General Info

URL

http://dgekaihxawqz1.cloudfront.net/setup1.19.exe

Full analysis
https://app.any.run/tasks/e4328b4a-16cd-43a5-b48b-5d5802e6ffbb
Verdict
Malicious activity
Analysis date
1/11/2019, 03:59:16
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • spassist.exe (PID: 1656)
Application was dropped or rewritten from another process
  • spassist.exe (PID: 1656)
  • spassist.exe (PID: 3744)
  • spassist.exe (PID: 2232)
  • spassist.exe (PID: 2284)
  • setup1.19[1].exe (PID: 2400)
  • setup1.19[1].exe (PID: 3668)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3648)
  • chrome.exe (PID: 2732)
Reads internet explorer settings
  • spassist.exe (PID: 2284)
  • spassist.exe (PID: 2232)
  • spassist.exe (PID: 3744)
Executable content was dropped or overwritten
  • setup1.19[1].exe (PID: 2400)
  • iexplore.exe (PID: 3024)
  • chrome.exe (PID: 2732)
  • iexplore.exe (PID: 3648)
  • setup1.19[1].tmp (PID: 2228)
  • setup1.19[1].exe (PID: 3668)
Searches for installed software
  • spassist.exe (PID: 3744)
  • spassist.exe (PID: 2284)
  • spassist.exe (PID: 2232)
Creates files in the user directory
  • iexplore.exe (PID: 3000)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3680)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3000)
  • iexplore.exe (PID: 3024)
  • iexplore.exe (PID: 3648)
Reads internet explorer settings
  • iexplore.exe (PID: 3000)
  • iexplore.exe (PID: 3648)
Creates a software uninstall entry
  • setup1.19[1].tmp (PID: 2228)
Changes internet zones settings
  • iexplore.exe (PID: 3024)
Reads settings of System Certificates
  • chrome.exe (PID: 2732)
Loads dropped or rewritten executable
  • setup1.19[1].tmp (PID: 2228)
Application was dropped or rewritten from another process
  • setup1.19[1].tmp (PID: 2228)
  • setup1.19[1].tmp (PID: 3856)
Creates files in the program directory
  • setup1.19[1].tmp (PID: 2228)
Application launched itself
  • chrome.exe (PID: 2732)
  • iexplore.exe (PID: 3024)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
54
Monitored processes
19
Malicious processes
5
Suspicious processes
1

Behavior graph

+
start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs iexplore.exe iexplore.exe setup1.19[1].exe setup1.19[1].tmp no specs setup1.19[1].exe setup1.19[1].tmp spassist.exe spassist.exe no specs spassist.exe spassist.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2732
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://dgekaihxawqz1.cloudfront.net/setup1.19.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll

PID
3596
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f6000b0,0x6f6000c0,0x6f6000cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2876
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2736 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
4056
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=904,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=33FF2C0AC3CCF2B4F5A9F9DE1C426F58 --mojo-platform-channel-handle=876 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2524
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --service-pipe-token=9FA4BEFECCF0649080EA9ECA35DF4D97 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9FA4BEFECCF0649080EA9ECA35DF4D97 --renderer-client-id=4 --mojo-platform-channel-handle=1908 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3216
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --service-pipe-token=8FC767577AF1E7C24CB24E9688133455 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8FC767577AF1E7C24CB24E9688133455 --renderer-client-id=3 --mojo-platform-channel-handle=1516 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3480
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=904,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=2857181608E1CAF9C341E9E81987ABB2 --mojo-platform-channel-handle=3488 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3024
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\setup1.19[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mssprxy.dll

PID
3648
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3024 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2400
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Secure Download Ltd.
Description
SoftPlanet Software Assistant Setup
Version
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\setup1.19[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-l44tr.tmp\setup1.19[1].tmp

PID
3856
CMD
"C:\Users\admin\AppData\Local\Temp\is-L44TR.tmp\setup1.19[1].tmp" /SL5="$501C8,1357140,56832,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe"
Path
C:\Users\admin\AppData\Local\Temp\is-L44TR.tmp\setup1.19[1].tmp
Indicators
No indicators
Parent process
setup1.19[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-l44tr.tmp\setup1.19[1].tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll

PID
3668
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe" /SPAWNWND=$201FC /NOTIFYWND=$501C8
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe
Indicators
Parent process
setup1.19[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Secure Download Ltd.
Description
SoftPlanet Software Assistant Setup
Version
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\setup1.19[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-ted0n.tmp\setup1.19[1].tmp

PID
2228
CMD
"C:\Users\admin\AppData\Local\Temp\is-TED0N.tmp\setup1.19[1].tmp" /SL5="$301FA,1357140,56832,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe" /SPAWNWND=$201FC /NOTIFYWND=$501C8
Path
C:\Users\admin\AppData\Local\Temp\is-TED0N.tmp\setup1.19[1].tmp
Indicators
Parent process
setup1.19[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-ted0n.tmp\setup1.19[1].tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\is-b15c5.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imageres.dll
c:\windows\system32\clbcatq.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\riched20.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\apphelp.dll
c:\program files\softplanet software assistant\spassist.exe
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
3744
CMD
"C:\Program Files\SoftPlanet Software Assistant\spassist.exe" update
Path
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
Indicators
Parent process
setup1.19[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Secure Download Ltd.
Description
Version
1.19.0.0
Modules
Image
c:\program files\softplanet software assistant\spassist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\sxs.dll
c:\windows\system32\netutils.dll

PID
1656
CMD
"C:\Program Files\SoftPlanet Software Assistant\spassist.exe" schedule
Path
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
Indicators
No indicators
Parent process
setup1.19[1].tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Secure Download Ltd.
Description
Version
1.19.0.0
Modules
Image
c:\program files\softplanet software assistant\spassist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll

PID
2284
CMD
"C:\Program Files\SoftPlanet Software Assistant\spassist.exe" task
Path
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Secure Download Ltd.
Description
Version
1.19.0.0
Modules
Image
c:\program files\softplanet software assistant\spassist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\sxs.dll

PID
2232
CMD
"C:\Program Files\SoftPlanet Software Assistant\spassist.exe"
Path
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Secure Download Ltd.
Description
Version
1.19.0.0
Modules
Image
c:\program files\softplanet software assistant\spassist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\program files\internet explorer\iexplore.exe

PID
3000
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3024 CREDAT:6403
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\credssp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

