General Info

URL

https://shipmenttracker.co

Full analysis
https://app.any.run/tasks/e87170f8-09a1-499c-b142-a3bdab5534c7
Verdict
Malicious activity
Analysis date
6/12/2019, 01:09:34
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

adload

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • ShipmentTracker-21402990.exe (PID: 116)
ADLOAD was detected
  • ShipmentTracker-21402990.exe (PID: 116)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3404)
Creates files in the user directory
  • ShipmentTracker-21402990.exe (PID: 116)
Executable content was dropped or overwritten
  • ShipmentTracker-21402990.exe (PID: 116)
  • iexplore.exe (PID: 2136)
  • iexplore.exe (PID: 3404)
Starts Internet Explorer
  • ShipmentTracker-21402990.exe (PID: 116)
Changes the started page of IE
  • ShipmentTracker-21402990.exe (PID: 116)
Creates a software uninstall entry
  • ShipmentTracker-21402990.exe (PID: 116)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 2548)
  • iexplore.exe (PID: 3404)
Application launched itself
  • IEXPLORE.EXE (PID: 3320)
Changes internet zones settings
  • IEXPLORE.EXE (PID: 3320)
  • iexplore.exe (PID: 2136)
Reads Internet Cache Settings
  • IEXPLORE.EXE (PID: 2548)
  • iexplore.exe (PID: 2136)
  • iexplore.exe (PID: 3404)
Creates files in the user directory
  • IEXPLORE.EXE (PID: 2548)
  • iexplore.exe (PID: 2136)
  • iexplore.exe (PID: 3404)
Changes settings of System certificates
  • iexplore.exe (PID: 2136)
Reads settings of System Certificates
  • iexplore.exe (PID: 2136)
  • IEXPLORE.EXE (PID: 2548)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2136)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start iexplore.exe iexplore.exe #ADLOAD shipmenttracker-21402990.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2136
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\sc_reader.ico
c:\users\admin\desktop\shipmenttracker-21402990.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3404
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2136 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
116
CMD
"C:\Users\admin\Desktop\ShipmentTracker-21402990.exe"
Path
C:\Users\admin\Desktop\ShipmentTracker-21402990.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SpringTech Ltd.
Description
Version
4, 6, 0, 2
Modules
Image
c:\users\admin\desktop\shipmenttracker-21402990.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll

