General Info

File name

Your Package Tracked Now_5cadf9e53f83d.exe

Full analysis
https://app.any.run/tasks/6fba2ec5-5ad6-48c8-b6e6-ebaee51eabdb
Verdict
Malicious activity
Analysis date
4/14/2019, 21:07:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

1306823190016b9463291d6aa3082e88

SHA1

d1d6ad0a9369638f40dbd9ce54d7fba6116123b7

SHA256

bd85622762bf36b5e2416519702b4c1b2346c204aa615aea7ff67b034fec43e7

SSDEEP

12288:rgy5pqtaUnZ9Y4GtC51vxhIOwL+xfSl4LedqlwBTGXCeBedjM71SqnlfjvqsQr:b5pqtHzYpt+/RpelqWBTbVadl7SDr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Your Package Tracked Now.exe (PID: 3368)
  • Your Package Tracked Now.exe (PID: 1360)
Loads dropped or rewritten executable
  • Your Package Tracked Now_5cadf9e53f83d.exe (PID: 2432)
Changes the autorun value in the registry
  • Your Package Tracked Now_5cadf9e53f83d.exe (PID: 2432)
Creates a software uninstall entry
  • Your Package Tracked Now.exe (PID: 3368)
  • Your Package Tracked Now.exe (PID: 1360)
  • Your Package Tracked Now_5cadf9e53f83d.exe (PID: 2432)
Executable content was dropped or overwritten
  • Your Package Tracked Now_5cadf9e53f83d.exe (PID: 2432)
Starts Internet Explorer
  • Your Package Tracked Now.exe (PID: 1360)
Reads internet explorer settings
  • Your Package Tracked Now.exe (PID: 1360)
Creates files in the user directory
  • IEXPLORE.EXE (PID: 2160)
Reads settings of System Certificates
  • IEXPLORE.EXE (PID: 2160)
Reads Internet Cache Settings
  • IEXPLORE.EXE (PID: 2160)
  • IEXPLORE.EXE (PID: 2968)
Changes internet zones settings
  • IEXPLORE.EXE (PID: 2968)
Application launched itself
  • IEXPLORE.EXE (PID: 2968)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 2160)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2016:07:25 02:55:51+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25088
InitializedDataSize:
141824
UninitializedDataSize:
2048
EntryPoint:
0x33b6
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
3.1.0.5
ProductVersionNumber:
3.1.0.5
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
ASCII
CompanyName:
Springtech Ltd
FileDescription:
Desktop web search
FileVersion:
3.1.0.5
LegalCopyright:
(c) 2018 Springtech Ltd
OriginalFileName:
SBInstaller
ProductName:
Desktop Search Bar
ProductVersion:
3.1.0.5
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
25-Jul-2016 00:55:51
Detected languages
English - United States
CompanyName:
Springtech Ltd
FileDescription:
Desktop web search
FileVersion:
3.1.0.5
LegalCopyright:
(c) 2018 Springtech Ltd
OriginalFilename:
SBInstaller
ProductName:
Desktop Search Bar
ProductVersion:
3.1.0.5
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
25-Jul-2016 00:55:51
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000615D 0x00006200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45023
.rdata 0x00008000 0x000013A4 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.163
.data 0x0000A000 0x00020338 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.9824
.ndata 0x0002B000 0x00026000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00051000 0x00007C20 0x00007E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.04043
Resources
1

2

3

4

5

6

7

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
37
Monitored processes
5
Malicious processes
2
Suspicious processes
1

Behavior graph

+
drop and start start your package tracked now_5cadf9e53f83d.exe your package tracked now.exe iexplore.exe iexplore.exe your package tracked now.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2432
CMD
"C:\Users\admin\AppData\Local\Temp\Your Package Tracked Now_5cadf9e53f83d.exe"
Path
C:\Users\admin\AppData\Local\Temp\Your Package Tracked Now_5cadf9e53f83d.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Springtech Ltd
Description
Desktop web search
Version
3.1.0.5
Modules
Image
c:\users\admin\appdata\local\temp\your package tracked now_5cadf9e53f83d.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsn6555.tmp\nphelper.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\users\admin\appdata\local\temp\nsn6555.tmp\system.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsn6555.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\users\admin\appdata\local\your package tracked now\your package tracked now.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll

