General Info

URL

https://secure-web.cisco.com/14gzsEfjNIJ2jYMO_tJ0PpQ9Im87k3LCn2nRlVMYMMFN_TIaE_rQ5GxpdRo-RyOl_3pAP1zKXD1g3g9-jGHFDinKU1sK09W_KmTKkTufK9YoCNEZMuYdYKVKm90-bkpuBG13kq9XAAlzMpZFFQFrO5QN2HLg4QQw1iYAGervVSHIFbwbA_HaBFAXo98s5I6Kxs8dLF-bGZKMEvFKIC0T4nCuKWp1LTVqaptlMKzGSlk5znIFifRWPN8zT8nSeGLudbfJCuSv8keEPxqXNZHQq_A/https%3A%2F%2Fsentara.workplace.com%2Fo.php%3Fk%3DAS2FXSoQVvNo_lA3%26u%3D100043271596198%26mid%3D5971ce16e7783G5afd23aa68a6G5971d2b047a55G9dd

Full analysis
https://app.any.run/tasks/0264a41e-0c6a-4b05-8a08-55c2dd9f087b
Verdict
Malicious activity
Analysis date
12/2/2019, 22:03:23
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Dropped object may contain TOR URL's
  • iexplore.exe (PID: 2608)
Changes internet zones settings
  • iexplore.exe (PID: 1608)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 1608)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2608)
Reads settings of System Certificates
  • iexplore.exe (PID: 1608)
Changes settings of System certificates
  • iexplore.exe (PID: 1608)
Application launched itself
  • iexplore.exe (PID: 1608)
Reads internet explorer settings
  • iexplore.exe (PID: 2608)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1608
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://secure-web.cisco.com/14gzsEfjNIJ2jYMO_tJ0PpQ9Im87k3LCn2nRlVMYMMFN_TIaE_rQ5GxpdRo-RyOl_3pAP1zKXD1g3g9-jGHFDinKU1sK09W_KmTKkTufK9YoCNEZMuYdYKVKm90-bkpuBG13kq9XAAlzMpZFFQFrO5QN2HLg4QQw1iYAGervVSHIFbwbA_HaBFAXo98s5I6Kxs8dLF-bGZKMEvFKIC0T4nCuKWp1LTVqaptlMKzGSlk5znIFifRWPN8zT8nSeGLudbfJCuSv8keEPxqXNZHQq_A/https%3A%2F%2Fsentara.workplace.com%2Fo.php%3Fk%3DAS2FXSoQVvNo_lA3%26u%3D100043271596198%26mid%3D5971ce16e7783G5afd23aa68a6G5971d2b047a55G9dd"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
2608
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1608 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\feclient.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

