FFABA02CEA72CA910132CD4E50826AB229760F8905E74D4A29A53BDF2A968E0A26EC2D76CB1A30F9EBFEB68E756F2AEF2E32B383A0981B56B85D7BE2DED3F1AB7B263E2F5622C82D46A004150F139839F95E93696986E
3460
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
(default)
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A864E8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3460
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
040000000100000010000000821AEFD4D24AF29FE23D970614707285190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
3460
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
5C000000010000000400000000100000190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
3460
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935462
3460
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2140
notepad++.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US

Files activity

Executable files
2
Suspicious files
27
Text files
37
Unknown types
23

Dropped files

PID
Process
Filename
Type
956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\JakeAdventure.exe.v017e3f.partial
executable
MD5: 13096c112d39b4dc2b7e3e29d03e95a5
SHA256: f383eae81b7bccbbf2995f434c3fccd13eb9ac59bb1edac76ca4745ddc1f56e0
956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\JakeAdventure[1].exe
executable
MD5: 9c828167369db39da6d71f91a5ce30e6
SHA256: 840ae305002af07a81c3c0ec25c90a19c2dfbcada9962929763ef9aefb73f1fc
1404
iexplore.exe
C:\Users\admin\Downloads\JakeAdventure.exe
––
MD5:  ––
SHA256:  ––
956
iexplore.exe
C:\Users\admin\Downloads\JakeAdventure.exe.4l99k9g.partial
––
MD5:  ––
SHA256:  ––
1404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF9D99DB4EFD024E6B.TMP
gmc
MD5: a44bf6e4d2efe9a7d6fc0bfc7a4bc8c9
SHA256: 4a7c4ce06cd83b36003ebe6fa40d0441aeed3705f801ed69f0d6184da1f4f288
2140
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\session.xml
text
MD5: 233831ca11b654e6719e0767475df4ac
SHA256: e0c474b35d07aab46586bffb585740125ed7c86023876d0637e563f084467970
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7AE8ABBE-7599-11EC-A20C-12A9866C77DE}.dat
binary
MD5: 84034d57e45bd2885843b5a1a07ea51e
SHA256: 34071a37cfe435c2e627d5287ff9aeba5bfd67e4c32c1b7baeda7a302a60f07e
2140
notepad++.exe
C:\Users\admin\AppData\Roaming\Notepad++\config.xml
xml
MD5: 75daf0c838ca0f9daa89d4074a504e1b
SHA256: 97901b6def410aa997b0e91a0fd0947eb3a26b7d5c83fd7228fde04f981ac53c
1404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF3A0FC9B41D6A9A69.TMP
gmc
MD5: 256b1eb9c1a09e2e876f2c693e3a64bd
SHA256: 52a1bfba5f99f4904ed68f258af3fcd1ad58773a870dd0ed02f55eb788ec15e3
1404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF91A175E86D804575.TMP
gmc
MD5: 2d24fa0263a7e1ac77793b142a1629ca
SHA256: 9f54d36d5f7e729bf86e051341984eb8f8b0d90cff128d5e327a71a53acdafd9
1404
iexplore.exe
C:\Users\admin\Downloads\JakeAdventure.exe.4l99k9g.partial:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{90954468-7599-11EC-A20C-12A9866C77DE}.dat
binary
MD5: 2594e1974f4c674b4213aa2f37133dfb
SHA256: c0710412ff05fddc749408064bf97c6a04ac58528db595eb827a271e447b25ed
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\search[1].json
ini
MD5: 449f61c84cd2f7342f95403c908c0603
SHA256: 19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7AE8ABBC-7599-11EC-A20C-12A9866C77DE}.dat
binary
MD5: 1bc420c3da6a61844b5358b7f6a62adf
SHA256: f88b0fff25a863429cd8085c27b34f2a062a1f5af3e8290ef68e2018bcf42963
1404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
der
MD5: 3d44d80ba9bf887e49a544b16cb7fce5
SHA256: d40a80008aec192e94d3a233bf7d401dd6e1a9ba17d16bd4497a2da50f95492a
1404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
binary
