General Info

URL

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/232814194.TTAB02.1/nsis/867547-TTAB02.1/180518125138533/msnionlinemapsearch/onlinemapsearch.9ab007686f384d6487b2a30a83734eec.exe

Full analysis
https://app.any.run/tasks/ef6d3f79-d400-4204-a916-f1287e894510
Verdict
Malicious activity
Analysis date
4/15/2019, 12:03:14
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

mindspark

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Application was dropped or rewritten from another process
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Downloads executable files from the Internet
  • iexplore.exe (PID: 2820)
MINDSPARK was detected
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Creates files in the user directory
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Changes the started page of IE
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 2820)
  • iexplore.exe (PID: 3044)
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Creates a software uninstall entry
  • onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe (PID: 1888)
Creates files in the user directory
  • iexplore.exe (PID: 2820)
  • iexplore.exe (PID: 796)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 1924)
Changes internet zones settings
  • iexplore.exe (PID: 3044)
  • iexplore.exe (PID: 3568)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2820)
  • iexplore.exe (PID: 3044)
  • iexplore.exe (PID: 796)
Reads internet explorer settings
  • iexplore.exe (PID: 796)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
37
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start iexplore.exe iexplore.exe #MINDSPARK onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3044
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/232814194.TTAB02.1/nsis/867547-TTAB02.1/180518125138533/msnionlinemapsearch/onlinemapsearch.9ab007686f384d6487b2a30a83734eec.exe
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2820
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3044 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
1888
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mindspark Interactive Network, Inc.
Description
OnlineMapSearch Setup
Version
2.7.1.3000
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsh7c76.tmp\nsdialogs.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nsh7c76.tmp\system.dll
c:\windows\system32\riched20.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
3568
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wship6.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
796
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3568 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
1924
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
1153
Read events
994
Write events
158
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2820
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041520190416
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019041520190416
2820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041520190416
CachePrefix
:2019041520190416:
2820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041520190416
CacheLimit
8192
2820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041520190416
CacheOptions
11
2820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041520190416
CacheRepair
0
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B784AA35-5F65-11E9-B63D-5254004A04AF}
0
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040001000F000A0003001D00AE03
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040001000F000A0003001D00AE03
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040001000F000A0003001E008200
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F000A0003001E00A100
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
348
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040001000F000A0003001E00F901
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
51
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040001000F000A00030024002E0100000000
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040001000F000A00030024003D0100000000
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041520190416
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CachePrefix
:2019041520190416:
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CacheLimit
8192
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CacheOptions
11
3044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041520190416
CacheRepair
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASAPI32
EnableFileTracing
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASAPI32
EnableConsoleTracing
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASAPI32
FileTracingMask
4294901760
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASAPI32
ConsoleTracingMask
4294901760
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASAPI32
MaxFileSize
1048576
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASAPI32
FileDirectory
%windir%\tracing
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASMANCS
EnableFileTracing
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASMANCS
EnableConsoleTracing
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASMANCS
FileTracingMask
4294901760
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASMANCS
ConsoleTracingMask
4294901760
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASMANCS
MaxFileSize
1048576
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\onlinemapsearch_RASMANCS
FileDirectory
%windir%\tracing
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://hp.myway.com/onlinemapsearch/ttab02/index.html?n=785820E7&p2=^CPP^mni000^TTAB02&ptb=60E846AE-54A4-421F-9FE0-BC3989560BA6&coid=9ab007686f384d6487b2a30a83734eec
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\OnlineMapSearch
Start Page
http://hp.myway.com/onlinemapsearch/ttab02/index.html?n=785820E7&p2=^CPP^mni000^TTAB02&ptb=60E846AE-54A4-421F-9FE0-BC3989560BA6&coid=9ab007686f384d6487b2a30a83734eec
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineMapSearchTooltab Uninstall Internet Explorer
DisplayName
OnlineMapSearch Internet Explorer Homepage and New Tab
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineMapSearchTooltab Uninstall Internet Explorer
UninstallString
Rundll32.exe "C:\Users\admin\AppData\Local\OnlineMapSearchTooltab\TooltabExtension.dll" U uninstall:OnlineMapSearch
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineMapSearchTooltab Uninstall Internet Explorer
Publisher
Mindspark Interactive Network, Inc.
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineMapSearchTooltab Uninstall Internet Explorer
HelpLink
http://support.mindspark.com/
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineMapSearchTooltab Uninstall Internet Explorer
URLInfoAbout
http://support.mindspark.com/
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
write
HKEY_CURRENT_USER\Software\OnlineMapSearch
UnInstallSurveyUrl
http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D60E846AE-54A4-421F-9FE0-BC3989560BA6%26ptb%3D^CPP^mni000^TTAB02
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{CA7D4057-5F65-11E9-B63D-5254004A04AF}
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040001000F000A00040001001203
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040001000F000A00040001001203
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040001000F000A00040001007F03
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040001000F000A0004000100AE03
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
272
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040001000F000A0004000100BE03
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
41
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C0A4258E72F3D401
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
1A07288E72F3D401
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Type
1
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Flags
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
1
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E307040001000F000A0004000300CE03
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
2
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E307040001000F000A0004000300DD03
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307040001000F000A00040004000500
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3568
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
58
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
58
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
264
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
206
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
312
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
254
796
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
410
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
156
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
537
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
283
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
649
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
366
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
1011
796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
645

