General Info

URL

http://nar.orionakhtar.com/lists/fo399lbfyb3a0/confirm-unsubscribe/xc033xyz8sc51/mb457w8fh8c28

Full analysis
https://app.any.run/tasks/68bc2d78-3d9b-4a03-9f0e-18b4a67d8694
Verdict
Malicious activity
Analysis date
12/6/2018, 10:16:20
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads Internet Cache Settings
  • iexplore.exe (PID: 3444)
  • iexplore.exe (PID: 3704)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3160)
  • iexplore.exe (PID: 3704)
Changes internet zones settings
  • iexplore.exe (PID: 3444)
Reads internet explorer settings
  • iexplore.exe (PID: 3704)
Application launched itself
  • iexplore.exe (PID: 3444)
Reads settings of System Certificates
  • iexplore.exe (PID: 3704)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
34
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3444
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3704
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3444 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\credssp.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll

PID
3160
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
459
Read events
394
Write events
62
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
3444
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3444
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A11AFF81-F937-11E8-834A-5254004A04AF}
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070C00040006000900100025009900
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070C00040006000900100025009900
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070C00040006000900100025000601
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070C00040006000900100025002501
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
34
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070C00040006000900100025008301
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
29
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070C0004000600090010002C00B001
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheRepair
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C39B9468448DD401
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3444
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3704
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
3704
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
66
Unknown types
10

Dropped files

PID
Process
Filename
Type
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: e27c6c77e4dce7ebd89866e771ac58a1
SHA256: 62c12e564bb9916b44c9a1979d6834043a47ea2d2784dfe993699b575e74f173
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].php
––
MD5:  ––
SHA256:  ––
3444
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: 3d838448d1fde7a1d2d5c67c5ca8ac6e
SHA256: 15b6204f09956a7db4bb44307de4e8abf86d35010e79d98b9c53901073d4c005
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: 492fda740c5b5cb3002493290c20b989
SHA256: 07bdf78677964e30f9db0938c929c4efd323b5bd1cb256f87d341f2edb4474e8
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\__utm[1].gif
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 2daf3d6ec597b7fff4518941a2d10041
SHA256: 3fea4e1ac3cdfd03a9fca304f96e0e7b546df0a65ba3660ca6e0bb54e0667cd0
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3160
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\f[1].txt
text
MD5: cb3ebc8d01029061cc247757d44b5572
SHA256: 8256b9cdb1dec4ce2d704400437fe38e0cc819454e1631362bdc4dc953575457
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\repair-win[1].png
image
MD5: 5851745de354765e2125f096e27ae2a2
SHA256: e51e18fcf47fa9b6b5bf724f6a9655c25a05d215afba827f205aaeb47642d87a
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cloud[1].png
image
MD5: 37b3f2641ececb4eda59252b1a621eb7
SHA256: c2ebc7735534bd0e5708bfae2406b4cfcdbdc7f6ab7bf8838aba82023383269c
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\improve-pc[1].png
image
MD5: a33103966c40c7af0394283801707874
