General Info

URL

http://americanfaintinggoat.com

Full analysis
https://app.any.run/tasks/fa5d96d7-ad25-49a1-9040-1cc2f02b9702
Verdict
Malicious activity
Analysis date
14/01/2022, 20:48:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads the computer name
  • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3348)
Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2220)
Executed via COM
  • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3348)
Creates files in the user directory
  • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3348)
Checks supported languages
  • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3348)
Checks supported languages
  • iexplore.exe (PID: 2220)
  • iexplore.exe (PID: 3736)
Reads the computer name
  • iexplore.exe (PID: 2220)
  • iexplore.exe (PID: 3736)
Changes internet zones settings
  • iexplore.exe (PID: 2220)
Creates files in the user directory
  • iexplore.exe (PID: 2220)
Changes settings of System certificates
  • iexplore.exe (PID: 2220)
Reads CPU info
  • iexplore.exe (PID: 3736)
Application launched itself
  • iexplore.exe (PID: 2220)
Reads settings of System Certificates
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2220)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2220)
Checks Windows Trust Settings
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2220)
Reads internet explorer settings
  • iexplore.exe (PID: 3736)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2220
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "http://americanfaintinggoat.com"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shell32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\elscore.dll
c:\windows\system32\mshtml.dll

PID
3736
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2220 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\advapi32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\wintrust.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ieui.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\crypt32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\mshtml.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wininet.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fveui.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\wuaueng.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dsound.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\audioses.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\elscore.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\msls31.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\uiautomationcore.dll

PID
3348
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe
Description
Adobe� Flash� Player Installer/Uninstaller 32.0 r0
Version
32,0,0,453
Modules
Image
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wininet.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\user32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comres.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\riched20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_32_0_0_453_activex.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\macromed\flash\flashutil32_32_0_0_453_activex.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\lpk.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll

Registry activity

Total events
20895
Read events
0
Write events
168
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2220
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
(default)
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935432
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
957484378
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935432
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
657328128
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{64CEA819-757B-11EC-A45D-12A9866C77DE}
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
92064D278809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
F4177F278809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00140030003A00D403
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00140030003A00D403
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00140030003A00D403
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00140030003A00D403
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
F4177F278809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00140031000200630101000000644EA2EF78B0D01189E400C04FC9E26E
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00140031000200760300000000
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A60700007431363767DA02548A6B5655F0E95F377906ABD7516B45FAF08882C3C34CAEDEBCAC2AC28F88ED6916017975F5730B283088E3BB2C06A42DCD585077E2FC4118663DC46BD9F73878B0539BFB869B20FD27AF0479CAB1E2D7ABF5F90D12458DE162020089BCC7044F26839F0A512DE6A8D09A513A630E0073F97F782D20C7D605AD1CA2862A99824D99AFBAA28FC71CCAAC6BFE31C9BB402EFF16D3F37D22B0379AAB6A206A0BBBAC02F93CC7170B934C584149C2915AC77BE9DADA3D48F6023E2FD022F253BE73D9BF7F5F6D859730952C3C70EF4A8A48B6EFEBE9C019E3B6A3A4A9AC526D5265E114625D3D990C4B40847BDC25C9EAF3D3C569B0F37589FB029A57817FCE678AEAA9C3D8213A0BC071D520074CEA1CF4269F7497C5C3877BD88FFAC81BB79DA5C027C1DBA9A43205B2F94A422A38BF812F9F2C8428A77F34EC2CB3C7F89294A76BB37B6F375423745F2519631D9972C48367B22B6880102D48E0A0AC3571ED61DF13130A01F67C5BA76DAD1219FED7D1B972246753CCDAC2BCA0E25CAC7A463FB087A7BCE4C3DE9319B92537026C8DA77076A39B32E57DA3F73A9AF9AA0040B0E31E595E0308EAFEC6C8A3C94DDE333F61734FAE954F99672D0BE67002DF7B08C697471034A13EAEE9154686F7F86B547F4148B0E534CE074AC2E79B62DA9751D8E1936047457CF32C4B2E22C756D4232D59AEAAD126BC0CBF9DBDE208893486C66B5C1710FE4221738C7ABBE3FD0D237E7DA164866003D7D3758982B65CF3A477A6C1C94D2732113AA34C73B8D6B89B890B4126B51543EA8D8469270537724B246AE4C35419EACA86A7C3FD285C7441CC35AEF16E9F1BFE28A27EA0FD71528180C9E31092FE0B646435FF1616A1E01C9A2208E7CA942D8D1A6FE98605E2330BFB5CE04FDE5136E2F17D206434169EC1A42F6FBE5FBE1897AC3FC8491EE6B551039BF96398CE098502B245DC2A504D5F883603FA8B937C2820EB3C486E9A78E2637750639B5D26EC4C9890130EED8C567201E4448DC8F9CD65DD65801EFF1CFCB0C603B3FC712B28240420372103FD70D24532DE6CF22F826143645B89454269BF20344A9BF7B90ECD5715ABEA343F6C1D170DBCB21FBE14C71457A4B33E88382FAD014B8424711C59728FE599ABF1DA9E1F9588F138462A7AB95FEE1A048FFB083D8C371FE0F12C15E5AD47B90EB5085CF0EA391F5567A487639DEED1B9F77B64A9F35D305CDB4C88D9917136402AB108BA2CD1BA03C19FAC372F29EC92603D265F58F7A879CD8402585AFEB3BBEF7A05E67BB8C77DF4736CB3366C3C986AC5C981D96D4883684BBB4E28592D4DA61773F5F74E95DA9F3EB581D2F85E65B66A391698930B384D217F931A47EF6EEE065AD0C02956B564031A4924F01652E2CCBA7BB49A6EC21AA6EFD352E9D7FA66F5D687F6268BA0E22697064AB9FA0F8FF8EAE14C3B7C3F711A5137EF34ED16B0C85DFBB96B3AE3B957E8EF652672A95D73C575829EAED4F04EE971115842036B5711BA2972F595899B6E7096E200C7EC7DC0B1747BA09E388AEB7FD8292AC936E01FAC6676B853F2E0AB23FB17E1F0DC2AF84344008C23EAEDFDB86395BC22B32738B19002890094C440E6B5ACF66FCEFA68CB109B9ED4A4903DE5D441AC88805D0DB1C7F6F9040F088BF1E465044A60813644FAFD15490820E80F4AF469853F25E6952B9F687803CEC86DA9833B1933780DEA201830AFB444824BE52A971E8F7043D3DC461E1D1001CE6C22DB1B7FE79B8432A431F18149F098DFC411CF920FFA8D83FAB33367D6D94CDA709B94891C5EA1A1A46DAE76682410CB0984B7F76106DC93A5184A9DF4B5AAC3B3E393BA7254592442076FFCAF3702F3D3576722244EC599FDB416810C9168360C5FBF8489E332F89CB82248C0982B234289179FF7E94079232FB7DCBDC118EB99C19D7E0211EC03D4CC99B739C3EC7176612EE47C0F9B6E35B7DCCDA72CE3AF7B01FE227B77398308B35A81BB8ED4B18E168B4F5220786F54F0C3FF6A419F6BD3E7B60A95B789115AE14215E7CEC3DBAC8A3386180CE468A0A6FC02A6D67801BF89ADF0F0EEE78AE843F3EF5B34970DEF6F42FF70A6774D39500415FB9B25C560623BD72CBCDEBBD4961558B907680A77B12B56F9748A5E3FC0AB2A091EAFBCD67ED08EE9A079663DD16AE49FBE5BBE63C3568952BA720FD29A51687058C5684265F75CC8E94AE6426BA93CAF2AFE85D517FCB31DB9DD2C125BEB99D09AA5C7C2E09E6B6798866D05AB301B870136D4EC605F4FF9E12B2B1F5EDBA1C8E894BC77F3B61B67B32FD2A4208A8DC843BF3FC8A24EB2856AE60619779B92FA2FE15982771BE468E64F4141B1B65613DC386C89E2FC3263F34126204934BF05407D3901FAD38F0AA841CEFA3251CD0677C7924EE120513271B009543C87C789E621CD154B9DB2ED2A0F62F1CA7E1E43943F7A39536CA391018316D59065A7267707C3DE51C890B152D7AB449CAE1268AFE71F69EC511C22FC9F1EC3F979E67CAA2C597D576441F7ED4B2215182CB7160DC417FEAF155784CB3D1C3ECCFE242B592C4110ABBD7F5D2D39EE82B47D77EEC2766C18E535AD569DBD0F66ED4932D342A2F9B8AB271B84752430AD1A94DC8EB5ACAFD6ED1B163AD78AF15B7B225C14DE2469961A1CE40CDCF185B431D07D98961DFC5A862265CF5F0BE63DCDEA038E6FC93BC85FA5B395B1A20FB98ACC0DAAF91A23C3E8ECD4B400A4E62C7F996CE1F83AE86F0C1BEFBF010000000E000000385835324E41646D516B412533640200000000000000