Files activity

Executable files
5
Suspicious files
1
Text files
70
Unknown types
10

Dropped files

PID
Process
Filename
Type
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Local\OnlineMapSearchTooltab\TooltabExtension.dll
executable
MD5: 767737f00455032d893a223b78621f2d
SHA256: e71eca3ba443107880ea99520422489c4efc238b846681b6e3a5d3c9e61071bf
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Local\Temp\nsh7C76.tmp\nsDialogs.dll
executable
MD5: b9a5a272154fc0dd652ef9c59c5d63a0
SHA256: d84d810b8f8819f4a34d5e033b72951eadda1bbb5ed0b8c76874b6c25001caa9
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
executable
MD5: 8186bef4a54b3ab322c836fd821fd392
SHA256: ea778ff97e072fdf31c81149a34f5f864f3332986586dbe8d497b7056378f638
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
executable
MD5: 8186bef4a54b3ab322c836fd821fd392
SHA256: ea778ff97e072fdf31c81149a34f5f864f3332986586dbe8d497b7056378f638
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Local\Temp\nsh7C76.tmp\System.dll
executable
MD5: 7399323923e3946fe9140132ac388132
SHA256: 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: f0ecf47d49729ee1465b4b8e25094769
SHA256: e14fbcdab32c5d47aa144d875120dcbbea862cb52443c888e7b6fe0560a184cd
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\yellow-star[1].png
image
MD5: bba8ad7b22ee8bcc44fbf90116026a25
SHA256: a0c6469b0de1bcc619f57a9ac781bfbe0238e680ef92570531dc4f35ddd04acb
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CS2Y2X7F\hp.myway[1].xml
text
MD5: e01862163c40843c03c268c8d907aab4
SHA256: b9e7619b2bdb60d2426978b0a60363eecde1ee448082b09883cc49906c3b1f62
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\31006258.background[1].js
––
MD5:  ––
SHA256:  ––
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\466f8118.config[1].js
text
MD5: 466f811831e91ebe02efe791bd02a635
SHA256: 000a25d756f98ca8058c1407b48e0a0aee52b666dcd671ee3f81f0cb80b0cfe7
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\white-arrow[1].png
image
MD5: ad191aa858a9a642c1603bf1ad8926d1
SHA256: ebc6eef4b3dae3d8176dd4678c2bb8e2ebc1641ba551358915f01f8ffce2b863
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\56Y81V0F\ak.staticimgfarm[1].xml
text
MD5: 09ffe8bf507bc9f4816279a64ab72122
SHA256: a4f7a2b67c2bad9091276bcf9b05ed29ec143a3ba51afb3112f93487317d0993
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\down-arrow[1].png
image
MD5: ccdd9b87a5a6477b488534b600695b84
SHA256: fa6bb7a2872c7594da86fe20fcfdddd971966c0d3628eefebbf6eeda3d8da405
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\taxact[1].png
image
MD5: 4d7c1f0f6d8802896297b6dbd04ac089
SHA256: d9804aa7b59b6a7c8fabd2178e2a3f2e5afa7de83498ea38fa506a71f6f75f5d
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\gray-star[1].png
image
MD5: 60a59c85305e6389cdf0ae9dc582a7ad
SHA256: 8e79a7d7705a6907b9a1389b59302625c9eeae5ec1ad20c43a455d4973843d11
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\turbotaxblue[1].png
image
MD5: 0113971c82f81c79f597f8a3eb147c53
SHA256: 0122128ec7a8de1042896bcac4d90ed7a24f36b59cf7df4dddf60784b568b165
796
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: fff2dacb4b9d19e1bfc55a415d3f919f
SHA256: 428e13fbd67efb7ea2f5b92a964ca294a69854fbaa5a2b517ddb5b8c92bc110a
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\handrblock[1].png
image
MD5: ca2821fa9444162940ff38c512e2aad2
SHA256: 12377e44c21d479d9a00e74179dfff3bc8e50dd8fb726324b05b1ccd1cd55ca9
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\instagram[1].png
image
MD5: b511c3d0a89918913cdff93d014a3948