PID
3320
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hshipmenttracker.co/?ap=0&uc=20190611&i_id=packages_spt__1.30&uid=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&source=_v0-bb9-iei
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
ShipmentTracker-21402990.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
2548
CMD
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3320 CREDAT:71937
Path
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
IEXPLORE.EXE
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imgutil.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
1525
Read events
1282
Write events
238
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
2136
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2136
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{029EA0E7-8C9E-11E9-A370-5254004A04AF}
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B001700090032008200
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B001700090032009200
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B001700090032001F01
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B001700090032003E01
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
326
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B001700090032008602
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
61
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C274D8C6AA20D501
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
1CD7DAC6AA20D501
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2136
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2136
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2136
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
0
43003A005C00500072006F006700720061006D002000460069006C00650073005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0069006500780070006C006F00720065002E00650078006500000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
MRUListEx
00000000FFFFFFFF
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000001000000000000000200000006000000030000000500000004000000FFFFFFFF
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\Shell
SniffedFolderType
Generic
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
4
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
1
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
16
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
1
69006500780070006C006F00720065002E0065007800650000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
0100000000000000FFFFFFFF
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
0
9200320000000000000000008000536869706D656E74547261636B65722D32313430323939302E6578650000660008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000053006800690070006D0065006E00740054007200610063006B00650072002D00320031003400300032003900390030002E0065007800650000002C000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
MRUListEx
00000000FFFFFFFF
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
9200320000000000000000008000536869706D656E74547261636B65722D32313430323939302E6578650000660008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000053006800690070006D0065006E00740054007200610063006B00650072002D00320031003400300032003900390030002E0065007800650000002C000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AE010000B000000051030000BA01000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
2136
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Download Directory
C:\Users\admin\Desktop
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060002000B0017000A001100EC0000000000
2136
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3404
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613
3404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
3404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
3404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
3404
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASAPI32
EnableFileTracing
0
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASAPI32
EnableConsoleTracing
0
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASAPI32
FileTracingMask
4294901760
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASAPI32
ConsoleTracingMask
4294901760
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASAPI32
MaxFileSize
1048576
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASAPI32
FileDirectory
%windir%\tracing
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASMANCS
EnableFileTracing
0
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASMANCS
EnableConsoleTracing
0
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASMANCS
FileTracingMask
4294901760
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASMANCS
ConsoleTracingMask
4294901760
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASMANCS
MaxFileSize
1048576
116
ShipmentTracker-21402990.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShipmentTracker-21402990_RASMANCS
FileDirectory
%windir%\tracing
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F5EC44E-D797-4C5F-8D40-79CF10BD0891}
DisplayName
Shipment Tracker - Powered by Yahoo!
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F5EC44E-D797-4C5F-8D40-79CF10BD0891}
URL
http://search.hshipmenttracker.co/s?ap=0&uc=20190611&i_id=packages_spt__1.30&uid=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&source=_v0-bb9-iei&query={searchTerms}
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F5EC44E-D797-4C5F-8D40-79CF10BD0891}
SuggestionsURL
https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}
116
ShipmentTracker-21402990.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
6256FFB019F8FDFBD36745B06F4540E9AEAF222A25
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D1000000000200000000001066000000010000200000006F5AF0495C5DBC9239219A3622D2888FAF960D5E64972D9AB841D930E1C0FEEE000000000E80000000020000200000008808D10ECA7FAD5825FFF38B1342248A46634454030EAB5C87B0BBF118B2EA84100000009EE038124D5383D77E362802EBE300F7400000006B65930356EB727DB3FB217F9A87EE9B7DDD32D2A360CE21817DD330C56A8CF5CD011807B648213947652446FA6C5511B7BC8A31EA2450FAF9436284F1A1BA9C
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000418795FC2F2C5A46852A5EA30B2A11D1000000000200000000001066000000010000200000005A5CB6AEEF6995DC9C31CC62FF92843C414F42AA7BC1FDB8CEDD4E280EC4A070000000000E8000000002000020000000417841C9879E8CE53F4394E11E6D4F1921FF52F8486968A06E1247E8FBC037E750000000406551ACFB89D7FDCDBC4D53934E3244B049C3410B1281A537F6696A28B2F6C11DAF439B86AE4F1007CCFC2C3A1B0BBEB94D12BBFFA4D0C21D754F65907DCF071F7C82782D29F96A76A74E441906C8B2400000003BB6D7207E01D7AD52C95B97F807A80E68AFD8D1C2A9BCC122DFAF5B0EAFD28456E43C36BE37889C0828679C7DF0BDA77C5DE2DFDD6DD452547F8D6FBAD17873
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{8F5EC44E-D797-4C5F-8D40-79CF10BD0891}
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://search.hshipmenttracker.co/?ap=0&uc=20190611&i_id=packages_spt__1.30&uid=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&source=_v0-bb9-iei
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShow
1
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayName
Shipment Tracker
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
DisplayVersion
4.6.0.2
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Publisher
SpringTech Ltd.
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
InstallLocation
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallString
"C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallDialog
2
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallEngineID
{8F5EC44E-D797-4C5F-8D40-79CF10BD0891}
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallImpression
http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event={exEvent}
116
ShipmentTracker-21402990.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
UninstallHomepage
http://search.hshipmenttracker.co/?ap=0&uc=20190611&i_id=packages_spt__1.30&uid=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&source=_v0-bb9-iei
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{1F94673C-8C9E-11E9-A370-5254004A04AF}
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B0017000A0026002B03
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B0017000A0026003B03
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B0017000A002700E900
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B0017000A0027000801
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
252
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B0017000A0027001801
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
50
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C1194BE3AA20D501
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
1B7C4DE3AA20D501
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3320
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2548
IEXPLORE.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
IEXPLORE.EXE

