General Info

URL

http://herbalifeshop.nu

Full analysis
https://app.any.run/tasks/a8ff19f8-4956-4336-ab03-6ea1695f23aa
Verdict
Malicious activity
Analysis date
12/6/2018, 17:52:30
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3452)
  • iexplore.exe (PID: 4008)
  • iexplore.exe (PID: 3492)
Reads settings of System Certificates
  • iexplore.exe (PID: 3492)
Changes internet zones settings
  • iexplore.exe (PID: 3492)
Application launched itself
  • iexplore.exe (PID: 3492)
Reads internet explorer settings
  • iexplore.exe (PID: 4008)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3492)
  • iexplore.exe (PID: 4008)
Changes settings of System certificates
  • iexplore.exe (PID: 3492)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3492)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
33
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3492
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://herbalifeshop.nu
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll

PID
4008
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3492 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\windows\system32\userenv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\windows\system32\wintrust.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\sxs.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

PID
3452
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
513
Read events
423
Write events
84
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
3492
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3492
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3492
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
3492
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{5AFEF869-F977-11E8-834A-5254004A04AF}
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070C0004000600100034002F002600
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070C0004000600100034002F002600
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070C0004000600100034002F00D200
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070C0004000600100034002F00F100
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
32
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070C0004000600100034002F003F01
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
25
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070C0004000600100034003100F100
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070C00040006001000340031002403
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheRepair
0
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
A0277F2B848DD401
3492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
FA89812B848DD401
3492
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3492
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3492
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510
3492
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
4008
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
4008
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
4008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207
4008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
4008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
4008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
4008
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheRepair
0