SHA256: 2bb1796ec9610eef4dbd2dcfcf60fb73eeb09baf316ae46f9a9cfc6901066160
796
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
796
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: 2e54b054da183f927d3b11e66806000c
SHA256: 136ee4f8292d8423bd50a1eef3c0aa7ac9697716a347dc6822b9f59eb42752ed
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\walmart[1].png
image
MD5: d5cc779d1769577d9d979c9d37b4976b
SHA256: 4b9c948ebde3f8c28ff5f31f4165a998288ad15e9cfe999d39f3e401a97cfdc7
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\tripadvisor[1].png
image
MD5: 1831d723094a87b8cbf849e896d538d0
SHA256: cdf55d1d903133284a92c0a5393de14b420337c72a2fac6547590e5d189514d4
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\chiclet_priceline[1].png
image
MD5: 42c2533944f8102b1c2beba419fcacd6
SHA256: d96450373455dfe3a37d4968abafa9b821e4af2d58ac64f21b053b53a3169ae8
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\macys[1].png
image
MD5: ecb347441433ef9cadcfa86ae321a98c
SHA256: ac8ff6c8b351fe492ab1b6892b311542be1169cc4a3614127d25b0f8689ae3d6
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\chiclet_booking[1].png
image
MD5: 76262e6be07becebdc237e213eb39801
SHA256: d477de4e2d999862f5723575e1d2764467f60b215ee7205ddef98a1826444b26
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\chiclet_amazon_black[1].png
image
MD5: f044e5f2eaef0fa7bd42f55b664e0841
SHA256: 6f5787d01d032420485f87f145c1a209c31268e2464b1a4fc220ceaff5f7145c
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\chiclet_trivago[1].png
image
MD5: 4e891f6d5a5c6c12eb1bb8810210f9c6
SHA256: 7e431d4562c8601781d8314c7762dac4d9fb93b320058ae062d58c98eac38baa
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 84aaaa3512d6826dbd797cf8577424de
SHA256: c8f41efba5cffb5d323174435d6303e772a1f2a55310fac1f7ad3e5f6cf6d47f
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\ttdetect[1].html
html
MD5: 43ca599a05501246c367c16ed6e20393
SHA256: b61fd5ff6325e72f1a8eb9613405ada5a58fbcd984fec1411508e4934389d8f2
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\youtube[1].png
image
MD5: 9eb31c0bcbe7c0951f3f6f1d4d0a34f5
SHA256: 5a96ba8927e0b85f922dffb6404f7385052479b237aedc961ebf528a8ee30fe1
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\56Y81V0F\ak.staticimgfarm[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\Background[1].html
html
MD5: aa61a340d3bb26872397576126c9ff60
SHA256: 3ab1b6dae01e70e4eaf2bb33f9abb243772b17ecc57aaeaa5491f451b3776a4b
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\facebook[1].png
image
MD5: 1e997e6f9059f1c4e8f12a7808d59479
SHA256: f73e587c85322597e49465d9feb5c52d1f12a6b9eb694922271a999d16274ab3
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\226355240[1].png
image
MD5: f5f7b8a8133bd549044e259171683f2a
SHA256: 3eaf5720872e58ca36f7901624686b9e36b982265d01fec00432134f5b952822
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\gmail[1].png
image
MD5: 433b8502243bd7a0c64167ceb3b90ea6
SHA256: 119e1ab1fea8ca3dd8cea688c8514127087a7682cc582db66ab31b5c8cd65ebc
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\yahoo[1].png
image
MD5: 41a2186618cd318fecb583324bc12cb4
SHA256: 9d1013c27d28a4d2a6a5e56ad6c74003a5b16815bf55757b4a9eb3215b61781e
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\MainIcon[1].png
image
MD5: ce46f6b3a74b8df7be86ea77a5f6d87d
SHA256: e05a14884955edcfaa6df1ed91e0ecc32ed98dca5ca0eb152140e835a997e9ac
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\224099359[1].png
image
MD5: e7c1a5f21053c1d653eb80e1ae1d06e0
