General Info

URL

http://portal.husarirogbev.com/

Full analysis
https://app.any.run/tasks/61588a76-9d14-46f6-818d-2a662d9053e6
Verdict
Malicious activity
Analysis date
12/3/2019, 02:43:05
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads Internet Cache Settings
  • iexplore.exe (PID: 2392)
Reads internet explorer settings
  • iexplore.exe (PID: 2392)
Changes internet zones settings
  • iexplore.exe (PID: 1576)
Application launched itself
  • iexplore.exe (PID: 1576)
Creates files in the user directory
  • iexplore.exe (PID: 2392)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1576
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll

PID
2392
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1576 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\feclient.dll
c:\windows\system32\midimap.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
464
Read events
340
Write events
122
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
1576
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019092020190921
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{48FA76C5-156E-11EA-AB41-5254004A04AF}
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070C000200030001002B0015004702
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070C000200030001002B0015004702
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070C000200030001002B001500D402
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070C000200030001002B0015001203
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
47
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070C000200030001002B0015005103
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
35
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120320191204
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120320191204
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120320191204
CachePrefix
:2019120320191204:
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120320191204
CacheLimit
8192
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120320191204
CacheOptions
11
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019120320191204
CacheRepair
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
2A6DF20B7BA9D501
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://portal.husarirogbev.com/favicon.ico
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
imgur.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
namnak.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
shopify.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
souq.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
ask.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
webmd.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
twitch.tv
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
ieee.org
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
cam
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
ablogica.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
teepr.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
slack.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
service.tmall.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
mmofreegames.online
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
techcrunch.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url17
gamespot.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url18
clipconverter.cc
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url19
huawei.tmall.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://husarirogbev.com/
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://portal.husarirogbev.com/favicon.ico
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
imgur.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
namnak.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
shopify.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
souq.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
ask.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
webmd.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
twitch.tv
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
ieee.org
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
cam
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
ablogica.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
teepr.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
slack.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
service.tmall.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
mmofreegames.online
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url17
techcrunch.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url18
gamespot.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url19
clipconverter.cc
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url20
huawei.tmall.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Type
0
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Count
1
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Time
E3070C000200030001002C0012008001
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
husarirogbev
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://husarirogbev.com/
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
http://portal.husarirogbev.com/favicon.ico
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
imgur.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
namnak.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
shopify.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
souq.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
ask.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
webmd.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
twitch.tv
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
ieee.org
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
cam
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
ablogica.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
teepr.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
slack.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
service.tmall.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url17
mmofreegames.online
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url18
techcrunch.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url19
gamespot.com
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url20
clipconverter.cc
1576
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url21
huawei.tmall.com
2392
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120320191204
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120320191204
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120320191204
CachePrefix
:2019120320191204:
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120320191204
CacheLimit
8192
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120320191204
CacheOptions
11
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019120320191204
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
28
Unknown types
6

Dropped files

PID
Process
Filename
Type
2392
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 74a052d246527a141965cab920c48a48
SHA256: e520ea234fe9fdd0c343508a3f28ecc5b454bb569d80bd68738c7372bcf9ff2d
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ALY8WMU8\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7M0G0LX\search[1].htm
html
MD5: d63a0b07ccf768c5e0ace7cd6d54aa74
SHA256: 9e95c5541844707731606b8f680d3c556d4a193f274ed87f4fba32ae084fe675
2392
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: abb2ce353de6365792171535ec2141f7
SHA256: 9c79ebcc42714dc6049bdfc3566a9978e8e2990cfbd7ea8bf15b62ff547e7fe5
2392
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2392
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 59df3daca14339b70e11e49a7c3fcca2
SHA256: f11d29555564a1513c231be6f5f026eac99acc162bfbd92bd6d3af75f00dcdf3
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBXU0LM9\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ALY8WMU8\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBXU0LM9\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ALY8WMU8\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ALY8WMU8\ErrorPageTemplate[2]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7M0G0LX\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 66d20d9cf2322c4b662ea6e754325cd7
SHA256: d6a4c1df6554cdc6d56f1d92fd09f3d7991e3620151f00db51d55c8ee260c3cc
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBXU0LM9\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7M0G0LX\search[1].txt
––
MD5:  ––
SHA256:  ––
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7M0G0LX\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBXU0LM9\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ALY8WMU8\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\http_404[1]
html
MD5: 4cd84a1b063bf6dea53e06755ef9e24d
SHA256: 988cc4b451673f847d823c9d9ba14ad50d3ca1141bc1e17c6415b8f64b6e1c22
1576
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 570c6230dfdb525beb91e24e728e4a07
SHA256: 9f19d6ccaaad29088b051efc64aad43b067147afcf032dab7ba43be40e286900
1576
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120320191204\index.dat
dat
MD5: ac3ee95c3b4aa44406ffb4b1e41281b6
SHA256: f978cffd4005821f459070e5ee8c7d3f6a8f5953e6026deee8c0383ac27d9f75
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120320191204\index.dat
dat
MD5: f5b9d768f5c78706fca80a91d5c58b68
SHA256: 4d27a04b68318e8272c5d2a3ab458b33619d3cb06806bce8dee3af9228b82605
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 5935626c136d996a996c1e59e6756b39
SHA256: 2a5832047d44e75aebc68eb8ec0190cc59339bc440ccce7880925d615ad941b4
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7M0G0LX\portal_husarirogbev_com[1].htm
––
MD5:  ––
SHA256:  ––
1576
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1576
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1576
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBXU0LM9\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01IM90A6\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ALY8WMU8\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a8824a42258b0e1df5b781dfb39c3a7b
SHA256: 44d4948d0ae506873ccb795908acf60d5360828f4e2ecc2fbf0fe877788917e5
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7M0G0LX\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
5
TCP/UDP connections
5
DNS requests
4
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1576 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2392 iexplore.exe GET 200 52.51.217.55:80 http://portal.husarirogbev.com/ IE
––
––
malicious
1576 iexplore.exe GET 404 52.51.217.55:80 http://portal.husarirogbev.com/favicon.ico IE
––
––
malicious
2392 iexplore.exe GET 404 52.51.217.55:80 http://portal.husarirogbev.com/favicon.ico IE
––
––
malicious
2392 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/search?q=husarirogbev&src=IE-SearchBox&FORM=IE8SRC US
html
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1576 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2392 iexplore.exe 52.51.217.55:80 Amazon.com, Inc. IE malicious
1576 iexplore.exe 52.51.217.55:80 Amazon.com, Inc. IE malicious
2392 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
–– –– 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
portal.husarirogbev.com 52.51.217.55
52.210.197.124
malicious
husarirogbev.com No response unknown

Threats

No threats detected.

Debug output strings

No debug info.