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F656400000000020000000000106600000001000020000000F239DA477EE3E50214D92A584E80B270D6CBE643FAB5D4A6A80C98D3102DE384000000000E8000000002000020000000C005C0161033124A5FE4D89D5819458D83DCECA5824E8AF6B4C6EE083D8E102B500000009A289038549C73366AE1DB2A59CBA5785D3A3A1990DD95768F83F31F4EEC243AF94E67D2119C6C6DFD3934570B87C7455F7B92F35ACEA103B88AA96E8C02177F83A32093DF44B99FA26616B26B565B0F4000000062A6680ECDD9FA5CF795851C099E0BBAC49CD0EF6AD35957413C086B10B4B33D040BA36C1655990FC32322C30C1F7B6F67F1CFC23C135D2CA7BD7855D89A3E96
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F65640000000002000000000010660000000100002000000064590CF9EF2897C828C08035F8D4029384E0C145E14BCFF3DC39EBE9F5FB751C000000000E8000000002000020000000BA19B0618351B623A8B5AE7E6CE3E1C97E7D147492731D560441F703FC864DB41000000001EBD525279A0FD2C949386A14E69C414000000090A4A4CE254E2BCFF4631F56AEFD4DA8BE53BF2C105FBAC7E1B6B11CEA062AED256ABC21F9799FF431103F0F37B6065F0834BB43391053DB910FA2E68BB0F18A
2220
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00140031000E006301
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00140031000E006301
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00140031000E006301
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00140031000E006301
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F656400000000020000000000106600000001000020000000CDE062FD475479D73522D721FEDE86DBE8D5E9AB42FC718BD521AC2A427B75A3000000000E80000000020000200000000AFB7D523EBC9C1D85EA261F6D2647E641F5A4F719031B7EA456BDA16421496250000000AF2AC1FBF734809FB0030B058D821116B502C8CEDD9BA02407CF002ADFEC6E4FDD38E4B5F05365539277F39584AA8995F5DD0A26E7606E6A071153C1C5C559BEBC0EC12F48F0D046EC6AEC887A208097400000009EC29ADDB06AA73E25C1250B0EA3604703AEB7514CB5466A4AB1BF9FE16FF196AC3DED4201C4F36ED140C7AAFB8159CEEAADAB215226F2730EBFC7091592EE11
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F6564000000000200000000001066000000010000200000000100E4DF4B5576F58A841E6ADAB44E9A6DD3B5631A4C0CAF1913BE5A1DCDE80A000000000E800000000200002000000000849D7A211761E9229E8DD5165C82B9F8AF61A18758824B961258E5531EC17710000000BEF9BB740E98E52558DE74CC0BB6011140000000CA5A2D61A07B7BC183800B546E1223119C860092320F443CCD233ACB31B8F8F422A28917D95470FF6FFA8807FC738636A59CC0BAE4DFCCC1311DE2CFAC80F5B9
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F656400000000020000000000106600000001000020000000B64E7509618B6D1F480917B97F51C8F4C6D9B715E4A3591E86F3ABB1E520B390000000000E80000000020000200000008067FADDC2FDBCF1C9472EA2F6387039FE80DC00029C8CB8FF70B6E3B3051D56100000001B9B4AF85EC47FE5BF2A18E747DC3F04400000008B88326C27FF49A289A3B057A16A03E70893A32309E54C35B60701C9273F0760138C0EB4C72F51CF43801E43FFBF13CB41B139E80C16665AE23DDD97CF27C262
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C0800006ABCB7818591497E303E80C4CE49C77D4FDE1EAFD3BBC0C07A0F3C237551BD5B72D777DD6D60B5B37C71BB4C753A8A6B83EB7E5324B3517D73C9471EA2435362179FA0523B28C87485B96F7607812F383FB6D869C873F7C68427B7910847E62CEE34863F528937945037DD03F6295AE9945D09F0629DF979F64B3A6C4FFCB469E4B62E2D402343B43A093D5AB3D2B46F2B02C2B109CF8B5A375484F0DE01C198CE45E7C76896485CEA50103D8C1C9D7285C3E6E592AA803641620E5D00F84918C5019FA6C58183A0D72C59DA52A8C52B47C2BCA264CFDE8FDF9477DE3D80874B960A7CE7EF86985801BED5250F14364C401ED91CF4DC64DB840CE6D2853852CD92805C92F744B3E5472496861A0182FEE7F6D5B8767329537DE987621BC2FAAEDA8393D5D95BF188867F2CD6A00F49EB616C4CE9AF320E51294BA16064BD5BCFD9336C0FF86B274862F03EA7C1DEBA55FD9E97E187BA16406152BE81C4C8703ACAB022A03314F868379516E8E90E0C4715AEBC1614ACD417E31D3BDF1785089CFD1AFD9A48F67473A38F37CB6140D8C7EFBA6D8DFFA6EB6DB5CED4CBCA922DC4E391E3370FB1EFC89EFEAC046A12A32A77E4AAFB214AD411608498F8A3919B36DA35E31F35E530CC2403085857254066BE4A2BBB8936653E285F24EA4B2110D1E22671846932A1961CBC77735019A181270ECF86980BA856927EFABB9DE19477C4844B066A38D43F9B4A9A1BD48E350CA24ED80C386AEF32C803E433A47306E1876F23719F969CB1C1CD28ABBC24B3AA372CAA4FA2F10E01D40D09293176955F89070D42F3EE8F1225661FDB9C7BB1AFAAC646D552424CB529BCBD388C89F3C8636D9100D8DF40B9AA337FE37E343DC7113EE5A8F5FB32027830EAC6E84EFC646FBFC466C80966B3AC55C7E22EEDD9B09AB2A02884BD3BEEAA8841564C6414F4771E6B5AEA0C3BDC68ED14A0144791091344BEAB132944EDD7E68D2B866A9EC17DAA25B30188C7854219E694F2E232298A124FECA6DDD79120695843E202C1C24A83F6D8601DA1AAC5FA1E47855E3F08E33ECA4C457B31CA5F3107937BCBEECA43C972242D6BA6B889B0DAFBA15B423E5CE751E6A4A110B0BD5D82A28864A0CE009CF61D5D12ABE4015C7CAD4A7AEF09A62C24690EF153E6600F326CEB6F8B364E1C20832FB24C12AB1CFF5A4059DA6D302F14CE0009CC86EF66D592488B67422F69AA208EEA344AAD11E1A43C99E358990E2FD7EC8A99A12382B4E7B2574D7629A35D78B15CA6C0665C55B9F4DA53E108EB495E4B151B4D2583453D3E75362506EA163CBDA7BE6B391B2990DABC1C90C2E4D976E7484642B288758B1E8431FD1F5E6B97E76BB62A966F6878A7DFADBB031BE15F4CC5310A98B39565DB2316AEC21FC742F548397A98782FF2C5E3C5EFE9AE8540062A7AC05E23FABE1AF479980D4D0872E6DEEEBE595764DF54696F6B2FBF18BEBA18C95D07F816FC2696FE910108A3890CCD1A161F2AACFB1B0FF2A7A46C325732300E992652125DB1A8A9B74770AAA710B5E7C3971295AC1676ECF63DD74F97EB109155B050B2AC2DCC7952D0A542FD00363D214930BA1CCD3E622AD41E8915615A63A0AD14104656A14CC4BAC7AFF436F0B529F4A23DA7AF07FC501A63844743ACD33C77BD1C6CCCC64191BCF61E2D64838A8CFB8941958C71567D9BC4A52092A7DCC9416B46EB00DD356CA5527542C88EA3579705102B761D76A51D6371801DECA4689A3D120D7885AF5D84FB5561AFB30D2A113771047AA98487555FBE75D0199600D35508E1F15DB7F3D211BCB6839148FE263D5ABE5AB6C6AACBD751504DD0E10B2AD2B9CC2B07F4858FB433A3E8C8367C8C3864F79BE43F63B6EDC97CE9AF70F434D449713922B58595041DC6E2F820E42A49879ADED389F1F9BFFE398A571B04657BF1E1D84D34E4A321A7D41EC18C83738E257CE223A2AB556FDA15306992E5B3E61926072AF582B82BC04216C363BBB228934475756A36931B7C40FC83C6ADCB37E9109A577CB4B14223BB0F9E1594A4378CAF6967DDCF64E529AA1C47357D258DB75FF776B3D18886FA6945F293EA19DC1D16129A00AC8EEB95F79C533DAF7A093A3723266FDD96179211275F51204335274D0FAEA15E684FC13D9848739697C72FE09006623187159EF77485D064D963CCD08943BC53BD2F0C9521C7F1CBC9ECCDDFFEB876468BA0CF989603968A99862840BDF97B5C3EADF77BA46E3A0FED96885B3EDB8B8397D84235A77B207121BFD32CCA70B246B2E7D10047DF23B33DE578CF8C0EFD237FDE3326D08C82F6F42C62337649048C12FFA6C9ACB8B99C79F9F20CA9F3DB236BD01508F2D65482B0EE2B6A2F228E08C8134FE1969AF3D1B0F1C895522985487ACF50B4B0F9951775262F1F559CC9C61945B9562926F496C9EFA03D8B4F213167FB210506956A0107F27DE1FE57F8D890B321B0ACFADB1E0F126E1FFF070D7759745173384A8601DF73ACDDDCF3F344EF7FE52A5FB8B0C8557AD5DE54F09DE25E5AD67B63B8D31FBBC9748FAA100EFE47C8FAC8D7FE60EFAB46A041FDA97EAE51CD94D8787F05F80D1584B60F4F74F196ADA036016E3D44FA98BA11D6D436D55FED228A663FB9A7E57513AA5A4EEA1C7050547628A6DFC3F88FC2504A103F7B23DA4DAFB197DF3FAF0A0AF133AE6BBBC9CF6A648D47AA2D394B94BCA1FC5E5B39B45E2C832927CC48F5B52FE90FF1804B4C3E0557F262196CEC30A83E3A8A4A229B2526A294F3EC3954FD64F311A6E1D3E574A8D745518E8391BA185069BBCD5AAFD149B578A6F7A4489073A35401714EBCEED426E24D38CF5C4C41E5283CB70B1009E3EF7507B39FF16E0699785348E8EFB30E1E67DB225F6CB6410419BFDC03DEA6C8EE2B319C0B70A6B14E1EBF8025A063649D7518070CE1BE3F28DBCCD84739FA104B3A36B91DE38D7A28E42EC2B7EDC3CE24ADDB2C7BDB56C7A20DCCDD1D41449C34420205A16BE99C516B26DA3DF87764C5AD91D6F5791F821851C996E316656E58E3E7636929E0A7FA5303679BDFCD567217E142FEDDBB3B6146201CF9D84CD418BDE526373B98EDA93C8B931CC4C3C60A89C1352526F533010000000E000000385835324E41646D516B412533640200000000000000