Files activity

Executable files
3
Suspicious files
5
Text files
58
Unknown types
13

Dropped files

PID
Process
Filename
Type
116
ShipmentTracker-21402990.exe
C:\Users\admin\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe
executable
MD5: 35966d66a5813ef87c2574e5411d413b
SHA256: 2072caa1039c367077eb576ffd20bb6e0fbb05641ff96258696b3d73bc58e294
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\ShipmentTracker-21402990[1].exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
2136
iexplore.exe
C:\Users\admin\Desktop\ShipmentTracker-21402990.exe
executable
MD5: b860cf8c4cb5dc676ef4893a704c9f8d
SHA256: dfe2fcb006df972edf4f8e721bab26cfec809768a0bfbccf5fc661b6ea85dba9
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\Package[1].jpg
image
MD5: 56206913faf90571db7eaa907283bb53
SHA256: 7878193f62e342e657b5c4f67006adf9bf5c9343a134be118421c63c7709d5b7
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\firebase-auth[1].js
text
MD5: 5820c0d760b485dee2de26326f5fbecc
SHA256: e274fc6b43371232b1db34aa3b09703f88fbb05453a50bf00f89833496b06703
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\common[1]
text
MD5: 2185eab81ef76112e0aa87e3d5dbd33c
SHA256: c40faf2311b9a064a55ff463c2776f3071f3dd795fe2740c37a13cb000c5625c
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\firebase-messaging[2].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\prompt[2]
text
MD5: c2d55325a4ce95cf3bc6d09ffe2dccc4
SHA256: dc060f0632cb610bf78dd2ecabeeaed218d777e892c559dc9701b259dfdef729
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\firebase-firestore[1].js
s
MD5: 6f7a7f8cec97cf107d26a28139174bad
SHA256: c4fdb6859c7e6ad03c49f1d43ddc4165b1ba786b10a41bc00fd0c01baf33c49a
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\packages[1].png
image
MD5: 124aa7599ad1f18e508c5841f16aa3e0
SHA256: 9f15c11e33a413d243d31bc16f854b9e8ec15233e5facdf4ac8e3ce7f62a893a
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\carbuyer[1].jpg
image
MD5: ba436cba2d70a4a0a541f0fbc8394ef9
SHA256: 96238f3ccc7dab7ec043330bbf73710cc2ae01ddd9346f69afc852721c909027
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\recipesIcon[1].jpg
image
MD5: 0df82b6f5e4044de09dabcd5aa755afb
SHA256: 3257d7d9d5b73b0a5fe51dc0493005d50833ea28b848e0ffb4d4b1db25425465
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\Sprite_Email_V9[1].png
image
MD5: b28e84650fd0bfeee84818c6dae1990f
SHA256: 856a3f6468b76d5e204793c0a8f7f9287674a1536e2e61ed1a8d4413700bcfa4
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\static[1].txt
image
MD5: db04c7b378cb2db912c3ba8a5a774ee3
SHA256: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\bookingbuddy[1].jpg
image
MD5: 928b5e556a2aeec535055318d8bf8445
SHA256: f6f55450ab57c199e6615a554e03a840188db5ac93227202f6dbe4ffefabb03c
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\Sprite_Packages_V2[1].png
image
MD5: 0c39779c421185bd546486c8889f5105
SHA256: e9f8f7364bb75d4b1b8047015c7bc0124f9435dcc2b0f4c4ecd1bc006cb3d4a7
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\packages_sprite[1].jpg
image
MD5: 8083db015452147f1c1fb04459d5ddf4
SHA256: 9af1b1dedf71fa251a4d4e188e9d231f9f20f1daf3a939121c7fa9f3c9e57b20
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\saveMoney[1].png
image
MD5: a353048a16ced5eacab658f12e4db18d
SHA256: e2c368a8182d29a0fc74005f812f55b71a840b80cd7c07619db67424839f5594
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\weatherAgencyIcon[1].jpg
image
MD5: ca18bf31a2bdc6325c3839c7f47d8f6e
SHA256: 0651cf7b687ef85bbf398677789f763ca99e709ceca13c1ac3e90851fc4a07bd
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\amazon[1].png
image
MD5: 65d37a0031eefa2720aa4e20bcbfb6f2
SHA256: a279329ab261b8fc30b5ec08ccd0ceade7cf6ff1c0dae6a05cd46189191a43d1
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\news-1[1].png
image
MD5: 69f417a5b6fb00c16f2b1613f787878c
SHA256: 9717dfdf6c679515fa277e4ef79d0f91748c40aebc657a9e1da6b5a6aefb7888
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\kelkoo[1].jpg
image
MD5: 97c7359a869578f55cfd5d2cad35437d
SHA256: 93649e2d7f85788b32f3956f21f8e399dbd74b235e29a6fa648a5616e216de40
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\gear-icon[1].png
image
MD5: c191c48cdc9a12101c96bac13a3a672e
SHA256: 19fce2176cb990c4773742094923ccdd17d778fd050b675b0c8ff16b945e95ca