Files activity

Executable files
0
Suspicious files
8
Text files
45
Unknown types
12

Dropped files

PID
Process
Filename
Type
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5AFEF869-F977-11E8-834A-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\documentation-9c217aba77c5e55ad77595886e4705d6c8cbb4db24da303c338b664f3a165d27[1].png
image
MD5: 01a1c1e1a27a4bcccfc7d3d60ab80423
SHA256: 9c217aba77c5e55ad77595886e4705d6c8cbb4db24da303c338b664f3a165d27
3492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF273F6E6FA27FC912.TMP
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 1067829f2f5809e6806d8ca272986e49
SHA256: 2f6a24d975b3f5f23caf95110aec61718293f42995e4ff1c22d6c39a15a6cbd2
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{5AFEF86A-F977-11E8-834A-5254004A04AF}.dat
binary
MD5: 1af5570b0229886c07f88e7e571c8fcb
SHA256: 6ba5bebcc964b28519bc7d615fcf00e2c999f881ce7ecc1274c4906d7e1f8437
3492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF91C4908824CF1CED.TMP
––
MD5:  ––
SHA256:  ––
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{79A08EB0-F977-11E8-834A-5254004A04AF}.dat
binary
MD5: 1d57d069d6bb513c33114d73803c54ea
SHA256: 96709ad40c43db9c590618bc508d79cc2f1b4576e3a9bf3abb54a7e16277ea63
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: b82675f3d88432448d89a1693b4b1886
SHA256: f66bb31a57796955d1546f08efaf06795fc3e53b320bb3612e1b1e090257ab64
3492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF5FFADFAB43A01FCC.TMP
––
MD5:  ––
SHA256:  ––
3492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0B436579DB963874.TMP
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 75829ee6b3f0aa5b586607ac16703c6c
SHA256: f0486c4c1ae7d6c5cd2005a04c639b45d0c5c998ebefe0a3c3e779f0c7146870
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\f[1].txt
text
MD5: fd372bdb4d99778a5a15690a38167c70
SHA256: a6b13440eaacd0d574931c0fa2a86f39f51f685920d215d8b2a632a1208c9e65
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 12ca06e9cd5395b068989c4bfe1525c4
SHA256: 2b7c9d6ea558699409c5ea21539a214c041082e80c7e6ae35f32f33d1d63e0e9
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\f[1].txt
text
MD5: 1696dfaf513b5c6b49d98bacd5e40316
SHA256: 9cf7b7361a89cd442176b0140a0afbf03ed57b51a7f65c7169245d0b390b824b
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: e7dd30cce3104b7ea39816d8bcd1d013
SHA256: b8a99681e2608eaa8149e34b0e89b76d2d0c360500cf37a48aff1f1a4c170d31
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: bc7a1caf1ba8a7ba5047642742aaf7c8
SHA256: fc567e38d97a5b154205c6acb532ba7536e1907a34027d0e8c0a2d3439fe50d5
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\refund-20a65298f2ac3cff02b8daba6b0275f6fff37e6380a440546ad081c0d03dd47b[1].png
image
MD5: e726b985b0969c0034fcf3666d76ee8d
SHA256: 20a65298f2ac3cff02b8daba6b0275f6fff37e6380a440546ad081c0d03dd47b
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\03[1].jpg
image
MD5: db0ad338295c8c9005a2876425950003
SHA256: 585e725ca47c40c9444277526a668853173027b5e8d4ed770a23d51575ece490
4008
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7a5548b2e50d7d9c9400733d764866a7
SHA256: c4e21832055f068fd734381fcb00853977d3ce5fa10d4e3ec3fe95ceef8c175d
4008
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3452
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\uber-a2170a0ca9ef5eed7116ca39d6a6b4a33c02742d7431615f4e022bbafb607ee6[1].png
image
MD5: 708221ca899783b907d062666b1329c3
SHA256: a2170a0ca9ef5eed7116ca39d6a6b4a33c02742d7431615f4e022bbafb607ee6
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\welcome-bf0f3d23a85af84b634bb799523c7e78b0b222c92c765c50cd496876f370e44d[1].js
text
MD5: ccbd6bc80eae640cefd72d5e2ca78a10
SHA256: bf0f3d23a85af84b634bb799523c7e78b0b222c92c765c50cd496876f370e44d
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\monitoring-20935cb09cf636a19f4a72b0ad6fe86edd3363ffd5cde7872170d21550306748[1].png
image
MD5: 5cbed300344cac3cd7c5ce54c7ab9a7f
SHA256: 20935cb09cf636a19f4a72b0ad6fe86edd3363ffd5cde7872170d21550306748
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bijenkorf-818379590c09de7b9560074e624f07566f8a2aec5c3407f1133bb4d679403cbf[1].png
image
MD5: 6dfb23d7414b1a7fc3e1766203f3a5bd