PID
3680
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
4847
Read events
4551
Write events
291
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
3000
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe
3000
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1290246418
3000
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
32
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softplanet.com
32
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
40
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.com
8
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.com
0
2876
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2732-13191649181834500
259
2876
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2732-13191649181834500
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{FF70667D-154C-11E9-BAD8-5254004A04AF}
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307010005000B000300000007006801
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307010005000B000300000007006801
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010005000B000300000007003302
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010005000B000300000007006202
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
43
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010005000B00030000000700D002
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
41
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307010005000B00030000001400DB0000000000
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheRepair
0
3024
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3024
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010005000B000300010012007B03
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010005000B00030001001200AA03
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
50
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010005000B00030001001200D803
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
38
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://dgekaihxawqz1.cloudfront.net/setup1.19.exe
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://fb.com/
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
tabelog.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
ticketmaster.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
github.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
mirror.co.uk
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
rutracker.org
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
surveymonkey.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
searchprivate.org
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
google.com.pe
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
online.de
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
lazada.co.id
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
cnet.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
theladbible.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
redirectvoluum.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
ancestry.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url17
amazon.es
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url18
neobux.com
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B000300010016000402
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B00030001001700E401
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B000300010018008D00
3024
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
F7B729F059A9D401
3648
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112
3648
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
3648
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
3648
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
3648
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheRepair
0
3648
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2732
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13191649183912625
2732
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2228
setup1.19[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
B40800003D358ACC59A9D401
2228
setup1.19[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
ACADA619582F84BE8CB79869C7A516810D35D5D534146B6A80A4913430C44298
2228
setup1.19[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2228
setup1.19[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
2228
setup1.19[1].tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
C41C1785029FC4C62DB6E88D17B5A8FF2DE033C97E66EE6BBEE982EA0F982A9F
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: Setup Version
5.5.4 (a)
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: App Path
C:\Program Files\SoftPlanet Software Assistant
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
InstallLocation
C:\Program Files\SoftPlanet Software Assistant\
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: Icon Group
SoftPlanet Software Assistant
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: User
admin
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: Selected Tasks
desktopicon
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: Deselected Tasks
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Inno Setup: Language
english
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
DisplayName
SoftPlanet Software Assistant version 1.19
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
UninstallString
"C:\Program Files\SoftPlanet Software Assistant\unins000.exe"
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
QuietUninstallString
"C:\Program Files\SoftPlanet Software Assistant\unins000.exe" /SILENT
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
DisplayVersion
1.19
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
Publisher
Secure Download Ltd.
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
URLInfoAbout
http://www.softplanet.com/
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
HelpLink
http://www.softplanet.com/
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
URLUpdateInfo
http://www.softplanet.com/
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
NoModify
1
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
NoRepair
1
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
InstallDate
20190111
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
MajorVersion
1
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
MinorVersion
19
2228
setup1.19[1].tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1
EstimatedSize
5095
2228
setup1.19[1].tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
CID
3DC3B32A-14CF-409E-89B0-3A3A02A50845
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
Version
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
InstallDate
1/11/2019 3:00:39 AM
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
ref
sa
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastFetch
12/12/2018 3:00:39 AM
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
FirstRun
Yes
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastNotify
12/12/2018 3:00:39 AM
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
Version
1.19
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastFetch
1/11/2019 3:00:40 AM
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASAPI32
EnableFileTracing
0
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASAPI32
EnableConsoleTracing
0
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASAPI32
FileTracingMask
4294901760
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASAPI32
ConsoleTracingMask
4294901760
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASAPI32
MaxFileSize
1048576
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASAPI32
FileDirectory
%windir%\tracing
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASMANCS
EnableFileTracing
0
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASMANCS
EnableConsoleTracing
0
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASMANCS
FileTracingMask
4294901760
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASMANCS
ConsoleTracingMask
4294901760
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASMANCS
MaxFileSize
1048576
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\spassist_RASMANCS
FileDirectory
%windir%\tracing
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3744
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
spassist.exe
3744
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1386605116
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
CID
3DC3B32A-14CF-409E-89B0-3A3A02A50845
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
Version
1.19
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
InstallDate
1/11/2019 3:00:39 AM
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
ref
sa
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastFetch
1/11/2019 3:00:40 AM
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastNotify
12/12/2018 3:00:39 AM
1656
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
FirstRun
No
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
CID
3DC3B32A-14CF-409E-89B0-3A3A02A50845
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
Version
1.19
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
InstallDate
1/11/2019 3:00:39 AM
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
ref
sa
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastFetch
1/11/2019 3:00:40 AM
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastNotify
12/12/2018 3:00:39 AM
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
FirstRun
No
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastFetch
1/11/2019 3:00:43 AM
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2284
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2284
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
spassist.exe
2284
spassist.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1386605116
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
CID
3DC3B32A-14CF-409E-89B0-3A3A02A50845
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
Version
1.19
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
InstallDate
1/11/2019 3:00:39 AM
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
ref
sa
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastFetch
1/11/2019 3:00:43 AM
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
LastNotify
12/12/2018 3:00:39 AM
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\SoftPlanet\Software Assistant
FirstRun
No
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2232
spassist.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
10
Suspicious files
18
Text files
178
Unknown types
15