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F6564000000000200000000001066000000010000200000009F2023FFF25182FB5385FB89C7803F6C2995846C99D69066573AF52BD21145EE000000000E80000000020000200000005E50D5587F25F205E2B284ED523A9EB6267AF5607AAFBA9267E084A3A45A889C5000000025A7D97E4DF1C804F2EAB41944BC66F54FD580C477B4B029D552FC877B104C47409190A449981893D7D5FF01F1DDC58C0F03E008088EF5FD6C9F03CD83C4D89761F54095A38407A868E4D60B074A19AB4000000000683E2C6D3718E618ABFF7CEBE2705F9937CE3D6BA3906871797D974291BAEEA1D2BCF63E98F5EC6E3A771744F74C0426D71E43DB61BEC6470D3DBFAF4553E0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C08000097ED92C3FEF14E85CD407B3E81BD45C48A7DAAD9281221351F70935FC20140B7BF49233C867D6A9831BEC1E00A68EA53662633B14FB85669369E7DAE9517FFBE8A26E73E6086DA7BD8C428DB88F45B50BA9FB46B53EBB7C661251D175F23567B6325DD9DF92B0F245DF45E01A906DD25F18A981C49CBFC0973A56087D84348D659E4E99E7B8EE2C107ECEBCBFCBDA0596E86EC5E3278E1EA92BD473DA99881C803041524C3CDE839A74D81DA3339E90DA032F7C239127BCA840FF4D57743144BD825C4E81E0A407C0AB831045D9AFDD5423000567FB99A27FA3A8DDD6A62D08E9BE755C88463F3A38CCB45EFD0FF57DC651FA5331F8D0DEB81DE3BFC92160F8BEFEA6C1C0CFA3AE23A289845D58A7655A29E8A240DAEF87B989BB4A5AC7F35DB97CE3024B2ED20474B6D81725F5AF745044F8C56443CCAAAEC11166553BEDAE844340582235E184BBF3B16EE4E8F589478D12B1B1C571A6904E07AB213F1BC6A47BA88C4986BF6323A335A1F36497B71F0C3F4BA3F1F635366A8CF548039032F400118FF7336513F9EF3B3C7AEA779092AC72158C4B46C0710095A603DB7C039AEA93D78A4DDD6AD531DCF02D5CB298A527CE5E28A36804D25A39BB554890D30C7527B606E821689794FDFD658D41F77BB81591892C57C120D162B1D9CD02F15EF9C829F82439748912A564F0FE2C74D0278AC98F3819A2E97012DEB8AACD9543928E0AE1142E543664FC02E9B14907A67005B07C38A98FDAD066537133E48254A94E77F749EC5ED8C5C872AC38C869DD2B8983DC900E7C991C4C1A106A4A62D1481B37BA87622EB78F32DBD1369811D2F42D88EC9034400CCDBD1ABDBFF3286EE8F178C73ECDEEFA7B25F8021CB030E743D1918DEB3673EFDEBEB9C7F709D02D25E2C35F31E506E913AD81D61D2BD63DF481326BF3025260F9439F93B1563D1BA8EF8BE412E6A1B252CE9CDAB9D0B77360560A5B89A140912766789F10F536360C03F71DA3A4B3B9F265766FD4E4DDC8F122DA4BD113861053133EEB57E44AE479276E00B64FBC548CA80F65A04FA83C611B6E7AEB556165A652DCB6C83B8B43EA5A841D6CAD352F4B665FA6EDF3D3119A1C18CDFA6709958B220793F3C42654D9906DD368E64DECC8BF912B5FE2E41C3614EB9E50419CCA5B8E74FDCCA2BC5D30E8B81F4CE215676EA2559CF830FB9B5F383619BEF68BA8A168A799F4D776EA2A4A71425ACA5FCA071DF3CE38DF0B17CF60319C7877B20A66E545C25E6F35994FBFE278A4651985BC29BEE3B3C2D05CD0962F570ED35C5805F558EC9B35BFE4BB478A716BE4673F47BDE6465B0CF59E7CE097E4C3F60A4F789385DE9D50DBD026DF492BC32112DCB3D32E3A808287106E473B5579E33E2BD8C51E60C6D2E9CCFC7EAC71EC4D85B15A9C11E9A661DD1CCEAC6236D2A69985B082BB90D998753F0627ADD9D9271FAA45DFFE91BE99CB4EA8202FF41034B6C629D8911917A5BACCCDE3B0CE7BE03AA52FB967264B11053414B0B5C5949FBF863EBF39D86309227DADB662C4B6798C5CA21F51399DD5F73B8E4126F701C7E05559220D17ADC22025DFA5DBCABACC53C447149AE928FEE4EB1EFDFE04A9C038F283267D0C19C2D7B07D9EFFD0DAFAE47C989F89CE0E683C95F0B632F78E94AA3D26AC7E3BB9100727119BC20CF8E08E8B60AE730330271F5BED776203923830384DCC37F77DC0456B85AE07B136B68394A958BBE7903DBE218F52D46066A9FA2BF2706DA2F9BA35E893C90D6C464CB8D9CC84640A50808CB7004D68F3BDEFDEAD6EBFC12E6EF4D1AAF5F77C8789B63645B45DA7E95339B818EA32EEB369FB4D4CFC8CDE59CF8E049C263281C832E0A2541AA33D564A32439D37472FA02CD62D5F15EC0F70ED7900D08E9DB51393FF4B4F798357D51782A977C16DED21188E98F004D08A70FAAED632E8F3B22B5EC2FD17EB0C86D3DD2F61AB02820D21BF0016236357176909261F005F60D1F2D579D468F90A7C8BAD073CE564C887FC7255DBE6EB637FF6DB03F1DFCBE4C5BA49E58ED69DA40DBD6945E4E4121557FB747A94E60706A7D0022A68695874C231EE32F79442CA6AA1D3DB91C8B46E19287767DF25F02E3DFF40900B69BF15BCCCC449C1DCE27211450EBC9454D5D7AAFF3D2BA83920E49748785A62F7A9D298A0FE362FB246CB479C6BD5A547805ED1BDA7BF871AC33F81A49B7AECD4629815C7DDFD060D499EB02C2D50F96DBDDE6A6CF917828A811C50B09BD2D6F0A36D309FC57D3DC7C509D67455287B13787E0E7DC34C047D8482731DBB8CDF1F26454267B6D531DF92FBC542954828877A2FC90878401AFFC78430B3EC91480D6535233C93F60A08DD7BE5360FBA76D8DCD29D2ADA1C25415412626250E5E2FB7A35FC51BEFBC3338E9A34DEA66CCA83CAADDCD82AB38EB0C436A23FCA860E77AF54DC1DD9B6848DA031698F1B7474B95D77016B7C2A25E2A1E914BA8B713A354E76DA75365370E52C7E794030D9254CAF64E45B406651A507296BB435C75FD231AC9E9986B4869C6D381DC65884B2802A6209BAC9756214EDF4F154AB51A091C2E665C13CFAEAEC0C87304F047984FF386EBB4EA95E2F73F058EC6E1E36784C2C30DABBDAFC8383847E1E4D56CFC8FF5383348B320C35B9D83E7E49D067A4DAE7997E71A2DE3C2A2EEEF7CEC16644E2C5B5FFFA658F9CCBCFBFA8C363FD33484F0E420B8671D9D755F525F2665E2458E8E50526C5E13E4C90CE2DDC9AC01186FC95E0E097F25AEF4385BB14C793789F673237F7C50F77FC656C97EA76E484F47A2C2CCEE93473FF91A13B8AC71BEDA4BA9B68B3D4F0AB6EA7982B332A62365061CCDA604C599A012A678FAC66F404DCDCF6C55757BB5A35A15F8061372322AFED7F7EE95334D98F67A85E80192AC3AE087B3B566F4E50069CAEA7A9FF3550C8A73ACEAA0FF3EA25038F12357FABD885270B7B64FDA268A3E382856954975C5809020CE6F483F02FC7E1644DEC63C3CB82998D05E4D8F3910FF05764F959B556ECFF8C5F32DF9A364EE323EA518FF5EFE546641596D0E507BBFC737F6F56A5544CEB10E23D03BC90A26694CE60FF7315990346A315A862B80170FEB010000000E000000385835324E41646D516B412533640200000000000000
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935432
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935482
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935432
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
964203128
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
964203128
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
348958312
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames
en-US
en-US.4
2220
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
040000000100000010000000E4A68AC854AC5242460AFD72481B2A44530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
2220
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
5C000000010000000400000000080000530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarOKText
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarText
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPMSNintervalInDays
20
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPRestoreBarLimit
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPOnlinePortalVer
3
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NextNTPConfigUpdateDate
349006898
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarCancelText
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Flags
0
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E607010005000E001400320007005301
