General Info

URL

http://nar.orionakhtar.com/lists/fo399lbfyb3a0/confirm-unsubscribe/xc033xyz8sc51/mb457w8fh8c28

Full analysis
https://app.any.run/tasks/ad7371f9-b3ce-42dd-8f0c-6f7103f32131
Verdict
Malicious activity
Analysis date
12/6/2018, 10:33:40
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3532)
  • iexplore.exe (PID: 3256)
Changes internet zones settings
  • iexplore.exe (PID: 2976)
Application launched itself
  • iexplore.exe (PID: 2976)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2976)
  • iexplore.exe (PID: 3256)
Reads settings of System Certificates
  • iexplore.exe (PID: 3256)
Reads internet explorer settings
  • iexplore.exe (PID: 3256)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
34
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2976
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3256
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2976 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll

PID
3532
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
499
Read events
434
Write events
62
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2976
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2976
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{10590DF5-F93A-11E8-BAD8-5254004A04AF}
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070C00040006000900220002000C03
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070C00040006000900220002001C03
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070C00040006000900220003002E00
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070C00040006000900220003006C00
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
52
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070C0004000600090022000300E900
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
37
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheRepair
0
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
A62E69E0468DD401
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
00916BE0468DD401
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070C00040006000900220035000D01
3256
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3256
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207
3256
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
3256
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
3256
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
3256
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
71
Unknown types
10

Dropped files

PID
Process
Filename
Type
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f76d8cfc2e918f38b7ecc05b77da6fb0
SHA256: 918bfd1d5dbc92665fb44ab9eb9346660f64fdd9b98f5ee8db99759bd30c19c5
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\index[1].htm
html
MD5: abce80a2204b772617863b7acac89eb6
SHA256: d2869415655910686d13a3d021bccc11fec31e4849159e19b423bcd3961a4f00
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\__utm[1].gif
––
MD5:  ––
SHA256:  ––
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 0993ad9e65ddd3453ba85e3855d5077d
SHA256: e19cc952a019bf8a061150acb8d3fa4035f92fe06158c6b885389035883f857d
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: a762665cd40e68407edaf64f15c95baa
SHA256: 6cda3fa2c4302fc9bfa5aaa44b103bf062c95a2373ec5862d774020d80c4e207
3532
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2976
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\reimage[1].ico
image
MD5: d0c2bd29933d303826e58db070e10832
SHA256: 3af4842e79f2e783c9a73e19493a10164df5cf27e7e2fb67fb51b2f99d3b4d84
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\f[2].txt
text
MD5: 8611e67c4a25d036bd4f922b184f8ebd
SHA256: acbaf98485f7249dd3ae5ae437b1e3be68bc7180e3e59773786949fbdc5c8d67
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery.fancybox-2[1].js
text
MD5: 932c065e6c0658681ca19a34d45981f4
SHA256: 1a2da275a2f66503da340a4b38a064c5329d8b3f03eb057dee553786482c4874
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\1[1].js
html
MD5: e2774d3287f45211ef10b03a47bb16dc
SHA256: 6b3b4b55bd4c1db53e0a2594ce4e779b94fae6f5836127f8f99c9dcc36ff1a0d
