General Info

URL

https://www.mediafire.com/view/1th3800ju6o71x6/H_Mer_CS300_001.tif/file

Full analysis
https://app.any.run/tasks/59717b29-7a93-4d1a-95e2-3ad28ffe8021
Verdict
Malicious activity
Analysis date
8/13/2019, 19:28:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 876)
Changes internet zones settings
  • iexplore.exe (PID: 2900)
Application launched itself
  • iexplore.exe (PID: 2900)
Reads internet explorer settings
  • iexplore.exe (PID: 2888)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2888)
Creates files in the user directory
  • iexplore.exe (PID: 2900)
  • iexplore.exe (PID: 2888)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 876)
Reads settings of System Certificates
  • iexplore.exe (PID: 2900)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2900
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.mediafire.com/view/1th3800ju6o71x6/H_Mer_CS300_001.tif/file"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
2888
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2900 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\mshtmler.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
876
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
439
Read events
380
Write events
59
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{DC8EDA79-BDEF-11E9-9885-5254004A04AF}
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D0011001D000B00B603
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D0011001D000B00B603
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D0011001D000C006A00
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D0011001D000C008A00
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
75
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D0011001D000C004501
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
37
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307080002000D0011001D0011001C00
2900
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2900
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2888
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
60
Unknown types
7

