General Info

URL

https://download949.mediafire.com/

Full analysis
https://app.any.run/tasks/55af9f17-eeda-47b8-90c4-3d4c406bbe68
Verdict
Malicious activity
Analysis date
8/13/2019, 17:00:09
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3524)
Application launched itself
  • iexplore.exe (PID: 2628)
Changes internet zones settings
  • iexplore.exe (PID: 2628)
Reads settings of System Certificates
  • iexplore.exe (PID: 2628)
Creates files in the user directory
  • iexplore.exe (PID: 2628)
  • iexplore.exe (PID: 272)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3524)
Reads Internet Cache Settings
  • iexplore.exe (PID: 272)
Reads internet explorer settings
  • iexplore.exe (PID: 272)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2628
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://download949.mediafire.com/"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
272
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2628 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\feclient.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
3524
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
456
Read events
384
Write events
72
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{13C19235-BDDB-11E9-9885-5254004A04AF}
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D000F00000019005F00
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D000F00000019005F00
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D000F00000019002A01
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D000F00000019005901
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
72
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D000F00000019002402
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
30
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
https://mediafire.com/
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
caliente.mx
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
gyazo.com
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
unity
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
capitalone.com
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
wp.pl
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
chinaz.com
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
beeg.com
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
google.co.nz
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
ytimg.com
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
academia.edu
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
wattpad.com
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
.cn
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2628
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307080002000D000F00000030000C02
2628
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
272
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
79
Unknown types
7

Dropped files

PID
Process
Filename
Type
2628
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 39c6e65aa0a21e2be282765153e6b4cf
SHA256: 9571d839963815147c99224043d4cb1ce9933909ed0bc00c28587db043711ac8
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\upload[1].svg
image
MD5: 5ea6f0338c2012a1ea0e0d18b9d661d5
SHA256: 066a1d5e23190d9c34e21c70c88a954fe3d151a4411e36fba000d24d639e85f4
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
272
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 79934ccea93bd54dc9edbe867736ab42
SHA256: e9c9e8cf0fb35cbde121c2b0b439a61b064302043d842ff6b77779b85f4cef37
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\js[1]
text
MD5: 143196c2e918575c81e184ad40ab78b6
SHA256: f8939065fbe747ba4ee3c89fe18524f9ce55aa83460ac439f37ca55cfd396d52
272
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 53a87bc0b0390ca271f89b9597cd3789
SHA256: 63bc05300f5d133da08444c58c642fa8e0ee6ce3caa361a5e56fa40941d9beac
272