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F65640000000002000000000010660000000100002000000004C325D038E977A86733A0F1C24BACC91CF8FC66AD4F8A85B69EE6D0240D90E9000000000E80000000020000200000005ECC2038F209FE005E394AB2E70C2C40F4ADC48A5BA0EA68260CA21E4859371120000000FF18BEDC722B4660712ED4C61F237A21F08BAB395085FC053281AD1B50BD0C6E4000000008CE8CA23322D6E4D7FE6E528ED06535182F917EF5EA56D7F4CF2C3091E1BFFC7CEF0B388B914C05AF3CE2A9A576C18CD96D10244BB53F7C8FC0AB03FFDF6BFD
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
E0C8ED8E8809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E607010005000E001400340005007603
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E607010005000E001400340016000700
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
30BC7AA08809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F656400000000020000000000106600000001000020000000E990397D30840955351D61CDB134AD85D07C5C1CADEEBF3A38D56E762B0E57A1000000000E800000000200002000000036D03FAE0B657A1F058B54DAA14272C5D462AAF58C6F1765D1DD112F38B0ACEA2000000072AAF841BB39013EDB449BB3EE1F1008031EF2F096213AAB3F6E5C8DB85D271F40000000678AB8E341B14B30B455F6AE358CB3B487D2550029F2CF64E61DE44EFE7700AF6984054255EC2051770A957FB17F835555FC884A14D2140FB834F6FB4B86C135
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F6564000000000200000000001066000000010000200000000862DF2BEB1EB1610F6BFE89331D25F2EC7AD81381D0789340B39D440A6681DF000000000E800000000200002000000074B8FB7724423213E9A44FDDE3834C91C26070386F25DECAEA9EE0ACEA6A28C620000000D9D08F44D1372879AAECFEDE3265E309013F60D8BF6C58FA481CB7865424D5A7400000003FB933FCC0357A20A7ADF8D28758BB0F7D6BFD48259AB4E8336F2E3A3D63459768BF750CF32646DC6F16FB4A7E7270A91F7E8A6324196EFDE9CCD2008591B7BF
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E607010005000E00140034001F002003
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
C03F52A68809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E001400340025001D01
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E001400340025001D01
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E001400340025001D01
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
27
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E001400340025001D01
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
MFV
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F6564000000000200000000001066000000010000200000001B70EC127A667746EC51741F1C102F4040AA600EEC3CCC24F9E09C49D638D2C6000000000E8000000002000020000000B94493FF0C3E1696293BA0F84EE8B018E9E23CD060DFCC303EA9708119671388200100007089502ACB508BC35BD52E5F7C13EEA875E70D31E84AEAF2466BE963E224896163C46D0D669F4A7DB6BFF877E113CD87DE85434F47DCCF7F8EE4C9FFE664668BC449B37D8DA150982FDBE7C1D508640644B1C62B5579C68AEA4393D68B60F933FAE3BB71B4C3FFC3DE82F67F407E5A9D3C94C8993A5CAA0F7A45C6CD0D3342EC813C866BD024A0B5DBFAEB4DFE59498DE02D7CDC809676232B90AC4F3A28EBFBE18EF483C7DD8E69932D73684935EF7667A53A5D16107B5C9F7B6750C036D594FD583B4C748F9E7D5CE89A1D9E3A4806A37D95EEB3F197FFDD9C4F1DA11242A4B5297DAB022A874C689331F8623F0F51785706AAF4F2C38845BB5BBC1F93CD4E844BA52979F874CA79DBD5BAAE2C7EB70757ED0CF58E6DE4B84A7B6C82BF4DE040000000E7E53C3B31E1F4E85B45099A89A9033D127EE546F85EEC18E26A8FBDC5614F686203A4DDCD52437A042FFC257DDE62D8B70E55EE5CBDB2150985F996D7EC7F0D
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
60901AB18809D801
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F656400000000020000000000106600000001000020000000F93D0CDD677E47F12EC5BAA2678D785FB6B862FDF40A343CDA7F421CD2B4738D000000000E8000000002000020000000AB69DAEE22D7124A317BD0321E3507690AC52696EE53F9FC38151F66DCFDB492200000008A75547A9BD6CA07F4BD95D121978A8941CDFC0EB758EB4444984FE9E8DFCE0E40000000ABE7ECF82EA6BEDB199A15528D45FF9BF5CA2977FA7FF678B86523C5E75D3F5B533169D1B9648E3A02EC7F0169D3F6D7C0F6F5AFDF9012678819533F87DA8D25
2220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
MFV
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000099FA4C295BAB0E468A7B0F05E64F6564000000000200000000001066000000010000200000003046E31F5CEE8A1D92D3E2653BCE01970B2C25EEA5CCA8115C690D8A9CFA6904000000000E8000000002000020000000F32A69BDABF86EF323159A34856CCB71BE820D48EB70C920C7795A2C354B52622001000031612E55C321C1F37A6EA48638E01E714F5117059D410E8C730AAF81FA66565FA6A2833FFD7256BF1BA6C02825E4B595ECE39169911BEAEDDC77FEF446E14125C92423B59C9B7A92FBE08BF1B73B7B3B6327316A49AE700616BE6DB80B363F09C79A466296AE4E2C5253DCA9D6C697F59051ECDEDBE5EA1AD8FB30FAF778531085E88B8C473EB66E97EECD9FAA63876451F5A0F2D74E8C05A2A8920B14E168FA88078F540C7A48867E7ADF4190261E0509005A9C18BD833EC9DFDB0EE85CCD12A919B10B02F71CBFB3B2CF891E8FFC64896E105D1E37D04B2B645F31A4447875072F2212C5854C2693854B79BB2A90C05D4AD0907240CBEC986CF8115E9937ED5C516A10E6E59B4E840645C0685285C54ABFBAFAB17FDD155B66A40597951D024000000091760462BCA8480B2FDCF9413E25A789CC6E932C84CCBF5D36AC7D8656E3CCF8C0A54E140600370D0255476C27095FA90DE6A15303F6045C643F0FAED9E23449
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\americanfaintinggoat.com
NumberOfSubdomains
1

Files activity

Executable files
0
Suspicious files
12
Text files
139
Unknown types
47

Dropped files

PID
Process
Filename
Type
3348
FlashUtil32_32_0_0_453_ActiveX.exe
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
sol
MD5: 85ebe44e63d1ee14f1bf83a80b4a39b7
SHA256: 34e00c4a55a19278aabe15531a9450b1859698b55045693d309f44d5c996c9c8
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\KZJHG29H.htm
html
MD5: d7ad13e1dcc05020ea59764e299aec76
SHA256: 8c62621a743e47f7a888484fd81dab81bf5cd751620a5815bef5e0daeaacc0fc
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0DD30266AF9B4A57FF10335BAF014F_FED8837FD0C0AC54228AD78C2DCB3C3F
binary
MD5: dcac1f7f92848d5d0439c64c30f0f190
SHA256: 193c506163ae33c4869dad322245980be010c3327b516421b4a0a366dbabdb9f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\clip-art-1-150x150[1].jpg
image
MD5: 9edf8b9d5af8cd16e76d0cadf574ec8b
SHA256: f9b1daff7b9e172975946d2af225842118daa4c5c0b4650bc2b90604f6070345
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\lollipop-150x150[1].jpg
image
MD5: f9a86cb7726c883fca41b6d16d458a7b
SHA256: 6ca8cc51daabb4af649c152f8e076a2184de54f07fd9c4f2dad02dc8bc9b7f4e
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\debbies-i-phone-pics-635-150x150[1].jpg
image
MD5: a0bb6f7c1dccfd11a9c44fb6ee4bc04a
SHA256: e9625d1d3ac9b9899d7bb35cc88950e9a996ffaa6ac457005f7af16cfaca9a71
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\DUN08MA3.htm
html
MD5: e991e0e23db2aa69be0067186f1df612
SHA256: 4fdcc1954c4902b6207fe1e1dc1273233caf81d30f553a2c8379f0f112f4e22a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\animated-gifs-america-usa-23[1].gif
image
MD5: 8d9d136e9cb414d541b1b6b3d614cfcd
SHA256: 1de497b2ff95076a7b1b67f32f1aa4cb17bcdfcc8ba7c78c8273c5b4d3a467a8
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\goat-show-2014-0961-150x150[1].jpg
image
MD5: 5b0d3437112100dfea13e0f1d0e4daee
SHA256: 55f1087d66319f2d3b71882250f46aa939bcbf7e208f8e5557ece4631833a43f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\baby-therapy-and-julie-150x150[1].jpg
image
MD5: f7472d7c0bdd0ef7c2ec3e32dd38af34
SHA256: 23e58e1847abf0ae87aad1e7be694c3d6ba0ee4620d08eaaf5a81f353752666f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\3UX9GF9L.htm
html
MD5: e5ea8341ecd76acd27c47ba595e1938f
SHA256: 2d991763628a10159e6c1c134ea231281d96b026556c0416f93bba9307f0964d
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_DFECE1A4D0C745EF29E7B51A2DA008B8
der
MD5: 3b84148cf8ccf39965cb73a6e0413bcd
SHA256: e764e12185d32b1c072b6df6ffdd48207023fff2476a6e2c11a7e71add4cd652