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 63955ba3248b5aa113bf0ef350f154e5
SHA256: fc14fee5f6c651925bfeffbdfcc9a112c75ba4669c806be88ca6ca50356937cf
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\dc[1].js
text
MD5: de8ca47c1eda5087d5d609cb5cef2301
SHA256: 6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cloud[1].png
image
MD5: 37b3f2641ececb4eda59252b1a621eb7
SHA256: c2ebc7735534bd0e5708bfae2406b4cfcdbdc7f6ab7bf8838aba82023383269c
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\improve-pc[1].png
image
MD5: a33103966c40c7af0394283801707874
SHA256: da2871c4669d112fb708df1920f01a6aefdd5f257ef87cdfd3b424fc8eb2be59
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\repair-win[1].png
image
MD5: 5851745de354765e2125f096e27ae2a2
SHA256: e51e18fcf47fa9b6b5bf724f6a9655c25a05d215afba827f205aaeb47642d87a
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\free-scan[1].png
image
MD5: 8c7d05b98e6f2d5fbf1c60adffeea4f2
SHA256: 158bdf06a0618d1484c272c35bf6eeed158a9440ae9b12ac74dd66c7ba435dd8
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\left-line4[1].png
image
MD5: 5e66342138a9e7fe493159cd1d022c7f
SHA256: 6ef1d9b7114972450bc65ef971b9f1b6bcda9a14dfdacd0d2eef5982ab13bbd6
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\left-line5[1].png
image
MD5: a59e741ab3d51d4e1e5ba30b0a7b29a8
SHA256: 79c1403f2c097fe69db72c4a7f7200093781ee005dfd6c6cb2b4c6d6f10e389a
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\23[1].png
image
MD5: 5f36243f518eff12b63e038c6cc44a35
SHA256: c7957fa56cabd5a01d107bc74fa2a06ef0ac502e873aaae70cdf69160bcb4dd1
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\left-line3[1].png
image
MD5: 39494baf3c541996c3b3bb06283fdb46
SHA256: 4e23b54f1144c274b359d7ef5c60d49a82bd6e060896e6b5816a779fe0eb6cb1
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\left-line2[1].png
image
MD5: f0cbc1f1348e5a7dd71117fff276b24c
SHA256: b0eed672ea60ec55d4d9cf2d35704334217a77c07b6dcaadc8c5e6aa67cfedfd
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\step2-bg-trans[1].png
image
MD5: d5ee2f43e2a023082f436ecbd1bdc481
SHA256: 11d91f55b1674e173ddfe06eb57ae85fa33a6cff7af1302f507ac242d07a80d8
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\left-line1[1].png
image
MD5: 51e96eb80b3315a78a3c263128863f80
SHA256: b331acc4c4aa2a03b8285ea5c5713d0fc0a1b8afab057511942b984af3a94c33
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\step1-bg-trans[1].png
image
MD5: 1d15fb682fe3dff47991aa9751a875b9
SHA256: b8755dc875e0a34693d2a5d357d9bff4d5f19d7c2a2d5134dc628a3f61caf000
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\reimage-repair-software-screen.en[1].png
image
MD5: bee784d55ec18bbbb78d9cf551c0105f
SHA256: ce64b3df68854a7dd3bc367bcd76ead89fec756099f139e8098597abc9172d8e
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\step-bg[1].png
image
MD5: 7b6e60e77c3654a847d5081395960cf5
SHA256: 33c28e008ac3729e9b12dbc10be193b77e16a41a6c3693d4082858d3cba92e59
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery.fancybox-2[1].css
text
MD5: 2f2b95d6968f1d06e3b2cf4f7167bde1
SHA256: 672cfaee45d3224d4727d24aad241bc6722a6ec48623962260d35374a7c5462a
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\button_download_anim[1].gif
image
MD5: a415393521909e0c856acf0e00116630
SHA256: 031e1fb30c05d97c39bd6db7a4c99b4fd96fcfad71c9f2ffdffc8cd19e4012fe
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\box-bg[1].gif
image
MD5: 8ff2fa6eb2a493a50bd5d1e62ca65aab
SHA256: 29bb9c83e89d0bc33f498d269d352e39d2685903a1edf1f01b2b48f6830b10c8
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\green_v[1].png
image
MD5: 2008cbae40db2b500152c7dafd984d93
SHA256: 9d67b141e9910fc9573bb40f0da15b37a07f321f364b49d248dd04b051b94cfe
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Win7[1].gif
image
MD5: 72edefcd39d81e6d207b19834e6941ef
SHA256: 41e53e6880391a2ffdcecfc04969e62ade0e3383c54aed8c281a3c5c122a5f3c
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\patent[1].png
image
MD5: a325c56ac5095d3459a31023cbddaad8
SHA256: 2e7c88199f79f7ee899df4333e85ea8959c6b156c1ea96dc0f0a1d3fe7d48f0e