Registry activity

Total events
414
Read events
345
Write events
66
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
1608
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CA3AFBCF1240364B44B216208880483919937CF7
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{368C7F23-1547-11EA-AB41-5254004A04AF}
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070C00010002001500030028000401
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070C00010002001500030028001401
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070C0001000200150003002800BF01
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070C0001000200150003002800DF01
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
39
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070C00010002001500030028001D02
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
27
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
1608
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1608
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1608
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
1608
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1608
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
1608
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
1608
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
1608
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CA3AFBCF1240364B44B216208880483919937CF7
Blob
0F0000000100000014000000C8F8A3C6BF401D34E6F1D8F8E1DDD08BBB93462609000000010000003E000000303C06082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B0601050507030806082B0601050507030953000000010000002600000030243022060C2B06010401BE58000264010230123010060A2B0601040182373C0101030200C00B0000000100000026000000510075006F0056006100640069007300200052006F006F00740020004300410020003200000062000000010000002000000085A0DD7DD720ADB7FF05F83D542B209DC7FF4528F7D677B18389FEA5E5C49E861400000001000000140000001A8462BC484C332504D4EED0F603C41946D1946B1D0000000100000010000000F29E817AA01D4827FF28A6DA2CBE15BD030000000100000014000000CA3AFBCF1240364B44B216208880483919937CF72000000001000000BB050000308205B73082039FA00302010202020509300D06092A864886F70D01010505003045310B300906035504061302424D31193017060355040A131051756F5661646973204C696D69746564311B30190603550403131251756F566164697320526F6F742043412032301E170D3036313132343138323730305A170D3331313132343138323333335A3045310B300906035504061302424D31193017060355040A131051756F5661646973204C696D69746564311B30190603550403131251756F566164697320526F6F74204341203230820222300D06092A864886F70D01010105000382020F003082020A02820201009A18CA4B940D002DAF03298AF00F81C8AE4C19851D089FAB294485F32F81AD321E9046BFA386261A1EFE7E1C183A5C9C60172A3A748333307D615411CBEDABE0E6D2A27EF56B6F18B70A0B2DFDE93EEF0AC6B310E9DCC24617F85DFDA4DAFF9E495A9CE633E62496F73FBA5B2B1C7A35C2D667FEAB66508B6D28602BEFD760C3C793BC8D3691F37FF8DB1113C49C7776C1AEB7026A817AA94583E205E6B956C194378F48716322EC176507958A4BDF8FC65A0AE5B0E35F5E6B11AB0CF985EB44E9F80473F2E9FE5C988CF573AF6BB47ECDD45C022B4C39E1B295952D4287D7D5B39043B76C13F1DEDDF6C4F8893FD175F592C391D58A88D090ECDC6DDE89C26571968B0D03FD9CBF5B16AC92DBEAFE797CADEBAFF716CBDBCD252BE51FFB9A9FE251CC3A530C48E60EBDC9B4760652E611138572630304E004362B201902E874A71FB6C95666F07525DC67C10E616088B33ED1A8FCA3DA1DB0D1B12354DF44766DED41D8C1B222B6531CDF351DDCA1772A31E42DF5E5E5DBC8E0FFE580D70B63A0FF33A10FBA2C1515EA97B3D2A2B5BEF28C961E1A8F1D6CA46137B9867333D797969E237D82A44C81E2A1D1BA675F9507A32711EE16107BBC454A4CB204D2ABEFD5FD0C51CE506A0831F991DA0C8F645C03C33A8B203F6E8D673D3AD6FE7D5B88C95EFBCC61DC8B3377D3443235096204921610D89E2747FB3B21E3F8EB1D5B0203010001A381B03081AD300F0603551D130101FF040530030101FF300B0603551D0F040403020106301D0603551D0E041604141A8462BC484C332504D4EED0F603C41946D1946B306E0603551D230467306580141A8462BC484C332504D4EED0F603C41946D1946BA149A4473045310B300906035504061302424D31193017060355040A131051756F5661646973204C696D69746564311B30190603550403131251756F566164697320526F6F74204341203282020509300D06092A864886F70D010105050003820201003E0A164D9F065BA8AE715D2F052F67E6134583C436F6F3C0260C0DB547645DF8B472C946A50318275589787D76EA9634801720DCE783F88DFC07B8DA5F4D2E67B284FDD944FC775081E67CB4C90D0B7253F87607074147960CFBE0822693558CFE221F60657C5FE726B3F732909850D4377155F6922178F79579FAF82D268766563077A6377833521058AE3F618EF26AB1EF187E4A5963CA8DA256D5A72FBC561FCF39C1E2FB0AA8152C7D4D7A63C66C97443CD26FC34A