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3524
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\default[1].png
image
MD5: 408d4a08544a165555c54a4198bb3068
SHA256: edf29a5069b0812d87c6724f54eb33953f23f81426e9d63afbeda73e8ab8e151
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\social_icons_sprite[1].svg
image
MD5: a68eb80f9ff04457f27e69fd6faa2190
SHA256: 23d0709d0d95c56da4cc928592f25399e50529d77195ccf90f1d9a52f39b774e
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\pf_1_time[1].svg
image
MD5: 480a62aa64d0a5ba67c343fb6ed2e319
SHA256: 4d9ccf2f203e169c71fc4ab2310c23cfb469cb92aff7b9d6d1422ecaa9aa39e4
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\texas[1].png
image
MD5: 600abf80e6dec3eb916abe1df7730b57
SHA256: 097b1ea806afeddce94390aa022aa51955a3e1236bec96609c3b06a22bfb4a05
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\pf_direct_download[1].svg
image
MD5: c2387384dcb9ca892f2124bb05ef0ba0
SHA256: 84d163bb68ce0df35852c6f242353dca8089cffa2431bd6413d6f46c7b7fb368
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\pf_no_ads[1].svg
image
MD5: 482729f2c68b4c66a8f3d8254c9c59ee
SHA256: af5e7ace999413e0657fe05c8bc104c4555449c74d779c591305cd363073548e
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\pf_bulk_download[1].svg
image
MD5: d1865b5d4e84a35e373e17229c4d0a67
SHA256: 39d367424d8a38a58613d6d50d284377f37efcc65e8fb57b742ea433571ff65c
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\pf_web_uploads[1].svg
––
MD5:  ––
SHA256:  ––
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\pf_1tb[1].svg
image
MD5: 4c8d17c44bde654d1d73878e41a9a891
SHA256: 5646513e055e79677627d21451a24a2993ab6e5629149ba0828b6116ac34f104
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\tf_apps[1].svg
image
MD5: 5a8e546a9c24b13c99492e0daf1400a7
SHA256: 3698212f73f5e3b3231efea40245732faaa63064016be0481021100f109a1878
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\tf_share[1].svg
image
MD5: d0d7ec9c0600d8356affdd4b1d6c2eb4
SHA256: 030209a81ae29c80a93b1518ffa7bf493bb08d5faa0e1d36e173e62327163899
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\tf_1_time_links[1].svg
image
MD5: ab7d2e2a5c8eec566bf58e5eadd1a90c
SHA256: 4e96c317406e2c84ca0a065cf8f77f26c9808c9c2e6258ebea8814b18d6f5ea3
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\tf_organize[1].svg
image
MD5: 422b4b28f80c1ba0a09f7bbe30bee39e
SHA256: dc3fde586e82046749f5690c97512f0a92cd3f29c1dcc07368935cf3c26859e4
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\tf_downloads[1].svg
image
MD5: 184ace60fda95f4c01ee59a8842b104b
SHA256: 947b503c2b416de31d6b171bf82d08592be07bb4f8887bceff6a1e1b4cce5410
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 339dc331840c9d32aac03f4da9f3f837
SHA256: b0eb29e5cc10348ba94ffe3fc034ff804ffb6034a875aa983c1e0dff4ca64d62
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\share_color[1].svg
image
MD5: fbd98108e9d514c1dff05869deccb841
SHA256: 839a1fc390db5fd65d98a4328ef1068498d930557d7428aa512ccfb9c5ac87b5
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\tf_10gb[1].svg
image
MD5: dd0470a3ca0f622188e091f1d2a9f3ac
SHA256: 3c8f97d9e63715b1fb2ffc629efaa1be51038c256c9e0d364649dec804463f9f
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\tf_multi_upload[1].svg
image
MD5: 48f4d3ce124bfe86fed5d8946a83c38d
SHA256: a1910ee580f391abdb4d8d184ae2f6dc85612505382dcbd4e5dbf3e4ebb461d6
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\store_color[1].svg
image
MD5: 8cc1efba1db849049a6b9a6f4ecfda2c
SHA256: 8ef79111cb93b88ad71bf488b86ddfed18d8efafe82010885c47e9dcf3adc61e
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\mf_logo_flame_reversed[1].svg
image
MD5: f51a31da564d1e818651ffb251be5d31
SHA256: 4335a4241a637c91845d75a0ea955f846a6b14eb991b579d890584bb2ae9c626
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\heart[1].svg
image