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cookie-note[1].js
text
MD5: 31a26a241ed14defc5417202d0ec5362
SHA256: 6348d80a177746d0a346fb0c8aba8b73d2ddee827506a31abc054a60b77b6168
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\getseal[1].gif
image
MD5: a3c1a86c26d152cda510447b5e4973c1
SHA256: 0aa3a076e5a9dcfb9af8dd0460b9a30792a27a674bfb737e14ceb3c7b0b815c2
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\page-header[1].png
image
MD5: 72eb11363a557a2d01e4fc9e453e0d93
SHA256: 104c8b1b981bed8968301cd28d4daf83d09dbc23b51a862ab6ebb9e59cc0f785
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\getseal[1]
text
MD5: 66504206d30d48d3e3db70936d82088d
SHA256: a11ee042eeb4470256c03db24e6ddf07ef1dae198be912d70c6f171c4d0b3b0b
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\style[1].css
text
MD5: d94fca6b5b8a3bff50e725f47ce513c2
SHA256: 9dd4ad190d00eb789f6f26a78055addf1fbbc4529139a18d4e264c39a2c83e51
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\f[1].txt
text
MD5: 93c320c2351fd77c40f325b0e7b89017
SHA256: 57a257d474bbb1dc7cc9398fdd4884232e7e614d6b9df64aed3863da80f3cbf4
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index_src[1].htm
html
MD5: 87ee89fccce109593706490e92af2f96
SHA256: 291dbc0312531507318d32a51995cafe91e64d631f654c68d12a441913774ad4
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index_src[1].php
––
MD5:  ––
SHA256:  ––
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e796d4db67a77f6dca82d18126b8d955
SHA256: b21d8c9acdb5f0c05485fbf8baacc23ac9a62f2c93f7bbcffc025131d6aa5a8f
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery.min[1].js
text
MD5: b04a3bccd23ddeb7982143707a63ccf9
SHA256: 764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b3d2fd18db1471641875a841dac90cb2
SHA256: bd8b40ae5d0b05af4427b4a047aa0882af72895a8cafd745eaab47fb3a7fb277
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\index[1].php
––
MD5:  ––
SHA256:  ––
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: cb51b6f4e4e796212a8cc79d6730e0d1
SHA256: 094275d741b7bc91af1bf5e954ec32e57fb7a82feb1fbdafaa80090e78405f1c
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 4f960632d770c20723799182567ed939
SHA256: 7928149c1cbf5aed1f09b6093c875ad3214daf6436386c10606f2f2a119bdb47
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7059f5e9b41e79d47aa558451d394534
SHA256: 3d590b1b08ab04462e51c880752863e94701140b5a78f2b3dfd0c73e25dfda1c
3256
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2976
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: adf5281f1c0115a9cb2d8a1079cb0c76
SHA256: d188a0e521cb01f52131fb0df8b72560baac9e926f807cd3b06e48e022a9be71
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: 87b5a74136bfa683f0dc2c0bfd841972
SHA256: af91fbef32dd00cf03596900fe3c761a39f6e976f608764f73503d756f5c11f1
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].js
text
MD5: ba847811448ef90d98d272aeccef2a95
SHA256: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\JTUSjIg1_i6t8kCHKm459Wlhzw[1].eot
eot
MD5: 29c1d31f7d9bc4f5c1841eb14fbf5cd7
SHA256: 45ea589c36cd33266bc70b81bd0c42332fbbb6fa58939cd31282096624f7fda8
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt
text
MD5: 31b8f0aa107cbde0d92b91fed8e82190
SHA256: cd4b6d4596f12172f2fc3d4d3210114d7d4630d5d0af9db04856603241a5103e
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ionicons[1].eot
eot
MD5: 2c2ae068be3b089e0a5b59abb1831550
SHA256: a4803d7bdeb478a5b9238fe74d8aaa98dafe2e8e68fccbd0e3f4dced823f27f0
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\fontawesome-webfont[1].eot
eot
MD5: 32400f4e08932a94d8bfd2422702c446
SHA256: e219ece8f4d3e4ac455ef31cd3a7c7b5057ea68a109937fc26b03c6e99ee9322
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\css[1].txt
text
MD5: e3ada4565626b4a5edb4b42a5c8ae586
SHA256: 7647ad188834bb8656c770434bbc23b956118eca436bfaca76da68cbad9f4bad
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\S6uyw4BMUTPHjx4wWg[1].eot
eot
MD5: 6a6d715087a68ac5ad790b4f7bbb1766
SHA256: 5c795bd6b63ed3ec2fb053216fe4a8e89c2c2a90beb7aee8456deb3eff347ba5
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 9dce7f01715340861bdb57318e2f3fdc
