General Info

URL

http://www.mediafire.com/download/fy8ixq9on1p84cm/rFactorSetup1255Lite.exe

Full analysis
https://app.any.run/tasks/ed8e7b69-3581-44f1-820c-8c45d967c835
Verdict
Malicious activity
Analysis date
2/11/2019, 12:10:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Changes internet zones settings
  • iexplore.exe (PID: 2836)
Creates files in the user directory
  • iexplore.exe (PID: 2836)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2192)
  • iexplore.exe (PID: 3236)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3236)
  • iexplore.exe (PID: 2836)
Reads internet explorer settings
  • iexplore.exe (PID: 3236)
Application launched itself
  • iexplore.exe (PID: 2836)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
33
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2836
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3236
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\xmllite.dll

PID
2192
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
502
Read events
425
Write events
74
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2836
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2836
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A4B52ACD-2DED-11E9-BAD8-5254004A04AF}
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307020001000B000B000A0020003200
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307020001000B000B000A0020004100
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020001000B000B000A002000ED00
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020001000B000B000A0020000D01
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
41
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020001000B000B000A0020007A01
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
30
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B000B000A0022001300
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021120190212
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CachePrefix
:2019021120190212:
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheLimit
8192
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheOptions
11
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheRepair
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B000B000A0023001300
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
72992A69FAC1D401
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B000B000A002300BE00
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
5
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B000B000A0023009901
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
6
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307020001000B000B000A002300F102
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3236
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019021120190212
3236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CachePrefix
:2019021120190212:
3236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CacheLimit
8192
3236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CacheOptions
11
3236
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019021120190212
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
63
Unknown types
4

Dropped files

PID
Process
Filename
Type
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\external_link_light_gray[1].svg
image
MD5: d347894c3926f7c62584376b06e92392
SHA256: fefc4da5f0ca202d89d88eaa90f2da3e39047e9c733963ad602791427a822595
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\main[1].js
text
MD5: 434b83338fb6bb2b65897b157216abd7
SHA256: f44f2cc194b8ebdd498a0aaa4ec2c53559c2ed4bd3c0d43bcb1aecc28d4cec1d
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 646cfe5325cf787906df83c406e9a993
SHA256: 8f3254cdbc666914f4616aedca3fc498666e60260c2cada2d4d8b94a0b1af7e0
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Tag[1].a1b
text
MD5: a8bb2ba896cd4dccb44565d68ac36c2f
SHA256: 73a103b2c3f9bd60859f77fc0427fe9a066e1f9952821a4360ba36e20599b253
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ag[1].png
image
MD5: e370a1832fc77bcb2cbbe04a270aac2b
SHA256: ca315f5d3e843d4c03e8c31754a4adcaf062c7db6aa1af83b49abeb22029a4ee
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\browser_edge[1].svg
image
MD5: c962c4f029b40485fe1e4af2cf053442
SHA256: 03e1d419c8af63c9721161538f888c23d142e4df57d994d06eb90b533a31f098
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\browser_chrome[1].svg
image