Dropped files

PID
Process
Filename
Type
2228
setup1.19[1].tmp
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
executable
MD5: 5c06e9f766abb7b38039518f3e2806b5
SHA256: b69601d0cbe2088e5a2d7dd632d59682fc9ae6825eaabc36497a432e32469b39
2228
setup1.19[1].tmp
C:\Users\admin\AppData\Local\Temp\is-B15C5.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
3668
setup1.19[1].exe
C:\Users\admin\AppData\Local\Temp\is-TED0N.tmp\setup1.19[1].tmp
executable
MD5: 1305181de520f125aeabf85dc24a89d6
SHA256: 0e19765b89a1a29afee09810dcb3ec5cc7c66053947be8f1aebdbb7c801dfeaf
2400
setup1.19[1].exe
C:\Users\admin\AppData\Local\Temp\is-L44TR.tmp\setup1.19[1].tmp
executable
MD5: 1305181de520f125aeabf85dc24a89d6
SHA256: 0e19765b89a1a29afee09810dcb3ec5cc7c66053947be8f1aebdbb7c801dfeaf
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe
executable
MD5: 0f0d1edf9adca52f2f64d59f2c87eb9e
SHA256: d16f71f4cd396a93b449e636fc00db1284c4ab842aecc1dc460eee0a54383d0e
3648
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\setup1.19[1].exe
executable
MD5: 0f0d1edf9adca52f2f64d59f2c87eb9e
SHA256: d16f71f4cd396a93b449e636fc00db1284c4ab842aecc1dc460eee0a54383d0e
2732
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 618688.crdownload
executable
MD5: 0f0d1edf9adca52f2f64d59f2c87eb9e
SHA256: d16f71f4cd396a93b449e636fc00db1284c4ab842aecc1dc460eee0a54383d0e
2732
chrome.exe
C:\Users\admin\Downloads\fc214537-5b42-424e-967f-35dc6d52753c.tmp
executable
MD5: 895923a6fe46d0d315245de22eb0e880
SHA256: d2355f5cfc565f2a128aed31021cc5fbc682f8bdf7e293ec9b40e539e724e563
2228
setup1.19[1].tmp
C:\Program Files\SoftPlanet Software Assistant\unins000.exe
executable
MD5: 2bfd54eebd17218fa5aa07124a4c4f71
SHA256: d951bb45cc4278ffe6fdd25371ea067f3bdc525cd6e0724edb49b09e90943139
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\997eea3f[1].png
image
MD5: 7b55115e16a311e5ec4ba7b440bb8165
SHA256: 6bb54d4b1f672c932d7c158b59f57c654462e3b42f137663624dba686838a3d6
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cb=gapi[1].loaded_4
text
MD5: b2373924dbb088e48f5ec44eb87662e7
SHA256: 7ccac44dec8c7a3b857d36c456b0cf2385be52cd8792e28011eed6cab452fe2c
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 905900d4fa94f3e0fe4811d879fa5900
SHA256: 1647d74b668ecff08a143099be4692f741f626319f2cbeaf84310ed439a7251c
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cb=gapi[1].loaded_0
text
MD5: 4b11526a438943c5f0502005b1e9cb1b
SHA256: e7f055286af132976b2a2f26f666b23201a182e720391033db799236505b0af3
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cb=gapi[1].loaded_0
text
MD5: 58cc14977a6befaa2a650a90bc844d6d
SHA256: 98e88ccde3fbbf3e643d9ffa3a0fc71a50127b7259828d556d34d16bbd49a66b
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fountain-72d8bab6fd088426374a15d7477489a4[1].png
image
MD5: 72d8bab6fd088426374a15d7477489a4
SHA256: a456448b18c46906fd4209ab0cdf8043c80181cac541eac777a27de77129f270
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\loading_16[1].gif
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stream_showroom-d8de88384f6e5817983d0fcec12c128a[1].png
image
MD5: d8de88384f6e5817983d0fcec12c128a
SHA256: 2b6a082fcfc60576c55ef00cf4db6e67efce92598b08ee82cef35a66927bd664
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\unnamed[1].png
image
MD5: c71416ac30ab496877aa2f5de6d0087e
SHA256: c1b62d51137ec483dde16898410121b0cee068919f327af3f302bf33b42aaf47
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\748736246-postmessagerelay[1].js
text
MD5: 11944ffc597d232174a4327639e33955
SHA256: 9829318d0186915f327366b30c173f88f3a3ba159fe3168a17faee69d5e856b5
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\rpc_shindig_random[1].js
text
MD5: a560fed8260ad1391ff0358ffbd737a1
SHA256: aa0b02d5eaf2d0c51bbcc3a818366e91feff647461162294bde87f2b9a5bff77
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\comments[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\postmessageRelay[1].htm
html
MD5: e3011aafb34cb01d50d151a4de367867
SHA256: de4d0d0598764906e7b3e24a8ff1b0161d844a820f97f301bb96b82efd196bae
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\postmessageRelay[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\scribe_endpoint[1].png
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\m=cpw,wf[1]
text
MD5: a128fa6e575c409e0d2a4359be7badd3
SHA256: 00c77884218e116c0d76034a02e3d6a12ebb51501117f2c0c7883a4e6ba0b634
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\m=cpw,wf[1].txt
text
MD5: 5a0f53f4be0df76cdf4a06d131cfdb14
SHA256: 73cdbc09bfd3653517473183aa0b4e4a899953cecd7a0326a59191efd03ae88e
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\m=googleapis_client,iframes_styles_bubble_internal,gapi_iframes_style_common,gapi_iframes_iframer[1]
text
MD5: 152608f4a5ade162af63c347fab50fb7
SHA256: 06743b5716bb8d3e1e01ce7ec1faec01832eb79802516195090efef79a1f15f8
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\rs=AGLTcCPmJty9WAhHgCG1o146S5qjYlN_0w[1].txt
text
MD5: dffabefeb54e6c8a637acadc603fe495
SHA256: bcbbec80abf68593e68fe152be57e139f7a623a0abb55286ff5a26cfdc121e9d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\follow[1].htm
html
MD5: 9efb3471ce8df238c3e2cbfd59c011a3
SHA256: e02cd647539504c1c29946a3dc310f67379965de58d3f76cff08e2a4eaf55466
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\m=googleapis_client,gapi_iframes_style_common,gapi_iframes_iframer[1]
text
MD5: 766156fc816109a103ff54ff3f9c0e58
SHA256: b43d6cdf8bfd81af382494cdee014b3f6aec45e77f47493626c5542d3fcb91c2
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\follow[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\m=gapi_iframes_extra,gapi_iframes_style_common,gapi_iframes_iframer[1]
text
MD5: 16f25ccf19d019e66f84a8a233b93976
SHA256: bccb35bc56e563a6d96e182ad707c12670299cfb8db24e217a841d9d6be5ff16
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\comments[1].htm
html
MD5: 6cc8ac98098312b2e255b900855730fc
SHA256: ef71a79d67edc615beeb324a2b0eb6e6a128ad4c13bd24fdb15b684eaf3d4602
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fastbutton[1].htm
html
MD5: 2931855fe569c2d96adc5dea1387ff3f
SHA256: ef9230ea681cfe2d36ecd75dbfa5fd9b7f69b22eb75ce6856c6f8543a5be504f
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\fastbutton[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fastbutton[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\fastbutton[1].htm
html
MD5: b7ffbe6243b4bff2e5685b378a7c91e3
SHA256: c3a1e39bd245c1ee23722c3694b8df1c380460da09e79bc2c5a8ed0e6d6156c5
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\sharebutton[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\sharebutton[1].htm
html
MD5: c5582156ce847aa68309e37958a5bdcd
SHA256: 6fea3b8352a166cc8f44f068a3ef759453341604572686324a3950479b8f74fc
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cb=gapi[1].loaded_3