SHA256: ee6885417a5772a42be3280cf34581001cafd5548d12b66b5466e53f05dabf96
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[1].txt
text
MD5: 2d1fdb6f49ad87629a962ad6bdda2d98
SHA256: 8d586cc74f47f6096e6131382ad27527ef0fbc4de0879dc0ffb161cc7b8061d7
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[2].txt
text
MD5: 4c7dad4090d0a72b34cc1bcd13885c73
SHA256: 4cd4bd4af907718dd6b740f3a4710fa82bd3ea724274eefde8d3ddb54dab894f
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\font-awesome.min[1].css
text
MD5: 4fbd15cb6047af93373f4f895639c8bf
SHA256: ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ionicons.min[1].css
text
MD5: 0d6763b67616cb9183f3931313d42971
SHA256: de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 8772acc723f17e07b090873380d355c8
SHA256: dda1d0aa4db4677ef24e25009a3334ce22bbb18f51ce067312cc4cb2202e726b
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\glyphicons-halflings-regular[1].eot
eot
MD5: 7ad17c6085dee9a33787bac28fb23d46
SHA256: f495f34e4f177cf0115af995bbbfeb3fcabc88502876e76fc51a4ab439bc8431
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\app-custom[1].js
text
MD5: 8519c858e4de712d83f7e29f86a2b463
SHA256: f96fd4f423a8ef055f317e3efc30d91feeed54dea95816bba9020e695d8cefee
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\app[1].js
text
MD5: e8b3d514502b62f237a0741a9c7e6429
SHA256: d89b7b17e72d055a38b3abe133859190b9204cc48f3d0bfcdcbd44ad26048465
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\app[1].js
text
MD5: f5c5fccd083eddbf48190f6999bed58e
SHA256: a699b93ca960447d8a634a5821b5b5aabf5cc1727927c7ad577df2e7afea7b4a
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cookie[1].js
text
MD5: 449dd3907404cead5d8ba6203b3550dc
SHA256: 3585a42757908ba2ace27f41b01256f6cf4ffb9679f7ac0ff8957817d5ccfde1
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\adminlte[1].js
text
MD5: add5b3f0900365f3b4240664da17760e
SHA256: 42338bc162a705b04953fc72340216dbefb55cf12ec1a6e7cad04e5e680e26bc
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jquery.min[1].js
text
MD5: 8101d596b2b8fa35fe3a634ea342d7c3
SHA256: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\notify[1].js
text
MD5: 241ff1796e5a3c3f0748be453a4225b2
SHA256: 4cf04a0784643ac8385970593618c266ffdba073946d96eaf82e6d429a48a72c
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\knockout.min[1].js
text
MD5: fa8662c7a8415d0355f444eaff534845
SHA256: 972f13893b7056c0567637a44ea4c994b1b3dd1b20e185ebf3478ae9086d74cb
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\adminlte[1].css
text
MD5: e26944645d188b183353d19ab2736b0b
SHA256: 3601aa9fefe786f7641b2ecb74c2c935a8a01e415d55f30e6e097f2d5e16f8d3
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\style[1].css
text
MD5: 0704fe77a703921a5520c4ef079b3ac4
SHA256: 6a6249eb2886276d28435052d388fe35557ea936825d1e06629849ec700bfd95
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\skin-blue[1].css
text
MD5: 736dc5a80d350f34661eeb11ec02c7ee
SHA256: d028883419fbc261a8588de03fcba282debb5e92853974d69bca9f5df9f4904d
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\respond.min[1].js
html
MD5: 972b9d5576bfe0a34b18cd9e4f99d747
SHA256: 8369672cfa949065e3ec60d6f99cb8efe3b6a61f94af5726b5d92556a923fa48
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\html5shiv[1].js
html
MD5: 0ce8f355891c26c28f057e195e97dcd5
SHA256: 8c7a9c0470563367ab00307b4fb9bb3052d0a27f0b94e63b9dc0bb8c369449cb
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bootstrap.min[1].css
text
MD5: 8a7442ca6bedd62cec4881040b9a9e83
SHA256: e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mb457w8fh8c28[1].htm
html
MD5: ccd34017e049923222e1a5322b2de093
SHA256: c2743bf185e91dc7a8a707f1bc7b3cd8634091d712461f8aad7b21dd31e19d81
3256
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mb457w8fh8c28[1].txt
––
MD5:  ––
SHA256:  ––
2976
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2976
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
54
TCP/UDP connections
38
DNS requests
18