SHA256: 818379590c09de7b9560074e624f07566f8a2aec5c3407f1133bb4d679403cbf
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\escrow-5caba3b33e395b321b488012b89f812ce95bd172eca4a730db7d096c172a1575[1].png
image
MD5: 05d11236d88fb229604de044027e3ef2
SHA256: 5caba3b33e395b321b488012b89f812ce95bd172eca4a730db7d096c172a1575
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\klm-88588fe5a855564c2aba2a37fedc605a56b6252837057c2cd791aad9d1fda2bd[1].png
image
MD5: 1ec9b948faad2eefc59d8ba44334f839
SHA256: 88588fe5a855564c2aba2a37fedc605a56b6252837057c2cd791aad9d1fda2bd
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\verification-cb4b27cf66f33828823dbc05786628e599fa45da68701a8c8ab92227019cca7c[1].png
image
MD5: 52d7926de47460ad012506257f93f982
SHA256: cb4b27cf66f33828823dbc05786628e599fa45da68701a8c8ab92227019cca7c
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\w8gdH283Tvk__Lua32TysjIfp8uL[1].eot
eot
MD5: 793ea844a1eed7acfc0c8287a3da2930
SHA256: d24ad2e080e2ae3b98059c9158662091888867ef49d9dd2508f277e4b33f86e2
4008
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: a8d0b5d8779f65661575a01e7e653ed1
SHA256: 5566f3f70f147ff4548fc0a74bb980a687d13d7c06062cc2ffa965e2791ca213
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\installments-white-946a209dcdd08329ab3e098a09bc0d45724c19ffab28c7dcf7407503fd2fdef7[1].svg
image
MD5: 25e21a0afeac7c8c73efe1669cbdff76
SHA256: 946a209dcdd08329ab3e098a09bc0d45724c19ffab28c7dcf7407503fd2fdef7
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\buyer-protection-a1f380c201c8c4d85626b47827dde3816596de87a455b16eea6750af5e13fa70[1].svg
image
MD5: a9661c9d45ee1b55365bebc2fe260285
SHA256: a1f380c201c8c4d85626b47827dde3816596de87a455b16eea6750af5e13fa70
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\netflix-c26cdb746bb4f388e1bea872dee56911b71f41412c8ee6d72b0bfdd7137e85da[1].png
image
MD5: f15954c84e3c46fa9b4acc84eab95be7
SHA256: c26cdb746bb4f388e1bea872dee56911b71f41412c8ee6d72b0bfdd7137e85da
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ideal-5dd933dd4b5bf92fee486845ef4ffcf0db4cc94b3016476bc9dafc92aece79a1[1].png
image
MD5: e9c7236937410140bd5733f6110a7919
SHA256: 5dd933dd4b5bf92fee486845ef4ffcf0db4cc94b3016476bc9dafc92aece79a1
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\paypal-logo-084ae96b3b238ef5abb3120422845a40967c076f489af9bc7f2afc67b40a40a6[1].png
image
MD5: 628469a6acf71812abfba98a56b1aaa2
SHA256: 084ae96b3b238ef5abb3120422845a40967c076f489af9bc7f2afc67b40a40a6
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\mastercard-a9f797085437799ac382e590ab291556e184787db72c651d862c1a715f9f799d[1].png
image
MD5: b7fe641bddc56e6198b636e61ced029d
SHA256: a9f797085437799ac382e590ab291556e184787db72c651d862c1a715f9f799d
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\alipay-648b733980fff39ad552dda35fbd3c40aec7960ba0018fd1152c1bdd05eb9d08[1].png
image
MD5: 81610906e6e3206c32d4289929f1d712
SHA256: 648b733980fff39ad552dda35fbd3c40aec7960ba0018fd1152c1bdd05eb9d08
3492
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\gtm[1].js
text
MD5: 541e226aaf52d927eba6d642253d76ed
SHA256: 017134ddcaf5d9739f3cf8c1c79377feeca8ade890ce3eb4bc7601ca01177701
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\product-bundle-058670d6922203b4c290efd950ebe5c19232793ec83b55e2b4aaad3659f4ffc8[1].js
text
MD5: b618bac71b8fd561ffcf94434aa2a522
SHA256: 058670d6922203b4c290efd950ebe5c19232793ec83b55e2b4aaad3659f4ffc8
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bitcoin-2fa49deda845ceaaf3a7744f05515ec8e809f79f92f18be19c3f0822262b8c8d[1].jpg
image
MD5: 1e109f0269e68add4e2d17c3b000a9c7
SHA256: 2fa49deda845ceaaf3a7744f05515ec8e809f79f92f18be19c3f0822262b8c8d
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\safe-payments-b6abed2a2d787798da992cf7795628f765dec5d1204ff13936cb58c12f1e33c6[1].svg
image
MD5: 0f28d5f37db115419a45ec9b580924e9
SHA256: b6abed2a2d787798da992cf7795628f765dec5d1204ff13936cb58c12f1e33c6
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\safe-ca2bc30670548268c64c3eee81aefbf8990ebd29610c4c09d98d094606f3d28f[1].png
image
MD5: 6aa0d6239c7bc85000ab28d01cc17ac8