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
binary
MD5: 16e49e94e88167c9ddb2d79ded45d934
SHA256: 99e43ca6e857a3617a3114b79ddcfc8845b00e5fea61d5cf70045e66aeef6d4c
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0DD30266AF9B4A57FF10335BAF014F_FED8837FD0C0AC54228AD78C2DCB3C3F
der
MD5: 846ab330d078da9fc90c041fd8b9dd73
SHA256: 50a9ee04ec2932098e0170685dd58d870697026ba22dc97b61bd34f11df9eaf2
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_DFECE1A4D0C745EF29E7B51A2DA008B8
binary
MD5: 2e0f8838fdc4073be5663c4e0268c9ff
SHA256: ab0dec35a55d0c850aa7f9ea718e5af41b11f0ae7ecdc450563ec0b4ad98e9f6
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\peanut-front1-252x300[1].jpg
image
MD5: b3cfd1772e214f6c81bfc7f252bee5b8
SHA256: ddcab2c8a838fa7c72b47b0fefd3091752c61db3b01a311734d71e7cf31eaa8c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\friday-virtual-300x236[1].jpg
image
MD5: adf682f179c53d2cc419925ff2fd6fab
SHA256: d03a855a8131baeb2e3c24796516b3e2cb7081ab9cba547bf5f375a957691730
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
der
MD5: 6dc758dafca329c85c8bbc01cc0ad57b
SHA256: a3d5afda772958b0ae1a2f3cc1f2657836a732c54266ef7eb9df5844e4a19973
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\congrats[1].gif
image
MD5: 613b0a163b17ceb7a0072236748d51f6
SHA256: 7750cc57496d0a188b10fe74040ecbfce55487038b8740ec4e50f13751b68062
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\peanut-firtual1-300x300[1].jpg
image
MD5: 5074548cb3c586ee4f500c81aea134b2
SHA256: e3337ff77d861601f55eb8de9a42de2ab8753ba8b5e3345eab6223a88a80fece
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\peanut-side21-225x300[1].jpg
image
MD5: 1b3b6e93c6e722d94f1d6b8639cb92bc
SHA256: 8c5b496886ca4b0177761efd20de7ec4f7d5aec6a37a9f89680d567ef9efc22c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\tumbles-300x264[1].jpg
image
MD5: 17994ffb8b8e3679ebea3724906825d3
SHA256: c5818206e9a6913512e51f5d8e1903e5c734bb9d8e45ad6aa768fd0af6ee5f81
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\tumbles-rear-225x300[1].jpg
image
MD5: ad7e5edd052a1f61d8aad5f38e10edf8
SHA256: e59a7cb598918f10feb730cb9bd82e120edead8f26b55e0583147a2c08bd7395
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\Friday-front-300x282[1].jpg
image
MD5: d122207932f232abe9ff9c64e0a56514
SHA256: 18c42d739a05e653b9cc56b754181aa9bcbd475920c2e91df44506fbf6d9ff23
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\cheestos-300x288[1].jpg
image
MD5: 795452fda6a3743ec63d2c3c07c7a2c8
SHA256: 2bf238eb1f6fb2c8a8fe36452d83d6e4a4cc5eb038a4e009935554da9b70bf4d
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\tumbles-front-225x300[1].jpg
image
MD5: 08cbb0806efe126fcf7b20f353eef148
SHA256: 45bb3d0237ffe07afc22b8f2330f522fea2a2d5740efbcd280494930cfb43d46
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\fridays-rear-225x300[1].jpg
image
MD5: a14e423235f1c86c0c7b24802982c7ff
SHA256: 72f7cb17d78f66b991bb3338b392dd6a245a51dc9153dc12addc8114d66a0801
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\peanut-front-252x300[1].htm
html
MD5: beb83873a6109940c8744640a496fcfe
SHA256: 3d2dffc9072d30bf85826e425f8bedd479f076110fc67781c167279a5882705a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\peanut-firtual-300x300[1].htm
html
MD5: f2bf99864d9e4291e59631e7abebd744
SHA256: 4ba10efc3037ef932489d99260ba36334f896ca1811f48256e02b86a96beae9c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\cheestos-2-225x300[1].jpg
image
MD5: bc11e5b6c52384214058b29878c7d2b5
SHA256: 24de1224614bc9eb8f79d9be93b4bb01cdb55e72755ceea8a3875080e7a42011
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\red-ribbon[1].jpg
image
MD5: 87bbfb87430293e6a385e065a67d6d24
SHA256: 104ca305963b80040e0f97d29cd403a546c82f759d0715c7d774616aa1f52d3d
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\blue-ribbon[1].jpg
image
MD5: 2a8fcc51da56e894d3dd4801fe65594e
SHA256: 2486ec69691c5a334dc07bba164304351f6d14d411aa1c144c4132dfbb4beb60
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\lucas-front-2-300x300[1].jpg
image
MD5: 054e8f52d359148c009f268270e1b413
SHA256: 4ae985ab899bb76092e6df4355a6e63dd5f201dd8c4f240ad0932f39b40d607c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\cheetos-rear-1-225x300[1].jpg
image
MD5: 31337e483d567579786ba9c5755cad0d
SHA256: 45e396dbf5efe65c661bafde8d99a5f31ee47bf5a34c8b134a1275ac99a97051
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\lucas-rear-300x300[1].jpg
image
MD5: 04cb3f10082241bd67a74a24e555f739
SHA256: 5802c452c27c1d24fc4735727b35b6ddb6379d4296cfabf0a579100fddadc0cd
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\lucas-front-300x275[1].jpg
image
MD5: 02f5c25fab99281f08f57cf0bf17e816
SHA256: 249b8a305af655255b5d0dca53eaf4e7dd7d4a1055e4582f30fcfef7c0ef5bb8
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\imagesCANSGPC4[1].jpg
image
MD5: 7c732d512b5acdb40952d4ee1bcf9c91
SHA256: c47b4512888041a681bb44a33b5d3ecd07b2696ee9c6ca62f3ef935452a72e95
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\imagesCAIZW9KZ[1].jpg
image
MD5: 4b376719b8bdc1dea5ac48b5cb35a2da
SHA256: a52283c0e8265d8f5c24f868d5771076b1ab1e62594ff9e5d99e2871339c2928
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\yellow-ribbon[1].jpg
image
MD5: bd595dbe1bc344eb6ce37b6e3997f56b
SHA256: 5a73e57d6eabd07e3bf656ff1f922dba159e52ad5fa64f8ae9d39ce33fffe3d8
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\mineral-feed[1].jpg
image
MD5: 35c6fdd0d2b6fcd9b8a52a11e31e2a02
SHA256: f3803e3980ba4591cd920c7b086403d901d9aa8a68dbcbc53fd9eb8d4a2b0bd8
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\6GMANWB9
xml
MD5: 960be5a1e993b5aceb5fd4136898c38d
SHA256: 8b961538eadc2b1b076bce4aed415b83403393de2c79bd057d0a013ca13e0fbf
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\rssicon[1].png
image
MD5: a75ada9dd6d7c0b365dcce9f8ad65eea
SHA256: 63a49362c8fdd7e24642dba4d590615067ff27a74037189e8943ed98409c96ac
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\footer_s[1].png
image
MD5: 728b8c3beb82fd10b0f6641a9f7d7f5e
SHA256: 4cc2960b09d059469a8f141d52868738165d779879a157793586692323009f1e
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\footer_b[1].png
image
MD5: 93247c898f9420737dd6b923af7e90b3
SHA256: 6dc6cd841fbb836482434bb9fa69e927ceacd0e446ea7aab704823c65332f8b5
3348
FlashUtil32_32_0_0_453_ActiveX.exe
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\button[1].png
image
MD5: 4042fdabb25b66946cf0de0c7e25ee7e
SHA256: 68efc8f3d008cd9fed7433feaa08dd1b7b4bc344f1c486bc52edc909b7fa7f71
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\vmenuitem[1].png
image
MD5: a71351d5fd75c5a1a90ee809ae5097b0
SHA256: 4b7da18a0eab240d6158f7f9f2812b4505936e6baa999b81a8e7db7dee70b88c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\block_s[1].png
image
MD5: d79d54b3ff7319cbc0a3fa9bf24da9f8
SHA256: 15e220c107c60549f84de6a218233769d83aa92aa66329f3e8e1f4b38fd84770
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\vmenublock_v[1].png
image
MD5: d33548dbe672bc34b5d8fdf8c32cc198
SHA256: 5a6e2cb67fb7bde7ff2505cf9bec9eac36619bbf1129af821d2edff2d6564b28
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\block_v[1].png
image
MD5: d33548dbe672bc34b5d8fdf8c32cc198
SHA256: 5a6e2cb67fb7bde7ff2505cf9bec9eac36619bbf1129af821d2edff2d6564b28
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\block_h[1].png
image
MD5: c42c12c12ea4dee73b724f02a7a3641d
SHA256: 18e9fd1f689d3253ac311f33628896b7d9c03ff1d093f5ae065fa27a41eda36c
3348
FlashUtil32_32_0_0_453_ActiveX.exe