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\search_hshipmenttracker_co[1].txt
html
MD5: 3cdc6c69f63b42a768cf632a72887717
SHA256: 29816579b1a53c2f5cee65835e577d52f6aaa177e8e99284fa6c3883dcb811c1
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\setting[1].txt
text
MD5: ef9323d5935a425c7ebe28da6bc79fe3
SHA256: 1d8169ea23eb16843ce5c60a4a07191776c668bb3eb88c8695394316970c15e4
2548
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 421583476ce63fd70c837f9f0cfdad22
SHA256: cc2d37455c2482a5345d0c473d3fbfbfcf3c6e74063f1ab12323b8d2225e0301
2548
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7G9FM2VI\search.hshipmenttracker[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\header_common[1]
text
MD5: 7395e64d793177bd26a720124703786f
SHA256: e593503a6f74a91b7ca6d5ef4be3bf2a0fc2b5d45d615e6d9788512bbfec2aa4
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\impression[1]
text
MD5: 1d2d0e5b3bd595f93507407f0f2f80eb
SHA256: c81300a0c075b0d0c222849ac1c214a137655cb24ab90842f1e6ea7e9b390c26
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\monetizedquicklinks[1].txt
text
MD5: c674eddee3a1c547b3f796c490f1a7bd
SHA256: 6d196023e05ee37572c83418341fd2c56ba4cbf04daa97edfbec9827bcee602f
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\packages_v1[1].txt
text
MD5: 14deeb3a5a9716efa97437353dbf8d39
SHA256: e2c64a16bfaabd7e9a587ea6aa9818412f0dced4f75f54116c06409a10360c16
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\search_hshipmenttracker_co[1].txt
––
MD5:  ––
SHA256:  ––
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: fbb569b027c33fbfe1df5be5f389c169
SHA256: 7afadff4be97095ecaf19891851beb5297e2a84d7fa240a53b99919ad5bf881e
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 701741bb36346fd6e363f84787c87862
SHA256: 19a1c3e2c199303fb064f8a1313e977285a057078e9f75dcc1ed461098c9de5c
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\search_hshipmenttracker_co[1].htm
html
MD5: 876f530e4ca6c51e945853a2f43fb7e4
SHA256: 92edd3ccdb220e1ed727b26c294d9e9528bc9fac848e5a8235683ef19698be6d
3320
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
116
ShipmentTracker-21402990.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\api[1].txt
––
MD5:  ––
SHA256:  ––
2136
iexplore.exe
C:\Users\admin\Desktop\ShipmentTracker-21402990.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1a1950ce38cf3bea49be411d7a5da5b4
SHA256: 0c5e25398a4b875440a9e63f47d7c10f14765a1e1514bb27c19f5092c2ed7673
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\firebase-database[1].js
text
MD5: 0b73ce41f82899bdc2f3a25f0d329d8d
SHA256: c5ad5aee892d68422a84bf2e2df83f6fcb2c7de2e0506a8ec2702f1c0b856daa
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
image
MD5: 4859e39ae6c0f1f428f2126a6bb32bd9
SHA256: a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: 85d075a33defff43aa815c54a548e931
SHA256: 2e031df169ff28ab8cfafd578d8d7358c870539631cfc64d50ec02f2887af23d
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: e07bcbd8f398643223bdb18700d2e64c
SHA256: 8264b5cc49a0bcc7dae9c1b422bbfb4004b7201c32fb3b9ff0ed825c785905ee
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 2779197f57ba19256d3dd4c49261a425
SHA256: 87821a7ed6ed1579edfd1399356533e0a7dd7797025b6b0b372216b4b07e0a78
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\rightArrow[1].png
image
MD5: 1a62abd3ff759b9a18fdbfc594b3851a
SHA256: 6b007a870bf5422732d8d9cb18386c84d55c5f13fdd2c452f69e5b97cb214e77
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\world[1].png
image
MD5: 7cd58ff673d9573d093ad112f8a68267
SHA256: 5d1fdeb9414658ea2da348b9887f9ec8961fab8db1dc70d6af5925d419d3bb7c
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\plane[1].png
image
MD5: 28e4b9ddd88eac9e0311bc314c3f9392
SHA256: 4464d188b0e8d17e74dd4f6801d09ff1be3e5e2c488f9f72fedf9c6200421f63
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\btnIcon[1].png
image
MD5: b6c1d6d1746ddf779bec16296b785afe
SHA256: 5abc08a29d97624fc13042b8602e95cd18d2bf90a0e7babd24e58bbd49eea408
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\logo[1].png
image
MD5: 86cd48283c6f2d27744ef0ef1a4beabe
SHA256: 14cd23c556aecbfb354e8b6056a6597ab4692687615aae0faa21819b1300052c
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\leftArrow[1].png
image
MD5: db23b75d8fe757906f6fba31f2f59438