MD5: cc97a2b9e34d2fdac72159adbbcbfe05
SHA256: c813eb3e9c507e43a491f78c02971fd7a1de82a2846f766a2155324f2e60c3ae
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\access_color[1].svg
image
MD5: e30a8d8bfbf0b1c0db84de7d542f8df7
SHA256: c849fd639e438c9b707a6e5b5ef5b7b84a5f9bddc091652a4cabdc03b7a0eecc
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\recaptcha__en[1].js
text
MD5: 225dc720a77fd75d959eeed191e25e7c
SHA256: d3aeafa2a7a1cc171df8d7311d7ae69916a46ca07e67151b55e1ee24dc8871bc
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\store[1].svg
image
MD5: e0911d2dea1a6c2400be2cf42dfb760c
SHA256: 822a7f21f2b6c513ed87fd34dd8cbf9f64d9cf1a53cb94a7fcce5f619b70f2eb
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\collaborate[1].svg
image
MD5: 07dafb3b3b19203786484d9074c7e230
SHA256: 8597cb7ae41240be9d8d9ef96f1f0e511f9dcd5a5d7f6cc96f243976a27bfdcb
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\access[1].svg
image
MD5: b58ffe96f6851cea6b0d0868cadc5d36
SHA256: efea616f7c43710a2352033e402a704d93fd70428e2e2c7ea5ca3af6fcea6508
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\collaborate_color[1].svg
image
MD5: 5deec671444acfb84fb89b020c8ffaa3
SHA256: 8699804ef32ccc3b40e409b12f7dd6bdc9463dcc49bdc41a60688a8203e71c7e
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\hero_tile[1].png
image
MD5: 60e1910d77b2f40536da8a50793f5e8b
SHA256: 2fcda32a86bea80fe0e301f3faf1fc81a48f05447fbbdafce096449da26745a2
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\engadget[1].svg
image
MD5: 892a5ac02a6abd105eb9ba14b81e07a8
SHA256: 7d3b708fbcbc101d8f5b68141e4c4b9121b41df5f1e302e416cc0572f284cbf2
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\share[1].svg
image
MD5: 2278b27f4ec7326ab53dd04d6e06bde9
SHA256: 5678fc26969d953c1fa2c0b974765f128c2bcb8aceb3772c394d0dc28529bcbc
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\techcrunch[1].svg
image
MD5: 44fbc166c94a965e001e1688b2870e72
SHA256: 096fd12197cd5f5acffea61d3ec1991fb2af8f0ee8990a8b59e53603b7deb90b
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\fbevents[1].js
text
MD5: 172b235cd3cdbeb7130bd7ce85dfdfbc
SHA256: c7ffb5c7a2fcc93bf5553df1f27de7c5b2dbd4affcb74fd0bef82371e4e22caa
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\cnet[1].svg
image
MD5: 79a04000dc5bcf2ec481dac7de05c966
SHA256: 4a6e3f47b36c1d913d3668a267bb7ff140355c155006369e43f1b0ef194804cd
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\gizmodo[1].svg
image
MD5: 6fffbe8329fd1b1db524b68b798566ef
SHA256: da1f290293d87e51ba8fbd2a4a4c44094e72985b7676f3400fa7fcefc0145ffa
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\lifehacker[1].svg
image
MD5: 015e34d1dd9c715d3df025f179cdbc68
SHA256: b9254e222506a048b2b493115dc79a2f3fdba6fb2a9637f9f57bec45ebfdf167
2628
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: a301c91c118c9e041739ad0c85dfe8c5
SHA256: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\analytics[1].js
text
MD5: a477b40dcc869e74d6414e8e42e36844
SHA256: cec3748d0c3da4700300d5424aaea375b03550b0ee8b3dd38e242c4022261446
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\mysteryman[1].png
image
MD5: 574adb413f3e0c8c01c65c769586d88e
SHA256: ff625a6a84ee08fbbcea53ced4e002152c2b537bb3dd4513069ffc5f7c6fbf8d
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\dropdown-arrow[1].png
image
MD5: 38e768ce66634f81140d708a50639bbb
SHA256: 688e5d45277b4b3124049e8bc02e126a3ebe92b6ecfa16670e21977e45c0693f
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\dropdown-arrow-left-white[1].png
image
MD5: 95b7bc21081e914b8efb82dd61289914
SHA256: c0e66134c7184a8bbc2c96be1e9813c931634eb4d5bc637a3bca724007505aa4
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\ico30_reversed-v9[1].png
image
MD5: 519123e78c7e83562b179675bc1dd855
SHA256: b631408bea7aff541f7bd43245ad71f824c539efe5675ef0573299b61575694d