PID
1360
CMD
"C:\Users\admin\AppData\Local\Your Package Tracked Now\Your Package Tracked Now.exe" /firstrun
Path
C:\Users\admin\AppData\Local\Your Package Tracked Now\Your Package Tracked Now.exe
Indicators
Parent process
Your Package Tracked Now_5cadf9e53f83d.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Springtech LTD
Description
Desktop web search
Version
3.1.0.5
Modules
Image
c:\users\admin\appdata\local\your package tracked now\your package tracked now.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll

PID
2968
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://results.hyourpackagetrackednow.com/s?uid=2d96fe23-823d-43e9-a319-702230adc835&uc=20190410&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&i_id=packages_&ap=appfocus84
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
Your Package Tracked Now.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
2160
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:71937
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xmllite.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
3368
CMD
"C:\Users\admin\AppData\Local\Your Package Tracked Now\Your Package Tracked Now.exe" /ds
Path
C:\Users\admin\AppData\Local\Your Package Tracked Now\Your Package Tracked Now.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Springtech LTD
Description
Desktop web search
Version
3.1.0.5
Modules
Image
c:\users\admin\appdata\local\your package tracked now\your package tracked now.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

Registry activity

Total events
1031
Read events
906
Write events
124
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASAPI32
EnableFileTracing
0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASAPI32
EnableConsoleTracing
0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASAPI32
FileTracingMask
4294901760
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASAPI32
ConsoleTracingMask
4294901760
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASAPI32
MaxFileSize
1048576
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASAPI32
FileDirectory
%windir%\tracing
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASMANCS
EnableFileTracing
0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASMANCS
EnableConsoleTracing
0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASMANCS
FileTracingMask
4294901760
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASMANCS
ConsoleTracingMask
4294901760
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASMANCS
MaxFileSize
1048576
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_5cadf9e53f83d_RASMANCS
FileDirectory
%windir%\tracing
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Your Package Tracked Now
"C:\Users\admin\AppData\Local\Your Package Tracked Now\Your Package Tracked Now.exe" /delay 0
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
UninstallImp
{"domain":"hyourpackagetrackednow.com","iid":"bio-sbe-packages-ab","partner":"appfocus84","source":"{source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab","ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134","uc":"20190410","uid":"2d96fe23-823d-43e9-a319-702230adc835"}
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
dynamicInfo
{"autosuggest":true,"version":"1.0"}
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
DisplayIcon
C:\Users\admin\AppData\Local\Your Package Tracked Now\Icon.ico
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
DisplayName
Your Package Tracked Now
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
UninstallString
"C:\Users\admin\AppData\Local\Your Package Tracked Now\uninstall.exe" Your Package Tracked Now
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
Publisher
Springtech Ltd
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
NoModify
1
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
NoRepair
1
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
InstallLocation
C:\Users\admin\AppData\Local\Your Package Tracked Now
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
DisplayVersion
3.1.0.5
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
EstimatedSize
1608
2432
Your Package Tracked Now_5cadf9e53f83d.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
selectedBrw
3
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
DisplayIcon
C:\Users\admin\AppData\Local\Your Package Tracked Now\Icon.ico
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
showWidgets
1
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASAPI32
EnableFileTracing
0
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASAPI32
EnableConsoleTracing
0
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASAPI32
FileTracingMask
4294901760
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASAPI32
ConsoleTracingMask
4294901760
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASAPI32
MaxFileSize
1048576
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASAPI32
FileDirectory
%windir%\tracing
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASMANCS
EnableFileTracing
0
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASMANCS
EnableConsoleTracing
0
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASMANCS
FileTracingMask
4294901760
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASMANCS
ConsoleTracingMask
4294901760
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASMANCS
MaxFileSize
1048576
1360
Your Package Tracked Now.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Your Package Tracked Now_RASMANCS
FileDirectory
%windir%\tracing
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1360
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
installTime
1555268892
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A5AA535F-5EE8-11E9-B63D-5254004A04AF}
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040000000E00130008000C00E103
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040000000E00130008000C00E103
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040000000E00130008000D00B400
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040000000E00130008000D00D300
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
105
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040000000E00130008000D003101
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
47
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041420190415
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CachePrefix
:2019041420190415:
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheLimit
8192
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheOptions
11
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheRepair
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
2AC98469F5F2D401
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2968
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2160
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019041420190415
2160
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CachePrefix
:2019041420190415:
2160
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CacheLimit
8192
2160
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CacheOptions
11
2160
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CacheRepair
0
2160
IEXPLORE.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3368
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Your Package Tracked Now
DisplayIcon
C:\Users\admin\AppData\Local\Your Package Tracked Now\Icon.ico
3368
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3368
Your Package Tracked Now.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000074000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
5
Suspicious files
5
Text files
48
Unknown types
10