SHA256: bf1e4c4961f6ba7848d14065cce15d0beab2601dfbc1c2286df7a3a2d7b7a080
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\prompt[1]
text
MD5: c88677d614b512cf6068044c095414a6
SHA256: 36b358e804a7637fc6d7ec3c2ef6921dfbfb6a7e71ab545a1e25d04bfe24d1c9
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 82640e8daad4a7056b958bec4ea6cc2f
SHA256: 90629252dcc49cde10e28fd029cd1e0ce058c77d05d539e5e00272f2e9fb0c92
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\js[1]
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 4be1a572fca40bcb2202504cb17aed91
SHA256: 64d06eeb18abad7d4ef1b1ef7409cf108bd4774c50a64e2c7b49ffb708ff24f4
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\u-4x0qWljRw-Pd8w__k[1].eot
eot
MD5: 491d2a5b23b87654b77616d254463eb6
SHA256: 9323a60117e78ca1be8c1a8fb3f755d7bea48fc4dc275cf4223bf319f26e6657
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\bootstrap.min[1].css
text
MD5: 91720dab4998d2b67ee2b9488e939b39
SHA256: 5668d0f89e9183da01b58f023c3d56e5fc32c23a5328b7973cfc736230318eed
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\master_style[1].css
text
MD5: 8cedbf3248fd50d21caed8f9ffe7c090
SHA256: 31c976d20a66cc5706e587d75265d92f7fc6ee33d7ebd642c352a774e81ceee0
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\sendImpression[1]
text
MD5: b4884bb010c395640bc62d0ef903e64d
SHA256: 046aef2fa40277f25182cd8f220754cf38a077a55ed19437df60ca3a6e57977c
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\jquery[1]
text
MD5: ce7092c9dcc6af3c74423729abe80447
SHA256: 5aa42812961402a87076bc7a833aac5cd2c6dba847ed399bf836e025b7749b6e
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\firebase-app[1].js
text
MD5: 3a7173aeadfd9e805bc22a790d89b4af
SHA256: b1c5418abf92617a99887f499e9efd6bc25957f37d2bd0ca3140a08b565e0bbd
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\css[1].txt
text
MD5: 9d884a8d52acac785d18e4adc5fb42a9
SHA256: f05b8631b23eb9eba46207a49e22c97e4226aa66d0dd0248d127a9aa22531fb1
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\css[2].txt
text
MD5: fcf83902aee973885603e1c1bb2af86b
SHA256: d7341b190233872f5f2689aa7ec954668529f6e72295ac2b8a81daed414b0636
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\shipmenttracker_co[1].txt
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 8cd70eeec1c14330e85ec01c0a897293
SHA256: 334a381205e59f52830d22502cbbf53013dbc28054a14090abd572384b173181
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\shipmenttracker_co[1].htm
html
MD5: 57b05c6fb8a1ee8fe891df0a6616f65e
SHA256: fb90a5fa7b1fa695d27e4ff347addecd395ae9719c2684721b202233eb1141df
3404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 8d2b213395099cb77270edade27ae3c3
SHA256: 782ed1240c3ef019bd351a03d5c5b9625788f397856c26b220b5d1d4f874cf13
3404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar43E7.tmp
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab43D6.tmp
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 41577a5ab6a7d917cddeeddc2ef52d53
SHA256: 695fcbf6d5b0a83f6671ea2063aa9e2d45d263a108e826f21186b4a7f05925ff
3404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab4309.tmp
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar430A.tmp
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar42CA.tmp
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 429a007b515697bc74c088ba07ed792b
SHA256: 73dab53440242b968be60da3ea6ff07688afbfd6451d8181192a74c5e0327025
3404
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
3404
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab42C9.tmp
––
MD5:  ––
SHA256:  ––
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2136
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1fff1b6887ce414e7ee3c369f81be1df
SHA256: 07a864cfc8b0614a469717dc7c2a791ce2fe0c33804c7286ee733832a256a86f
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUADJYT3\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9V72T9Y3\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2136
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RJA2YV8\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3404
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7TRFA1\icons-star[1].png
image
MD5: ee286d05500f9eee903e3429f8434776
SHA256: 9f71f0c0201f4781879baf4e695f4188725a8ce2953d18b8c1120865f5d32a28