MD5: 428034302e08f459e4c7c5f18bb934d5
SHA256: 6945f3b14e86e41461d9c234ecac14610cae22e9828322f3c6f3e7aa0363ee08
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\8NTR1DSI.txt
text
MD5: a2482557c02c1894cdb87e5db9594515
SHA256: ee47649905892b652deb6b5007bd720043a10eeeb24d6e28529e6fb4e1cb5a20
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\G9KG1RQ5.txt
text
MD5: eb75fb2fd6e4943d7ce5be71d3af5fb9
SHA256: b1ce3df765864414216f7684984976717880bbd538fe3ef84ce6db5cc366ea11
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.4
binary
MD5: 5a34cb996293fde2cb7a4ac89587393a
SHA256: c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\LKCCE91D.txt
text
MD5: 358a18d493bc55e7f99f627787faddf6
SHA256: bbfcf0685eab6d98eb6e6288b17730f74075b490d3b15e1b42c65c882f199efa
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\KQVXKMA1.txt
text
MD5: 811f2332b9940bbfb040e2eab530a22a
SHA256: 16597d2428fab9c63c4f9b86312870b4da53a4205cd3686852df3931f4300178
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\MB8HBAM8.txt
text
MD5: 9143d9d40f1e0e6fd72d97de703875f3
SHA256: 735f074c088408ed971019cc2e9ac66ba5749360999adf1e90c5d0e7ba5d8cbd
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\V3B90HQD.txt
text
MD5: 168b71fe742151ee03ea797db218927e
SHA256: aa594eea266af51ba2767ca019b2e124aec0bec2071788ce7e809fc2bb3592c7
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\HYE0FWGW.txt
text
MD5: a7d5006c3ce08cccf689325c520b9c2f
SHA256: 0f312b934c6ac0a556822068f7626f4524c4ca3ba3414e5e337bd9550796febc
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DOQ6SYDR.txt
text
MD5: cd3c87ee2896d994cfd4cc249bfd6610
SHA256: 98d7b6ff3545272444b5a7e3bc967e12c3986af314156acf987f2f716874827c
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{891AC41A-7599-11EC-A20C-12A9866C77DE}.dat
binary
MD5: e26937138ec7d639c32ea30034960480
SHA256: 4b9c180a2d6c2069f1fd677138f1d5bfd2893f2b1f161b75ee740a1e85b59865
956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_7113AA81F59D5AD048438D6378810119
der
MD5: 72b384963928aa3f960a6c1c55e7310a
SHA256: 2780105d26cd012ec030a41e8ed657debd99b359a9b5c49f8a24296e2108a2df
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{90954469-7599-11EC-A20C-12A9866C77DE}.dat
binary
MD5: 0c1b1de766d73a143a19bd15559f2db1
SHA256: 5d407918c26becd0f45e7556166c1c950970cdfa9047fa19b11d4da5e1930004
956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_7113AA81F59D5AD048438D6378810119
binary
MD5: 47243468847e95eae0c5c7f34a7d0147
SHA256: 95913927331bff42623498b9326e49c8e46544060199d43b20845b1ace5b90a7
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\GXNAN5U1.txt
text
MD5: 1c1ebfb576e6b5869025939629618436
SHA256: b81656dee939716bea767b8e75b3fffc518ade550fddc71959d0ac7172e35a39
956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
der
MD5: 6dc758dafca329c85c8bbc01cc0ad57b
SHA256: a3d5afda772958b0ae1a2f3cc1f2657836a732c54266ef7eb9df5844e4a19973
1404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFDF975330C40694FD.TMP
gmc
MD5: 60523b9852438dbd5095649565c4a5c4
SHA256: a908ded8c133b7e41e31b9cbf92d1b8a71597313be695bd1b68b9e76239fcb01
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\7HO9X1MF.txt
text
MD5: 45e2b1a025ba2b02e694ed3f3e3851bf
SHA256: 2b6522de124ca1075a0f0273c20c5fc6d19b7551da5e8b1b36d1a4a9dc1c36dd
956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
der
MD5: 796b200a8ef84ed3a6dcad135db38647
SHA256: 8616df7d2d7a69b5ce4872f37c2cc9329b81a50c9cee29b8d4043953693992af
956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
binary
MD5: 149b73eca417d85549534ccafb1574ce
SHA256: 489a49d5fbd6326bc56c7b58b01fe14a25c192b5b14fb6764d5f1214088ba3ce
1404