Dropped files

PID
Process
Filename
Type
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\main[1].js
text
MD5: ce6b887e41283f6e1521f55333f2a7f0
SHA256: 10cbcd57db9c11a2af0cf211d5040d75aee67450ddfad299063a8e2eecda5178
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\dropdown-arrow-right[1].png
image
MD5: 2054853245004890b63b5068609df6d4
SHA256: d1ff09a687f64d64573cf0c898a74a50b1e1a554ca0d903cc5b259a79fdcaacf
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 19d8e78873c119ff97c8eb348ba73af7
SHA256: 366746f8a65328874cc4021589f2f7d951bc87a40cf0242b45af4e2f167ac45b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\translateelement[1].css
text
MD5: c8d4fbfcb0e3a290f3cbfa588a1dee7d
SHA256: 99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\f[1].txt
text
MD5: e539d1f2d309e93d811e8e4884eaf52d
SHA256: ac8f24a74752e4aa9033d2d8cb0e1ff161810228d723cbec830db46043a4f9c7
2900
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: a301c91c118c9e041739ad0c85dfe8c5
SHA256: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
2900
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 583542c658c52bb407c2b54b0b51d21e
SHA256: 9435afa5bfd5ea107fd35459980829dd56be298cc48c1bb2a31dc4405716b8f1
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\ico30-mask-white[1].png
image
MD5: c5094669c130e226d3585399d4735bfd
SHA256: f48b5288add8e0c6ae38be561aeb7bc99733dba0d0daa3e3672e36908e2a63c2
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\folder-sm-reversed[1].png
image
MD5: 697107dc5a7b5e9fe90691845ec25ecc
SHA256: 410a1c1425a1990316cd85ab903c237c4c10531d30424779d55949e9b1f8c7a5
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\footerIcons[1].png
image
MD5: e0abc4fea89d2c5153b73cd02ac5ba13
SHA256: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\social_icons_sprite[1].svg
image
MD5: a68eb80f9ff04457f27e69fd6faa2190
SHA256: 23d0709d0d95c56da4cc928592f25399e50529d77195ccf90f1d9a52f39b774e
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\close_fullscreen_mini[1].png
image
MD5: 509b681c4a0af608b1b703551941cdf7
SHA256: 5c8cdfe91f7979a3264e973dea58c704ae05dc2353061c17399184e4c563a987
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\close_fullscreen[1].png
image
MD5: 921e96c1bf34cccc353c17ec97fd32c1
SHA256: daebe7282379d5a884db539312d876f49790a9b24596cc87a2d4f61d960eb67e
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\arrow-left[1].png
image
MD5: e2e2c0afb3f511a53972cc21a1bd60cd
SHA256: b644cb674bea2ecc591a203547b465ed92f3835092a9c46bc3a52493f9474dd8
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\arrow-right[1].png
image
MD5: 69bcfe57ac93655547c050e04bb8554b
SHA256: ea60ecd715541dee1ee29db3c785df02ec595cbab64c6a58c784bff9c0c0a661
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\blank[2].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\blank[2].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\blank[3].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
2888
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 1c5bc57d8545d38eeb954e923cfb3781
SHA256: db8db2bad9509a509cca490ee5de0b9cfa3981e2d79e4da32fcf6fd124d30a42
2888
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\H_Mer_CS300_001[1].txt
––
MD5:  ––
SHA256:  ––
876
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\recaptcha__en[1].js
text
MD5: 225dc720a77fd75d959eeed191e25e7c
SHA256: d3aeafa2a7a1cc171df8d7311d7ae69916a46ca07e67151b55e1ee24dc8871bc
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\logotab[1].png
image
MD5: f706a005dc3dd6a23c79ab62b1760a35
SHA256: 2a6e3422dd024d67e532e0ee88fe20a6ee5e5d6f5dda970b9046c9dee915c67d
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\fbevents[1].js
text
MD5: 172b235cd3cdbeb7130bd7ce85dfdfbc
SHA256: c7ffb5c7a2fcc93bf5553df1f27de7c5b2dbd4affcb74fd0bef82371e4e22caa
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\analytics[1].js
text
MD5: a477b40dcc869e74d6414e8e42e36844
SHA256: cec3748d0c3da4700300d5424aaea375b03550b0ee8b3dd38e242c4022261446
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\image_viewer_121309[1].js
text
MD5: dd8e961e7857bb8df1f0c8eb441f1985
SHA256: 47e652690226bdb8c0396aad5e4ca91707ebc28d2aaf937627d403b727bf8e85
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\smArrow[1].png
image
MD5: 1f0619e3ea0f3021fdf9a10aa64ee8fd
SHA256: f9a75024e53f8a3e5ef92e12c87457fbfacc5508a5d7fbdde9126ee267e8b70b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\clear1x1[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\encoder_121309[1].js
text
MD5: cc3e9794db44dbf296414b68e6ed0e79
SHA256: d9e1d61df4646995a3a923572f6be396aee20694a7f0a846892a012dbe674ab1
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\dropdown-arrow[1].png
image
MD5: 38e768ce66634f81140d708a50639bbb
SHA256: 688e5d45277b4b3124049e8bc02e126a3ebe92b6ecfa16670e21977e45c0693f
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\ico30-v9[1].png
image
MD5: 34cc27c50cb0096c6092d26ac85303ba
SHA256: bdaa84d1fdf85bafe867de76f874a01c46da85fbe940a0dc800d65b06e0ee95e
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\default[1].png
image
MD5: 408d4a08544a165555c54a4198bb3068
SHA256: edf29a5069b0812d87c6724f54eb33953f23f81426e9d63afbeda73e8ab8e151
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\dropdown-arrow-up-dark[1].png
image
MD5: 680b85078bfb656231c0860a023c468e
SHA256: 5de1b000a3854133d21167d6e0991cd2e12bdf955fa17ac36b068f6cb298ac59
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\element_main[1].js
html
MD5: c48aa10c07140e72b4608715d7b70283
SHA256: 2acb6b5eca2478cae3b9c12f69df75d514aaa0e7a6c7c7dc0c4399fb36aa85fd
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\mysteryman[1].png
image
MD5: 574adb413f3e0c8c01c65c769586d88e
SHA256: ff625a6a84ee08fbbcea53ced4e002152c2b537bb3dd4513069ffc5f7c6fbf8d
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\master_121309[1].js
text
MD5: 4c87ac5b9be1f7829a917cc8315719ed
SHA256: 66583bab5bd52d784e4f1021e001da4c8d827821b0f99a71c2a92a3933ab7032
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\dropdown-arrow-left-white[1].png
image
MD5: 95b7bc21081e914b8efb82dd61289914
SHA256: c0e66134c7184a8bbc2c96be1e9813c931634eb4d5bc637a3bca724007505aa4
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\gtm[1].js
text
MD5: e5c20e717eb75e285c03eee61c99a2d0
SHA256: 8263b1a87774cd2a097002ff6278e1dbe236376dce034624bf204d8818b63fe0
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\ico30_reversed-v9[1].png
image
MD5: 519123e78c7e83562b179675bc1dd855
