General Info

URL

http://www.cashcow.ai

Full analysis
https://app.any.run/tasks/ce4aa1a6-77ba-4533-af6d-4081d159a641
Verdict
Malicious activity
Analysis date
1/11/2019, 11:44:22
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2332)
  • iexplore.exe (PID: 2980)
  • iexplore.exe (PID: 3496)
Application launched itself
  • iexplore.exe (PID: 2980)
Changes internet zones settings
  • iexplore.exe (PID: 2980)
Reads internet explorer settings
  • iexplore.exe (PID: 3496)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3496)
Reads settings of System Certificates
  • iexplore.exe (PID: 3496)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
33
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2980
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.cashcow.ai
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
3496
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2980 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\mshtmler.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2332
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
502
Read events
436
Write events
63
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2980
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2980
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{E3E3D6C7-158D-11E9-AA93-5254004A04AF}
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307010005000B000A002C002600F100
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307010005000B000A002C0026000001
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010005000B000A002C0026009D01
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010005000B000A002C002600BC01
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
32
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010005000B000A002C0026000A02
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
32
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheRepair
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
AA594DA89AA9D401
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B000A002C0029004802
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3496
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3496
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
60
Unknown types
9

Dropped files

PID
Process
Filename
Type
3496
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cc[1].jpg
image
MD5: 3dea8ba1786bbbdcdaef572d5832051b
SHA256: 77fb3da919401c5f785a8da10fa9e4a585eb97d3499b08e58c2c43feefc37dec
2332
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\analytics[1].js
text
MD5: 2288a7f0b8dafb9384355f3cd86c0e83
SHA256: b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
2980
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112\index.dat
dat
MD5: 0dbd255ad696274009670d3462aab948
SHA256: bf096276fc7e99e22762a076ba0fc7990adfc18c74238a4516ffbb25a703a679
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112\index.dat
dat
MD5: 89cb903d8c1a040799f71b1a20d68931
SHA256: 8355fdd08e051829d465664add587ad708bafcd6201cabe04bd3b9fd9bf6c386
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery.validate[1].js
text
MD5: daa637bc75bbfac520444992495a7303
SHA256: d5ecfbbbd88d354a4069365daaedaab6229fd278cbd223c9f1c98ca21238e903
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\creative.min[1].js
html
MD5: 5f1f1fb8e78d7e0aaf7947ab231d396c
SHA256: 0277e4fed20cf3efd5e36b3ced03264c5ad3dce217286ab419b52050bdbb7e61
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cashcowphone[1].png
image
MD5: a5ee778e0ea90048f80c366152932180
SHA256: ad506d857d0fbf77d0e78c2855c21c677c90209a166e44e137ff01ef1c962307
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery.magnific-popup.min[1].js
text
MD5: b37d7edf99565d3858eaa1ad80df3cff
SHA256: b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\economictimes[1].png
image
MD5: 44bb163aee88921a46043ef80fd6df2b
SHA256: e85595789a293f505069fee202eb7a013a9879cf3d3d3fbb2b900781eebaeaa4
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\scrollreveal.min[1].js
text
MD5: b8d4ede888d284c51cbf85d686e02da3
SHA256: 9140213f193f683ccee63ed57bb1e303d1e156af982fb15d4c1b03dc1eefdc60
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jquery.min[1].js
text
MD5: 618538b4ab9639d444e962729a927f15
SHA256: 27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bootstrap.min[1].js
text
MD5: 04c84852e9937b142ac73c285b895b85
SHA256: 36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cashcow[1].jpg
image
MD5: 6c08c08eda50af48db944a1e532cd08d
SHA256: 6448b5996939daecc65465ff4e32c7f286cc33b192e44877408c5b1006f586ba
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\playstore[1].png
image
MD5: db9b21a1c41f3dcd9731e1e7acfdbb57
SHA256: 215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\sarfraz[1].png
image
MD5: b56c195a88d55e920405dc16e2c6a7c6
SHA256: 8315ff6d766aad3b63a5b57c668941d90726500741847b6c5fef5e6d5c414683