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\mf_logo_u1_full_color[1].svg
image
MD5: e09b5af507bd602ad839b261fd897170
SHA256: bfcc5bc8242d357752657942690541bb3e4b907384af1c56586f6466d7116db2
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\ico30-v9[1].png
image
MD5: 34cc27c50cb0096c6092d26ac85303ba
SHA256: bdaa84d1fdf85bafe867de76f874a01c46da85fbe940a0dc800d65b06e0ee95e
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\smArrow[1].png
image
MD5: 1f0619e3ea0f3021fdf9a10aa64ee8fd
SHA256: f9a75024e53f8a3e5ef92e12c87457fbfacc5508a5d7fbdde9126ee267e8b70b
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\dropdown-arrow-up-dark[1].png
image
MD5: 680b85078bfb656231c0860a023c468e
SHA256: 5de1b000a3854133d21167d6e0991cd2e12bdf955fa17ac36b068f6cb298ac59
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\gtm[1].js
text
MD5: e5c20e717eb75e285c03eee61c99a2d0
SHA256: 8263b1a87774cd2a097002ff6278e1dbe236376dce034624bf204d8818b63fe0
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\mf_logo_u1_full_color_reversed[1].svg
image
MD5: bcd95cfb6b9474dba955aab2cfe0432b
SHA256: 1a0ec73a3ca7f354865d6b95401c50627fdf5a9b0da763a6f75fa818fd775b55
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\master_121309[1].js
text
MD5: 4c87ac5b9be1f7829a917cc8315719ed
SHA256: 66583bab5bd52d784e4f1021e001da4c8d827821b0f99a71c2a92a3933ab7032
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\ie.css_121309[1].php
text
MD5: c62a41328879f16c69a2cb9b0e08fd96
SHA256: 2ab1c7856c7370b9d71c68118559c7c6d769a438d8659592b882278b22c73dee
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\ie.css_121309[1].php
text
MD5: c62a41328879f16c69a2cb9b0e08fd96
SHA256: 2ab1c7856c7370b9d71c68118559c7c6d769a438d8659592b882278b22c73dee
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\js[1]
text
MD5: bf525d6f238e480d8dc96abc06542c54
SHA256: 1bb242764ddfdd8d416ace07022fee00c96ac380ab79b5018c00d90c9d72f427
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\jquery.min[1].js
html
MD5: b8d64d0bc142b3f670cc0611b0aebcae
SHA256: 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\api[1].js
text
MD5: cadc33be85b9f991918ab1ad7957a255
SHA256: 4f7d4677ad7bc2e403fb84eb831dd438cf003d07e335cc8edcc0a50a12bb36a4
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 5f4d4bc11d64b6cb605b7030c1997270
SHA256: 1d399c4617f5da6f7523d2816328c84de6e5cdf4325b2a40827c2d33d7ef0fd7
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\mfv4_121309[1].php
text
MD5: 3f58d8118b5e924ff28d7963f385101f
SHA256: a3e182205d315e7d1dff5ed7059036182165328b635d0edf6d9088ac3dd8a11f
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\mfv3_121309[1].php
text
MD5: befaf705fcc22e8616aaf699ab39cff5
SHA256: 11c5ceb307b04294567fe487fe216bb06df72d65dc248f8bfc29390514564a62
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\mfv4_121309[1].php
text
MD5: 3f58d8118b5e924ff28d7963f385101f
SHA256: a3e182205d315e7d1dff5ed7059036182165328b635d0edf6d9088ac3dd8a11f
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\css[1].txt
text
MD5: d2570265994455a6b680c3bf861bd52b
SHA256: 3eafaf86b883748c082621dece7eb205194b5a6fcaf351e1e7512eff33e8a605
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\mediafire_com[1].htm
html
MD5: ff4f34ce8dccd6c8ea3a911cf3cedc19
SHA256: c057ff3d9e692aba31a3c29a01cafd33e8b1a31e443b4f823f474c93b97c556a
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\mediafire_com[1].htm
html
MD5: 250b6e16ee1e0f62d1049bf5db271469
SHA256: dc73e97873a4c4a9bb650dc5abdd7fe004d9809b4cc4a0229d40a3a2fec5d66a
272
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 809964e9825427c27a3f3407f41447b2
SHA256: ff031d67db0df036f1d944f8f31a1d5606e86b48a09a63d1852c9f23e1f129f8
272
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 5d9d02ca7fef424c0304149e47e7f701
SHA256: 059ff6e4ffe3779da2aefbce7df36ab25ab06fd2021ac4e71bab5f4d8349fc3d