Dropped files

PID
Process
Filename
Type
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\nsn6555.tmp\npHelper.dll
executable
MD5: 0cab19d956102431aae29fb4f5135bd8
SHA256: 79428cdb4d37315cd80f4f6e106f3f39671c411514269cb33094d1473d04e800
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Your Package Tracked Now\Your Package Tracked Now.exe
executable
MD5: dad2fca6cd5c588ea3af823ce2b2e47a
SHA256: 7a492d095b1dac34611d1021181bada9b0c532ccb02dccf31f306a1e8900dc65
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\nsn6555.tmp\nsDialogs.dll
executable
MD5: 0d45588070cf728359055f776af16ec4
SHA256: 067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\nsn6555.tmp\System.dll
executable
MD5: a4dd044bcd94e9b3370ccf095b31f896
SHA256: 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Your Package Tracked Now\Uninstall.exe
executable
MD5: f79761dfe5751d502c700645c3fc4f9d
SHA256: 56e4135fc24c9d150a3c156b46036fc18eb66c6e385f0e0333f61f8a867efe14
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 3babe6d4c93daba58f6849f286f798d9
SHA256: 2392649ead60e9e587333d149690ce7367dd700897fc823860e58dd11e897adf
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\facebook[1].png
image
MD5: 4f876fc8fe7f09d2507b283f1edd8919
SHA256: fed8fdfd1088496540260f565f9bd9942e1785481b0de9fdbeccf0b39ab44cd4
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GI07II3Q\packages[1].png
image
MD5: 124aa7599ad1f18e508c5841f16aa3e0
SHA256: 9f15c11e33a413d243d31bc16f854b9e8ec15233e5facdf4ac8e3ce7f62a893a
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSQCGICS\static[1].txt
image
MD5: db04c7b378cb2db912c3ba8a5a774ee3
SHA256: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27L1HJ6E\common[1]
text
MD5: e08c3746f5527e3e4ac425430367c959
SHA256: beee4556ae7f15cabb541e573ca502912c3cce06a5f40bdf4cc220ba1e87a9d2
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSQCGICS\Sprite_Email_V9[1].png
image
MD5: b28e84650fd0bfeee84818c6dae1990f
SHA256: 856a3f6468b76d5e204793c0a8f7f9287674a1536e2e61ed1a8d4413700bcfa4
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\Sprite_Packages_V2[1].png
image
MD5: 0c39779c421185bd546486c8889f5105
SHA256: e9f8f7364bb75d4b1b8047015c7bc0124f9435dcc2b0f4c4ecd1bc006cb3d4a7
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\weatherAgencyIcon[1].jpg
image
MD5: ca18bf31a2bdc6325c3839c7f47d8f6e
SHA256: 0651cf7b687ef85bbf398677789f763ca99e709ceca13c1ac3e90851fc4a07bd
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\results_hyourpackagetrackednow_com[1].txt
––
MD5:  ––
SHA256:  ––
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\saveMoney[1].png
image
MD5: a353048a16ced5eacab658f12e4db18d
SHA256: e2c368a8182d29a0fc74005f812f55b71a840b80cd7c07619db67424839f5594
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GI07II3Q\news-1[1].png
image
MD5: 69f417a5b6fb00c16f2b1613f787878c
SHA256: 9717dfdf6c679515fa277e4ef79d0f91748c40aebc657a9e1da6b5a6aefb7888
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27L1HJ6E\amazon[1].png
image
MD5: 65d37a0031eefa2720aa4e20bcbfb6f2
SHA256: a279329ab261b8fc30b5ec08ccd0ceade7cf6ff1c0dae6a05cd46189191a43d1
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSQCGICS\gear-icon[1].png
image
MD5: c191c48cdc9a12101c96bac13a3a672e
SHA256: 19fce2176cb990c4773742094923ccdd17d778fd050b675b0c8ff16b945e95ca
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
gmc
MD5: ce338fe6899778aacfc28414f2d9498b
SHA256: 4fe7b59af6de3b665b67788cc2f99892ab827efae3a467342b3bb4e3bc8e5bfe
2160
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 10ec7c7f5758fbf0d7e5ebb940596113
SHA256: 0a73300a3a700616668d91161d28f5eff253520ec87552840971f491eca8bbfa
2160