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\9KHPOQZF.txt
text
MD5: 29691dfc60db739dc36ae71283ed7cc0
SHA256: 8cb7094d4067470261b6ab1ed7f2aa773639c84e9da0a459d97e305ada0dc873
1404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC9F129DAF365BF64.TMP
gmc
MD5: 2d24fa0263a7e1ac77793b142a1629ca
SHA256: 9f54d36d5f7e729bf86e051341984eb8f8b0d90cff128d5e327a71a53acdafd9
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{891AC41B-7599-11EC-A20C-12A9866C77DE}.dat
binary
MD5: fcfb165989c6c834fda08a0cc80a89a9
SHA256: 02c525dc1e3edbfa53e9c889e721c9f17ade42195271eeceab20e5a1fb4f10c7
1404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFEBC911657029C3E3.TMP
gmc
MD5: 60523b9852438dbd5095649565c4a5c4
SHA256: a908ded8c133b7e41e31b9cbf92d1b8a71597313be695bd1b68b9e76239fcb01
956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
binary
MD5: 7fcdfc207dcfadc3e8c3e0baf052580a
SHA256: 1ad98876560145b1ff1508ccc5767f79c021c6e52f4552898ff9bfb4288c8d5c
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_27FCFF74F3AB171085E6241958A04627
der
MD5: 37a064dbb6f9f783e5046cd02f8c4fef
SHA256: 83404d114b9dc26bbbd4dba16c1f6a9b08e437b2bd601e3a261f1810ef45930e
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_27FCFF74F3AB171085E6241958A04627
binary
MD5: d43c9c18e39d1921f0daff8da2e81678
SHA256: e5ec42641d23515b9e08ec2af1e0be48912aa643cf6b2223a9733577f1bf1d25
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
binary
MD5: bcb25fc56ce01fb2e78ae5ea0a65d84a
SHA256: da4ca39f9d3dcb5500ae90a9d9e19c58b499e258720c58880932fdf6fe23f82a
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
der
MD5: d03ab18331b1dc62e284df6894ec5e6b
SHA256: bea9c460f75b2495164979f6e00ac455b09f0763603e3e61680af677a7c16db4
964
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\3LLF288A.txt
text
MD5: 1f93cad533dbdf273676e035b4e86ff7
SHA256: 3b1fb7d6e873e95a1949eb5c4cc75f4eece8b667c9df68f0e322f0e59a6b887e
964
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DUHSUKCC.txt
text
MD5: 41203923c87a88ee08752a26332a04b5
SHA256: 12bb1610dc5a0264ebbacb4cb287976fda9e60ad75fe9a1daec7af123b056fe4
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
binary
MD5: bc0ac58cad21f93aa0bb05b72d1b43e5
SHA256: 02d7c1fcdda848c30ce73dee9f11b7a996ba71dd17191b7d5a692c03551f13b3
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\analytics[1].js
text
MD5: d40531c5e99a6f84e42535859476fe35
SHA256: a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver61A6.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
964
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\QSH5MUAK.txt
text
MD5: c263398763f4cb3a427e99c289a9937a
SHA256: 5453e0e1a16d836b8ce2f1626261188ce0269aadfe0d867f828b14c606457bf3
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\js[1].js
text
MD5: 4162a8fa4d78afcd466e2eb6ca10056f
SHA256: 4880bd88d371a975b30396ae19363881887514575b731bbb33df51e7aac4fb55
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: beef94e87c873269c0642f919512a292
SHA256: 2ed7576071a3d3022fb64c582dcd48ce80d59a704598c13f75973809fc32d758
964
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\FNGOQLDO.txt
text
MD5: ebd45475eb026c4cbdc8f9ff98930dc9
SHA256: dafabe65d73e056308f44360fb5dbcaf4ee1cd81b11265108d5593488b8fa5e3
964
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\E2RZ3IQR.txt
text
MD5: 0d53554c7c5c05aeaabed31a2547062c
SHA256: f3a50a7a7cd07b259d7c4dd4d8a68a936cf2cde5196778addcda947350b10b98
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ns[1].htm
html
MD5: 503957084b1a48219ecf52a5b81ca4cd
SHA256: 1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
der
MD5: 5695d88f26ccf02a6f7eb225475719f0
SHA256: 08b60d1a574a2bd20da6ab1e59e97b49a373af85cc51575e7c57f770fea20d6b