text
MD5: 2eedf690191122eaf8777355160fd8aa
SHA256: 66fe2616adb5dd4c784e866db515299dd4efb3ec75abd2c82ff908acb7670028
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\all[1].js
text
MD5: 8c69414dc00be43513052715509c59f6
SHA256: e654079380e61277d87df27deb148d182e7d3a9d77b478c714d4e30a71042d86
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\fb-connect-large[1].png
image
MD5: 4d16475627669ce56bc0db222503af08
SHA256: 05a0a9ae9c56cfb2df8a32dcec2a6b0b251384d0e14a88e9612e3f6ad3400bb1
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
image
MD5: ef6f5130dbf1263db8a2a1457d0f377c
SHA256: fe9e13fad10e14fd356f98b472b44fc368a8957714d6f93f8c69b4f314cf12f1
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\controls[1].png
image
MD5: eb37a9c5d505b7979b679656b41242f5
SHA256: a30b974f3a6ee6e3113ee1d8e674ccf7a1b6f75f4b28d7c440ef2b8a3c3d6d9f
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cb=gapi[1].loaded_1
text
MD5: 3e5a1f5172fcb7fb093af2173acdbee8
SHA256: d5397b197aec64d0c7b7963300449574e91dcd152697081b297de6e3414c8eb7
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cb=gapi[1].loaded_2
text
MD5: 8df4cc427984166558ea4d25a5e76231
SHA256: 94b2d53fbc42f48ba5dfd67250a4ac06be892f10f9fbf43e0cfbe62f0e6a1e42
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\client_plusone[1].js
text
MD5: 51385c2a2a8b11ab745f4b8aa4371449
SHA256: 11ac8f310161b1a852bb787bc4185df89968bae852234f67f813c63479ea75d5
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: b0004d79f2dda08fb0abfc031a813614
SHA256: b7fdcc224621cf3c3120432168e13dcb59b0246691da3c7dbb846e2009d527b0
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\all[1].js
text
MD5: 780a562b86623bb749c61002bf39c12a
SHA256: dbe47e4a2f47e431efed11eeec20c910735fb4f9b2624273980a55ab63314580
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\widgets[1].js
text
MD5: 908bfb12f67a915779d6b185924392c8
SHA256: cd13250da965067b2cb39fcbec1274bd9ef652a5ababd5cd9ac8c42c81c08945
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LN5YE8L2\softplanet[1].xml
text
MD5: 51ae742168fa7378baedd3343d5e054c
SHA256: 4d770441bcf39137a4ff5742c0607aea3cc822d1ae9d55e310ea60eb4b5abb34
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\t[1].gif
image
MD5: 56398e76be6355ad5999b262208a17c9
SHA256: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 338a046dee513dde834311277d1f746b
SHA256: f2d4067eb9ba9331969d6587f083e3108016ceff6c35b97a93b93e084eb551be
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stamp[1].png
image
MD5: 4073ee946b1dcd97010991419bd06690
SHA256: 833e8b3f9434ed12a3b8eb39c2207a033d4a4c06ac547a5b1a2e8fe98f85772e
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\social[1].png
image
MD5: 570435bfde040693f9ba46919cf759b4
SHA256: 0b1f5bdfac7f5985b63fd3db905deebfbba5b712988f20f7212ce09565e19b06
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: fcf4c22322e1c0039204aac2ee06e3f4
SHA256: a7711ec66a11aacd1664bb401daad791010c96ac204759bce9e58cda5b64ca96
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 90269520225146993daf17f769e315ce
SHA256: 668f124a87b9ec3458dc1bbfa827f3186aeb21f269d0fdbfd4bdfaf7e43c6a2e
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\un[1].png
image
MD5: a2092c9d1740cc453ee3c5606e311485
SHA256: a23f02c41d07beec55b6bd3286accba8ccaaebbb4dc81d88deae10a4fbcb713b
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LN5YE8L2\softplanet[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\main.gz[1].js
html
MD5: b9e406e163cb9ada4f4c05e65bcc8cc3
SHA256: 7dcf24c581d1311f3ed87576842e06bd0f20ce68f59271f260ed5e0c4d4fc8c9
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\love_softplanet[1].png
image
MD5: a620970785243a3947a26c9ebce7d9b8
SHA256: 9d37ac7e8873524f9c8b4e06c766fbe2c44403dcb6f3dbfe7792e098ffc47dfb
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\win_ico[1].png
image
MD5: c5726ab8bcc0d2a65180c94696f034c7
SHA256: 1355fb6dc6374239c2de01c977a10dae3989df90cf03c696a8ab37f4985f1128
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\e8e7359a[1].gif
image
MD5: f61e902e984b7e8817d8e770053fe6e4
SHA256: d458c46fd33e23e970d0d6b10a178973122225834a9cda81e4ff0ab10f4a548c
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\598e9a9c[1].png
image
MD5: b45f249b6d462b254a3bfcf9cb45d6e8
SHA256: 6a5bb1e9a243a1e2749c5e513bd74e5b54c26aa221e0dee003878cb5c5a6bbde
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\fee40c1e[1].png
image
MD5: 7f2394e564033eb48d06c3bd46409077
SHA256: bb4922035bac8bbc91fdff993cd0c4a5e7ef184a7009f28a7d49efd3dc51fdfa
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\0d1337ab[1].png
image
MD5: 92c4bcb4d74c5ef7c0487f25d241c9e1
SHA256: ae8175c057ffcf124720faa8f8b39e097569da0e8ec7ed8b0bc81a4e577dc67d
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: aae67263dd4779730d8bddd9bda8c6a9
SHA256: f0b53b358c19cc28238f2df9a011d146cc2d7eb876df6b0424fd6529998457a6
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\0c7d48c7[1].gif
image
MD5: 753dce15d4eda84f7bcdd3980e1e770f
SHA256: 6590b98873364cd136273f6016fbb016605436ff9a90790a5c0b0e84fba35793
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\7de7e311[1].png
image
MD5: e59dfe1b3f75e654ac0d5daf91e87b52
SHA256: c2ed5a6e02640e22092ea3845ac1026ce4165bd489cf9a7af630ffca0712a817
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\tick[1].png
image
MD5: 698f6341a1ceede122a557ce71e41fb4
SHA256: 725c76b0e35ef682a55102cb399f7bfedbd71b60cefaae3fe235b65fa7d218b2
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\secure[1].png
image
MD5: 8f3730af55f3ee54540497ec6527b636
SHA256: 70074686fec3d1bf31e2a8b21363522d70b5cb12b52a9edc8d673d950f5b526a
3680
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\dwn[1].png
image
MD5: 60e88fd8c70dbb23c012ce13322173e7
SHA256: 9af7cbd65b21de9d40e560935658b2729ae8f94cbcc9445cdbe4feb05b22e116
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\v2[1].png
image
MD5: 6faaeae171875f02388fff3bfb5924d6
SHA256: 6ac08382151471a8c356dd552a319e04a11a88b8b53c65af404bd151049db4b9
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\stars[1].png
image
MD5: 9b27c5d6a92c44903a10393b240a7072
SHA256: c545c8378a2bb8cb4ab191eb4d345fc827c7d4cdde2ae7ea503423898b78e796
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: aeea27fdaeecf2a96fc85c6ef3e9c18c
SHA256: e42166dcbac6b1577d78cba2b16e096fd4bffc3641518c6b2e665e61a872e5af
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\menu.gz[1].js
text
MD5: eba75c0c3d2cab76c9425265b725c14a
SHA256: 9712be0a99ad6fb27240d9a328e318474c712f3a73a4016e6a080aa57901dd2c
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\logo[1].png
image
MD5: d1015578d16b40a19a8e0026b6912964
SHA256: 7ecaef5a15bf32120cdb2690d352d44cdcd7361e8cb0e1ed0e7af103acc01802
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\b2[1].png