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\33SMRVS3\results.hyourpackagetrackednow[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\header_common[1]
text
MD5: 7395e64d793177bd26a720124703786f
SHA256: e593503a6f74a91b7ca6d5ef4be3bf2a0fc2b5d45d615e6d9788512bbfec2aa4
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GI07II3Q\impression[1]
text
MD5: 4f4d669b17d75af4ffae5fffcc45b1c9
SHA256: 776040739ea91b62f4de213dc55255eda60b9c767de592189e1c3b468f95a16b
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27L1HJ6E\packages_v1[1].txt
text
MD5: 14deeb3a5a9716efa97437353dbf8d39
SHA256: e2c64a16bfaabd7e9a587ea6aa9818412f0dced4f75f54116c06409a10360c16
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSQCGICS\results_hyourpackagetrackednow_com[1].txt
––
MD5:  ––
SHA256:  ––
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: d0c00a7c5d699be4deb35147fa89fb01
SHA256: 83b5ea0d036d6809defd0c597052c81d7eb6647a942cb5bce850fd0b20298a43
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSQCGICS\results_hyourpackagetrackednow_com[1].htm
html
MD5: 2f02cf7b4bbefaa126efd1d3b770e92c
SHA256: 41b7aa306ee35ee816a0c9cb90082be10471462e6bebc86a6304a5ac18249040
2968
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2968
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2968
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 55d80dad8c1adb5935f24828c414cec1
SHA256: fbd851c4cd7961bf9e01bd6ab83a490147a99eac0d8ac48ccf889711377c8bdb
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 656cdfc1539ec39f8e3b934182e6fb4d
SHA256: d4badf75db55775cb471c519a15356eec6fbb896a4ef45d91b619ce2bfa9baca
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 5135638845a244df06531260cab3605e
SHA256: 7973cd44d9a512cf5615cf7e2e27679965a24e8ad80ec2cd4a2e1f206b53abef
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 87a6744ff27257a83ce45b98110f70ac
SHA256: 659ab72b9cf7c2789559f57ad56739475cb28f69601f26e23676e16b764cf96a
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSQCGICS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27L1HJ6E\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF30G2OH\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GI07II3Q\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2968
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ie[1]
image
MD5: c98e8a36cc0d4d61daf66737dd005c1a
SHA256: e1c5c27170cf9e1f52fa4acb20147842255025a7fe96ffcf5b32a844e9c77ef5
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\sb_divider_right[1]
image
MD5: 33543618be71adc4a651b3d96273aa19
SHA256: 9ebb027520cf693024944600108b123c0196190b8284f0f8b231150ad966a829
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\sb_divider_left[1]
image
MD5: 881a23fd87ae6aa866edece7a119483b
SHA256: 4f1828c04af67d3c8454a1b124758f6a88bc706aa29f840171d249b1c27d8b7a
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\gradient[1]
image
MD5: bcd14445c27ebf520276a7947f4d7b63
SHA256: a71055fdd6c65b0b6bbcca16ba9e8bc0143782c83f71d4ec4bf4eb2db227ca0a
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\search_btn_medium_wide[1]
image
MD5: 7c276a38f03961b2cb8b6422dae464f4
SHA256: 7da3002694accc3d88a8d6d90ac46a9b82be848cfb452a3981dad29b0e07d344
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\down-arrow[1]
image
MD5: 372b2c407c53df9ba6786554ec116863
SHA256: c3c07c543aed147214592c2b2af636dca5586de86ab6e7d37d25d6ae422e5763
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\edge[1]
image
MD5: e92a6e255f27d3d08ae205b20defc73b
SHA256: 837ec20dca63c81c494e06cd3dbe1aef68baf49b6266478b43ec354da218ab26
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\add[1]
image
MD5: 1ba16a19ff9c4e0c4e1ed5e04127ebc1