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\openssl\cache\RevocationCacheFile.dat:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\header[1].jpg
image
MD5: 6ede38d84e32d4f435ffa2d9a1176d89
SHA256: a8966fb1d3e57ee1904078b1b5543033ff9d4505e4e7071e5a653348b5ea1684
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\sheet_v[1].png
image
MD5: 76335556ebb1ba7c87d649d6b99b495e
SHA256: 631eaf8ff85c7e37234599f5b1e76356f7a016207f748a8377b30930a4c7a663
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\header[1].png
image
MD5: f0c13140bd8e21be81701a69fd294008
SHA256: a2e9739d7ef6c5c1eb11288719e009490817b30d8bf0033c6ef60b0ff1a58967
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\all[1].js
text
MD5: 8c59583795f52612e2fbc9f1d343fb53
SHA256: f85950303f074369860d625cd3b00f573c804f65026574d591011a3df277a649
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\www.americanfaintinggoat[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\vmenublock_h[1].png
image
MD5: c42c12c12ea4dee73b724f02a7a3641d
SHA256: 18e9fd1f689d3253ac311f33628896b7d9c03ff1d093f5ae065fa27a41eda36c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\sheet_s[1].png
image
MD5: 23c8f68c315edecf64288fa95d6e6247
SHA256: 0b54adaa85900ee1e0a46458903c4276d6e62298979780cfea227c8c771ff8e0
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\header-object[1].png
image
MD5: 1573926cce4e0afcd9d9d5ef2a57a00a
SHA256: 72f10297bc5848960f682b9121647bf79c8795a93a5e349b50fa348aee337c3b
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\all[2].js
text
MD5: 45fcc170157b831aaa9d5df2f54a6d4e
SHA256: b7068bc9828cb9124c2fb8cf6a3b21106ae92df84e386cac04af016818375fce
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sheet_h[1].png
image
MD5: dd8534cf5929872fd037ef0fad509ce5
SHA256: 67438d234911eb9db737ea38b9ff5123d227b0e9092d9fa2583660d8d28f70e2
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\vmenublock_s[1].png
image
MD5: d79d54b3ff7319cbc0a3fa9bf24da9f8
SHA256: 15e220c107c60549f84de6a218233769d83aa92aa66329f3e8e1f4b38fd84770
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_CE500F4904CEE254B34ABDBE94442DC2
der
MD5: e71ac70133d8f74221153beaa6923825
SHA256: 24ad504fa3555f33f72bc3120abfc911e080cd2bef0f8cb5229d8feb3677bf6c
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_CE500F4904CEE254B34ABDBE94442DC2
binary
MD5: fa20710b0af81e001227ba89032623bb
SHA256: 63617df5850b0abfd9f9999af3f413af929cf03efa3c247d36afc44439f0a558
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jquery.fontPlugin[1].js
html
MD5: 084132766e05387af1e9f99f89b33b5d
SHA256: 1798fec66ef582c474d39b23f98b1246c7fae85bc0e12c7193ee337d29de3704
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
binary
MD5: f2263b740be7b013a9abc4526b21cb61
SHA256: 0a0927fb9ff4c1de8f7ea58064b8f9820049263abd31ba470b33021d76d53e70
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
der
MD5: 47396d1f83885b122f30d2d498c9ed2a
SHA256: ad4f35faf489dd92588539892a4ee173c84290d3b2118b21c6283d269db68f5d
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\animated-O[1].gif
image
MD5: 62daf5a42327a8c90fa77b5b2b968f33
SHA256: 96405239f708ea4029a99f7118e42e8c3457f0c65f6b70c1237651d7b25c16c2
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\animal-graphics-goats-561241[1].gif
image
MD5: b338a01a479a72ac4329d0265d16e55f
SHA256: 70cd22c43f8af60fee5828103755dd1b9048801461f7e8c79bca9dc7777201dc
3348
FlashUtil32_32_0_0_453_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\animated-G[1].gif
image
MD5: 66a5c776abd709e09bb2c5bf19cada27
SHA256: f1e8ceba77b52bc07bf8af7bfa5699917d15d3a30005bc4b9bdd22d50cfde63c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\slider.min[1].js
text
MD5: 9408efe2ce5a6b4364f34cbda02f814b
SHA256: 08e0d913aadaef201fd3200ca49fa991a2d8d02b3d9a54621123d71837bbc73f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\wp-emoji-release.min[1].js
text
MD5: a7c259ac67b3b4002dc8ac4a09765b9d
SHA256: 3d8e94fed6cc8ea56ee5ec6174efb68cb7197d2e729149cb43e85505bf175779
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\animated-A[1].gif
image
MD5: 7fe77541352f86770e4e257081170b7d
SHA256: 185304f11b05c4a6ce7d8fa6e96ad04c7812839fc77c6de69c82533e941ad2a0
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\animated-F[1].gif
image
MD5: 4e694899bf8811bb55c9d9084af6d080
SHA256: 8fa4fc5874c303310ce9bc9847f37f57da1b9c174afb5007790fd1a38f7e9623
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\widget.min[1].js
text
MD5: 8cf7f36bbd79bc0664b6113f7a7837fe
SHA256: 38a448e9e03a9f64e7611b19af4bb8ec97fde2c708dc57ebbc7701be7ae3af08
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\animated-symbol-image-0029[1].gif
image
MD5: bd9bf5b6bc49db0b6250aac1ead1448a
SHA256: 383e2763b6dc13a0cca6b802c26417dc4fea5bb780118e4923d1fbfb837c8a1d
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\script[1].js
text
MD5: e604110dda123512fe743a8eb720fdfd
SHA256: 69e5a1e32a0343052128ee0744444eb20c5522f2311e6f4b0d9e72a484f09331
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\sortable.min[1].js
html
MD5: 2896e90cc17e9abc160ed96bb86b07e3
SHA256: 9023e3275b6d897b202ddb9848872a661fea055c96c2973a02e1cf5e39f04afd
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\wp-embed.min[1].js
text
MD5: 5a03f97cc479b9f5d7efdaccec31bc17
SHA256: dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\colorpicker[1].js
text
MD5: 418cbf9fae45e17592f02dc4f9b5f3f8
SHA256: 5c24bf4ae2b5b9d148401c93e29cbd3dff1bb0cd0747cc7316c07797d73baf55
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\draggable.min[1].js
text
MD5: 443c277789baf69c490019d59c1b36ed
SHA256: df7667a0380d57f508016bbe78d085ab7f7bc782b128df6d46e815162ea6e82b
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\mouse.min[1].js
text
MD5: 82835a8960ddd73020389dbfa45c39a0
SHA256: 88b0379349a4dda6ebcc43c5bd12084d230c6105a6fd3c2f651c4e771b3eabef
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery[1].js
text
MD5: 8610f03fe77640dee8c4cc924e060f12
SHA256: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\animated-goat-image-0021[2].gif
image
MD5: 32994191f9d2db17c9c5296eaf9349f4
SHA256: b1ed0d428076dae10cbb13e9a47344e39da1795679bba03e3fb819b9cee9fec5
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\pluginscripts[1].js
text
MD5: 7d9beafa4929e8f858c6025fbe4a1d2f
SHA256: 1d80b2b1e051cb699398a6f9a02b30d6ae5d358b12024e5a50053c991503ce50
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\zbPlayerFlash[1].js
text
MD5: b12733a4ba6fb489d0db4e74ad6a8389
SHA256: 6e729159e67dd8fb86b9ca17b1f6916d6db9d6dd4b3bcc5fd197d3556bd43fe5
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery.fcarousel.min[1].js
text
MD5: c30a872681be60e7e82af36fa230b8b5
SHA256: 8f948e8b8bb29d1717b3f16b4026285d25cb1b7639f59df869683e735fc57936
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].css
text
MD5: 4fb803dfffe276752668444fa9ee0141
SHA256: a6e5e27cd101828fa228bf411d164f947f9a5f129a08aa41ebf7404847eeae80
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\core.min[1].js
text
MD5: 9ce4e157448487d4efe0ca538f656a71
SHA256: 936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jquery-ui-1.8.14.custom[1].css
text
MD5: 9d845dffa3844ff066d7a22996277bcb
SHA256: f7b62d4b82180330aa3d330d19a624edb3fa843c50e627df72a73cd6ecb40640
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SXCYEPOG.txt
text
MD5: 2d88eba2dcafe1419b81889f4060dbe8
SHA256: 52422a61530dac5e0c5702c9843057100317013372bdddb235c3000b6135968f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\colorpicker[1].css
text