image
MD5: ddb6341762ef4172cfb10bf5def65cc2
SHA256: 7dd8127ecf09861e2cb5332c6545007726f6d3508ad0f3fa09343f7c2efb6106
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\4a691284[1].png
image
MD5: 2836003f26019a1877f2de840b3ff453
SHA256: f9d2bd12ea590b896953bc88bc3e47121fa0d9a787cbef47f777521d6d96263d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\b365cac6[1].png
image
MD5: 1ccd04ac3af9ba4da3c8af7502ae8ae8
SHA256: ab2dd27414032933b3ff22c89feaf782a062f52423fe36c2004d5bff1db5860d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Ccleaner-403[1].png
image
MD5: a168458c2dacffc0becae556242107ca
SHA256: 2cb1f612d9cc5b5582138085f4b7f3d97ad854626ebd011d990f6b43bb8fbfe3
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\png[1].png
image
MD5: 36c056a004480a68baa4b9551d626cc0
SHA256: 859f8965f70b0fb0281c544b9afb2dfd41693b577b83a979ada4b8639839074d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\line[1].png
image
MD5: 672d263d336fc1c425699d9b86f8e16b
SHA256: 502897c05785df5dc0f89d127e392ff9e22f3cab760cfab97083bb3d7c7d6518
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\c6ce33a6[1].png
image
MD5: 08851759c6c41034388f2918b77d9c0c
SHA256: bd03eabb18f2bfe229705b14022a859ec440ecd7f2f3a737380cec572ab620e6
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\7cd75dc7[1].png
image
MD5: d088a60e8ca5b9a45fdab02f51892a7d
SHA256: 136ceb2b059816acbd5904a9374659be984218f4ea6821ddd2f8e1cae034436d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sm[1].png
image
MD5: 7dac6f5948adaba79c1f71dd1a091c2e
SHA256: 5628801321d2425a504ed40a41db915796ce313d3c6658aaeb4df9b1432e3f66
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: d0ab5be3029be2e27f7755694679d8ae
SHA256: cc0ffe38d735ba46a0b26d64fc5f87572b0571c41f63bb7211853924069f90fa
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\search_2[1].png
image
MD5: 670b95a3676545a61a7a7b13ed752a82
SHA256: 6dfecf440365ba3a7645ef2ba7c2330617a75b4cf2972f5f704c494f34ecfca1
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\play[1].png
image
MD5: 1a03504ab9cf97628dc17aa561181f1b
SHA256: e4ccd0663222d7a000fac5ce7b6736d8d2f695035362dc1555deec1a51fb5cfb
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\analytics[1].js
text
MD5: 2288a7f0b8dafb9384355f3cd86c0e83
SHA256: b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\counter[1].js
text
MD5: c56dc89450a24964b104c69fabcd326f
SHA256: 58c7edea7429f960e3cc03b3452b271fcab02ac139ac6026d62e38191b1cafa1
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\cb=gapi[1].loaded_0
text
MD5: d461656979a094c32747b8530228a1c8
SHA256: f1243d72e9844b876c4a85a8ce7bc1df6465170ae7b6decd32e1a976260f8023
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\es[1].png
image
MD5: faf72eaceeb83b0d23ea9f03f88db0cd
SHA256: b2dd5024682fd03d595f548ed6dda39bfa6e74bc069a8903e2bfccd05b88dcd1
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\b99f5621[1].png
image
MD5: 431c36e5fca0ad873753794db59f2b22
SHA256: e5a988390a0e9dce87afb13d034ec98967f38b1d746377bc003c25f8cbe5bde2
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\en[1].png
image
MD5: e5fa7e0cc8f939afa3eb116f75a077dd
SHA256: 1078f8afc7ceae3ba98e7fd30d46e86eea1c4444c0fd1a61722aa382da204ebf
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 476a2aeecc961a4641616f180780c789
SHA256: a5059bf9e137831656cc2d67cb92c7023dee9c80930c55e89f2b355d6a3ebd2d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\plusone[1].js
text
MD5: 0974723d7267afce841afed7d16f0544
SHA256: 8225797103cab8b30ffbef43078538b90d65b3c76d8b0c79c7ce4ef1b21cfea9
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\hqdefault[1].jpg
image
MD5: ab01e43106970046b92c4ec2a5e52dd6
SHA256: dc2a2d78e4049679f125108bf10de2718c0e393cd6680fc382f8f2550bd60645
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\f[1].txt
text
MD5: 9928d55ee7048d4e1d9955aa8dc4c6ac
SHA256: 8640c0d800d26b784cf09c56320c686ed04c0c7478c96e0e9c402489ccad3b6e
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\json2.gz[1].js
text
MD5: da4c4e40572ee942e8ebc14814a7c555
SHA256: 68d6d8412a3660add60f186be6e8fae1fdbc81c83f58420f999ae201de141bca
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\icomoon[1].eot
eot
MD5: 927e4d9d807b026f3e99e72d571000f4
SHA256: 580310f260f74a23fb2796cd08a166d8e27676ebfbe48099797da77dd35504ea
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ie7[1].css
text
MD5: 6774bcb270ae3ac97910f66d5c7fd13f
SHA256: be54c624241e27bddf217df498575ecbbfbd0f4bd60f5fe3fff9e1f27b2a0daa
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ptn57f-webfont[1].eot
eot
MD5: 793218531e2c3281891cd110916634e9
SHA256: fb1f9b0759cb4b68e16838bf84710dfc7d8aa2afb75e0fe8e7261fe8b466b1b0
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\main[1].css
text
MD5: c837b6243d41c078f2d908aa4bc437dc
SHA256: 4d68dbd185d87ea56300313fd46005b1ec4ada9cda5e9c86d60303287c513f42
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f2946db8edb69ae8cb2bac9d57242845
SHA256: 22264cf677d8944c329ba543ee805e074842e22ae563150834ef83345e920482
2232
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\tick_g[1].png
image
MD5: 5b8bea2b4c563b969b827e12c0c4e887
SHA256: 03be4598ceae783d5a225ee84e5c72224408c4d612ea1b53865b6703ac31049e
2232
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\table.html
html
MD5: 492ee5efed9621ebd1d1a3f4de1b8544
SHA256: ce56f9de47f257d7a8340561378b1f1e88980f667f8f7e3bddf98b3d958852dd
2232
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\template.html
html
MD5: 82d44a085a2556e734fa5e8665f4fad9
SHA256: cee29894c125bfec5f44c96f757d05133e9607f2bd976250a542adec9db4bcbf
2232
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\prev.xml
xml
MD5: efeedf1d95c8f78e70c79fcaa6f70d01
SHA256: ee4363fed80e7b91b4e1a12a39be00eea38ffa1bbc8f7357333d302cbd560980
2232
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\latest.xml
xml
MD5: efeedf1d95c8f78e70c79fcaa6f70d01
SHA256: ee4363fed80e7b91b4e1a12a39be00eea38ffa1bbc8f7357333d302cbd560980
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\imbg[1].png
image
MD5: 56155d176d4a51f911b21b2e87d70808
SHA256: 2730f2bbda198d8172a4dce70c1faed395619ccdc8a391b4a48447f497670545
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\9f3446a4[1].png
image
MD5: 2e0c552ba2bc013deb4fd248efe83a86
SHA256: c580b0bbbddc7a3f7a56fb50563659ed05e6325358df9fb006940de5c27abe12
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\88e153c1[1].gif
image
MD5: e17e2fd006d1fbb5ac0163c745ff7c37
SHA256: e8eb0e9abd2d120e5f7439db01258a0246a740c31151d20a5a0b7132c4a8c2a3
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\5802fc36[1].png
image
MD5: ea4bfe3708c5a0debea3b47c3f848af1
SHA256: 3640ee7cdc94c97069c7667229badf439f7a96e63fe545c35a7db600d04a6f70
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\f6ac2d3d[1].jpg
image
MD5: fd1112686d0e030a02b32cca20bbfb3b