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\mustafa[1].png
image
MD5: d19b19ebbf5b1e63b625d351b49e50d1
SHA256: 0067e4bfbf06b13a9ecc41cbc5cefcbe6a3b4149db39f3fc71e5e77f1a8c35a3
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\gaurav[1].jpg
image
MD5: 7255407c3d70ff974e7298caa2383518
SHA256: dd78d56f0b4945a21d1cc361af55ef0594cdfe63cb4c569d339b91301e786c67
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\manish[1].jpg
image
MD5: dff8fd2607accd9d417ad795f50e1651
SHA256: f87ced68e2f7233bb9751a6c6e2125f6e1e6e2f967d3085fe2f4647bd8782654
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\img8[1].png
image
MD5: ea56ff173c4c9e6a43b224f0e45a004a
SHA256: 82e672e762fed22b8379c95d8c47685945876da2f0a791b9abb061b756aae078
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\img6[1].jpg
image
MD5: 1cc8f60af52b6cce06273393c7d45d7b
SHA256: 45272fa3d26a3ab79b31439274d219bcc56910753f71d9874d0aa8f1bc945694
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\img7[1].jpg
image
MD5: 6b59c1d7abcfb5ad095b3d1a567c412a
SHA256: 3cba58d4816c2bafe92269cd11a61429c1672959a4b85368a2ad6a93cc6ef5f2
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fintechasia[1].png
image
MD5: 7c1f67157240c19004e0ca1978f9fa05
SHA256: 38a85d15f8216ccab2a6918f2ec7179cead184be1c9a5d389def8ffbd829e82f
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\img5[1].jpg
image
MD5: 67a18200e84c5d438c42d7056b454b71
SHA256: 3868bb9cb1388ed72154fe2da14e8635b487f23216620c15565c179ad896bc2f
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\img4[1].jpg
image
MD5: 3d74bd614b8dc0703027318104c94b67
SHA256: 0547e1740119546352f907579e636d8a577c9b616df29b1be9190079fb74b3f0
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\img2[1].jpg
image
MD5: 8e4e1ae7620f9e83c9ef7c2a5310bdf0
SHA256: aaf29d186132bf67ef858a1f2038f2a5472b6434c803d8c133c20d55e46ddff2
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\img3[1].jpg
image
MD5: ecf257eefe2c10ef20d74836a3644936
SHA256: 0d6f6be0cf00ae8c842c71d447de489ae820779d14342afc753cd9ccdeef0fd4
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\img1[1].jpg
image
MD5: 0f86428ba3627921a97f3d082d54c1ca
SHA256: 9ea8371984231a8abb84e0f083bee37609d41fe2d83f1d5bb74c04637dc88f45
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bwdisrupt[1].png
image
MD5: 452d90e86a4118e2e2c6fc91f1aa72db
SHA256: 7ab57521c8670c53660a20c69a5790facfbafac24c30d0f0303d96130e2a3252
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\startupterminal[1].png
image
MD5: 48b3cbed1dbac1c95bab277ae1138e48
SHA256: bc1b24d490e460c081e4b0233d20a66183132f0cdea890b8ecb63263c3703b92
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\techeconomictimes[1].png
image
MD5: 1a27a60f52565ab6fb7bc11592e6d266
SHA256: cd89dfbdee044c4ab572c50cad7716c89fa01f5cd751203c1fdd8811340247f7
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\yourstory[1].png
image
MD5: 283e41731ecda32a2c8648cd3ba401b7
SHA256: a3026bcaca6847a3537c6405b71155456d14fbaa88a00d34f2d28dc178beca83
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\indianweb2[1].png
image
MD5: 65ce91bde610e856a0a4d956ebd3497d
SHA256: 978139ff0e38008e2a083a184ab3d4b46dcc6d75756e722960280d3561e98316
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\thehindubusinessline[1].png
image
MD5: 8762159dca9861d722b24ae9ae308554
SHA256: ec9b5002c2b3488b634901e01907e5e738cc33da96cb5cb9674eea6a03e6ba93
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\materialdesignicons-webfont[1].eot
eot
MD5: b8695cc16b97f1bd97446651af325e6d
SHA256: 6b3532b27c5426cacf7a79b9c190d9e1d91de31e97dcd0916528a413d11e1c19
3496
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: d911d568a0ea3bdd7f681745dc3a2fec
SHA256: 28c66c10bc84428a43b39ae4ecc0f23e3bc194f501884de99af7bf2a60e6ba37
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\materialdesignicons.min[1].css
text
MD5: b4250837fc91b757ae3c4234215ce0cf
SHA256: 578b7ac7b181ef4c17c26dc4c943047b69d2cad389918ffbb288a5a468ab0158
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 765f00e59019a6834c0c4709b005e36e
SHA256: 78e6c0d2120042c90f05b7014dc4e01f285688c6908989574e14fee682084841
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\lap[1].jpg
image
MD5: 1e45f6b67af09fc71ff73a6152aa1496
SHA256: 4cfc985836d20d3050f42ee95762f0ef9a27e11c4f9fa9113c35f229139242f7
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\js[1]
text
MD5: 0822c1c542b7abbad43c00f1e4988191
SHA256: c09746e15a9c041772ba9b6f9b84c40859c20326ed4f97d15fda3923bbc9fc41
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bt[1].jpg
image
MD5: fc46a8adf40bf3520475bed5e2a07ba6
SHA256: f5d3cbd00553a63fee5b8dec433a1356b6c75a74457ba1299fccb6393db59342
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\7Auwp_0qiz-afTLGKQ[1].eot
eot
MD5: 75925ef7689d7fab3f063d46cf78376d
SHA256: cdf631726f9c1c96bc36b43f82ebdceb61ead87665656152ea613c0719fc6a2d