SHA256: da2871c4669d112fb708df1920f01a6aefdd5f257ef87cdfd3b424fc8eb2be59
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery.fancybox-2[1].js
text
MD5: 932c065e6c0658681ca19a34d45981f4
SHA256: 1a2da275a2f66503da340a4b38a064c5329d8b3f03eb057dee553786482c4874
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\free-scan[1].png
image
MD5: 8c7d05b98e6f2d5fbf1c60adffeea4f2
SHA256: 158bdf06a0618d1484c272c35bf6eeed158a9440ae9b12ac74dd66c7ba435dd8
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\left-line5[1].png
image
MD5: a59e741ab3d51d4e1e5ba30b0a7b29a8
SHA256: 79c1403f2c097fe69db72c4a7f7200093781ee005dfd6c6cb2b4c6d6f10e389a
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\left-line4[1].png
image
MD5: 5e66342138a9e7fe493159cd1d022c7f
SHA256: 6ef1d9b7114972450bc65ef971b9f1b6bcda9a14dfdacd0d2eef5982ab13bbd6
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\left-line3[1].png
image
MD5: 39494baf3c541996c3b3bb06283fdb46
SHA256: 4e23b54f1144c274b359d7ef5c60d49a82bd6e060896e6b5816a779fe0eb6cb1
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\left-line2[1].png
image
MD5: f0cbc1f1348e5a7dd71117fff276b24c
SHA256: b0eed672ea60ec55d4d9cf2d35704334217a77c07b6dcaadc8c5e6aa67cfedfd
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 86b1ffa3e1bf197ec7626683530e0a48
SHA256: c69e2904d99c38cffebc7362cb8927f3588764b0782119f5399e6bc51ed15bad
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\reimage-repair-software-screen.en[1].png
image
MD5: bee784d55ec18bbbb78d9cf551c0105f
SHA256: ce64b3df68854a7dd3bc367bcd76ead89fec756099f139e8098597abc9172d8e
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\dc[1].js
text
MD5: de8ca47c1eda5087d5d609cb5cef2301
SHA256: 6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\step2-bg-trans[1].png
image
MD5: d5ee2f43e2a023082f436ecbd1bdc481
SHA256: 11d91f55b1674e173ddfe06eb57ae85fa33a6cff7af1302f507ac242d07a80d8
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\step1-bg-trans[1].png
image
MD5: 1d15fb682fe3dff47991aa9751a875b9
SHA256: b8755dc875e0a34693d2a5d357d9bff4d5f19d7c2a2d5134dc628a3f61caf000
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\left-line1[1].png
image
MD5: 51e96eb80b3315a78a3c263128863f80
SHA256: b331acc4c4aa2a03b8285ea5c5713d0fc0a1b8afab057511942b984af3a94c33
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\patent[1].png
image
MD5: a325c56ac5095d3459a31023cbddaad8
SHA256: 2e7c88199f79f7ee899df4333e85ea8959c6b156c1ea96dc0f0a1d3fe7d48f0e
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\1[1].js
html
MD5: e2774d3287f45211ef10b03a47bb16dc
SHA256: 6b3b4b55bd4c1db53e0a2594ce4e779b94fae6f5836127f8f99c9dcc36ff1a0d
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\step-bg[1].png
image
MD5: 7b6e60e77c3654a847d5081395960cf5
SHA256: 33c28e008ac3729e9b12dbc10be193b77e16a41a6c3693d4082858d3cba92e59
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\button_download_anim[1].gif
image
MD5: a415393521909e0c856acf0e00116630
SHA256: 031e1fb30c05d97c39bd6db7a4c99b4fd96fcfad71c9f2ffdffc8cd19e4012fe
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\green_v[1].png
image
MD5: 2008cbae40db2b500152c7dafd984d93
SHA256: 9d67b141e9910fc9573bb40f0da15b37a07f321f364b49d248dd04b051b94cfe
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\box-bg[1].gif
image
MD5: 8ff2fa6eb2a493a50bd5d1e62ca65aab
SHA256: 29bb9c83e89d0bc33f498d269d352e39d2685903a1edf1f01b2b48f6830b10c8
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Win7[1].gif
image
MD5: 72edefcd39d81e6d207b19834e6941ef
SHA256: 41e53e6880391a2ffdcecfc04969e62ade0e3383c54aed8c281a3c5c122a5f3c
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\page-header[1].png
image
MD5: 72eb11363a557a2d01e4fc9e453e0d93
SHA256: 104c8b1b981bed8968301cd28d4daf83d09dbc23b51a862ab6ebb9e59cc0f785
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\23[1].png
image
MD5: 5f36243f518eff12b63e038c6cc44a35
SHA256: c7957fa56cabd5a01d107bc74fa2a06ef0ac502e873aaae70cdf69160bcb4dd1