SHA256: 3139a2deeebacdfc1007efd8bed049e39a337c8db9de96438cdba97bfeed6905
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\local[1].png
image
MD5: 3cb6c9162e4ff0a5187b8c5edb1cf0f1
SHA256: 031f414fc85628904b6fe14465192063556a6cf2b751a177370db06080960183
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\dining[1].png
image
MD5: 9aa33bbe32961e32072d3a5b30a72582
SHA256: 55f4a1400aa68fdba791a55e2e2dec08ac10d7b94677ca45c3ef928834b33ccc
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\traffic[1].png
image
MD5: 99d03e86eac2d6d6640ba9fc84b13d06
SHA256: 8018d2599ecfb8722c908a41697c33b7673967465fbee56100b10a4558c96908
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\en[1].png
image
MD5: 96e02ad54706267ad7b18ba797dddfbd
SHA256: 857579b5466da4b80cf6cdb6490d7c756f3d78ac72f25342c455afc8599565bf
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\down-arrow[1].png
image
MD5: 3724b871993686b0c1e8098d714afbbc
SHA256: d8715d730c57514730ba40d9ed08db6e8946d9709905070203a858c343fd490e
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\map[1].png
image
MD5: 2170f94dd1f6a61926dc3ddb783b401b
SHA256: 0b5e7628cf87fbe936aeaa4cb0b6d2c0c32e77027793700f846468f2f061741c
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\logo[1].png
image
MD5: e36ecd8bd628758c7fdf471d653c54c6
SHA256: 375c3ab0867b0b135824d0e08d373d543d5e89b5633b4ef179bc798e777b3318
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\223754551[1].png
image
MD5: e8d7c88590d60cf3ad4ad0ae6a1c84b5
SHA256: 9b18caf884a0e0c3fc18d4291060f2e5c5f5f72b6a13354eb7ce28a65d4fbf3f
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CS2Y2X7F\hp.myway[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
796
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 4e43ee89a81c8bf709770d6306b0e5ba
SHA256: 71c4fe152da45aad8cf9d06a8b34e9bc4c98040547d1105ac030b4c18a03ef84
796
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 5744baf44407be932dbc94976c92b1fc
SHA256: 8ea57e5540e501bbaaea233392e4f5266ac0d7cb69b6ec3a5b0060d7a580f266
1924
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\CPP[1].ico
image
MD5: da59e0b4e3a8e62af1bae2134d3eb215
SHA256: eba6993a9ef62cbbc8fcbf3d5aabd484dae15c2bfee4c6fce6d97243d0a6e990
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\app[1].js
text
MD5: fd5a246657fa0772d87da061bd96e676
SHA256: 069b501ada5775fa9db753133307db7bc50fa05310a3ff1fe9b57fbce628f2f2
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\ie8[1].js
––
MD5:  ––
SHA256:  ––
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\google[1].png
image
MD5: 953f6562d9c856bbe67943b342ef3812
SHA256: 089f2a53201e9ec91ba795d1c4a785b4c61b819702761436396d3380ff7015c4
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\CPP[1].png
image
MD5: 5d14ea83c94330f4adc0fd5defe46996
SHA256: 9106bd690f4ab06204e4b25e0ce9d2262d3b55799df256daad161c868c5888fd
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\final_logo_newtab[1].png
image
MD5: b8ce9a5ce1fee01c806aac4e6c5182b2
SHA256: a6a62412261bd620d6b34035a3bd2739b8b030907b1a2818c4058ef61578f72f
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\index[1].html
html
MD5: 23307a93f0a1a458074896af9f40c661
SHA256: 5ce8776fbb7c3dfc83612380477c31c132c0fc5fdd462e4c2f719b3b02bb7d02
3568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3568
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3568
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CS2Y2X7F\hp.myway[1].xml
text
MD5: 221b2add5440f1039ea10c513a20b856
SHA256: 1f1a2f75bb36f725ac8863940f32b1057743d95e6b7faf0d6d4f55f361ddbb39