SHA256: b6991f1f492772d77f3873d45805ea8f2b57d36a30bc13272a3db804ff44e833
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\settings[1]
image
MD5: 17b290ef12213bc690a8b7c137b98ce8
SHA256: 786f7cba8aadd887d4788d6287a9e1a35d3340b725b385941d481c654be72228
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\search-icon[1]
image
MD5: e18a6b3fc11627ffa3ba5c171081848b
SHA256: e769f0760ff57f31e91f200fc5eb59e0ecb48a4b3c28a2900456d494e2573424
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\main_templates_ie8[1]
text
MD5: 7286b3d9b8b9a8ceb571b086bc82e63e
SHA256: b6c1f5ba052b1e909adf9d50466f70fb6760b2bca1c36877cdeb7fa93b164bbe
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\jquery_min[1]
text
MD5: fccabbf104532f62133f4b97d0059987
SHA256: 86392cff7d3b950bb824bba8718f02ec166983b8a49ce44a9a007fe3a6625443
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\style[1]
text
MD5: fbe5b64591a93d64b16f4be50ea9ad51
SHA256: 122e3c755c8bcc08b768fa96d4965c6e9914dbaecc9086cb0ef235c29ed16dc9
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\main_templates_ie8[1]
html
MD5: 56ed9a6381a6faa921f1c8776dd65027
SHA256: 716a895c5d65445b1ceb020a20b6a09bb387e887bd0f712ad10368a29a81e529
1360
Your Package Tracked Now.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\rotate_strings[1].json
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\Desktop\Your Package Tracked Now .lnk
lnk
MD5: 8140d47902af02820fc2f6a1ac7ae175
SHA256: 4a977f21175e7b4982f054d1c80d357c797d86e876b2d4b5c7a07bcbff1ec131
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\nsn6554.tmp
––
MD5:  ––
SHA256:  ––
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GI07II3Q\icons-star[1].png
image
MD5: ee286d05500f9eee903e3429f8434776
SHA256: 9f71f0c0201f4781879baf4e695f4188725a8ce2953d18b8c1120865f5d32a28
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Your Package Tracked Now\Icon.ico
image
MD5: 8d2de1a3c6fbe633d7d30787fb5ce3dd
SHA256: d582ad74b220ab3e892a95898f6734f5404ce2fa1e05dfc129a3aff5264da40d
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Your Package Tracked Now\widgets.json
text
MD5: dadb6837b16e05fb3979d0e5da935061
SHA256: bd474453c507eaa11ef17d1015ed46f042ef89c19272ca4a42f562ad1901c1da
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Your Package Tracked Now\Sprite.png
image
MD5: d0a0fd8cfd5b585f09db132db59fa439
SHA256: 815c3c8d83adcee2b7d76547e49be8199881a54c57a76ec91156e9443925d7c3
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: a5672e7d2207b4504b59e93cbfe56db5
SHA256: 2bcd84ddb6c1a62d1246475356f74f906cdbe759e31d180ea26b254c9319735a
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 04d79a0dc77a8f449cbff6252862d398
SHA256: 4c9c4d831d61c8c38b2513f9b431ef4f4cf6af9fb18a2317cd2178d6e0997822
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\Tar9758.tmp
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\Cab9757.tmp
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\Tar9679.tmp
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\Tar967B.tmp
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\Cab967A.tmp
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\Cab9678.tmp
––
MD5:  ––
SHA256:  ––
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 8028558598668ebae282e4a2bb0eefed
SHA256: db86bd38235fc6e072546756bb639321734698ca056ab6ae506b05c7324bb1bc
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2968
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041420190415\index.dat
dat
MD5: 242d9f25f846cac97063308df10089ca
SHA256: ead255ac0dff628a789e437b6ca04da9a2096e53e4da5d3ece509349fb57dfae
2432
Your Package Tracked Now_5cadf9e53f83d.exe
C:\Users\admin\AppData\Local\Temp\nsn6555.tmp\terms.rtf
text