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver61D5.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
der
MD5: 029fb7dd858601813ae129d575d2b242
SHA256: 98dba01c5b1a4c1dd4abe3819dbb8a9846fecc746bee19bc15b4626d4c7b62de
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
1404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
binary
MD5: e8826a83b1f2d29ba9e58553a288575e
SHA256: 91b84907b063bf317593298bdbc3ab7685ed57542c3e1e603f0e07bb01744a3b
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\amplitude-8.5.0-min.gz[1].js
text
MD5: c43d9f000a09bd500ed8728606a09de3
SHA256: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
binary
MD5: 185a7e08f894160b251046a412a37993
SHA256: 90d7297265c94d6306e816013a23f05fdffc71ac21e1eaf4f499e1a44b239229
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_A8E307474B7EEECDE82731B5F335EEAF
der
MD5: 7bf0284e4702da4fabcfec8c2e268d8e
SHA256: 659fae11a4270a5161255bc30db5113c2a0a88499b9280bfb25a197dda9d6683
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
der
MD5: 1ba78c901bf35f9710be47ae2a6b3d25
SHA256: 7e96651546ae845fcfeb2a1b3149e6b9edb3198cfb4e6a8155c60951c1874585
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_A8E307474B7EEECDE82731B5F335EEAF
binary
MD5: 1ec7c36bc0ce56072ab9d18ce10f3a9e
SHA256: 82a58ca16054d962a890dc845e60f8aee870b264b83b40bd24316191c6361674
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\ns[1].htm
html
MD5: 503957084b1a48219ecf52a5b81ca4cd
SHA256: 1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
binary
MD5: 6abab769adc173f60deec1266975f0f9
SHA256: da1a444a6641b9898f3c215c718489d7b0964d6ccdea2e17f019d2a16c6a288b
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
binary
MD5: fbb1c82261bdae53e9266a165f4ff883
SHA256: 6ceddecdf56403120c79cdc0c0fcf9b74f34a19eb57deccdbfd33b859c3ef6fc
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\v652eace1692a40cfa3763df669d7439c1639079717194[1].js
text
MD5: 19514b1be5ee33b45d32c1fcd4c67ec2
SHA256: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
der
MD5: 9b980225c891790166a8a8535bb4e178
SHA256: eefabcf46b58056a1447b6a084046fafdbe7d8f512415eff473544202fe1e047
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\gtm[1].js
text
MD5: 12976f1ce0cfa1acbad8b8a1579a7aed
SHA256: 92bb60b719de94eedb9ac4957bf70aa5f17096f29726836f70eb206898915a37
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\infinity.js[1].js
text
MD5: b3f3de01688339a940287338f543cc3b
SHA256: a1cfd00f5a2c602c2ad82babcaa434e0733a7d0249ef5cca840ac97c93bfc549
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\js[1].js
text
MD5: 591ce4ab034b9547c9de2e50e8e0b2ac
SHA256: edd56ac8ca946593a3c127bd6022e038372af93e03816768d8db9ad22a24c9b3
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[2].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
1404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
1404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
1404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
der
MD5: ac68acf50745357d4ea92b214d9e7132
SHA256: ae3f7fde380d2d90571a61378e52b1bc284b4c4c6a1e099f6f022395ebed6154
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: 1c1b739145dd69570f253d520235a9c2
SHA256: 53f7460e633dc23409565282c6a438c3f1796b1f96b116f9cbda0a78edd5d9cf
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8
binary
MD5: a15097b8b7e766ce04dfb3315850e722
SHA256: 290f69b644d8cf43b8acf25a6a4443b4441e9757191c110c768c64102bb0da8d
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: c424ae6f6e6f31c8b09238f8a569cdcc
SHA256: 14c69d47bee07ffcde159507e1f07e53c5dbf867ab02b4129f98b45b0e2c8ff6
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8