SHA256: 8bae8c89da895fcefa174d00c5c6aa802630e9f155c56ae2cbc5fadf879bb615
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\812c6288[1].png
image
MD5: a1f7831f9bc1fbe9af5a480bc89de163
SHA256: 16d2d7da00794fbdc85069acfd0218bed51a3a830b2fff38733d37a3a098cb54
2284
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\fbb05edf[1].gif
image
MD5: 0daecab2e10eebf0c758071b464036bb
SHA256: ad7f0da041eb9807fd553cdede4d0c1e39b4c2c20d86477cd4634b029a671676
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2284
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\template.html
html
MD5: 82d44a085a2556e734fa5e8665f4fad9
SHA256: cee29894c125bfec5f44c96f757d05133e9607f2bd976250a542adec9db4bcbf
2284
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\table.html
html
MD5: 492ee5efed9621ebd1d1a3f4de1b8544
SHA256: ce56f9de47f257d7a8340561378b1f1e88980f667f8f7e3bddf98b3d958852dd
2284
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\recom.xml
xml
MD5: 6103ed4c4a683024796cadb88be70113
SHA256: c2c7413d46ef1fce2fb1ae87749878cc64ae6fe86addde30c019c5c760ac0691
2284
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\lr.xml
xml
MD5: be36fc718f0f0a9d377ae160474aa6b4
SHA256: 01d75d3fabe05de5cea9d430eda8994ffbf0feb3a3f8f07b9bb786210aeb3777
2284
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\latest.xml
xml
MD5: efeedf1d95c8f78e70c79fcaa6f70d01
SHA256: ee4363fed80e7b91b4e1a12a39be00eea38ffa1bbc8f7357333d302cbd560980
2284
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\prev.xml
xml
MD5: e46ee89abc42db4ab2eff01baf35cdd1
SHA256: 4c37ae5234b802d30d5cb4fcc710b211d93133510f618b2eca982439841f03c6
2228
setup1.19[1].tmp
C:\Program Files\SoftPlanet Software Assistant\unins000.dat
dat
MD5: db5e417ab291d52d5e6e74dd40ffa5a6
SHA256: 0b7bdc8b642770a138a19e67dabc03853557a0173095e056bca934fe5d2885a6
2228
setup1.19[1].tmp
C:\Users\Public\Desktop\SoftPlanet Software Assistant.lnk
lnk
MD5: 404fcdde4886df90ac9656b09afb3d23
SHA256: b99cd1cfc634b2ac80204bb5abc39da8dd1a3fa39e476941d48b7f0540ae70c8
2228
setup1.19[1].tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPlanet Software Assistant\SoftPlanet Software Assistant.lnk
lnk
MD5: db99969d79390037dadc756f7639c05e
SHA256: 7b3de39cc3400028543db8ba56af9f543437d281388a8c4c05a3bdd7a5287fc9
3744
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\b99f5621[1].png
image
MD5: 431c36e5fca0ad873753794db59f2b22
SHA256: e5a988390a0e9dce87afb13d034ec98967f38b1d746377bc003c25f8cbe5bde2
3744
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\mypic[1].png
image
MD5: f651ff512358cacc9182873a13db49e3
SHA256: f4394597c4937e1db8200e99ab4902a54a829f944f1f524c12731ba01a067553
3744
spassist.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\7a2ef4c4[1].png
image
MD5: 943f3aff213c187ff33aad7f8b3f0d39
SHA256: 33596c94903c99fd1562058bacecad3d326312eb18b28b8a205fa4323727cb66
3744
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\template.html
html
MD5: 82d44a085a2556e734fa5e8665f4fad9
SHA256: cee29894c125bfec5f44c96f757d05133e9607f2bd976250a542adec9db4bcbf
3744
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\table.html
html
MD5: 492ee5efed9621ebd1d1a3f4de1b8544
SHA256: ce56f9de47f257d7a8340561378b1f1e88980f667f8f7e3bddf98b3d958852dd
3744
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\recom.xml
xml
MD5: 6103ed4c4a683024796cadb88be70113
SHA256: c2c7413d46ef1fce2fb1ae87749878cc64ae6fe86addde30c019c5c760ac0691
3744
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\lr.xml
xml
MD5: be36fc718f0f0a9d377ae160474aa6b4
SHA256: 01d75d3fabe05de5cea9d430eda8994ffbf0feb3a3f8f07b9bb786210aeb3777
3744
spassist.exe
C:\Users\admin\AppData\Local\SoftPlanet\Software Assistant\latest.xml
xml
MD5: e46ee89abc42db4ab2eff01baf35cdd1
SHA256: 4c37ae5234b802d30d5cb4fcc710b211d93133510f618b2eca982439841f03c6
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\iframerpc[1]
text
MD5: 39837b2fcec9d416bda32e66244da470
SHA256: 8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
2228
setup1.19[1].tmp
C:\Program Files\SoftPlanet Software Assistant\is-JM361.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\photo[1]
image
MD5: 20b98de73f80a9a364127d1e2e38cffd
SHA256: a8e3320486c7f91b2696995e8ab713337cbde03903353778098d1bba1f26c1dd
2228
setup1.19[1].tmp
C:\Program Files\SoftPlanet Software Assistant\is-3P9AT.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\1362406667-v2-idpiframe[1].js
text
MD5: e65dd360accbcda35ee78ea086f5ecd7
SHA256: c1ffd1fcf0d33284f9407873ae43b3677a9ba32c2a0b6dfff3bd0cc013f5c593
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\749446591-idpiframe_css_ltr[1].css
text
MD5: 22920f896558983f8bf5e2bba1f39258
SHA256: 1b28cf0c3bdd173502b785ebece2ef6838f924b3d08bc03b264b3dd3bd5a24d1
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112\index.dat
dat
MD5: d19c44b321e96dce656b65ba8f8b0b3c
SHA256: ab6e929182ea72aab62c39fbdc0cd0e290400d6c569eb0e0de5cbcd55af87574
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\iframe[1].htm
html
MD5: 3d9939c202114077b4ca5c60e38a0190
SHA256: cb40e1d0853857e169e126f0fecdd2f5ea9b18c83098e87df745768c25241087
3648
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112\index.dat
dat
MD5: 657c81fb0835db60c976477b251bbd09
SHA256: 00b675d1dff7b428de14c6821962ae2afbb660b9a49568d912fbd42d9647ac58
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\setup1.19[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\setup1.19[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\iframe[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\or[1].png
image
MD5: 7e5ea93d246d10342b9f000a586b4de6
SHA256: c80ec5cc476eb674d1bb0916de2a8bac9421e90c3656132315d45fbd44e391a1
3024
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 44d9c6b538fd7593e067a98373ebf914
SHA256: 3b0f7b2ac1ba9fe137a7d30dae8dc6201406c88d67baa47b9b0dbc41899908b7
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3024
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3024
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 4421cc7bf242c6cbb5b4def31a89b5ca
SHA256: 50e771f605d95b09a4384d457aca2cf9f3993e0b94e7dca52fb7612f4d955a72
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 16e2b043f6c1133f004f92081b2d1d85
SHA256: 07750a88b20b7adab7c5c4dca573ce153276faa478d092328d13b9c864484169
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19e8a1.TMP
text
MD5: 16e2b043f6c1133f004f92081b2d1d85
SHA256: 07750a88b20b7adab7c5c4dca573ce153276faa478d092328d13b9c864484169
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 406211c02377efeb00febfae2e7aa012
SHA256: 7873672b3331dcbe0745eda09542a82d38fe1f9090d300cee725b82b5cbdd0d0
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF19e891.TMP
text
MD5: 406211c02377efeb00febfae2e7aa012
SHA256: 7873672b3331dcbe0745eda09542a82d38fe1f9090d300cee725b82b5cbdd0d0