MD5: 1153e2a560d57a437f1d36c83f71f4d4
SHA256: e574e50039d95463fbaa0ffdc10c6278ebb6cdbf58a0c27db11efd06fb2e3bdf
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019041420190415\index.dat
dat
MD5: 5a4b5f832ad1765d32c4a62de72273de
SHA256: 695cdf889563ddcd5215a2eba09604e8fa54976230239acbc2bb9f8e40511c13
2160
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27L1HJ6E\packages_sprite[1].jpg
image
MD5: 8083db015452147f1c1fb04459d5ddf4
SHA256: 9af1b1dedf71fa251a4d4e188e9d231f9f20f1daf3a939121c7fa9f3c9e57b20
2968
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
28
TCP/UDP connections
22
DNS requests
10
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2432 Your Package Tracked Now_5cadf9e53f83d.exe GET 200 3.18.145.221:80 http://sbdistro.com/cgi/adk/chrdlid.cgi?id=5cadf9e53f83d US
text
suspicious
2432 Your Package Tracked Now_5cadf9e53f83d.exe GET 200 3.18.145.221:80 http://sbdistro.com/Content/kits/sbui/widgets/packages/packages_ab.json?useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/64.0.3282.140%20Safari/537.36%20Edge/17.17134&user_id=2d96fe23-823d-43e9-a319-702230adc835&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&traffic_source=appfocus84&subid=20190410&implementation_id=packages_ US
text
suspicious
2432 Your Package Tracked Now_5cadf9e53f83d.exe GET 200 13.32.222.30:80 http://x.ss2.us/x.cer US
der
whitelisted
2432 Your Package Tracked Now_5cadf9e53f83d.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
1360 Your Package Tracked Now.exe GET 200 3.18.145.221:80 http://sbdistro.com/Content/kits/rotate_strings.json?useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/64.0.3282.140%20Safari/537.36%20Edge/17.17134&user_id=2d96fe23-823d-43e9-a319-702230adc835&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&traffic_source=appfocus84&subid=20190410&implementation_id=packages_ US
text
suspicious
1360 Your Package Tracked Now.exe GET 404 3.18.145.221:80 http://sbdistro.com/Content/kits/SBVersion.json?distSubId3=3.1.0.5 US
binary
suspicious
1360 Your Package Tracked Now.exe GET 200 34.206.226.127:80 http://imp.hyourpackagetrackednow.com/impression.do?event=ex_installed&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/64.0.3282.140%20Safari/537.36%20Edge/17.17134&user_id=2d96fe23-823d-43e9-a319-702230adc835&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&traffic_source=appfocus84&subid=20190410&implementation_id=packages_ US
image
unknown
1360 Your Package Tracked Now.exe GET 200 34.206.226.127:80 http://imp.hyourpackagetrackednow.com/impression.do?event=sbe_alive&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/64.0.3282.140%20Safari/537.36%20Edge/17.17134&user_id=2d96fe23-823d-43e9-a319-702230adc835&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&traffic_source=appfocus84&subid=20190410&implementation_id=packages_&subid2=3.1.0.5 US
image
unknown
2160 IEXPLORE.EXE GET 302 52.6.170.180:80 http://results.hyourpackagetrackednow.com/s?uid=2d96fe23-823d-43e9-a319-702230adc835&uc=20190410&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&i_id=packages_&ap=appfocus84 US
html
unknown
2968 IEXPLORE.EXE GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/?uc=20190410&ap=appfocus84&source=%7Bsource%7D_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&uid=2d96fe23-823d-43e9-a319-702230adc835&i_id=packages_1&page=newtab US
html
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/styles/home/packages_v1?v=x1BZmimwCuTPrxEKkON02bLwNE7X3DWDcBAeymH_VyI1 US
text
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/get/js/impression?uc=20190410&ap=appfocus84&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&uid=2d96fe23-823d-43e9-a319-702230adc835&i_id=packages_1&cid= US