170AF890D257A21951A52D9741DA074FA950DA908D9446E13EF094FD100038F53BE840E1B46E561A20CC6F588DED2E458FD6E9933FE7B12CDF3AD6228CDC84BB226FD0F8E4C639E904883CC3BAEB557A6D809924F56C01FBF897B0945BEBFDD26FF177680D356423ACB855A103D14D4219DCF8755956A3F9A84979F8AF0EB911A07CB76AED34D0B62662381A870CF8E8FD2ED3907F07912A1DD67E5C858399B038083FE95EF93507E4C9626E577FA75095F7BAC89BE68EA201C5D666BF7961F33C1CE1B9825C5DA0C3E9D848BD19A21114196EB2861B683E48371A88B75D965E9CC7EF276208E291195CD2F121DDBA1742829771815331A99FF67D62BF72E1A3931DCC8A265A0938D0CED70D8016B478A53A874C8D8AA5D54697F22C10B9BC5422C0015069439EF4B2EF6DF8ECDAF1E3B1EFDF918F542A0B25C12619C452100565D58210EAC231CD2E
1608
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CA3AFBCF1240364B44B216208880483919937CF7
Blob
1900000001000000100000002D269C496876D5A850D01DAF41EB610709000000010000003E000000303C06082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B0601050507030806082B0601050507030953000000010000002600000030243022060C2B06010401BE58000264010230123010060A2B0601040182373C0101030200C00B0000000100000026000000510075006F0056006100640069007300200052006F006F00740020004300410020003200000062000000010000002000000085A0DD7DD720ADB7FF05F83D542B209DC7FF4528F7D677B18389FEA5E5C49E861400000001000000140000001A8462BC484C332504D4EED0F603C41946D1946B1D0000000100000010000000F29E817AA01D4827FF28A6DA2CBE15BD030000000100000014000000CA3AFBCF1240364B44B216208880483919937CF72000000001000000BB050000308205B73082039FA00302010202020509300D06092A864886F70D01010505003045310B300906035504061302424D31193017060355040A131051756F5661646973204C696D69746564311B30190603550403131251756F566164697320526F6F742043412032301E170D3036313132343138323730305A170D3331313132343138323333335A3045310B300906035504061302424D31193017060355040A131051756F5661646973204C696D69746564311B30190603550403131251756F566164697320526F6F74204341203230820222300D06092A864886F70D01010105000382020F003082020A02820201009A18CA4B940D002DAF03298AF00F81C8AE4C19851D089FAB294485F32F81AD321E9046BFA386261A1EFE7E1C183A5C9C60172A3A748333307D615411CBEDABE0E6D2A27EF56B6F18B70A0B2DFDE93EEF0AC6B310E9DCC24617F85DFDA4DAFF9E495A9CE633E62496F73FBA5B2B1C7A35C2D667FEAB66508B6D28602BEFD760C3C793BC8D3691F37FF8DB1113C49C7776C1AEB7026A817AA94583E205E6B956C194378F48716322EC176507958A4BDF8FC65A0AE5B0E35F5E6B11AB0CF985EB44E9F80473F2E9FE5C988CF573AF6BB47ECDD45C022B4C39E1B295952D4287D7D5B39043B76C13F1DEDDF6C4F8893FD175F592C391D58A88D090ECDC6DDE89C26571968B0D03FD9CBF5B16AC92DBEAFE797CADEBAFF716CBDBCD252BE51FFB9A9FE251CC3A530C48E60EBDC9B4760652E611138572630304E004362B201902E874A71FB6C95666F07525DC67C10E616088B33ED1A8FCA3DA1DB0D1B12354DF44766DED41D8C1B222B6531CDF351DDCA1772A31E42DF5E5E5DBC8E0FFE580D70B63A0FF33A10FBA2C1515EA97B3D2A2B5BEF28C961E1A8F1D6CA46137B9867333D797969E237D82A44C81E2A1D1BA675F9507A32711EE16107BBC454A4CB204D2ABEFD5FD0C51CE506A0831F991DA0C8F645C03C33A8B203F6E8D673D3AD6FE7D5B88C95EFBCC61DC8B3377D3443235096204921610D89E2747FB3B21E3F8EB1D5B0203010001A381B03081AD300F0603551D130101FF040530030101FF300B0603551D0F040403020106301D0603551D0E041604141A8462BC484C332504D4EED0F603C41946D1946B306E0603551D230467306580141A8462BC484C332504D4EED0F603C41946D1946BA149A4473045310B300906035504061302424D31193017060355040A131051756F5661646973204C696D69746564311B30190603550403131251756F566164697320526F6F74204341203282020509300D06092A864886F70D010105050003820201003E0A164D9F065BA8AE715D2F052F67E6134583C436F6F3C0260C0DB547645DF8B472C946A50318275589787D76EA9634801720DCE783F88DFC07B8DA5F4D2E67B284FDD944FC775081E67CB4C90D0B7253F87607074147960CFBE0822693558CFE221F60657C5FE726B3F732909850D4377155F6922178F79579FAF82D268766563077A6377833521058AE3F618EF26AB1EF187E4A5963CA8DA256D5A72FBC561FCF39C1E2FB0AA8152C7D4D7A63C66C97443CD26FC34A170AF890D257A21951A52D9741DA074FA950DA908D9446E13EF094FD100038F53BE840E1B46E561A20CC6F588DED2E458FD6E9933FE7B12CDF3AD6228CDC84BB226FD0F8E4C639E904883CC3BAEB557A6D809924F56C01FBF897B0945BEBFDD26FF177680D356423ACB855A103D14D4219DCF8755956A3F9A84979F8AF0EB911A07CB76AED34D0B62662381A870CF8E8FD2ED3907F07912A1DD67E5C858399B038083FE95EF93507E4C9626E577FA75095F7BAC89BE68EA201C5D666BF7961F33C1CE1B9825C5DA0C3E9D848BD19A21114196EB2861B683E48371A88B75D965E9CC7EF276208E291195CD2F121DDBA1742829771815331A99FF67D62BF72E1A3931DCC8A265A0938D0CED70D8016B478A53A874C8D8AA5D54697F22C10B9BC5422C0015069439EF4B2EF6DF8ECDAF1E3B1EFDF918F542A0B25C12619C452100565D58210EAC231CD2E