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\installerParams[1].jhtml
text
MD5: 7527fe195eb2905e27a1db9c07582e6e
SHA256: b4a3fa20353a36736c2888a4c81cca96748d500cf1ab5936b3f5cd11e09194a7
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Local\Temp\nsh7C76.tmp\installerParams
text
MD5: 7527fe195eb2905e27a1db9c07582e6e
SHA256: b4a3fa20353a36736c2888a4c81cca96748d500cf1ab5936b3f5cd11e09194a7
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: eea0621ecb79013c79f4425dc8749049
SHA256: 2611750c021ace3a0489c8595976b109cfc622b20e828fd8a641490909450d81
2820
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B784AA35-5F65-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3044
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF9B25AFE7A66A2C49.TMP
––
MD5:  ––
SHA256:  ––
2820
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 72b3c343402a6026ddfa20e973a0df42
SHA256: c4c37adc5d70db69ff306b403380837740900e119337c466cb81c517b4ca52fd
1888
onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe
C:\Users\admin\AppData\Local\Temp\nsh7C76.tmp\OMS_msi_bg-copy_1501866548368.bmp
image
MD5: c8687205910208b581ec513826b01ff3
SHA256: cf317ef56295513fa42b6b58ac95c8a5862736b25ac27bf7d62ed3697d52623c
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\async-iac_centerbanner_ui.center_banner_ui[1].js
text
MD5: 3ec47214d9a32103a7d617fd59b696cc
SHA256: 89159a249d8e6dbc8759ed1b3c0d43db5dd273eed104492b4ae96b2b58efac45
796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\56Y81V0F\ak.staticimgfarm[1].xml
text
MD5: 79dbdb0ff408b884262053ff412dcecb
SHA256: cd28db14c8fc15157a89482382dcd28691c8179abb8df7ca67ec63a6462792d3
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041520190416\index.dat
dat
MD5: cb46fc01f379c848dad3fef3d08a03f6
SHA256: 4730cd48e9f79bfa44b498f0a822663d0f2f000f509b4514e97767f41a9d2f9e
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019041520190416\index.dat
dat
MD5: 22be1f75072deebe91eb6ce16260c9bb
SHA256: 5c30209226956bcdfc1df4dbd8991bffb1d2560c725af423e169e79c0771d815
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 673a5451b890018aa6c8470bdd6b8603
SHA256: 5a43c510f0e67266a879daf038ee989dd712ce7df79987520899eb9cfe0b9d20
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\mostlysunny[1].png
image
MD5: ce46f6b3a74b8df7be86ea77a5f6d87d
SHA256: e05a14884955edcfaa6df1ed91e0ecc32ed98dca5ca0eb152140e835a997e9ac
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\banner[1].jsonp
text
MD5: 7f181498eea1b6ed5ba283d58e5cfff1
SHA256: aa8a5ff68c960a79dbdf6db2d9bf37abb8d7cf8eb32341eb0c1dcf88c9b0c1d2
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3044
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B784AA36-5F65-11E9-B63D-5254004A04AF}.dat
binary
MD5: 94403b8d692103c1ca6e4a71797ccc4c
SHA256: 85606b71153f8a188a057a46f63eb6d0b27b3f55f4d1967780830eb315ff597b
3044
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF524A53239B709A89.TMP
––
MD5:  ––
SHA256:  ––
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 93ff6c420fef2f89e4558e700afb69e9
SHA256: 06cdc7fd846048e7501a80d0c423ff8974a44e58e7b093393182a613d48661e5
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5WKGSM9\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\73BRE2EQ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LE5A5AB2\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3SGUYO7\Turbotax-taxseason-02-14-19[1].jpg
image
MD5: fad82751c91b30c3717cb84277420ead
SHA256: b4ba38f1d7134a7249efcc4c28b5deb099b9356e75153e0d372073bb11a5513b