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2976 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/lists/fo399lbfyb3a0/confirm-unsubscribe/xc033xyz8sc51/mb457w8fh8c28 FR
html
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/css/bootstrap.min.css?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/css/skin-blue.css?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/cache/bbe56c5a/jquery.min.js FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/css/adminlte.css?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/knockout.min.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 23.111.8.154:80 http://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js US
html
whitelisted
3256 iexplore.exe GET 200 23.111.8.154:80 http://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js US
html
whitelisted
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/css/style.css?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/notify.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/adminlte.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/cookie.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/js/app.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/app.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/frontend/assets/js/app-custom.js?v=1543821870&av=383d138c FR
text
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/fonts/glyphicons-halflings-regular.eot? FR
eot
unknown
3256 iexplore.exe GET 200 37.187.158.168:80 http://nar.orionakhtar.com/assets/js/bootstrap.min.js?av=383d138c FR
text
unknown
3256 iexplore.exe GET 307 185.117.75.222:80 http://ff.potterzs.link/?flux_fts=iplzzatccqatpooipaeiplzzptxzialapoczz0f935 NL
––
––
suspicious
3256 iexplore.exe GET –– 191.101.34.10:80 http://7uuy6.cleanharborredirect.com/?s1=470846747335524478 LT
––
––
suspicious
3256 iexplore.exe GET 301 161.47.7.14:80 http://www.reimageplus.com/includes/router_land.php?tracking=YTZ2&lpx=slm&banner=ALF&%3F%3Fs1=470846747335524478&group_id=483&cntrl=00000&pid=20801&redid=79222&gsid=483&campaign_id=20&p_id=20801&id=XNSX.-r79222-t483&impid=25ca05c4-f93a-11e8-bebc-4e4e3e1c4387 US
text
malicious
3256 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/land/sqi/index.php?tracking=YTZ2&banner=ALF&adgroup=direct&ads_name=direct&keyword=direct&nms=1&lpx=slm US
html
malicious
3256 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/land/sqi/index_src.php?tracking=YTZ2&banner=ALF&adgroup=direct&ads_name=direct&keyword=direct&nms=1&lpx=slm US
html
malicious
3256 iexplore.exe GET 200 172.217.168.10:80 http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js US
text
whitelisted
3256 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/land/sqi/css/style.css US
text
malicious
3256 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/assets/scripts/cookie-note.js US
text
malicious
3256 iexplore.exe GET 200 172.217.168.2:80 http://www.googleadservices.com/pagead/conversion.js US
text
whitelisted
3256 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/assets/styles/jquery.fancybox/jquery.fancybox-2.css US
text
malicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/page-header.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/Win7.gif US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/patent.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/green_v.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/button_download_anim.gif US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/box-bg.gif US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sys/reimage-repair-software-screen.en.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/step-bg.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/step1-bg-trans.png US
image
suspicious
3256 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/assets/scripts/jquery.fancybox/jquery.fancybox-2.js US
text
malicious
3256 iexplore.exe GET 200 99.84.151.39:80 http://images.scanalert.com/meter/www.reimageplus.com/23.gif US
image
whitelisted