MD5: 2a9757d2ad6f9027ff53ff1f760ee65f
SHA256: 1c6ba1010c2cc88c59de9e9584728da124770fa399643ffc1beffcec54b84be7
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ubo[1].png
image
MD5: 9c40a245eda46a8a0e872b98e9e699f4
SHA256: e629e03a8b44d3e8d12cfe8864e2d84c574528733c928e4a94bca58c31ae8287
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ab[1].svg
image
MD5: bd03337738563c6dc40f52b691cdc261
SHA256: 378a187ae9a67b124345db3e4a0fec8b11122543e9b75cd09a0bc6bcf16605f5
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 71fbb6929e47e5200b06ba6233f0c728
SHA256: 35d358fbcc299b918231e353782dd211e29198ddb0cc1edf84835bc644c52964
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ab[1].png
image
MD5: fcaafb9a1e8f2547d543be0f38ec74f8
SHA256: e8ea9b93f39ea7e47bda8c56589a2605696f9a478c6681f34c8f3dfdea02e5bb
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\abp[1].png
image
MD5: 1fbc140c86a5939008d3b3dd85364073
SHA256: 52de2935ded9f3866032d7ac7462dadc1816a469aee98574e585bb81f7459150
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\support[1].svg
image
MD5: 53e3eaea5df0cdc4d7707986bc3c66b6
SHA256: 70c6951366750dce0d3997f8feb2d199eaae45f5e5babedaede6e08a0efba868
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\abp[1].svg
image
MD5: 9b9ee836d35a611195e55904b17119db
SHA256: f5832d1f119b19637883e4db58729eabae5d837c60492123b4c03bd70d82b4df
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ag[1].svg
image
MD5: 634acbc4457c154c9333b3a53bce9a57
SHA256: 9579cb28952c82dd0bbf974b03724ea479238ed849a641a362bb4d005c75e56a
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\megaphone[1].svg
image
MD5: d55361d143eb4bfffbc65cba723b92c3
SHA256: 3e9ca1f393a047beea39eea1fc1c8d9c10db37df99d660cdc15eb6d11de23bbd
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bulk_downloads[1].svg
image
MD5: 20a3c476a67df760984a85ddda9dbfeb
SHA256: 800528a0cb77b75241deda76e06a0e984b38fd2313ccbce9f45133c75276f403
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\heart_mf[1].svg
image
MD5: 5a2ef23d2580ed770ebaf23c8ec81f72
SHA256: 32e7e3e1b537b9bc068aef03365476cdf1a941a50778105f2ed4299acd08a88d
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\f[2].txt
text
MD5: 7b9718a1750a5821ddd52ad510390932
SHA256: e50c99477432628b18c898565ba5381e7e2dcfd567aef0c0e8be8025e8766d41
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f6b4db9671b1f2b4ef4ed3cb5d1fbd4b
SHA256: 51fad1e88f914f8a39d3ff91eccf9177220fbc76a9f7eb5bda5edbe177187ae0
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ec[1].js
text
MD5: 7b430c6350a59a7cf22b9adeccba327b
SHA256: 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\element_main[1].js
html
MD5: 39709a8e11b5e843d788b41c038cd328
SHA256: eb29179e936d60f5195214a617ca6c096665429ea659d7d7a7375e7bc7ea0960
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
image
MD5: a301c91c118c9e041739ad0c85dfe8c5
SHA256: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
2836
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: ff3afb44e3a76e2527512ad2bc96d22c
SHA256: 028f1e2fd2b14cc1fc231de4f448bfd25a399db022b61a1e6067a2bb7f10c98c
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021120190212\index.dat
dat
MD5: b64f1ce50bd60b0d10b37ec60d0741cc
SHA256: 2e3bc9665bc9de9b1b1b1c1e664d00dc6e1c373776ac022245ece042ba98bad2
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ubo[1].svg
image
MD5: 51a65d88d2bd9dadcf7bbf7c060737e2
SHA256: 84f66f55ca743c5c73e97a444c0e7487bae42c704d800bc5a1e20856f5546596
3236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: ade232b9ece240e411ca70b4a9506f16
SHA256: 653f01d4f1ba6789fe65a3ee1375cb1ba3634b13f520028016d3857d654b04f7
3236
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\INUPJ42D\www.mediafire[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019021120190212\index.dat
dat
MD5: 952f6bad3c49d859390f0f633adbc59c
SHA256: 8eb8e48fcd2b0abc467e832244d3ba2741103fcfb38c9afb9e65bbb8c2194ced
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ads[1].htm
html
MD5: 9a92c67f8f79dcfb834897e0b1f6fbe3
SHA256: 05847e4fcea8fc64206285498bd449604efc82554a86e5e1427b773dc65b4d50
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ads[1].php
––
MD5:  ––
SHA256:  ––
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: a2d0f7c49e960ab3770e34c3141a44fc
SHA256: f7a440f00acd9544e93d7c3b7df4a23653deae3eb9d1cc85043c68c706481972
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2192
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\gtm[1].js