SHA256: b631408bea7aff541f7bd43245ad71f824c539efe5675ef0573299b61575694d
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0161221e84d98b4dc62f8d48660eb267
SHA256: 4f277a8280bbd07409e1a26fccd9c373e98a7c21fc1ce1199ffd9334ee7a2ce3
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\rename_icon[1].png
image
MD5: ec812f8eb98bf5cd393c50cac42a7cbc
SHA256: 8a11d88d6102e919a35f93447b4383cd426a370094cb5e26d827616fb29d8ebc
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\mf_logo_u1_full_color_reversed[1].svg
––
MD5:  ––
SHA256:  ––
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\mf_logo_u1_full_color[1].svg
image
MD5: e09b5af507bd602ad839b261fd897170
SHA256: bfcc5bc8242d357752657942690541bb3e4b907384af1c56586f6466d7116db2
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\ie.css_121309[1].php
text
MD5: c62a41328879f16c69a2cb9b0e08fd96
SHA256: 2ab1c7856c7370b9d71c68118559c7c6d769a438d8659592b882278b22c73dee
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\ie.css_121309[2].php
text
MD5: c62a41328879f16c69a2cb9b0e08fd96
SHA256: 2ab1c7856c7370b9d71c68118559c7c6d769a438d8659592b882278b22c73dee
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\js[1]
text
MD5: bf525d6f238e480d8dc96abc06542c54
SHA256: 1bb242764ddfdd8d416ace07022fee00c96ac380ab79b5018c00d90c9d72f427
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\jquery.min[1].js
html
MD5: b8d64d0bc142b3f670cc0611b0aebcae
SHA256: 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\api[1].js
text
MD5: cadc33be85b9f991918ab1ad7957a255
SHA256: 4f7d4677ad7bc2e403fb84eb831dd438cf003d07e335cc8edcc0a50a12bb36a4
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 5f4d4bc11d64b6cb605b7030c1997270
SHA256: 1d399c4617f5da6f7523d2816328c84de6e5cdf4325b2a40827c2d33d7ef0fd7
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\mfv4_121309[2].php
text
MD5: 3f58d8118b5e924ff28d7963f385101f
SHA256: a3e182205d315e7d1dff5ed7059036182165328b635d0edf6d9088ac3dd8a11f
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\mfv4_121309[1].php
text
MD5: 3f58d8118b5e924ff28d7963f385101f
SHA256: a3e182205d315e7d1dff5ed7059036182165328b635d0edf6d9088ac3dd8a11f
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\mfv3_121309[2].php
text
MD5: befaf705fcc22e8616aaf699ab39cff5
SHA256: 11c5ceb307b04294567fe487fe216bb06df72d65dc248f8bfc29390514564a62
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\mfv3_121309[1].php
––
MD5:  ––
SHA256:  ––
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\fileview.css_121309[1].php
text
MD5: 57479aa0ebc154d3721ed065c05d5f7e
SHA256: 17e5348fac5af0ffe283c28d6eee2ea939afb42d0f97cf73179b912affee32c5
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\css[1].txt
text
MD5: d2570265994455a6b680c3bf861bd52b
SHA256: 3eafaf86b883748c082621dece7eb205194b5a6fcaf351e1e7512eff33e8a605
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\file[1].txt
––
MD5:  ––
SHA256:  ––
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 88535c2b1280b86e293b97db57a71b11
SHA256: 79f6bf0de2eadbfb4cf846ca27d18d2402212b6533d9da0a85366bb44d9c782a
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\file[1].htm
html
MD5: 5fab3999ef720beae1b0868e13ee72ef
SHA256: 94ad2a2cfd87936e9b21af4989179638c63a0de7a80907716db01a03f7a82329
2888
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: a1622ba682e67f04cdb46c8cedbc5f11
SHA256: 39ef840d09804567861a73e0e0c27e4099d51468c2850b7f384a6546e6df629d
2888
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 8d738c8e58ca1605619121ad10ada536
SHA256: 752aa6de6d1ad60990cd59290a86e1d0f99d9eab26ac273c67844c12fd28f943
2888
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2900
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2900
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2900
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFQCAVQY\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SX5JIDC6\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5C4SHC5F\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E65PNV2\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2888
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: d28f05e7573fecd4e5e26fdd3252d970
SHA256: a6312c25d3870b6eb9b5520cec79771cca0184f3af40282008dd3040ade6d48a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
29
DNS requests
15
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2900 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2888 iexplore.exe 104.19.195.29:443 Cloudflare Inc US shared
2900 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2888 iexplore.exe 104.19.194.29:443 Cloudflare Inc US shared
2888 iexplore.exe 172.217.22.10:443 Google Inc. US whitelisted
2888 iexplore.exe 172.217.22.99:443 Google Inc. US whitelisted
2888 iexplore.exe 216.58.208.42:443 Google Inc. US whitelisted
2888 iexplore.exe 216.58.206.8:443 Google Inc. US whitelisted
2888 iexplore.exe 172.217.18.4:443 Google Inc. US whitelisted
2888 iexplore.exe 216.58.207.35:443 Google Inc. US whitelisted
2888 iexplore.exe 216.58.206.14:443 Google Inc. US whitelisted
2888 iexplore.exe 185.60.216.19:443 Facebook, Inc. IE whitelisted
2888 iexplore.exe 172.217.22.46:443 Google Inc. US whitelisted
2888 iexplore.exe 108.177.15.156:443 Google Inc. US whitelisted
2900 iexplore.exe 104.19.195.29:443 Cloudflare Inc US shared
2888 iexplore.exe 172.217.18.163:443 Google Inc. US whitelisted
2888 iexplore.exe 172.217.16.138:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.mediafire.com 104.19.195.29
104.19.194.29
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
static.mediafire.com 104.19.194.29
104.19.195.29
malicious
fonts.googleapis.com 172.217.22.10
whitelisted
fonts.gstatic.com 172.217.22.99
whitelisted
www.google.com 172.217.18.4
whitelisted
ajax.googleapis.com 216.58.208.42
172.217.16.170
216.58.206.10
172.217.18.10
172.217.22.10
172.217.21.234
216.58.205.234
172.217.21.202
172.217.23.170
172.217.18.106
172.217.16.202
172.217.22.106
172.217.22.74
172.217.22.42
172.217.16.138
whitelisted
www.googletagmanager.com 216.58.206.8
whitelisted
www.gstatic.com 216.58.207.35
whitelisted
connect.facebook.net 185.60.216.19
whitelisted
www.google-analytics.com 216.58.206.14
whitelisted
translate.google.com 172.217.22.46
whitelisted
stats.g.doubleclick.net 108.177.15.156
108.177.15.157
108.177.15.155
108.177.15.154
whitelisted
www.google.no 172.217.18.163
whitelisted
translate.googleapis.com 172.217.16.138
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.