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 66d20d9cf2322c4b662ea6e754325cd7
SHA256: d6a4c1df6554cdc6d56f1d92fd09f3d7991e3620151f00db51d55c8ee260c3cc
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\http_400[1]
html
MD5: 1960097b221e608a79d278c7959b3c59
SHA256: 1bcaf35ca02140d731e6a3ae3d3d6a5ea49ce7e552728457f790919a540aec78
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 2ca7b5ed6154bf9392c8defe3d430b63
SHA256: 6593d6c801dcedb2e96943732263e972eb1bce4053eed10fab83b821157ae48c
2628
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2628
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2628
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W85AV1OP\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D30Z31L\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TD1F8KS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU8OX4CW\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
272
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1eeb7ab33bbe243bd52fb34320c1a3a4
SHA256: 8e805178273a36bda7046a6aec2ee7725f989625782126b7dd073a0ab8642016

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
32
DNS requests
19
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2628 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
272 iexplore.exe 205.196.121.144:443 MediaFire, LLC US unknown
2628 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
272 iexplore.exe 104.19.194.29:443 Cloudflare Inc US shared
272 iexplore.exe 104.19.195.29:443 Cloudflare Inc US shared
272 iexplore.exe 172.217.21.202:443 Google Inc. US whitelisted
272 iexplore.exe 172.217.22.100:443 Google Inc. US whitelisted
272 iexplore.exe 216.58.206.8:443 Google Inc. US whitelisted
272 iexplore.exe 172.217.23.131:443 Google Inc. US whitelisted
272 iexplore.exe 172.217.23.138:443 Google Inc. US whitelisted
272 iexplore.exe 172.217.18.3:443 Google Inc. US whitelisted
272 iexplore.exe 185.60.216.19:443 Facebook, Inc. IE whitelisted
272 iexplore.exe 216.58.208.46:443 Google Inc. US whitelisted
272 iexplore.exe 91.228.74.209:443 Quantcast Corporation GB unknown
–– –– 147.75.204.222:443 Packet Host, Inc. NL unknown
272 iexplore.exe 147.75.204.222:443 Packet Host, Inc. NL unknown
272 iexplore.exe 64.233.166.157:443 Google Inc. US whitelisted
2628 iexplore.exe 104.19.194.29:443 Cloudflare Inc US shared
272 iexplore.exe 216.58.205.227:443 Google Inc. US whitelisted
272 iexplore.exe 91.228.74.225:443 Quantcast Corporation GB unknown

DNS requests

Domain IP Reputation
download949.mediafire.com 205.196.121.144
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
mediafire.com 104.19.194.29
104.19.195.29
whitelisted
www.mediafire.com 104.19.194.29
104.19.195.29
malicious
static.mediafire.com 104.19.195.29
104.19.194.29
malicious
fonts.googleapis.com 172.217.21.202
whitelisted
fonts.gstatic.com 172.217.23.131
whitelisted
www.google.com 172.217.22.100
whitelisted
ajax.googleapis.com 172.217.23.138
216.58.206.10
216.58.207.42
216.58.207.74
172.217.16.170
216.58.208.42
172.217.16.138
172.217.22.42
172.217.22.74
172.217.22.106
216.58.210.10
172.217.16.202
172.217.18.106
172.217.23.170
216.58.205.234
172.217.21.234
whitelisted
www.googletagmanager.com 216.58.206.8
whitelisted
www.gstatic.com 172.217.18.3
whitelisted
connect.facebook.net 185.60.216.19
whitelisted
www.google-analytics.com 216.58.208.46
whitelisted
secure.quantserve.com 91.228.74.209
91.228.74.225
91.228.74.197
91.228.74.206
91.228.74.195
91.228.74.212
91.228.74.188
91.228.74.228
whitelisted
static.hotjar.com 147.75.204.222
147.75.84.99
147.75.204.150
147.75.102.227
147.75.204.174
147.75.83.123
147.75.83.163
147.75.204.210
whitelisted
stats.g.doubleclick.net 64.233.166.157
64.233.166.154
64.233.166.156
64.233.166.155
whitelisted
www.google.it 216.58.205.227
whitelisted
dns.msftncsi.com 131.107.255.255
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.