text
MD5: 4e50d9a1baa4221785312e7f85b6db93
SHA256: bb77fc89382a37779c42743d018162a9339b04381594a6158619ab791e9e0927
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\arrow_dropdown[1].svg
image
MD5: 34bd6069c9f08bb444c86b8d099a000e
SHA256: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\icons_sprite[1].svg
––
MD5:  ––
SHA256:  ––
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\infinity.js[1].aspx
text
MD5: 8ae7d068c538a98690c68d37b2b621d9
SHA256: 5fee2c17aee210ec1190886fa51e9855ad344dc6f60954dc830fc88d58a5d492
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\f[1].txt
text
MD5: 03f0bdeea68e1879c808c74846134692
SHA256: 02e0720f5df172280bce8e0e7142c6d915b180bc10176f826e9fd8ed1dba5f05
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 529143092fd7f2235ec2fdb0bb11a06f
SHA256: ee203449ec19abb8544a5768e15e1b6ba628c9c653ceb6df4d73232118d4994b
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\gpt[1].js
text
MD5: 023e5e5c1f41c7b036f0e5b6f2dba183
SHA256: c129fb84c8039f7f54140ff5991035101c4e08baf85e1a69d8e9e8f2a094a4fa
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\aab_train[1].svg
image
MD5: 7b13ac7c08dae9fefc12d27e5b74beef
SHA256: f0642b4ddfdcb03660f93a42da9ee7119ecb2ef50ec3c49359fb254b81346955
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\footerIcons[1].png
image
MD5: e0abc4fea89d2c5153b73cd02ac5ba13
SHA256: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fb_16x16[1].png
image
MD5: 78226526732869add09512e9b4be3090
SHA256: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\rFactorSetup1255Lite[1].exe
––
MD5:  ––
SHA256:  ––
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\dl_promo_logo[1].png
image
MD5: 6c600d768576cac11d18fbfcace25277
SHA256: 174d0ce23ddaa3923575af7a8e047e1dbf75199ebee7df1aca5e5713c4a1dd62
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\file-app-v3[1].png
image
MD5: 7056725d8ca68744457116d3b90ce50d
SHA256: 40ce33401042fcbf767aaf93bb611e98e993efd690680fba615d479bea0773bd
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ads[1].js
text
MD5: 4e63553361cc1a768a7dd64992582100
SHA256: c34a820a083dddc9d58d79f16a0b517c508d8c754a80481e6d6b5c05066555be
3236
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\rFactorSetup1255Lite[1].htm
html
MD5: ec7d738205939c8e923f794a43b5144c
SHA256: 7e5cf08b8643ec56c6cc272d6ca8f6ddbbe95f24fd2fa59179cd467fe0d44c7f
3236
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7445a8f3db87d36a43dd1c109b6a1988
SHA256: 5db10fb6c379f5b3f5785e466bf5b549db4116172cd66625caef2a8c49bbb504
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
39
TCP/UDP connections
24
DNS requests
13
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2836 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3236 iexplore.exe GET 301 104.19.194.29:80 http://www.mediafire.com/download/fy8ixq9on1p84cm/rFactorSetup1255Lite.exe US
––
––
malicious
3236 iexplore.exe GET 200 104.19.194.29:80 http://www.mediafire.com/file/fy8ixq9on1p84cm/rFactorSetup1255Lite.exe US
html
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/js/ads.js US
text
malicious
3236 iexplore.exe GET 200 216.58.207.46:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/filetype/file-app-v3.png US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/download/dl_promo_logo.png US
image
malicious
3236 iexplore.exe GET –– 104.19.194.29:80 http://www.mediafire.com/images/icons/svg_light/icons_sprite.svg US
––
––
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png US
image
malicious
3236 iexplore.exe GET 200 104.19.194.29:80 http://www.mediafire.com/templates/linkto/ads.php?o=0&d=1&t=0 US
html
malicious
3236 iexplore.exe GET 200 172.217.18.98:80 http://www.googletagservices.com/tag/js/gpt.js US
text
whitelisted
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png US
image
malicious
3236 iexplore.exe GET 200 104.19.194.29:80 http://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/aab_train.svg US
image
malicious
3236 iexplore.exe GET 200 172.217.22.46:80 http://translate.google.com/translate_a/element.js?cb=googFooterTranslate US
text
whitelisted
3236 iexplore.exe GET 200 104.18.92.64:80 http://cdn.engine.addroplet.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 US
text
unknown