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
34
TCP/UDP connections
44
DNS requests
18
Threats
10

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2136 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3404 iexplore.exe GET 200 52.84.214.81:80 http://x.ss2.us/x.cer US
der
whitelisted
3404 iexplore.exe GET 200 2.16.186.89:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab unknown
compressed
whitelisted
3404 iexplore.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/download/?d=0&h=1&pnid=4&domain=hshipmenttracker.co&implementation_id=packages_spt_&source=_v0-bb9&adprovider=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&dfn=Shipment%20Tracker&spo=0&appname=Shipment%20Tracker&appdesc=Get%20your%20package%20info%20%20instantly%20from%20your%20home%20and%20new%20tab%20page!&ies=s,h&sso= US
executable
shared
116 ShipmentTracker-21402990.exe GET 200 107.23.13.37:80 http://www.springtechdld.com/ies/api.cgi?act=getConfig&id=U2hpcG1lbnRUcmFja2VyLTIxNDAyOTkwLmV4ZQ==&rf=0&proto=1 US
text
shared
116 ShipmentTracker-21402990.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event=ex_accepted US
––
––
shared
116 ShipmentTracker-21402990.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event=ex_shown_ds US
––
––
shared
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/?ap=0&uc=20190611&i_id=packages_spt__1.30&uid=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&source=_v0-bb9-iei US
html
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/styles/home/packages_v1?v=x1BZmimwCuTPrxEKkON02bLwNE7X3DWDcBAeymH_VyI1 US
text
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/get/js/impression?uc=20190611&ap=0&source=_v0-bb9-iei&uid=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&i_id=packages_spt__1.30&cid= US
text
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/styles/home/monetizedquicklinks?v=gJHlzDmEaHpGOsrgbxBB8fvVZ_OkkCeXVVHkJAPS47A1 US
text
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81 US
text
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/ US
html
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/styles/home/setting?v=ryUN9ROxMocKoOuvctYLZZeK4BqnEgMfzTl9evNnkcM1 US
text
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Shared/Images/gear-icon.png US
image
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/scripts/home/common?v=EuIy2lerC3sucsvrktGFFhoc5c0KLvN9crdBl8oVyrw1 US
text
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/img/Icons/weatherAgencyIcon.jpg US
image
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Email/Sprites/Sprite_Email_V9.png US
image
unknown
2548 IEXPLORE.EXE GET 200 52.84.214.151:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/amazon.png US
image
whitelisted
2548 IEXPLORE.EXE GET 200 52.84.214.151:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/news-1.png US
image
whitelisted
2548 IEXPLORE.EXE GET 200 52.84.214.151:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/kelkoo.jpg US
image
whitelisted
2548 IEXPLORE.EXE GET 200 52.84.214.151:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/bookingbuddy.jpg US
image
whitelisted
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Images/saveMoney.png US
image
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Packages/Sprites/Sprite_Packages_V2.png US
image
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Home/Packages/Sprites/packages_sprite.jpg US
image
unknown
2548 IEXPLORE.EXE GET 200 52.84.214.151:80 http://dap2y8k6nefku.cloudfront.net/quicklinkicons/carbuyer.jpg US
image
whitelisted
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/img/Icons/recipesIcon.jpg US
image
unknown
3320 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/favicon.ico US
image
unknown
2548 IEXPLORE.EXE GET 200 52.21.108.235:80 http://search.hshipmenttracker.co/Content/Slick/images/icons-star.png US
image
unknown