SHA256: ca2bc30670548268c64c3eee81aefbf8990ebd29610c4c09d98d094606f3d28f
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fast-f5f2a2e20fa6511ed60bd530f1a60299342de125b203ddc25b0b4f0e23c559b4[1].svg
image
MD5: 72c7bbda2115905cb97b9d9604fbec6d
SHA256: f5f2a2e20fa6511ed60bd530f1a60299342de125b203ddc25b0b4f0e23c559b4
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: dc658740cd48fc4cb06eb7fed949cb3e
SHA256: bf33ab5baa257e8dfac31956cde4ce5df987371b1d1ad99b467ad90bdc27767b
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\protection-9075636568d712e030480b7474acebc94aa241133b5a568aaa6fa600239cbd76[1].png
image
MD5: 7fe285e2e3749bc061c693051bb47a3d
SHA256: 9075636568d712e030480b7474acebc94aa241133b5a568aaa6fa600239cbd76
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wechat-pay-6af0b816dc47b4a4b722ee706ae7a0ac9e35f1c0e5d5e089c90c5e35e7467838[1].png
image
MD5: bd9ce132b47a05cc47a1a47cbecdf182
SHA256: 6af0b816dc47b4a4b722ee706ae7a0ac9e35f1c0e5d5e089c90c5e35e7467838
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\analytics[1].js
text
MD5: 2288a7f0b8dafb9384355f3cd86c0e83
SHA256: b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\visa-dd1ccb52f61c6508db68250c18b9bb3d443e46195845c02eaed16c0f9af65aa1[1].png
image
MD5: 751df49dd1754665d66ec22422a127b9
SHA256: dd1ccb52f61c6508db68250c18b9bb3d443e46195845c02eaed16c0f9af65aa1
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\kalin-karakehayov[1].jpg
image
MD5: 263a1e8ac2f63e791f6aaddc6f5ba9ba
SHA256: d817b1790e25c84c0fa170ffe583f3a5e69833068dd56bf7cd0635cc178fe682
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\logo-undeveloped-gray-safe-d2bbdd8aeb867666a6399c0a26866e77e46deee61af0b5622822ab6f7ed80149[1].png
image
MD5: 83240097dd0372ba8d32ae1105905410
SHA256: d2bbdd8aeb867666a6399c0a26866e77e46deee61af0b5622822ab6f7ed80149
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\banktransfer-2408cc0aa5db92faddb4af26776a05992bdb82d4dd5adf91560bb2b397a7d662[1].png
image
MD5: c4f10b0c386cf416459bdf223734ae6d
SHA256: 2408cc0aa5db92faddb4af26776a05992bdb82d4dd5adf91560bb2b397a7d662
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\offer-icon-876e722f7fa465310a035b8672c38c13a767ffb7f4d7ef5ed38da98e15ae5a0d[1].png
image
MD5: f0bf99ade2ba1b7648410fb8e20b862d
SHA256: 876e722f7fa465310a035b8672c38c13a767ffb7f4d7ef5ed38da98e15ae5a0d
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fast-27d7e50470cf19b6555589a96dc8e8014496d6178eaa7f305803b494dfa91010[1].png
image
MD5: 806e88bb1b7c3c3ceddb5ec37c9223d3
SHA256: 27d7e50470cf19b6555589a96dc8e8014496d6178eaa7f305803b494dfa91010
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\booking-402e94be5cb0d69c5d3a6d3354a9f6b66d0521d426b06de3b56ac3093ecb1c42[1].png
image
MD5: aafb5c288a4f764dac2e825a02255ce7
SHA256: 402e94be5cb0d69c5d3a6d3354a9f6b66d0521d426b06de3b56ac3093ecb1c42
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\2sDfZG1Wl4LcnbuKjk0i[1].eot
eot
MD5: 4d445aa754dea16a3e11b9b7264162b2
SHA256: d89c54d00aab7e92a6e9925ee3d020f6625c30656ce6b1987b434eb1586cead6
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\pxiEyp8kv8JHgFVrJJfedg[1].eot
eot
MD5: f00ab8be77768ee0afe76d8fa105e7ee
SHA256: 35c2d816283e8bcd9126b3216fdac994b7ecfdc12c95878aa7a6e65aae6b38b6
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fontawesome-webfont[1].eot
eot
MD5: 32400f4e08932a94d8bfd2422702c446
SHA256: e219ece8f4d3e4ac455ef31cd3a7c7b5057ea68a109937fc26b03c6e99ee9322
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt
text
MD5: 93d36cbf370364beb033fddb3df36cf6
SHA256: 893e7ade8e5497eefc13f5375187beeb81516d264273c4a64ad1176d419445cd
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\application-abb531645f8c51c3cc3a87d9189f987dd84f9d073d03572e38fc5660b51e36e2[1].css
text
MD5: 8dbf2d25bdfa97a98f4c9ff57db0f566
SHA256: abb531645f8c51c3cc3a87d9189f987dd84f9d073d03572e38fc5660b51e36e2
4008
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: f9ba4d6c52731bafcbb885e9282a609a
SHA256: 269996e36a5a2d80982e59fa8ec709a306f595559163c2b1bd802afdae4b2922
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarA9F4.tmp
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabA9E3.tmp