MD5: 7737c9ca5036f81500d912b607a98c6c
SHA256: b7d1d2b7ff7d67652269dc1d5613e4e8ffa31bce3d58c4ec0e328a17a19a9c99
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\A33WPGU2.txt
text
MD5: c437d6c8e2e40ac3fb1c6b36758c98de
SHA256: a7866e875a0f8e38a5f9b5200dec66318b7b0c736d3f1d4d044d887000343f9c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fontsforwebstyle[1].css
text
MD5: 4455daa3d7ae5504c6957aacebda208b
SHA256: 43f62cbead9a01315ac1099d8683757c619b1f1a11faeb5163a8355a434ff184
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\zbPlayer[1].css
text
MD5: a300e6d1de3a03d1535bdae680a0eeb3
SHA256: b5b58a1b322159d68f6cf6438d96a0e908533b0a2960773fc31e6047b5007628
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\E53WTH3S.htm
html
MD5: f2a4986d2bc08c9047cad8d8b2c37c23
SHA256: 763809d9b8b88c47ebbf14c0ea3d4dfad2cb45cd40b9531b04505efcda9e1a73
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.4
binary
MD5: 5a34cb996293fde2cb7a4ac89587393a
SHA256: c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
der
MD5: 3d44d80ba9bf887e49a544b16cb7fce5
SHA256: d40a80008aec192e94d3a233bf7d401dd6e1a9ba17d16bd4497a2da50f95492a
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\UU2AESAY.txt
text
MD5: 3293abdc94b78e93cf460c21bc45efcf
SHA256: 1b753a0e0b240002f2a656cde71df6520099f7f69a4c80ee71d509f8a405ffd4
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
binary
MD5: 7648831087ebb4f433d681a7efc2e40f
SHA256: 26ff61e0a18d5a86e9210b93c6d07e32fc8acf3f9fe085180d75fa5ca85b4aea
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\search[1].json
ini
MD5: 449f61c84cd2f7342f95403c908c0603
SHA256: 19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery-migrate.min[1].js
text
MD5: 7121994eec5320fbe6586463bf9651c2
SHA256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\PG5XSMNK.txt
text
MD5: e16d96df5538a698755ce442c984583c
SHA256: 92177a43f3f459bdd1f70b583f582207510667045d9319306ca638a708116130
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\animated-goat-image-0021[1].gif
text
MD5: fda44910deb1a460be4ac5d56d61d837
SHA256: 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\animated-symbol-image-0029[1].gif
text
MD5: fda44910deb1a460be4ac5d56d61d837
SHA256: 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\YX4UNAPH.txt
text
MD5: 2254536c7e3bb174f8d9a01d8960343c
SHA256: 53f776284d16a947606a1bc4f8c5f4220b856407fa53e89529f1ec7f1ca38089
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\48HYY59N.txt
text
MD5: ea13a392ed279e00db94720886ef8964
SHA256: 77963b281bbf300d46ea6faec7be2ead4d3eb3f5be417c7139f431d24a727028
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Q17IJ79K.txt
text
MD5: b4e7bf5378d06a6e393748e1f8118449
SHA256: 761f4fcabdcb021e74e7b7088ec59d1db20fc05f34359d2c3a7d22438d24db41
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verAA27.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\H5PXG083.txt
text
MD5: a00ad47ef26dfb6d6bb6421b5d5846b1
SHA256: 30b273dc092babc37ac61ee9ab358e4d5b9fc18cba6a20739404cf50ab61f0e0
2220
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BIJXY3NY.txt
text
MD5: e37568eb53c9342fc2f2348b311b7634
SHA256: 16a6251eb6ce4e63a38010abad13839757cdfb25755db1ee68b2a40abe445f7e
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: eb77812ffd0d9b790d8089ac46077496
SHA256: dfd4ac98e6e140ac6169f4a6359e9299fd3b23c72132af7f94200c2d47c2a42d
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
binary
MD5: d2e08aab63a6ec254f28892e8294b594
SHA256: 9bce40aa87bfd413a58353a44a7562c7daa37c21cabde8f95cb2209f47e516dd
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
der
MD5: 4ce3ebbc54bf47d856f19f1bdfd546bd
SHA256: 03887a592e96c10969759d00f7e8e58a8323de635fa9946b111ce1cf3abc6d76
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\72SSBRVM.htm
text
MD5: fda44910deb1a460be4ac5d56d61d837
SHA256: 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
2220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: bd941a6e62fc38418bcdbc70f3acc651
SHA256: e6524bc063c3adc43f0d7331b4780b2b3be90eb6b729fdef06a2f90179478609

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
104
TCP/UDP connections
76
DNS requests
23
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3736 iexplore.exe GET 301 74.208.236.126:80 http://americanfaintinggoat.com/ US
––
––
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/ US
html
malicious
2220 iexplore.exe GET 200 2.16.106.186:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?289cf79653f4f370 unknown
compressed
whitelisted
2220 iexplore.exe GET 200 2.16.106.186:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?474448c0b713d8ba unknown
compressed
whitelisted
2220 iexplore.exe GET 200 93.184.220.29:80 http://crl3.digicert.com/Omniroot2025.crl US
der
shared
2220 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared
2220 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D US
der
shared
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/style.css US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/css/fontsforwebstyle.css?pver=7.5.1&ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/css/start/jquery-ui-1.8.14.custom.css?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/css/colorpicker.css?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/zbplayer/css/zbPlayer.css?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/jquery.js?ver=1.12.4 US
text
malicious
3736 iexplore.exe GET 301 104.26.7.200:80 http://www.animatedimages.org/data/media/640/animated-symbol-image-0029.gif US
––
––
suspicious
3736 iexplore.exe GET 301 104.26.7.200:80 http://www.animatedimages.org/data/media/234/animated-goat-image-0021.gif US
––
––
suspicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/js/jquery.fcarousel.min.js?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.11.4 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/js/colorpicker.js?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4 US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/js/jquery.fontPlugin.js?pver=7.5.1&ver=4.9.3 US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/font/js/pluginscripts.js?pver=7.5.1&ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/plugins/zbplayer/js/zbPlayerFlash.js?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/script.js US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-includes/js/wp-embed.min.js?ver=4.9.3 US
text
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/animated-A.gif US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/animated-F.gif US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/animated-G.gif US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/animal-graphics-goats-561241.gif US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/animated-O.gif US
image
malicious
3736 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D US
der
shared
3736 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAhFMjccjkHQHxWs2V0z2XQ%3D US
der
shared
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/sheet_s.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/sheet_h.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/sheet_v.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/header.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/header.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/header-object.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/vmenublock_s.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/vmenublock_h.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/vmenublock_v.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/vmenuitem.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/block_s.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/block_h.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/block_v.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/button.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/footer_s.png US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/footer_b.png US