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bl[1].jpg
image
MD5: c8db629c2620eae9c435efe8896ddfa9
SHA256: bdb972ef9843c24d9183103fbb77036e6dfa814ebdfd7cafd01ec741d89ecb6e
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\hl[1].jpg
image
MD5: 728285926c901feef74d699be4049718
SHA256: c0c2a477edc18a551ad2397523f4718f6f32c97992750c7ee3feb239cb5b418b
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fontawesome-webfont[1].eot
eot
MD5: 25a32416abee198dd821b0b17a198a8f
SHA256: 50bbe9192697e791e2ee4ef73917aeb1b03e727dff08a1fc8d74f00e4aa812e1
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\u-440qyriQwlOrhSvowK_l5-fCZI[1].eot
eot
MD5: 9d0333d253ab26a847750bea12ef067c
SHA256: 0c0bf9405c4be57beeb630eeb4ed4ead68fb8da19ce410014bc07c1642d6431a
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery.easing.min[1].js
text
MD5: 3eac3c72434a0945b92dd4a01f7b6b4e
SHA256: ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\pl[1].jpg
image
MD5: 452ab91e2a72f4c329c6ab66f71614f5
SHA256: a2fcb198d30ab178415ce816dac6fbcc2b1c70224c9143ad9eab2de8c24ec197
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\phone-call[1].png
image
MD5: 02a5696a665de9694ac6d34e708601da
SHA256: fcee1efad1d884da88cdfbde6ff2798b51bdf41d3e47c7b7aa046ddadec0aa93
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\glyphicons-halflings-regular[1].eot
eot
MD5: f4769f9bdb7466be65088239c12046d1
SHA256: 13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 9dce7f01715340861bdb57318e2f3fdc
SHA256: ee6885417a5772a42be3280cf34581001cafd5548d12b66b5466e53f05dabf96
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[1].txt
text
MD5: 4c7dad4090d0a72b34cc1bcd13885c73
SHA256: 4cd4bd4af907718dd6b740f3a4710fa82bd3ea724274eefde8d3ddb54dab894f
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt
text
MD5: a07d40c2638223f60172dd8b3edf9c95
SHA256: 2c73517e426bf2463ae52fb6dae6b1499255e3f31ac95805578ba975ecad3674
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\newstyle[1].css
text
MD5: 2ffcb9ca81ebf9798bd15f458eb233bf
SHA256: aa3d44f7fc0548c98fa3c4249993fe30b69485e1f83599d2c0969d71581e6f8d
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\slider[1].css
text
MD5: f30986be1aa5ed04ce4a44df88a47789
SHA256: 4d372b91d4b656b87bbb32f752897cb62c3c6581ce0a4eef4f35eb61ebbfea01
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\js[1]
text
MD5: 64d1c7db02a491c37691238c85df897a
SHA256: ab6a6c9644b354a21f0ed79bdd686111352f0ceaafe26bf89374842e0bc698bb
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bootstrap.min[1].css
text
MD5: 5057f321f0dc85cd8da94a0c5f67a8f4
SHA256: 5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt
text
MD5: 4c7dad4090d0a72b34cc1bcd13885c73
SHA256: 4cd4bd4af907718dd6b740f3a4710fa82bd3ea724274eefde8d3ddb54dab894f
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\css[1].txt
text
MD5: 22af17e584b25e966ad592b1b6237923
SHA256: 8956b30d4383bf3cc8524e001007802094619468061656544fbebe4732cc68c3
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquerysctipttop[1].css
text
MD5: 0e573383f483f4c873c7b29ab02f7beb
SHA256: 61574a549804a8153ea4ab6f8e78487f1cec4e434c73d11e4725d191003808d1
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\magnific-popup[1].css
text
MD5: c03fe8704d90e35eba342d2ca2c5a530
SHA256: 1155981e8193622f58553eed0bba2fa43512af362a3d54dedef64c46970bb371
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\font-awesome.min[1].css
text
MD5: fea395db9a5c8eaba924d98161324597
SHA256: ed0f05101d480726c58bcd4956a1e7b02f12b538d02058f1b0ebfdabe8a7ef42
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\creative.min[1].css
text
MD5: 9fd12620b16ac778259d4fcad33f37f4
SHA256: 970ed0d8a53b964185e53d7b0ca2fde684338189e44cf48ec547ee46d02f4286
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\custome[1].css
text
MD5: 9516c1cc8b601536dea767bae1b7baf8
SHA256: 1341754d3c56f645a1a75b5a1c000e96c36b32db1d55bfcfbc3d4f853ba9e81a
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\footer[1].css
text
MD5: d717d796da73531c411aa01a65885ee8
SHA256: 5b9265e98f31f4b709a9321243967b8a3e969373eae6df49e887e50148d75b9c
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cashcow_ai[1].txt
––
MD5:  ––
SHA256:  ––
3496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cashcow_ai[1].htm
html
MD5: e8ffcfc0fe2d88458ea735dc02b34ae2
SHA256: 73708ba2c13ebff2a5db39966ef362c29705019eea0599a2fcccfcf1f59db90c
2980
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2980
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2980
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
49
TCP/UDP connections
21
DNS requests
11
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/ IN
html
malicious