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
56
TCP/UDP connections
21
DNS requests
9
Threats
11

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2820 iexplore.exe GET 200 23.210.248.179:80 http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/232814194.TTAB02.1/nsis/867547-TTAB02.1/180518125138533/msnionlinemapsearch/onlinemapsearch.9ab007686f384d6487b2a30a83734eec.exe NL
executable
whitelisted
3044 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe GET 204 74.113.237.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-13&errorType=nsisError&errorDetails=EmptyPartnerId&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-18&coid=9ab007686f384d6487b2a30a83734eec&refPartner=^CPP^mni000^TTAB02&refSub=&anxl=en-US&anxr=2066230514&refCobrand=CPP&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe GET 204 74.113.237.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerInvoked&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-18&coid=9ab007686f384d6487b2a30a83734eec&refPartner=^CPP^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2135832509&refCobrand=CPP&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
3568 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://hp.myway.com/onlinemapsearch/ttab02/index.html?n=785820E7&p2=^CPP^mni000^TTAB02&ptb=60E846AE-54A4-421F-9FE0-BC3989560BA6&coid=9ab007686f384d6487b2a30a83734eec NL
html
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://hp.myway.com/onlinemapsearch/ttab02/assets/1553623361387/ie8.js NL
html
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/CPP.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/final_logo_newtab.png NL
image
whitelisted
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe GET 204 74.113.237.192:80 http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=InstallerFinished&tbUID=60E846AE-54A4-421F-9FE0-BC3989560BA6&tbVer=&platform=vicinio&anxv=2.7.1.3000&anxd=2018-05-18&coid=9ab007686f384d6487b2a30a83734eec&refPartner=^CPP^mni000^TTAB02&refSub=&anxl=en-US&anxr=-2127235693&refCobrand=CPP&refCampaign=mni000&refTrack=TTAB02&refCountry= US
––
––
malicious
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/search/google.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://hp.myway.com/onlinemapsearch/ttab02/assets/1553623361387/app.js NL
text
whitelisted
3568 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/vicinio/chrome/spent/images/favicon/CPP.ico NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html NL
html
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223754551.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/down-arrow.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/onlinemapsearch/logo.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/onlinemapsearch/map.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/onlinemapsearch/traffic.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/localization/searchbuttons/en.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/Background.html NL
html
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/onlinemapsearch/local.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/onlinemapsearch/dining.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/226355240.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/224099359.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/images/weather/MainIcon.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/gmail.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/yahoo.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/facebook.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/youtube.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_amazon_black.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_trivago.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_booking.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_priceline.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/tripadvisor.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/macys.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/walmart.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/instagram.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/handrblock.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/turbotaxblue.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/taxact.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/maps/gray-star.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/maps/down-arrow.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/maps/white-arrow.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/maps/yellow-star.png NL
image
whitelisted