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/step2-bg-trans.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line1.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line2.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line3.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line4.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/left-line5.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/free-scan.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/repair-win.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/improve-pc.png US
image
suspicious
3256 iexplore.exe GET 200 205.185.208.80:80 http://cdnrep.reimageplus.com/website/newwebsite/lp/sqh/cloud.png US
image
suspicious
3256 iexplore.exe GET 200 108.177.15.157:80 http://stats.g.doubleclick.net/dc.js US
text
whitelisted
2976 iexplore.exe GET 301 161.47.7.14:80 http://www.reimageplus.com/favicon.ico US
html
malicious
3256 iexplore.exe GET 200 99.84.151.59:80 http://cdn.ywxi.net/js/1.js US
html
whitelisted
2976 iexplore.exe GET 200 161.47.7.14:80 http://www.reimageplus.com/images/reimage.ico US
image
malicious
3256 iexplore.exe GET 200 108.177.15.157:80 http://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1784467527&utmhn=www.reimageplus.com&utmcs=utf-8&utmsr=1280x720&utmvp=1260x560&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=26.0%20r0&utmdt=Reimage%20Repair&utmhid=2004862176&utmr=0&utmp=%2Fland%2Fsqi%2Findex_src.php%3Ftracking%3DYTZ2%26banner%3DALF%26adgroup%3Ddirect%26ads_name%3Ddirect%26keyword%3Ddirect%26nms%3D1%26lpx%3Dslm&utmht=1544088893910&utmac=UA-24411584-1&utmcc=__utma%3D141870001.937495825.1544088893.1544088893.1544088893.1%3B%2B__utmz%3D141870001.1544088893.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=463970023&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2976 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3256 iexplore.exe 37.187.158.168:80 OVH SAS FR unknown
3256 iexplore.exe 216.58.215.234:443 Google Inc. US whitelisted
3256 iexplore.exe 104.19.199.151:443 Cloudflare Inc US shared
3256 iexplore.exe 23.111.8.154:80 netDNA US unknown
3256 iexplore.exe 216.58.215.227:443 Google Inc. US whitelisted
2976 iexplore.exe 37.187.158.168:80 OVH SAS FR unknown
3256 iexplore.exe 185.117.75.222:80 Host Sailor Ltd. NL suspicious
3256 iexplore.exe 191.101.34.10:80 LT unknown
3256 iexplore.exe 161.47.7.14:80 Rackspace Ltd. US suspicious
3256 iexplore.exe 172.217.168.10:80 Google Inc. US whitelisted
3256 iexplore.exe 172.217.168.2:80 Google Inc. US whitelisted
3256 iexplore.exe 23.45.106.123:443 Akamai International B.V. NL whitelisted
3256 iexplore.exe 205.185.208.80:80 Highwinds Network Group, Inc. US suspicious
3256 iexplore.exe 99.84.151.39:80 AT&T Services, Inc. US unknown
3256 iexplore.exe 108.177.15.157:80 Google Inc. US whitelisted
3256 iexplore.exe 172.217.168.2:443 Google Inc. US whitelisted
3256 iexplore.exe 99.84.151.59:80 AT&T Services, Inc. US unknown
2976 iexplore.exe 161.47.7.14:80 Rackspace Ltd. US suspicious
3256 iexplore.exe 216.58.215.226:443 Google Inc. US whitelisted
3256 iexplore.exe 172.217.168.36:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
nar.orionakhtar.com 37.187.158.168
unknown
fonts.googleapis.com 216.58.215.234
whitelisted
cdnjs.cloudflare.com 104.19.199.151
104.19.196.151
104.19.198.151
104.19.197.151
104.19.195.151
whitelisted
oss.maxcdn.com 23.111.8.154
whitelisted
fonts.gstatic.com 216.58.215.227
whitelisted
ff.potterzs.link 185.117.75.222
suspicious
7uuy6.cleanharborredirect.com 191.101.34.10
191.96.104.10
179.61.143.10
unknown
www.reimageplus.com 161.47.7.14
malicious
ajax.googleapis.com 172.217.168.10
172.217.168.42
216.58.215.234
whitelisted
seal.websecurity.norton.com 23.45.106.123
whitelisted
www.googleadservices.com 172.217.168.2
whitelisted
cdnrep.reimageplus.com 205.185.208.80
suspicious
images.scanalert.com 99.84.151.39
99.84.151.118
99.84.151.29
99.84.151.38
whitelisted
stats.g.doubleclick.net 108.177.15.157
108.177.15.155
108.177.15.154
108.177.15.156
whitelisted
cdn.ywxi.net 99.84.151.59
99.84.151.117
99.84.151.79
99.84.151.84
whitelisted
googleads.g.doubleclick.net 216.58.215.226
whitelisted
www.google.com 172.217.168.36
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.