Files activity

Executable files
0
Suspicious files
4
Text files
27
Unknown types
3

Dropped files

PID
Process
Filename
Type
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\YQNfPR9MJfx[1].png
image
MD5: 2b5e345ee85b7483ec377d0499363240
SHA256: e60e1c170d239ef8628c55986ae1b8e68239665363c6355cfc03336718bc2d7f
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\YK_2KT_B7PD[1].css
text
MD5: 2e6fdc0514f0d927735f6641632311ec
SHA256: fae74fc11c908631a2410914ae02aac3b8cd39d879ae4ed87b1a7b68894f718c
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\eB6yAQxCA1o[1].png
image
MD5: cc8d05919aebb52740e217253e7d965b
SHA256: 1d84cfddc60c526fa7b358c9a583acae037c1ae885020bfbf119297647d42989
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\input[1].txt
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\input[1].htm
html
MD5: 68f2003abf264e2400d3f2e7ade79689
SHA256: d28f634fa4db4d69b71640d7dfc09257389e2f5ca258a34123d62e3f075a9197
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EM17UUT4\sentara_workplace_com[1].htm
html
MD5: 46bbdd7470b6c5d0cdf689be8297dc57
SHA256: d81c61c3ac94b39e253b8e51f15805421c9f1b30e69de4704416853775d7c201
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\sentara_workplace_com[1].txt
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\hsts-pixel[1].gif
image
MD5: df3e567d6f16d040326c7a0ea29a4f41
SHA256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 4a33eafad526a58e2ef2ab1c07602f35
SHA256: 1286f283a83b48d9e31319bdf0f73e2704aa27dc2cc5d282f2ae33fc20a23ccf
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\o[1].php
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\o[1].htm
html
MD5: 68ccb2996c2e5d9859e4e7dcd9337c34
SHA256: d77fd212861982e20d8d558f6aa6ba4f40c6697c43beeeac6a5d4d51fd7fc331
1608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\osd[1].htm
html
MD5: 472532f3a6092231b9e0a3ee06ac7824
SHA256: 55ce78f298e150dafb6f6dfa4b00238f3a94d36edd2db7e50726fb00a86ba5d2
1608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\osd[1].xml
––
MD5:  ––
SHA256:  ––
1608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\9Ecc0rq2ing[1].ico
image
MD5: afaced441ea30041139e29329eaf2628
SHA256: d263072e40c57969f73bf94c4bdc37f1139aa80438d6304a5f4325feaac30c12
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\hsts-pixel[1].gif
image
MD5: df3e567d6f16d040326c7a0ea29a4f41
SHA256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EM17UUT4\nQxCl4XEmnL[1].png
image
MD5: 6ef67bfc82c95eb2d85e8fc12d106515
SHA256: a52795255921611421b8098162401a47168bc2cb5122c42d47c65488ae42eee8
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\AoCDpqrCK0H[1].png
image
MD5: 24dd5104f876210eb7301723aea9081b
SHA256: 9b53b3f5bef0a79ef2ac777d9e9e14345a48bcf22e88ea55c9b084286a6d7eb3
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\fCm17fXNnWb[1].png
image
MD5: c7cfead76c4871f7dbf299657fe4681e
SHA256: 019d8659fc220598be92892783b5f18500ef7c2a3bdaeaa9f6cbac56027877fb
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EM17UUT4\uWEJ4lQTX9-[1].css
text
MD5: b863490dc61d04a272d64b0b8566bef0
SHA256: f14fd018e6db261706ebb853b2c995bee69b6858ef14bb8445314f0814e2d6b7
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\vxB8Zdp6mzj[1].css
text
MD5: 03f04ae4f2a3161d5a711dd6c20eceb2
SHA256: ce7a38337b8b168a8c930ea050228dedf47ada0b6e3cdfd5219bef75de19ef40
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\g6qaccjgTiP[1].js
text
MD5: e525b4bd3131571445914d3df0d81085
SHA256: 2486c8a1dc74d359d32e9f9d04ab2498b1e66bd073ea3fec9c82922333b677e5
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\skONiIK-ePy[1].css
text
MD5: 700b9482a4aa229c0a82012e9bbce75f