796 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=EA7B8AD4-24F7-4C86-9759-D083B9445D9F&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fonlinemapsearch%2Fttab02%2Findex.html&anxl=en&anxlv=0&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxt=60E846AE-54A4-421F-9FE0-BC3989560BA6&anxp=%5ECPP%5Emni000%5ETTAB02&anxsi=&buid=cc1d2012-93b7-4fac-9488-685c7f4390c9&pageType=tab&productData=%7B%22coid%22%3A%229ab007686f384d6487b2a30a83734eec%22%2C%22pageLoad%22%3A1%7D&anxe=Heartbeat&anxr=332746169 IE
––
––
unknown
796 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=EA7B8AD4-24F7-4C86-9759-D083B9445D9F&anxa=CAPOne&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fonlinemapsearch%2Fttab02%2Findex.html&anxl=en&anxlv=1555322645083&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&anxt=60E846AE-54A4-421F-9FE0-BC3989560BA6&anxp=%5ECPP%5Emni000%5ETTAB02&anxsi=&buid=cc1d2012-93b7-4fac-9488-685c7f4390c9&pageType=tab&anxtv=webtooltab-2.1.1&fParameter=00000050&coid=9ab007686f384d6487b2a30a83734eec&productData=%7B%22pageLoad%22%3A1%7D&anxe=ToolbarConfig&anxr=26076700 IE
––
––
unknown
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/banner.jsonp?v=1555322644895&callback=fn NL
text
whitelisted
796 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=EA7B8AD4-24F7-4C86-9759-D083B9445D9F&anxa=CAPSearch&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fonlinemapsearch%2Fttab02%2Findex.html&anxl=en&anxlv=1555322645083&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=5&anxt=60E846AE-54A4-421F-9FE0-BC3989560BA6&anxp=%5ECPP%5Emni000%5ETTAB02&anxsi=&buid=cc1d2012-93b7-4fac-9488-685c7f4390c9&pageType=tab&productData=%7B%22pageLoad%22%3A1%7D&anxe=TabPageView&anxr=447868604 IE
––
––
unknown
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/scripts/466f8118.config.js NL
text
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/scripts/31006258.background.js NL
text
whitelisted
796 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=EA7B8AD4-24F7-4C86-9759-D083B9445D9F&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fonlinemapsearch%2Fttab02%2Findex.html&anxl=en&anxlv=1555322645083&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=4&anxt=60E846AE-54A4-421F-9FE0-BC3989560BA6&anxp=%5ECPP%5Emni000%5ETTAB02&anxsi=&buid=cc1d2012-93b7-4fac-9488-685c7f4390c9&pageType=tab&productData=%7B%22queryString%22%3A%7B%22n%22%3A%22785820E7%22%2C%22coid%22%3A%229ab007686f384d6487b2a30a83734eec%22%2C%22dpr%22%3A%22%22%2C%22pixelUrl%22%3A%22%22%7D%2C%22innerWidth%22%3A772%2C%22innerHeight%22%3A444%2C%22userFontSize%22%3A16%2C%22pageLoad%22%3A1%7D&anxe=PageView&anxr=94947560 IE
––
––
unknown
796 iexplore.exe GET 200 35.227.202.20:80 http://weatherblink.wdgserv.com/weather/lookup US
text
unknown
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/images/weather/mostlysunny.png NL
image
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://hp.myway.com/onlinemapsearch/ttab02/assets/1553623361387/async-iac_centerbanner_ui.center_banner_ui.js NL
text
whitelisted
796 iexplore.exe GET 200 23.210.248.179:80 http://ak.staticimgfarm.com/images/webtooltab/assets/banners/Turbotax-taxseason-02-14-19.jpg NL
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2820 iexplore.exe 23.210.248.179:80 Akamai International B.V. NL whitelisted
3044 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe 35.244.218.203:443 US malicious
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe 74.113.237.192:80 Mindspark Interactive Network, Inc. US malicious
–– –– 74.113.237.192:80 Mindspark Interactive Network, Inc. US malicious
3568 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
796 iexplore.exe 23.210.248.179:80 Akamai International B.V. NL whitelisted
3568 iexplore.exe 23.210.248.179:80 Akamai International B.V. NL whitelisted
796 iexplore.exe 74.113.235.189:80 Mindspark Interactive Network, Inc. IE unknown
796 iexplore.exe 35.227.202.20:80 US unknown

DNS requests

Domain IP Reputation
ak.imgfarm.com 23.210.248.179
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
dp.tb.ask.com 35.244.218.203
whitelisted
anx.mindspark.com 74.113.237.192
malicious
hp.myway.com 23.210.248.179
whitelisted
ak.staticimgfarm.com 23.210.248.179
whitelisted
anx.tb.ask.com 74.113.235.189
unknown
weatherblink.wdgserv.com 35.227.202.20
unknown

Threats

PID Process Class Message
2820 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
2820 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe Misc activity ADWARE [PTsecurity] Mindspark CAPDownloadProcess
1888 onlinemapsearch.9ab007686f384d6487b2a30a83734eec[1].exe Misc activity ADWARE [PTsecurity] Mindspark User-Agent

3 ETPRO signatures available at the full report

Debug output strings

No debug info.