116 ShipmentTracker-21402990.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event=ex_set_ds US
––
––
shared
116 ShipmentTracker-21402990.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event=ex_set_hp US
––
––
shared
116 ShipmentTracker-21402990.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event=ex_installed US
––
––
shared
116 ShipmentTracker-21402990.exe GET 200 34.192.66.209:80 http://www.springdwnld2.com/impression.do?domain=hshipmenttracker.co&implementation_id=packages_spt__1.30&offer_id=_iei_&source=_v0-bb9-iei&sub_id=20190611&traffic_source=0&user_id=3f9e6806-1f5c-4342-b777-6b00cd7ba6e7&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4.0C%3B+.NET4.0E)&ts=1560294599&sgn=13937f0c2901155a08aea6012c95a2776489bb07&subid2=8.0.7601.17514&event=ex_executed US
––
––
shared
116 ShipmentTracker-21402990.exe POST 200 107.23.13.37:80 http://www.springtechdld.com/advplatform/api.cgi?act=postStat&id=U2hpcG1lbnRUcmFja2VyLTIxNDAyOTkwLmV4ZQ==&rf=0&proto=1 US
text
compressed
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2136 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3404 iexplore.exe 18.214.213.187:443 US unknown
3404 iexplore.exe 52.84.214.81:80 US unknown
3404 iexplore.exe 2.16.186.89:80 Akamai International B.V. –– whitelisted
3404 iexplore.exe 216.58.205.234:443 Google Inc. US whitelisted
3404 iexplore.exe 172.217.22.35:443 Google Inc. US whitelisted
3404 iexplore.exe 34.194.5.215:443 Amazon.com, Inc. US unknown
3404 iexplore.exe 52.21.108.235:443 Amazon.com, Inc. US unknown
3404 iexplore.exe 172.217.18.163:443 Google Inc. US whitelisted
3404 iexplore.exe 54.72.199.154:443 Amazon.com, Inc. IE unknown
2136 iexplore.exe 18.214.213.187:443 US unknown
3404 iexplore.exe 34.192.66.209:80 Amazon.com, Inc. US shared
116 ShipmentTracker-21402990.exe 107.23.13.37:80 Amazon.com, Inc. US malicious
116 ShipmentTracker-21402990.exe 34.192.66.209:80 Amazon.com, Inc. US shared
2548 IEXPLORE.EXE 52.21.108.235:80 Amazon.com, Inc. US unknown
2548 IEXPLORE.EXE 54.72.199.154:443 Amazon.com, Inc. IE unknown
2548 IEXPLORE.EXE 172.217.22.35:443 Google Inc. US whitelisted
2548 IEXPLORE.EXE 34.194.5.215:443 Amazon.com, Inc. US unknown
2548 IEXPLORE.EXE 104.111.241.173:443 Akamai International B.V. NL unknown
2548 IEXPLORE.EXE 52.84.214.53:443 US unknown
2548 IEXPLORE.EXE 52.22.227.196:443 Amazon.com, Inc. US unknown
2548 IEXPLORE.EXE 52.84.214.151:80 US unknown
3320 IEXPLORE.EXE 52.21.108.235:80 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
shipmenttracker.co 18.214.213.187
52.44.224.39
unknown
x.ss2.us 52.84.214.81
52.84.214.91
52.84.214.175
52.84.214.242
whitelisted
www.download.windowsupdate.com 2.16.186.89
2.16.186.81
whitelisted
fonts.googleapis.com 216.58.205.234
whitelisted
config.hshipmenttracker.co 52.21.108.235
54.236.122.112
unknown
www.gstatic.com 172.217.22.35
whitelisted
pushible.com 34.194.5.215
54.173.109.10
unknown
fonts.gstatic.com 172.217.18.163
whitelisted
appfocus.go2cloud.org 54.72.199.154
52.30.52.254
52.50.109.222
malicious
www.springdwnld2.com 34.192.66.209
107.23.13.37
shared
www.springtechdld.com 107.23.13.37
34.192.66.209
shared
search.hshipmenttracker.co 52.21.108.235
54.236.122.112
unknown
d3ff8olul1r3ot.cloudfront.net 52.84.214.53
52.84.214.5
52.84.214.178
52.84.214.125
whitelisted
imp.mt48.net 104.111.241.173
unknown
imp.onesearch.org 52.22.227.196
54.174.5.12
malicious
dap2y8k6nefku.cloudfront.net 52.84.214.151
52.84.214.7
52.84.214.36
52.84.214.46
whitelisted

Threats

PID Process Class Message
3404 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3404 iexplore.exe Misc activity ET INFO EXE - Served Attached HTTP
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MSIL/Adload.AT Beacon
116 ShipmentTracker-21402990.exe A Network Trojan was detected ET MALWARE MALWARE W32/WinWrapper.Adware User-Agent

Debug output strings

No debug info.