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1d583dcd-54b3-439d-a348-e31449f5d137.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5b3db002-3bf7-49da-844c-f7fdd96889f5.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: a9c0e333d9cbd28001fde1a9b35c7ef1
SHA256: b5562fe320ad952fd3c8361188bea5876df7afb943702d4684be26632f368ec3
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: cee8307ec3d462111f4d4042d9ae88ef
SHA256: 7d5d7226e1a8440a77c2b0de710dcd8187c5093d16c4c17f45785f455e19ed58
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19e891.TMP
text
MD5: a9c0e333d9cbd28001fde1a9b35c7ef1
SHA256: b5562fe320ad952fd3c8361188bea5876df7afb943702d4684be26632f368ec3
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19e881.TMP
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bebcbfd3-8963-4fce-b736-de3caca82dbc.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: b8fc759ee541c00c9e6977663526f7f7
SHA256: 498ab685877e7ecb07d270dbe848c41a2dbedafcb7bf020885f8d96bc7ae835e
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 5b2986e70c24119e9d012924ce281aeb
SHA256: 4194f81d3ce7a472bfa6cf515828a22f7f068179bc793ad8c7537a191dc8e362
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1027d7b9-d798-4bd1-b3d8-3f1a17b606b2.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 13564582eba4c9985c995b8c42c89902
SHA256: 6270679df72e3f340fae6b409d14eb862737c91ee3b847f2ff1732e75488add0
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 7f1ce339a9295041952276ec293030b0
SHA256: 2fce29cd7622c9ca0231aa51e2c751351764c4788abc9714bee43c80e2ee7ef2
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: fc44c448fdbe871b5e4127b8cc01893a
SHA256: c62d7046a7ccbbe11ea8269f74d177b012e5264c1cc2efd551c9a936be782f98
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 26cc40918b2b0a4eac6d77385159a031
SHA256: 3c19027766285f2c4d8d87b8cf09a95291b9c0de8294c6b5106ffeed2babc6f0
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: b815a489e831a1993b85dee1b9a65c67
SHA256: 67c70476fe98d4a2fefe86e6d93c3ffd4b26690472f5c3f86e6e03363c488dca
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 78a1daab0932150ac6bccf313fcf947b
SHA256: a38549f663a97c78a367984afed7f81c176000345fe4dc6d4157f7bf600b0764
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 9c4a740987e3028b993f5d9744a0422b
SHA256: 4a78d14808029e85c5c8d318d734fa59ae602633937d29f63e96f313aea6bf04
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 4d69cdea1a45f5d47d42c94ddd79df7d
SHA256: d4d38ac905904263cca02b65484e1a3b7314171c6f5e8677de80b700655e9a70
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: 39cd68a68c90ac9e06b9bf1ff3982e00
SHA256: 9609e10784cca5ca20e5bb58a59c8e61a9f2ab6fc4ebc07bd5dd28ab7a2c3ade
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 3426e2adeb55b286a39dd4ee1288e8c6
SHA256: 5d876310324b2be611859e85b9094ff74ff6665084ab410b4ead0cd4a7448547
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: dc30ff74dad2fed6e51335ed9669c68e
SHA256: 8c998bf751d1d9c87f0c4eb9be99306c35a7513fea7d2179291a6fab1d4d0b74
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF19bc70.TMP
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0915864e-e580-4424-ad41-5a002e91731c.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\402d7047-7342-45a0-a992-1c430b34a29f.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: ab33756e25d84604b3abd6542ce786d8
SHA256: 8c0c049d1c0cde3058fa903f786699b410d8f2cb946aa436af3552be3a18806b
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF19bc41.TMP
text
MD5: ab33756e25d84604b3abd6542ce786d8
SHA256: 8c0c049d1c0cde3058fa903f786699b410d8f2cb946aa436af3552be3a18806b
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\55337ebc-484e-4244-bc9e-9641a7b1223e.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 8e6848d1a68d358ef181b86728ec756e
SHA256: d547fd8b6a6973f074a83f0b1aed023923c2f5ad86a7ad158e06273f6a72add1
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19bbc4.TMP
text
MD5: 8e6848d1a68d358ef181b86728ec756e
SHA256: d547fd8b6a6973f074a83f0b1aed023923c2f5ad86a7ad158e06273f6a72add1
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0d9dffee-35fa-4a41-925f-c73f5df2e20e.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19bb47.TMP
text
MD5: 47ff4d8b4183c305bb1b32834918d1fa
SHA256: f664513785b87f9be4f0424bef04087074c3eea12a4f45efc50a4acf130634cf
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 47ff4d8b4183c305bb1b32834918d1fa
SHA256: f664513785b87f9be4f0424bef04087074c3eea12a4f45efc50a4acf130634cf
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a9d6549f-884d-4b6e-90aa-3b24fece7fff.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 33d5e84f0ef691ed283cc10c673f0585
SHA256: ed9c697e7ba335798df53528e06e03de074e4db80fa210506331e8195690893d
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF19ac92.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF19ac44.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF199987.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cb=gapi[1].loaded_1
text
MD5: ab164733b1c142b1aada9178fe4c3749
SHA256: 3a90b255770ba5dcf55232c647f03899dc298d843dc62cd70d168556ff8bb1ae
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 60a020225497d6935e4fb0c358a323ad
SHA256: 043c40c8cdb264204683278af3a4b1cd31fd285bb592c0cc6739bd876d43c277
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF19983f.TMP
binary
MD5: 60a020225497d6935e4fb0c358a323ad
SHA256: 043c40c8cdb264204683278af3a4b1cd31fd285bb592c0cc6739bd876d43c277
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\56b1d31b-be41-4e9a-8ebd-7199209148d7.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 09b143b2fcce053f87a43c586cb1f6a3
SHA256: 7e904888d656dd78b5f99f5e2a35d12fe5098598d9b12041bbea589c0ffb4bbc
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF199793.TMP
binary
MD5: 09b143b2fcce053f87a43c586cb1f6a3
SHA256: 7e904888d656dd78b5f99f5e2a35d12fe5098598d9b12041bbea589c0ffb4bbc
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ead74096-53ba-40ec-8ee5-a21531de873a.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1995fc.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF19957f.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF199560.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF199531.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF199531.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF199512.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\74802bb0-60c3-48cc-b75f-0942b928756a.tmp
––
MD5:  ––
SHA256:  ––
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1994f3.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3596
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HTETMHXO\accounts.google[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
43
TCP/UDP connections
71
DNS requests
32
Threats
4