3236 iexplore.exe GET 302 216.58.207.46:80 http://www.google-analytics.com/r/collect?v=1&_v=j73&a=716474314&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Ffy8ixq9on1p84cm%2FrFactorSetup1255Lite.exe&ul=en-us&de=utf-8&dt=rFactorSetup1255Lite&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=YEBAAE~&jid=1085261914&gjid=951021828&cid=1486028617.1549883435&tid=UA-829541-1&_gid=1431209446.1549883435&_r=1&cd1=unregistered&cd7=legacy&cd3=application&cd4=1&cd5=exe&cd8=%2F100%2F&z=1983740831 US
html
whitelisted
3236 iexplore.exe GET 200 216.58.210.10:80 http://translate.googleapis.com/translate_static/js/element/main.js US
text
whitelisted
2836 iexplore.exe GET 200 104.19.194.29:80 http://www.mediafire.com/favicon.ico US
image
malicious
3236 iexplore.exe GET 200 216.58.210.10:80 http://translate.googleapis.com/element/TE_20181015_01/e/js/element/element_main.js US
html
whitelisted
3236 iexplore.exe GET 200 216.58.207.46:80 http://www.google-analytics.com/plugins/ua/ec.js US
text
whitelisted
3236 iexplore.exe GET 200 216.58.210.10:80 http://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=_callbacks____0js08kwyb US
text
whitelisted
3236 iexplore.exe GET 200 216.58.207.46:80 http://www.google-analytics.com/r/collect?v=1&_v=j73&a=716474314&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Ffy8ixq9on1p84cm%2FrFactorSetup1255Lite.exe&ul=en-us&de=utf-8&dt=rFactorSetup1255Lite&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=aGDAAEAK~&jid=1390594029&gjid=692512582&cid=1486028617.1549883435&tid=UA-86547571-4&_gid=1431209446.1549883435&_r=1&gtm=2wg1r053LP4T&z=562453148 US
image
whitelisted
3236 iexplore.exe GET 200 104.25.226.6:80 http://2hanwriten.com/0/5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0/27473/asynch/null/123/null/true/0/2/1260/560/null/Tag.a1b US
text
whitelisted
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/bulk_downloads.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/heart_mf.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/megaphone.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/abp.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/ag.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/support.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/ab.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/ubo.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/abp.png US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/ab.png US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/ag.png US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/lightbox/adblock_whitelist/ubo.png US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/download/additional_content/browser_chrome.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/svg_dark/external_link_light_gray.svg US
image
malicious
3236 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/download/additional_content/browser_edge.svg US
image
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2836 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3236 iexplore.exe 104.19.194.29:80 Cloudflare Inc US shared
3236 iexplore.exe 104.19.195.29:80 Cloudflare Inc US shared
3236 iexplore.exe 216.58.207.46:80 Google Inc. US whitelisted
3236 iexplore.exe 216.58.207.72:443 Google Inc. US whitelisted
3236 iexplore.exe 172.217.18.98:80 Google Inc. US whitelisted
3236 iexplore.exe 172.217.22.46:80 Google Inc. US whitelisted
3236 iexplore.exe 104.18.92.64:80 Cloudflare Inc US unknown
3236 iexplore.exe 216.58.210.10:80 Google Inc. US whitelisted
3236 iexplore.exe 108.177.15.156:443 Google Inc. US whitelisted
2836 iexplore.exe 104.19.194.29:80 Cloudflare Inc US shared
3236 iexplore.exe 216.58.207.68:443 Google Inc. US whitelisted
3236 iexplore.exe 104.25.226.6:80 Cloudflare Inc US shared
3236 iexplore.exe 216.58.207.46:443 Google Inc. US whitelisted
3236 iexplore.exe 172.217.16.131:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.mediafire.com 104.19.194.29
104.19.195.29
malicious
static.mediafire.com 104.19.195.29
104.19.194.29
malicious
www.google-analytics.com 216.58.207.46
whitelisted
www.googletagmanager.com 216.58.207.72
whitelisted
www.googletagservices.com 172.217.18.98
whitelisted
translate.google.com 172.217.22.46
whitelisted
cdn.engine.addroplet.com 104.18.92.64
104.17.72.92
unknown
translate.googleapis.com 216.58.210.10
whitelisted
stats.g.doubleclick.net 108.177.15.156
108.177.15.155
108.177.15.154
108.177.15.157
whitelisted
www.google.com 216.58.207.68
whitelisted
2hanwriten.com 104.25.226.6
104.25.227.6
whitelisted
www.gstatic.com 172.217.16.131
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.