der
MD5: 8568135856bb7a64dc01cd86ddfeedf3
SHA256: b6f9ebc6817249a914aca6c071d1e0051a1edb3c49dd2863b44520053d201472
964
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\tag[1].js
text
MD5: 2c40d38b7c56ced0bb074c08682ffd6c
SHA256: b4547b3870614e9b0d061afb54d9935489e48faf06c1a3c7035932c2109e76bf
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
binary
MD5: 9cbd86962e776ad1a8da42c91855be0b
SHA256: c58f8005eff91378df8f3edd22252009a990f62e7b44e042278f7e7e19a0bccc
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 7d3508a67f55c70c6855f3f1111718db
SHA256: 5eebf62fb0e37fe4366862b5da892f44104c125c5848054608da40353dbc3d76
964
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
der
MD5: beab9da0aa8e569dd7b0dedba4676d02
SHA256: 7c5ee0ff5ecd229ba442c639096cfb79d50d7fc6841a8e99693393a920a70c33

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
19
TCP/UDP connections
64
DNS requests
37
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
964 iexplore.exe GET 200 2.16.186.56:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b810eac8f0d199b unknown
compressed
whitelisted
964 iexplore.exe GET 200 2.16.186.56:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a60cee1206ff0b1 unknown
compressed
whitelisted
964 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D US
der
shared
964 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
964 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
964 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAnDacZA1UWwoAAAABJ9nq US
der
shared
1404 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D US
der
shared
964 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCCq2t14DFKuAoAAAABJ9n3 US
der
shared
964 iexplore.exe GET 200 143.204.101.99:80 http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D US
der
shared
964 iexplore.exe GET 200 143.204.101.42:80 http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D US
der
whitelisted
964 iexplore.exe GET 200 143.204.101.190:80 http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D US
der
whitelisted
964 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared
964 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D US
der
shared
964 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D US
der
shared
964 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQDsCXYdUL4EYo7T3qwnuV1j US
der
shared
956 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D US
der
shared
956 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D US
der
whitelisted
956 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEFr3KD%2BSUISekGKz6JjTwGw%3D US
der
whitelisted
1404 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 142.250.186.110:445 Google Inc. US whitelisted
–– –– 104.16.203.237:445 Cloudflare Inc US malicious
964 iexplore.exe 2.16.186.56:80 Akamai International B.V. –– whitelisted
964 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
964 iexplore.exe 142.250.185.195:80 Google Inc. US whitelisted
–– –– 142.250.186.110:139 Google Inc. US whitelisted
–– –– 104.16.202.237:445 Cloudflare Inc US suspicious
–– –– 104.16.202.237:139 Cloudflare Inc US suspicious
964 iexplore.exe 104.26.6.139:443 Cloudflare Inc US suspicious
1404 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
964 iexplore.exe 142.250.185.142:443 Google Inc. US whitelisted
964 iexplore.exe 142.250.185.200:443 Google Inc. US suspicious
964 iexplore.exe 104.19.214.37:443 Cloudflare Inc US shared
3460 iexplore.exe 104.16.95.65:443 Cloudflare Inc US shared
3460 iexplore.exe 142.250.185.200:443 Google Inc. US suspicious
–– –– 130.211.23.194:445 Google Inc. US suspicious