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2732 chrome.exe GET 200 52.222.163.166:80 http://dgekaihxawqz1.cloudfront.net/setup1.19.exe US
executable
whitelisted
3024 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3648 iexplore.exe GET 200 52.222.163.208:80 http://dgekaihxawqz1.cloudfront.net/setup1.19.exe US
executable
whitelisted
3744 spassist.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/collect?v=1&tid=UA-42686066-2&cid=3DC3B32A-14CF-409E-89B0-3A3A02A50845&t=pageview&dh=softplanet.com&dp=/1.19/install&dt=New%20User&cn=sa&cs=sa&cm=sa&ck=sa US
image
whitelisted
3744 spassist.exe POST –– 35.163.79.134:80 http://softplanet.com/updater/soft US
text
––
––
unknown
3744 spassist.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/collect?v=1&tid=UA-42686066-2&cid=3DC3B32A-14CF-409E-89B0-3A3A02A50845&t=pageview&dh=softplanet.com&dp=/1.19/xmlupdate&dt=XML%20Update&cn=sa&cs=sa&cm=sa&ck=sa US
image
whitelisted
3744 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/recom.xml US
xml
whitelisted
3744 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/template.html US
html
whitelisted
3744 spassist.exe GET 200 52.222.163.114:80 http://i.softplanet.com/logo/7a2ef4c4.png US
image
whitelisted
3744 spassist.exe GET 200 52.222.163.114:80 http://i.softplanet.com/img/mypic.png US
image
whitelisted
3744 spassist.exe GET 200 52.222.163.114:80 http://i.softplanet.com/logo/b99f5621.png US
image
whitelisted
3744 spassist.exe GET –– 52.222.163.114:80 http://i.softplanet.com/logo/fbb05edf.gif US
––
––
whitelisted
3744 spassist.exe GET –– 52.222.163.114:80 http://i.softplanet.com/logo/5802fc36.png US
––
––
whitelisted
2284 spassist.exe POST –– 35.163.79.134:80 http://softplanet.com/updater/soft US
text
––
––
unknown
2284 spassist.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/collect?v=1&tid=UA-42686066-2&cid=3DC3B32A-14CF-409E-89B0-3A3A02A50845&t=pageview&dh=softplanet.com&dp=/1.19/xmlupdate&dt=XML%20Update&cn=sa&cs=sa&cm=sa&ck=sa US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/recom.xml US
xml
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/template.html US
html
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/fbb05edf.gif US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/997eea3f.png US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/5802fc36.png US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/812c6288.png US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/88e153c1.gif US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/f6ac2d3d.jpg US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/logo/9f3446a4.png US
image
whitelisted
2284 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/img/imbg.png US
image
whitelisted
2232 spassist.exe GET 200 52.222.163.199:80 http://i.softplanet.com/template.html US
html
whitelisted
2232 spassist.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/collect?v=1&tid=UA-42686066-2&cid=3DC3B32A-14CF-409E-89B0-3A3A02A50845&t=pageview&dh=softplanet.com&dp=/1.19/updatemanager&dt=/updatemanager&cn=sa&cs=sa&cm=sa&ck=sa US
image
whitelisted
2232 spassist.exe GET –– 52.222.163.35:80 http://i.softplanet.com/img/tick_g.png US
––
––
whitelisted
2232 spassist.exe GET 200 52.222.163.35:80 http://i.softplanet.com/img/tick_g.png US
image
whitelisted
2232 spassist.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/collect?v=1&sa_ver=1.19&tid=UA-42686066-2&cid=3DC3B32A-14CF-409E-89B0-3A3A02A50845&t=event&ec=mainWindow&ea=ReadClick&el=CCleaner&cn=sa&cs=sa&cm=sa&ck=sa US
image
whitelisted
3000 iexplore.exe GET 200 52.41.157.199:80 http://softplanet.com/CCleaner?s=sa&m=sa&c=mw US
html
unknown
3000 iexplore.exe GET 200 52.41.157.199:80 http://softplanet.com/font/ptn57f-webfont.eot? US
eot
unknown
3000 iexplore.exe GET 404 216.58.207.40:80 http://www.googletagmanager.com/gtm.js?id=GTM-5NQ8QL US
html
whitelisted
3000 iexplore.exe GET 200 172.217.17.86:80 http://i.ytimg.com/vi/IvcA10bxZeM/hqdefault.jpg US
image
whitelisted
3000 iexplore.exe GET 200 216.58.206.2:80 http://www.googleadservices.com/pagead/conversion.js US
text
whitelisted
3000 iexplore.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3000 iexplore.exe GET 200 104.20.2.47:80 http://www.statcounter.com/counter/counter.js US
text
whitelisted
3000 iexplore.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/collect?v=1&_v=j72&a=1525528110&t=pageview&_s=1&dl=http%3A%2F%2Fsoftplanet.com%2FCCleaner%3Fs%3Dsa%26m%3Dsa%26c%3Dmw&ul=en-us&de=utf-8&dt=CCleaner%20free%20download%20for%20Windows%20%7C%20SoftPlanet&sd=32-bit&sr=1280x720&vp=772x444&je=0&fl=26.0%20r0&_u=IGBAg~&jid=1633405757&gjid=1380152827&cid=842937076.1547175683&tid=UA-42686066-1&_gid=1882961845.1547175683&z=662959170 US
image
whitelisted
3000 iexplore.exe GET 200 216.58.205.238:80 http://www.google-analytics.com/r/collect?v=1&_v=j72&a=1525528110&t=pageview&_s=1&dl=http%3A%2F%2Fsoftplanet.com%2FCCleaner%3Fs%3Dsa%26m%3Dsa%26c%3Dmw&ul=en-us&de=utf-8&dt=CCleaner%20free%20download%20for%20Windows%20%7C%20SoftPlanet&sd=32-bit&sr=1280x720&vp=772x444&je=0&fl=26.0%20r0&_u=IGD~&jid=476699994&gjid=406768348&cid=842937076.1547175683&tid=UA-51827775-1&_gid=1882961845.1547175683&_r=1&z=1856537274 US
image
whitelisted
3000 iexplore.exe GET 200 104.20.3.47:80 http://c.statcounter.com/t.php?sc_project=9263798&java=1&security=7ee89bee&u1=D70C0385AF0A4FE4C238887521B35508&sc_random=0.9074031939992646&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=http%3A//softplanet.com/CCleaner%3Fs%3Dsa%26m%3Dsa%26c%3Dmw&t=CCleaner%20free%20download%20for%20Windows%20%7C%20SoftPlanet&rcat=d&rdom=d&rdomg=new&bb=1&sc_snum=1&sess=4ea83c&p=0&invisible=1 US
image
whitelisted
3000 iexplore.exe GET 200 192.229.233.25:80 http://platform.twitter.com/widgets.js US
text
whitelisted
3024 iexplore.exe GET 200 52.41.157.199:80 http://softplanet.com/favicon.ico US
image
unknown
3000 iexplore.exe GET 200 157.240.1.23:80 http://connect.facebook.net/en_US/all.js US
text
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2732 chrome.exe 52.222.163.166:80 Amazon.com, Inc. US suspicious
2732 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
2732 chrome.exe 172.217.16.131:443 Google Inc. US whitelisted
2732 chrome.exe 216.58.206.13:443 Google Inc. US whitelisted
2732 chrome.exe 172.217.22.46:443 Google Inc. US whitelisted
2732 chrome.exe 172.217.22.67:443 Google Inc. US whitelisted
2732 chrome.exe 172.217.23.142:443 Google Inc. US whitelisted
3024 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3648 iexplore.exe 52.222.163.208:80 Amazon.com, Inc. US suspicious
3744 spassist.exe 216.58.205.238:80 Google Inc. US whitelisted
3744 spassist.exe 35.163.79.134:80 Amazon.com, Inc. US unknown
3744 spassist.exe 52.222.163.199:80 Amazon.com, Inc. US whitelisted
3744 spassist.exe 52.222.163.114:80 Amazon.com, Inc. US unknown
2284 spassist.exe 35.163.79.134:80 Amazon.com, Inc. US unknown
2284 spassist.exe 216.58.205.238:80 Google Inc. US whitelisted
2284 spassist.exe 52.222.163.199:80 Amazon.com, Inc. US whitelisted
2232 spassist.exe 52.222.163.199:80 Amazon.com, Inc. US whitelisted
2232 spassist.exe 216.58.205.238:80 Google Inc. US whitelisted
2232 spassist.exe 52.222.163.35:80 Amazon.com, Inc. US whitelisted
3000 iexplore.exe 52.41.157.199:80 Amazon.com, Inc. US unknown
3000 iexplore.exe 54.231.176.182:443 Amazon.com, Inc. US unknown
3000 iexplore.exe 216.58.207.40:80 Google Inc. US whitelisted
3000 iexplore.exe 172.217.17.86:80 Google Inc. US whitelisted
3000 iexplore.exe 216.58.206.2:80 Google Inc. US whitelisted
3000 iexplore.exe 172.217.22.78:443 Google Inc. US whitelisted
3000 iexplore.exe 104.111.249.240:443 Akamai International B.V. NL unknown
3000 iexplore.exe 216.58.205.238:80 Google Inc. US whitelisted
3000 iexplore.exe 104.20.2.47:80 Cloudflare Inc US shared
3000 iexplore.exe 64.233.167.157:443 Google Inc. US whitelisted
3000 iexplore.exe 104.20.3.47:80 Cloudflare Inc US shared
3000 iexplore.exe 192.229.233.25:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3024 iexplore.exe 52.41.157.199:80 Amazon.com, Inc. US unknown
3000 iexplore.exe 157.240.1.23:80 Facebook, Inc. US whitelisted
3000 iexplore.exe 157.240.1.23:443 Facebook, Inc. US whitelisted
3000 iexplore.exe 172.217.22.13:443 Google Inc. US whitelisted
3000 iexplore.exe 31.13.90.36:443 Facebook, Inc. IE whitelisted
3000 iexplore.exe 216.58.206.3:443 Google Inc. US whitelisted
3000 iexplore.exe 216.58.207.65:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.23.131
whitelisted
www.gstatic.com 172.217.16.131
whitelisted
dgekaihxawqz1.cloudfront.net 52.222.163.166
52.222.163.70
52.222.163.4
52.222.163.208
whitelisted
accounts.google.com 216.58.206.13
shared
sb-ssl.google.com 172.217.22.46
whitelisted
ssl.gstatic.com 172.217.22.67
whitelisted
clients4.google.com 172.217.23.142
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.google-analytics.com 216.58.205.238
whitelisted
softplanet.com 35.163.79.134
52.41.157.199
unknown
i.softplanet.com 52.222.163.199
52.222.163.35
52.222.163.152
52.222.163.114
whitelisted
sp-static-files.s3.amazonaws.com 54.231.176.182
unknown
www.googletagmanager.com 216.58.207.40
whitelisted
i.ytimg.com 172.217.17.86
172.217.168.214
172.217.20.118
216.58.212.150
216.58.212.182
172.217.17.118
172.217.17.150
216.58.211.118
172.217.20.86
172.217.168.246
216.58.212.214
172.217.17.54
whitelisted
apis.google.com 172.217.22.78
whitelisted
www.googleadservices.com 216.58.206.2
whitelisted
seal.verisign.com 104.111.249.240
whitelisted
www.statcounter.com 104.20.2.47
104.20.3.47
whitelisted
stats.g.doubleclick.net 64.233.167.157
64.233.167.155
64.233.167.154
64.233.167.156
whitelisted
c.statcounter.com 104.20.3.47
104.20.2.47
whitelisted
platform.twitter.com 192.229.233.25
whitelisted
connect.facebook.net 157.240.1.23
whitelisted
www.facebook.com 31.13.90.36
whitelisted
lh3.googleusercontent.com 216.58.207.65
whitelisted

Threats

PID Process Class Message
2732 chrome.exe Potentially Bad Traffic ET POLICY Executable served from Amazon S3
2732 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3648 iexplore.exe Potentially Bad Traffic ET POLICY Executable served from Amazon S3
3648 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.