2980 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/bootstrap/css/bootstrap.min.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/font-awesome/css/font-awesome.min.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/css/creative.min.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/css/custome.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/magnific-popup/magnific-popup.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/css/footer.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/css/slider.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/css/newstyle.css IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/bootstrap/fonts/glyphicons-halflings-regular.eot? IN
eot
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/font-awesome/fonts/fontawesome-webfont.eot? IN
eot
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/phone-call.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/hl.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/pl.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/bl.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/lap.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/bt.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/cc.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/thehindubusinessline.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/startupterminal.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/indianweb2.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/yourstory.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/economictimes.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/bwdisrupt.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/techeconomictimes.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/press/fintechasia.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img1.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img2.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img3.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img4.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img5.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img6.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img7.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/img8.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/manish.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/gaurav.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/mustafa.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/sarfraz.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/cashcowphone.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/playstore.png IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/img/cashcow.jpg IN
image
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/jquery/jquery.min.js IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/bootstrap/js/bootstrap.min.js IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/scrollreveal/scrollreveal.min.js IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/magnific-popup/jquery.magnific-popup.min.js IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/vendor/dist/jquery.validate.js IN
text
malicious
3496 iexplore.exe GET 200 35.154.9.197:80 http://www.cashcow.ai/js/creative.min.js IN
html
malicious
2980 iexplore.exe GET 404 35.154.9.197:80 http://www.cashcow.ai/favicon.ico IN
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3496 iexplore.exe 35.154.9.197:80 Amazon.com, Inc. IN malicious
2980 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3496 iexplore.exe 172.217.16.136:443 Google Inc. US suspicious
3496 iexplore.exe 104.31.7.153:443 Cloudflare Inc US unknown
3496 iexplore.exe 172.217.22.42:443 Google Inc. US whitelisted
3496 iexplore.exe 172.217.21.227:443 Google Inc. US whitelisted
3496 iexplore.exe 31.13.90.6:443 Facebook, Inc. IE whitelisted
3496 iexplore.exe 172.217.23.170:443 Google Inc. US whitelisted
3496 iexplore.exe 104.19.195.151:443 Cloudflare Inc US shared
3496 iexplore.exe 23.111.9.64:443 netDNA US unknown
3496 iexplore.exe 216.58.206.14:443 Google Inc. US whitelisted
2980 iexplore.exe 35.154.9.197:80 Amazon.com, Inc. IN malicious

DNS requests

Domain IP Reputation
www.cashcow.ai 35.154.9.197
35.154.147.98
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
fonts.googleapis.com 172.217.22.42
whitelisted
www.googletagmanager.com 172.217.16.136
whitelisted
www.jqueryscript.net 104.31.7.153
104.31.6.153
unknown
fonts.gstatic.com 172.217.21.227
whitelisted
connect.facebook.net 31.13.90.6
whitelisted
cdn.materialdesignicons.com 23.111.9.64
unknown
cdnjs.cloudflare.com 104.19.195.151
104.19.197.151
104.19.198.151
104.19.196.151
104.19.199.151
whitelisted
maps.googleapis.com 172.217.23.170
172.217.21.202
172.217.21.234
216.58.205.234
172.217.18.170
172.217.23.138
216.58.206.10
216.58.207.42
216.58.207.74
216.58.208.42
172.217.16.138
172.217.22.42
172.217.22.106
172.217.18.106
whitelisted
www.google-analytics.com 216.58.206.14
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.