SHA256: 5a2892bf8944c0a5e7566714727a7a32dc96842fb88fec8c57672e1e8b8e29bd
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\hsts-pixel[2].gif
image
MD5: df3e567d6f16d040326c7a0ea29a4f41
SHA256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\iMoILp6ICBq[1].css
text
MD5: 1981b9392e3703d240d42489ec1a346e
SHA256: 8d83c53132daaeea5ddea6588f3b225f4cee38afcc7f42fd060c3cc783282edc
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\v1wCmr2Im8B[1].css
text
MD5: 8dcbc20809cf6ba5b32f0195d8ae3602
SHA256: 158c84e934a65f6555f1829260f946b217b22310d3f9d32a1af8ba7a9e890b42
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\05oWP4GaRFu[1].css
text
MD5: 4a8d7871c4d8ebac25fba122e0881d9d
SHA256: 6109e55a53553c2b1667285a3e8aaf0eef4557387b348edbaa93bfcf03332efe
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\o[1].php
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\o[1].htm
html
MD5: 2638263ff9d909b4d29ec70ee8b855ea
SHA256: d4ed352316ed7d576b6797c6a6fc6770befa5e2ccccdc0057765a4fb1fd9d26b
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 730e1c53b69a1dbc1378f58131d74636
SHA256: d0d1a3a49361f48d1f3a82d2face560f6c05f4f0220c4b54854658544823f202
2608
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: f4c4600a6f942493c5e9a5c42278687d
SHA256: a2e43dcf91ad4a4562b7ad9026133685a1c9183a853f04f8c80d64264a621edc
2608
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 5ad071a3917588e8cd883b123b395b21
SHA256: de62965c15528da598b0079d2d20d953dd6f71b13a23807bff0666d03f69c0fa
2608
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarABA1.tmp
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabABA0.tmp
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarAB12.tmp
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarAB01.tmp
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabAB11.tmp
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabAB00.tmp
––
MD5:  ––
SHA256:  ––
1608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1608
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EM17UUT4\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: abb51f094c4fb5076cb04338b12566b2
SHA256: ebfc6060790ecf77e053b6e18619613eed1caf8579086d999c9799fbaeae339b
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NTND0U0Y\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EXDDI156\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2608
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8J0JLW9E\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
17
DNS requests
8
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1608 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2608 iexplore.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2608 iexplore.exe 208.90.58.178:443 Cisco Systems Ironport Division US unknown
1608 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2608 iexplore.exe 13.107.4.50:80 Microsoft Corporation US whitelisted
2608 iexplore.exe 185.60.216.15:443 Facebook, Inc. IE whitelisted
2608 iexplore.exe 185.60.216.19:443 Facebook, Inc. IE whitelisted
2608 iexplore.exe 185.60.216.35:443 Facebook, Inc. IE whitelisted
1608 iexplore.exe 185.60.216.15:443 Facebook, Inc. IE whitelisted
1608 iexplore.exe 185.60.216.19:443 Facebook, Inc. IE whitelisted

DNS requests

Domain IP Reputation
secure-web.cisco.com 208.90.58.178
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.download.windowsupdate.com 13.107.4.50
whitelisted
sentara.workplace.com 185.60.216.15
malicious
static.xx.fbcdn.net 185.60.216.19
whitelisted
workplace.com 185.60.216.15
malicious
fbcdn.net 185.60.216.35
whitelisted
fbsbx.com 185.60.216.35
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.