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery.fancybox-2[1].css
text
MD5: 2f2b95d6968f1d06e3b2cf4f7167bde1
SHA256: 672cfaee45d3224d4727d24aad241bc6722a6ec48623962260d35374a7c5462a
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cookie-note[1].js
text
MD5: 31a26a241ed14defc5417202d0ec5362
SHA256: 6348d80a177746d0a346fb0c8aba8b73d2ddee827506a31abc054a60b77b6168
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\f[1].txt
text
MD5: 93c320c2351fd77c40f325b0e7b89017
SHA256: 57a257d474bbb1dc7cc9398fdd4884232e7e614d6b9df64aed3863da80f3cbf4
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\style[1].css
text
MD5: 32a23e9ff31d0e79bf6a5ee370e710ba
SHA256: 1b4a50980bb307c586b5c6f060812766cdf1c6f825e28b350b482534077b6614
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery.min[1].js
text
MD5: b04a3bccd23ddeb7982143707a63ccf9
SHA256: 764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index_src[1].htm
html
MD5: 259ae1e360dcf9d3f95f391981a4e691
SHA256: bf81cb3593a5a62d81c37f8d07f7e9c123982219386b3733aa531126ff06d109
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 593c7ffddc90c106b9117c42d97b6874
SHA256: dd5a473e2de85d1d4e97b9164d246ae114c36ef6269fd5f7749ce249b7d3081e
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index_src[1].php
––
MD5:  ––
SHA256:  ––
3444
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\reimage[1].ico
image
MD5: d0c2bd29933d303826e58db070e10832
SHA256: 3af4842e79f2e783c9a73e19493a10164df5cf27e7e2fb67fb51b2f99d3b4d84
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].htm
html
MD5: f9b89662a5d070becc2361bcf92e0c33
SHA256: 45eed0fe2e14715bcd5d9a664f3acfa34e58b0c337b13b51392cda2a07fceaf8
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0ba22174128047404e8e686c8a9f87ab
SHA256: af2ce881e8ff4441b63ce6cf2250fb2d422585253e66c22cec7c0669d866f752
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 34aa60149ceca0af69a53f7dfc1e7af8
SHA256: cbfa5bba09990dfdccf16d7e30a4fdfa57a7e1d91c117b4fe3daf1b17f3a8c49
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ionicons[1].eot
eot
MD5: 2c2ae068be3b089e0a5b59abb1831550
SHA256: a4803d7bdeb478a5b9238fe74d8aaa98dafe2e8e68fccbd0e3f4dced823f27f0
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 9549136eb65065ad46b5861f779e0811
SHA256: 03c11cab8aec592a48f40afc69b71bf13e19f118fe1f83f7bb90d1446e8db1d0
3704
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\JTUSjIg1_i6t8kCHKm459Wlhzw[1].eot
eot
MD5: 29c1d31f7d9bc4f5c1841eb14fbf5cd7
SHA256: 45ea589c36cd33266bc70b81bd0c42332fbbb6fa58939cd31282096624f7fda8
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fontawesome-webfont[1].eot
eot
MD5: 32400f4e08932a94d8bfd2422702c446
SHA256: e219ece8f4d3e4ac455ef31cd3a7c7b5057ea68a109937fc26b03c6e99ee9322
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\S6uyw4BMUTPHjx4wWg[1].eot
eot
MD5: 6a6d715087a68ac5ad790b4f7bbb1766
SHA256: 5c795bd6b63ed3ec2fb053216fe4a8e89c2c2a90beb7aee8456deb3eff347ba5
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 9dce7f01715340861bdb57318e2f3fdc
SHA256: ee6885417a5772a42be3280cf34581001cafd5548d12b66b5466e53f05dabf96
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\css[1].txt
text
MD5: 31b8f0aa107cbde0d92b91fed8e82190
SHA256: cd4b6d4596f12172f2fc3d4d3210114d7d4630d5d0af9db04856603241a5103e
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt
text
MD5: e3ada4565626b4a5edb4b42a5c8ae586
SHA256: 7647ad188834bb8656c770434bbc23b956118eca436bfaca76da68cbad9f4bad
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ionicons.min[1].css
text
MD5: 0d6763b67616cb9183f3931313d42971
SHA256: de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\glyphicons-halflings-regular[1].eot
eot
MD5: 7ad17c6085dee9a33787bac28fb23d46
SHA256: f495f34e4f177cf0115af995bbbfeb3fcabc88502876e76fc51a4ab439bc8431
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt
text
MD5: 2d1fdb6f49ad87629a962ad6bdda2d98
SHA256: 8d586cc74f47f6096e6131382ad27527ef0fbc4de0879dc0ffb161cc7b8061d7