text
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81 US
text
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/Home/Shared/Images/gear-icon.png US
image
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/scripts/home/common?v=6URW9YYrrVOx3m_ljnNsmDvIm6JyCW-wyILyhqNw8641 US
text
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/ US
html
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/Images/saveMoney.png US
image
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/Home/Email/Sprites/Sprite_Email_V9.png US
image
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/img/Icons/weatherAgencyIcon.jpg US
image
unknown
2160 IEXPLORE.EXE GET 200 13.32.222.47:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/amazon.png US
image
whitelisted
2160 IEXPLORE.EXE GET 200 13.32.222.47:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/news-1.png US
image
whitelisted
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/Home/Packages/Sprites/Sprite_Packages_V2.png US
image
unknown
2160 IEXPLORE.EXE GET 200 13.32.222.47:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/facebook.png US
image
whitelisted
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/Home/Packages/Sprites/packages_sprite.jpg US
image
unknown
2968 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/favicon.ico US
image
unknown
2160 IEXPLORE.EXE GET 200 52.6.170.180:80 http://results.hyourpackagetrackednow.com/Content/Slick/images/icons-star.png US
image
unknown
3368 Your Package Tracked Now.exe GET –– 3.18.145.221:80 http://sbdistro.com/Content/kits/rotate_strings.json?useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/64.0.3282.140%20Safari/537.36%20Edge/17.17134&user_id=2d96fe23-823d-43e9-a319-702230adc835&source={source}_v1-dsf_packages--bb9_v1-dsf_packages--bb9-sbe-ab&traffic_source=appfocus84&subid=20190410&implementation_id=packages_ US
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2432 Your Package Tracked Now_5cadf9e53f83d.exe 3.18.145.221:80 US unknown
2432 Your Package Tracked Now_5cadf9e53f83d.exe 3.18.145.221:443 US unknown
2432 Your Package Tracked Now_5cadf9e53f83d.exe 13.32.222.30:80 Amazon.com, Inc. US unknown
2432 Your Package Tracked Now_5cadf9e53f83d.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1360 Your Package Tracked Now.exe 3.18.145.221:80 US unknown
–– –– 34.206.226.127:80 Amazon.com, Inc. US unknown
2160 IEXPLORE.EXE 52.6.170.180:80 Amazon.com, Inc. US unknown
2968 IEXPLORE.EXE 204.79.197.200:80 Microsoft Corporation US whitelisted
2160 IEXPLORE.EXE 13.32.222.17:443 Amazon.com, Inc. US malicious
2160 IEXPLORE.EXE 104.111.241.173:443 Akamai International B.V. NL unknown
2160 IEXPLORE.EXE 13.32.222.47:80 Amazon.com, Inc. US suspicious
2160 IEXPLORE.EXE 52.22.227.196:443 Amazon.com, Inc. US unknown
2968 IEXPLORE.EXE 52.6.170.180:80 Amazon.com, Inc. US unknown
–– –– 3.18.145.221:80 US unknown

DNS requests

Domain IP Reputation
sbdistro.com 3.18.145.221
3.18.236.124
suspicious
x.ss2.us 13.32.222.30
13.32.222.51
13.32.222.12
13.32.222.163
whitelisted
www.download.windowsupdate.com 93.184.221.240
whitelisted
imp.hyourpackagetrackednow.com 34.206.226.127
52.202.155.97
unknown
results.hyourpackagetrackednow.com 52.6.170.180
18.215.37.163
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
d3ff8olul1r3ot.cloudfront.net 13.32.222.17
13.32.222.118
13.32.222.21
13.32.222.238
whitelisted
imp.mt48.net 104.111.241.173
unknown
dap2y8k6nefku.cloudfront.net 13.32.222.47
13.32.222.9
13.32.222.250
13.32.222.110
whitelisted
imp.onesearch.org 52.22.227.196
54.174.5.12
malicious

Threats

No threats detected.

Debug output strings

No debug info.