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 2af3e4b57a8b637fcee8cb7485986fa3
SHA256: 10632f5e8df34d4641f11aa0ad917a629bf75f7c0eaa77506c5a27919e7b12aa
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarA985.tmp
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabA984.tmp
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarA963.tmp
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabA962.tmp
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
4008
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 9667b36381b49580bec016384d26aa8b
SHA256: fbb280d40d1c1b7f255828adb3a71776ae27069f4ff9aec2a96b1106f1cb0331
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\herbalifeshop_nu[1].txt
––
MD5:  ––
SHA256:  ––
4008
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\herbalifeshop_nu[1].htm
html
MD5: 526c5e915fc44db1be0905a2994c0db3
SHA256: 579fc1aa0be61115a940b857ec73982325521bb3bdbd9d6688904c7834805866
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
4
TCP/UDP connections
55
DNS requests
20
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4008 iexplore.exe GET 301 52.58.78.16:80 http://herbalifeshop.nu/ DE
html
malicious
3492 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
4008 iexplore.exe GET 200 143.204.98.54:80 http://x.ss2.us/x.cer US
der
whitelisted
4008 iexplore.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4008 iexplore.exe 52.58.78.16:80 Amazon.com, Inc. DE whitelisted
4008 iexplore.exe 52.58.78.16:443 Amazon.com, Inc. DE whitelisted
3492 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
4008 iexplore.exe 143.204.101.113:443 US unknown
4008 iexplore.exe 143.204.101.114:443 US unknown
4008 iexplore.exe 143.204.98.54:80 US unknown
4008 iexplore.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
4008 iexplore.exe 173.194.76.95:443 Google Inc. US whitelisted
4008 iexplore.exe 209.197.3.15:443 Highwinds Network Group, Inc. US whitelisted
4008 iexplore.exe 172.217.168.3:443 Google Inc. US whitelisted
4008 iexplore.exe 172.217.168.46:443 Google Inc. US whitelisted
4008 iexplore.exe 172.217.168.8:443 Google Inc. US whitelisted
4008 iexplore.exe 143.204.98.222:443 US unknown
4008 iexplore.exe 143.204.101.71:443 US unknown
4008 iexplore.exe 143.204.101.73:443 US suspicious
4008 iexplore.exe 108.177.119.157:443 Google Inc. US whitelisted
4008 iexplore.exe 216.58.212.228:443 Google Inc. US whitelisted
4008 iexplore.exe 172.217.20.67:443 Google Inc. US whitelisted
4008 iexplore.exe 143.204.101.20:443 US unknown
4008 iexplore.exe 172.217.168.34:443 Google Inc. US whitelisted
3492 iexplore.exe 52.58.78.16:443 Amazon.com, Inc. DE whitelisted
4008 iexplore.exe 216.58.215.226:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
herbalifeshop.nu 52.58.78.16
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
cdn2.undeveloped.com 143.204.101.114
143.204.101.73
143.204.101.71
143.204.101.55
whitelisted
widget.trustpilot.com 143.204.101.113
143.204.101.20
143.204.101.105
143.204.101.31
whitelisted
x.ss2.us 143.204.98.54
143.204.98.221
143.204.98.159
143.204.98.76
whitelisted
www.download.windowsupdate.com 93.184.221.240
whitelisted
fonts.googleapis.com 173.194.76.95
whitelisted
netdna.bootstrapcdn.com 209.197.3.15
whitelisted
fonts.gstatic.com 172.217.168.3
whitelisted
www.google-analytics.com 172.217.168.46
whitelisted
www.googletagmanager.com 172.217.168.8
whitelisted
cdn0.undeveloped.com 143.204.101.71
143.204.101.55
143.204.101.114
143.204.101.73
whitelisted
d1lr4y73neawid.cloudfront.net 143.204.98.222
143.204.98.4
143.204.98.197
143.204.98.172
whitelisted
cdn3.undeveloped.com 143.204.101.73
143.204.101.55
143.204.101.71
143.204.101.114
whitelisted
cdn1.undeveloped.com 143.204.101.71
143.204.101.55
143.204.101.73
143.204.101.114
whitelisted
stats.g.doubleclick.net 108.177.119.157
108.177.119.156
108.177.119.154
108.177.119.155
whitelisted
www.google.com 216.58.212.228
whitelisted
www.google.at 172.217.20.67
whitelisted
www.googleadservices.com 172.217.168.34
whitelisted
googleads.g.doubleclick.net 216.58.215.226
whitelisted

Threats

PID Process Class Message
4008 iexplore.exe unknown SURICATA TCPv4 invalid checksum

Debug output strings

No debug info.