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: c42e76da0420063dd1020277536e458f
SHA256: 74113b9f8153fbaa713d152f2344c08525f3a4dfe1983dde9dbd6651c11f299a
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[2].txt
text
MD5: 4c7dad4090d0a72b34cc1bcd13885c73
SHA256: 4cd4bd4af907718dd6b740f3a4710fa82bd3ea724274eefde8d3ddb54dab894f
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\font-awesome.min[1].css
text
MD5: 4fbd15cb6047af93373f4f895639c8bf
SHA256: ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\app-custom[1].js
text
MD5: 8519c858e4de712d83f7e29f86a2b463
SHA256: f96fd4f423a8ef055f317e3efc30d91feeed54dea95816bba9020e695d8cefee
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cookie[1].js
text
MD5: 449dd3907404cead5d8ba6203b3550dc
SHA256: 3585a42757908ba2ace27f41b01256f6cf4ffb9679f7ac0ff8957817d5ccfde1
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\app[1].js
text
MD5: e8b3d514502b62f237a0741a9c7e6429
SHA256: d89b7b17e72d055a38b3abe133859190b9204cc48f3d0bfcdcbd44ad26048465
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\app[1].js
text
MD5: f5c5fccd083eddbf48190f6999bed58e
SHA256: a699b93ca960447d8a634a5821b5b5aabf5cc1727927c7ad577df2e7afea7b4a
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\adminlte[1].js
text
MD5: add5b3f0900365f3b4240664da17760e
SHA256: 42338bc162a705b04953fc72340216dbefb55cf12ec1a6e7cad04e5e680e26bc
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\notify[1].js
text
MD5: 241ff1796e5a3c3f0748be453a4225b2
SHA256: 4cf04a0784643ac8385970593618c266ffdba073946d96eaf82e6d429a48a72c
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery.min[1].js
text
MD5: 8101d596b2b8fa35fe3a634ea342d7c3
SHA256: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\adminlte[1].css
text
MD5: e26944645d188b183353d19ab2736b0b
SHA256: 3601aa9fefe786f7641b2ecb74c2c935a8a01e415d55f30e6e097f2d5e16f8d3
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\knockout.min[1].js
text
MD5: fa8662c7a8415d0355f444eaff534845
SHA256: 972f13893b7056c0567637a44ea4c994b1b3dd1b20e185ebf3478ae9086d74cb
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].js
text
MD5: ba847811448ef90d98d272aeccef2a95
SHA256: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\style[1].css
text
MD5: 0704fe77a703921a5520c4ef079b3ac4
SHA256: 6a6249eb2886276d28435052d388fe35557ea936825d1e06629849ec700bfd95
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\html5shiv[1].js
html
MD5: 0ce8f355891c26c28f057e195e97dcd5
SHA256: 8c7a9c0470563367ab00307b4fb9bb3052d0a27f0b94e63b9dc0bb8c369449cb
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\respond.min[1].js
html
MD5: 972b9d5576bfe0a34b18cd9e4f99d747
SHA256: 8369672cfa949065e3ec60d6f99cb8efe3b6a61f94af5726b5d92556a923fa48
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\skin-blue[1].css
text
MD5: 736dc5a80d350f34661eeb11ec02c7ee
SHA256: d028883419fbc261a8588de03fcba282debb5e92853974d69bca9f5df9f4904d
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bootstrap.min[1].css
text
MD5: 8a7442ca6bedd62cec4881040b9a9e83
SHA256: e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mb457w8fh8c28[1].htm
html
MD5: f7187f52ff8e8e5c2f271f23fbe7a841
SHA256: 4a5d252364f9e450024db434442c5a87a59f0c76c43d9e9f36b9e39a4d1c8279
3704
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mb457w8fh8c28[1].txt
––
MD5:  ––
SHA256:  ––
3444
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3444
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3444
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
54
TCP/UDP connections
42
DNS requests
19
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3444 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/lists/fo399lbfyb3a0/confirm-unsubscribe/xc033xyz8sc51/mb457w8fh8c28 FR
html