image
malicious
3736 iexplore.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/themes/afgo5/images/rssicon.png US
image
malicious
3736 iexplore.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3736 iexplore.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3736 iexplore.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
shared
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/?feed=rss2 US
xml
malicious
2220 iexplore.exe GET 404 74.208.236.126:80 http://www.americanfaintinggoat.com/favicon.ico US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2014/09/imagesCAIZW9KZ.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2014/09/mineral-feed.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2014/09/imagesCANSGPC4.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/red-ribbon.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/09/lucas-front-2-300x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/09/lucas-rear-300x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/09/lucas-front-300x275.jpg US
image
malicious
3736 iexplore.exe GET 302 131.204.146.231:80 http://www.aces.edu/pubs/docs/U/UNP-0064/GoatSpasm2.jpg US
html
unknown
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/yellow-ribbon.jpg US
image
malicious
3736 iexplore.exe GET 302 131.204.146.231:80 http://www.aces.edu/pubs/docs/U/UNP-0064/GoatSpasm1.jpg US
html
unknown
3736 iexplore.exe GET 301 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/peanut-front-252x300.jpg US
html
malicious
3736 iexplore.exe GET 301 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/peanut-firtual-300x300.jpg US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/peanut-side21-225x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/blue-ribbon.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/cheetos-rear-1-225x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/cheestos-300x288.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/tumbles-front-225x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/cheestos-2-225x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/tumbles-rear-225x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/tumbles-300x264.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/Friday-front-300x282.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/fridays-rear-225x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/friday-virtual-300x236.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2013/07/congrats.gif US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/peanut-front1-252x300.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2016/08/peanut-firtual1-300x300.jpg US
image
malicious
3736 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D US
der
shared
3736 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEEcg0PqFRhp%2BF6FkApGEY3Q%3D US
der
whitelisted
3736 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRpg21TVpHZ%2FLeGq%2Ft34TnEClb0IgQUHgWjd49sluJbh0umtIascQAM5zgCEQDLN0axRYZtI2ApN6iPnDRw US
der
whitelisted
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/ US
html
malicious
3736 iexplore.exe GET –– 74.208.236.126:80 http://www.americanfaintinggoat.com/?page_id=747 US
––
––
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/animated-gifs-america-usa-23.gif US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/?page_id=747 US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/lollipop-150x150.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/baby-therapy-and-julie-150x150.jpg US
image
malicious
3736 iexplore.exe GET 404 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/07/max-show-150x150.jpg US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/debbies-i-phone-pics-635-150x150.jpg US
image
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/goat-show-2014-0961-150x150.jpg US
image
malicious
3736 iexplore.exe GET 404 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/tammy-150x150.jpg US
html
malicious
2220 iexplore.exe GET 404 74.208.236.126:80 http://www.americanfaintinggoat.com/favicon.ico US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/?page_id=944 US
html
malicious
3736 iexplore.exe GET 200 74.208.236.126:80 http://www.americanfaintinggoat.com/wp-content/uploads/2012/03/clip-art-1-150x150.jpg US
image
malicious
3736 iexplore.exe GET 302 131.204.146.231:80 http://www.aces.edu/pubs/docs/U/UNP-0064/GoatSpasm2.jpg US
html
unknown
3736 iexplore.exe GET 302 131.204.146.231:80 http://www.aces.edu/pubs/docs/U/UNP-0064/GoatSpasm1.jpg US
html
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2220 iexplore.exe 2.16.106.186:80 Akamai International B.V. –– whitelisted
–– –– 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2220 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2220 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2220 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2220 iexplore.exe 184.31.86.154:443 Akamai International B.V. NL unknown
2220 iexplore.exe 204.79.197.203:443 Microsoft Corporation US whitelisted
2220 iexplore.exe 13.92.246.37:443 Microsoft Corporation US whitelisted
3736 iexplore.exe 104.26.7.200:80 Cloudflare Inc US unknown
3736 iexplore.exe 104.26.7.200:443 Cloudflare Inc US unknown
3736 iexplore.exe 31.13.84.4:443 Facebook, Inc. IE whitelisted
3736 iexplore.exe 92.122.255.51:443 GTT Communications Inc. –– suspicious
3736 iexplore.exe 23.2.214.234:443 Akamai Technologies, Inc. NL unknown
3736 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3736 iexplore.exe 104.18.31.182:80 Cloudflare Inc US suspicious
3736 iexplore.exe 104.18.30.182:80 Cloudflare Inc US suspicious
3736 iexplore.exe 185.60.216.15:443 Facebook, Inc. IE whitelisted
3736 iexplore.exe 74.208.236.126:80 1&1 Internet SE US malicious
–– –– 74.208.236.126:80 1&1 Internet SE US malicious
2220 iexplore.exe 74.208.236.126:80 1&1 Internet SE US malicious
3736 iexplore.exe 131.204.146.231:80 Auburn University US unknown
3736 iexplore.exe 131.204.146.231:443 Auburn University US unknown

DNS requests

Domain IP Reputation
americanfaintinggoat.com 74.208.236.126
unknown
api.bing.com 13.107.13.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.americanfaintinggoat.com 74.208.236.126
unknown
ctldl.windowsupdate.com 2.16.106.186
2.16.106.171
whitelisted
ocsp.digicert.com 93.184.220.29
shared
crl3.digicert.com 93.184.220.29
shared
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
ieonline.microsoft.com 204.79.197.200
whitelisted
go.microsoft.com 184.31.86.154
whitelisted
query.prod.cms.msn.com 13.92.246.37
whitelisted
www.msn.com 204.79.197.203
whitelisted
www.animatedimages.org 104.26.7.200
104.26.6.200
172.67.72.128
suspicious
connect.facebook.net 31.13.84.4
shared
geo2.adobe.com 92.122.255.51
whitelisted
fpdownload.macromedia.com 23.2.214.234
whitelisted
www.aces.edu 131.204.146.231
unknown
ocsp.comodoca.com 104.18.31.182
104.18.30.182
shared
ocsp.usertrust.com 104.18.30.182
104.18.31.182
whitelisted
web.facebook.com 185.60.216.15
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.