964 iexplore.exe 143.204.101.99:80 US suspicious
964 iexplore.exe 143.204.101.42:80 US whitelisted
964 iexplore.exe 143.204.101.190:80 US whitelisted
964 iexplore.exe 104.16.95.65:443 Cloudflare Inc US shared
964 iexplore.exe 13.224.194.151:443 US unknown
3460 iexplore.exe 104.26.6.139:443 Cloudflare Inc US suspicious
964 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1404 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
964 iexplore.exe 34.210.175.190:443 Amazon.com, Inc. US suspicious
964 iexplore.exe 142.250.185.110:443 Google Inc. US whitelisted
964 iexplore.exe 104.18.30.182:80 Cloudflare Inc US suspicious
956 iexplore.exe 104.18.31.182:80 Cloudflare Inc US suspicious
956 iexplore.exe 104.18.30.182:80 Cloudflare Inc US suspicious
956 iexplore.exe 199.91.152.152:443 MediaFire, LLC US unknown
1404 iexplore.exe 104.111.242.51:443 Akamai International B.V. NL malicious
1404 iexplore.exe 204.79.197.203:443 Microsoft Corporation US whitelisted
1404 iexplore.exe 13.92.246.37:443 Microsoft Corporation US whitelisted
1404 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3460 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
www.googletagmanager.com 142.250.185.200
whitelisted
btloader.com 104.26.6.139
172.67.70.134
104.26.7.139
malicious
translate.google.com 142.250.186.110
whitelisted
static.mediafire.com 104.16.203.237
104.16.202.237
shared
ctldl.windowsupdate.com 2.16.186.56
2.16.186.81
whitelisted
ocsp.digicert.com 93.184.220.29
shared
ocsp.pki.goog 142.250.185.195
shared
api.bing.com 13.107.5.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
static.cloudflareinsights.com 104.16.95.65
104.16.94.65
whitelisted
cdn.amplitude.com 13.224.194.151
13.224.194.86
13.224.194.169
13.224.194.62
whitelisted
fundingchoicesmessages.google.com 142.250.185.142
whitelisted
api.btloader.com 130.211.23.194
whitelisted
cdn.otnolatrnup.com 104.19.214.37
104.19.215.37
whitelisted
o.ss2.us 143.204.101.99
143.204.101.123
143.204.101.195
143.204.101.177
shared
ocsp.rootg2.amazontrust.com 143.204.101.42
143.204.101.74
143.204.101.124
143.204.101.190
whitelisted
ocsp.rootca1.amazontrust.com 13.225.84.145
13.225.84.13
13.225.84.49
13.225.84.175
143.204.101.190
143.204.101.124
143.204.101.42
143.204.101.74
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
www.google-analytics.com 142.250.185.110
shared
api.amplitude.com 34.210.175.190
35.163.255.27
44.240.98.99
35.164.109.28
52.40.76.252
44.233.156.251
52.38.124.83
54.213.113.68
whitelisted
download1652.mediafire.com 199.91.152.152
unknown
ocsp.comodoca.com 104.18.30.182
104.18.31.182
shared
ocsp.sectigo.com 104.18.30.182
104.18.31.182
whitelisted
ocsp.usertrust.com 104.18.31.182
104.18.30.182
whitelisted
ieonline.microsoft.com 204.79.197.200
whitelisted
go.microsoft.com 104.111.242.51
whitelisted
www.msn.com 204.79.197.203
whitelisted
query.prod.cms.msn.com 13.92.246.37
whitelisted
dns.msftncsi.com 131.107.255.255
shared

Threats

No threats detected.

Debug output strings

Process Message
–– ED255D9151912E40DF048A56288E969A8D0DAFA3
–– VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
–– VerifyLibrary: certificate revocation checking is disabled
–– VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
–– VerifyLibrary: certificate revocation checking is disabled
–– VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
–– ED255D9151912E40DF048A56288E969A8D0DAFA3
–– VerifyLibrary: certificate revocation checking is disabled
–– VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
–– ED255D9151912E40DF048A56288E969A8D0DAFA3
–– ED255D9151912E40DF048A56288E969A8D0DAFA3
–– VerifyLibrary: certificate revocation checking is disabled