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/css/bootstrap.min.css?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/css/adminlte.css?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/css/skin-blue.css?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/cache/bbe56c5a/jquery.min.js FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/css/style.css?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/knockout.min.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 23.111.8.154:80 http://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js US
html
whitelisted
3704 iexplore.exe GET 200 23.111.8.154:80 http://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js US
html
whitelisted
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/bootstrap.min.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/notify.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/adminlte.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/cookie.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/app.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/js/app.js?av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/js/app-custom.js?v=1543821870&av=383d138c FR
text
unknown
3704 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/fonts/glyphicons-halflings-regular.eot? FR
eot
unknown
3704 iexplore.exe GET 307 185.117.75.222:80 http://ff.potterzs.link/?flux_fts=iplzzatccqatpooipaeiplzzptxzialapoczz0f935 NL
––
––
suspicious
3704 iexplore.exe GET 302 179.61.143.10:80 http://7uuy6.cleanharborredirect.com/?s1=470836096134894012 AT
––
––
suspicious
3704 iexplore.exe GET 301 161.47.7.14:80 http://www.reimageplus.com/includes/router_land.php?tracking=YTZ2&lpx=slm&banner=ALF&%3F%3Fs1=470836096134894012&group_id=483&cntrl=00000&pid=20801&redid=79222&gsid=483&campaign_id=20&p_id=20801&id=XNSX.-r79222-t483&impid=a5047390-f937-11e8-95ad-aa1f778d2780 US
text
malicious
3704 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/lp/sqi/index.php?tracking=YTZ2&banner=ALF&adgroup=direct&ads_name=direct&keyword=direct&nms=1&lpx=slm US
html
malicious
3704 iexplore.exe GET 200 172.217.168.42:80 http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js US
text
whitelisted
3704 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/lp/sqi/index_src.php?tracking=YTZ2&banner=ALF&adgroup=direct&ads_name=direct&keyword=direct&nms=1&lpx=slm US
html
malicious
3704 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/lp/sqi/css/style.css US
text
malicious
3704 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/assets/scripts/cookie-note.js US
text
malicious
3704 iexplore.exe GET 200 172.217.168.34:80 http://www.googleadservices.com/pagead/conversion.js US
text
whitelisted
3704 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/assets/styles/jquery.fancybox/jquery.fancybox-2.css US
text
malicious
3704 iexplore.exe GET 200 99.84.151.29:80 http://images.scanalert.com/meter/www.reimageplus.com/23.gif US
image
whitelisted
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/page-header.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/Win7.gif US
image
suspicious
3704 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/assets/scripts/jquery.fancybox/jquery.fancybox-2.js US
text
malicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sys/reimage-repair-software-screen.en.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/button_download_anim.gif US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/green_v.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/box-bg.gif US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/step-bg.png US
image
suspicious
3704 iexplore.exe GET 200 108.177.119.155:80 http://stats.g.doubleclick.net/dc.js US
text
whitelisted
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/patent.png US
image
suspicious
3704 iexplore.exe GET 200 99.84.151.117:80 http://cdn.ywxi.net/js/1.js US
html
whitelisted
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/step1-bg-trans.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/step2-bg-trans.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line1.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line2.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line3.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line4.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line5.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/free-scan.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/repair-win.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/improve-pc.png US
image
suspicious
3704 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/cloud.png US
image
suspicious
3704 iexplore.exe GET 200 108.177.119.155:80 http://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1637107416&utmhn=www.reimageplus.com&utmcs=utf-8&utmsr=1280x720&utmvp=1260x560&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=26.0%20r0&utmdt=Reimage%20Repair&utmhid=1224497589&utmr=0&utmp=%2Flp%2Fsqi%2Findex_src.php%3Ftracking%3DYTZ2%26banner%3DALF%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26nms%3D1%26lpx%3Dslm&utmht=1544087804869&utmac=UA-24411584-1&utmcc=__utma%3D141870001.916655334.1544087804.1544087804.1544087804.1%3B%2B__utmz%3D141870001.1544087804.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1678024717&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ US
image
whitelisted
3444 iexplore.exe GET 301 161.47.7.14:80 http://www.reimageplus.com/favicon.ico US
html
malicious
3444 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/images/reimage.ico US
image
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3444 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3704 iexplore.exe 37.187.158.168:80 OVH SAS FR unknown
3704 iexplore.exe 216.58.215.234:443 Google Inc. US whitelisted
3704 iexplore.exe 104.19.198.151:443 Cloudflare Inc US shared
3704 iexplore.exe 23.111.8.154:80 netDNA US unknown
–– –– 216.58.215.234:443 Google Inc. US whitelisted
3704 iexplore.exe 216.58.215.227:443 Google Inc. US whitelisted
3704 iexplore.exe 185.117.75.222:80 Host Sailor Ltd. NL suspicious
3704 iexplore.exe 179.61.143.10:80 Digital Energy Technologies Limited AT unknown
3704 iexplore.exe 161.47.7.14:80 Rackspace Ltd. US suspicious
3704 iexplore.exe 172.217.168.42:80 Google Inc. US whitelisted
3704 iexplore.exe 172.217.168.34:80 Google Inc. US whitelisted
3704 iexplore.exe 23.45.106.123:443 Akamai International B.V. NL whitelisted
3704 iexplore.exe 99.84.151.29:80 AT&T Services, Inc. US unknown
3704 iexplore.exe 205.185.208.80:80 Highwinds Network Group, Inc. US suspicious
3704 iexplore.exe 172.217.168.34:443 Google Inc. US whitelisted
3704 iexplore.exe 108.177.119.155:80 Google Inc. US whitelisted
3704 iexplore.exe 99.84.151.117:80 AT&T Services, Inc. US unknown
3704 iexplore.exe 216.58.215.226:443 Google Inc. US whitelisted
3444 iexplore.exe 161.47.7.14:80 Rackspace Ltd. US suspicious
3704 iexplore.exe 172.217.168.4:443 Google Inc. US whitelisted
3704 iexplore.exe 172.217.168.3:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
nar.orionakhtar.com 37.187.158.168
unknown
fonts.googleapis.com 216.58.215.234
whitelisted
cdnjs.cloudflare.com 104.19.198.151
104.19.196.151
104.19.195.151
104.19.199.151
104.19.197.151
whitelisted
oss.maxcdn.com 23.111.8.154
whitelisted
fonts.gstatic.com 216.58.215.227
whitelisted
ff.potterzs.link 185.117.75.222
suspicious
7uuy6.cleanharborredirect.com 179.61.143.10
191.101.34.10
191.96.104.10
unknown
www.reimageplus.com 161.47.7.14
malicious
ajax.googleapis.com 172.217.168.42
216.58.215.234
172.217.168.10
whitelisted
www.googleadservices.com 172.217.168.34
whitelisted
seal.websecurity.norton.com 23.45.106.123
whitelisted
images.scanalert.com 99.84.151.29
99.84.151.118
99.84.151.39
99.84.151.38
whitelisted
cdnrep.reimageplus.com 205.185.208.80
suspicious
stats.g.doubleclick.net 108.177.119.155
108.177.119.157
108.177.119.154
108.177.119.156
whitelisted
cdn.ywxi.net 99.84.151.117
99.84.151.84
99.84.151.79
99.84.151.59
whitelisted
googleads.g.doubleclick.net 216.58.215.226
whitelisted
www.google.com 172.217.168.4
whitelisted
www.google.fi 172.217.168.3
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.