General Info

URL

http://iplogger.org

Full analysis
https://app.any.run/tasks/6e4f9c64-d009-490d-95b9-2b6119f8d02e
Verdict
Malicious activity
Analysis date
1/6/2020, 15:31:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

evasion

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2788)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2788)
  • iexplore.exe (PID: 2308)
Reads internet explorer settings
  • iexplore.exe (PID: 2308)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2548)
Application launched itself
  • iexplore.exe (PID: 2548)
Changes settings of System certificates
  • iexplore.exe (PID: 2548)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2308)
Changes internet zones settings
  • iexplore.exe (PID: 2548)
Reads settings of System Certificates
  • iexplore.exe (PID: 2548)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2548
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieframe.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\version.dll
c:\windows\system32\devobj.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rasman.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\url.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\imm32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\duser.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
2308
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2548 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\sensapi.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieframe.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\p2pcollab.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\atl.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\schannel.dll
c:\windows\system32\bcrypt.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleacc.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\rasman.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\credssp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\jscript.dll
c:\program files\common files\microsoft shared\vgx\vgx.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll

PID
2788
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
428
Read events
0
Write events
67
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2548
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A8E9ECB9-3099-11EA-AB41-5254004A04AF}
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E4070100010006000F001F0034008001
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E4070100010006000F001F0034009001
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E4070100010006000F001F0034000D02
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E4070100010006000F001F0034002C02
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
43
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E4070100010006000F001F0034007A02
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
29
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2548
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E4070100010006000F0020000E00C203
2548
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2548
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
2548
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
2548
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
2548
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
2548
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2548
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510
2308
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
17
2308
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iplogger.org
17

Files activity

Executable files
0
Suspicious files
0
Text files
39
Unknown types
6

Dropped files

PID
Process
Filename
Type
2308
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: bbd8789545724dabc2ddc859f22aa552
SHA256: 32848566fe17ddc96822a65efafd1e07bdf15ad5bdc859b0f0e2d707bd7db4fb
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\logo[1].png
image
MD5: e7b246ca7a81b06d66c50629b0467959
SHA256: 1afc62daa156b73b5b14d454e570abf8d2a715043fa73c44b0404a91bb8e47e4
2308
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2788
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2308
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 26be0a65bb3d6c4e6c2a18b457971940
SHA256: 77d23903bf479dd1dce3e3b8d9c2e1ef5dbbc2487a779ef819753555eba3eaa4
2308
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 9780b8d306f2fa555bdfa1215153027e
SHA256: f5466f5d3483d6b14f79681372d66b6f6585ef29c3b0ed7aa81b55bff8beb7cd
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\analytics[1].js
text
MD5: b66b3b5d54e154c81a50880cdcd7e5f8
SHA256: dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\aup[1].png
image
MD5: e50120d0cee1a68346c71c48098675f7
SHA256: 54cfe8af32889430a341d046e1ae9567a6a5e10ebfc57a89586ce8d3d47e2e2d
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\load[1].png
image
MD5: 81feda42d7ccbb826a0056147e5140e3
SHA256: 291eb88d3f4e4c835153a61f82a38a4de111d5e4370864df6f1ab9800c71f5e3
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\search[1].png
image
MD5: 75c4360269cc633b7b6d676274df5b6a
SHA256: 59f161ea8a2e56141d271f2ead1edc38b43614aa40b7ef914526f96fe9da3511
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\font-awesome[1].css
text
MD5: 269550530cc127b6aa5a35925a7de6ce
SHA256: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\geoicon[1].png
image
MD5: 3bbff33fc55405a2e454e6d78b71bdbb
SHA256: 79c9be921145ac273869ef3696081ffe91f26473f1e9b656f5b302a7459ff7e1
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: fb1abfec8b83c2196129a5c1a7c5d161
SHA256: 8f6fc64c3b30c8b8daaf59acf8e8ed593ad79cf433e1cd56df4d65c3ddd47a20
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\leaflet[1].css
text
MD5: d1a8ab27978cdf7bb95502a041f0d6db
SHA256: 611e07ac3138efd12961981e4e441f81526ad3cfb6efb517c4c2db8bf60febda
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\96x96[1].png
image
MD5: f8c5652dcfb6b34bc9c021fb7c6388aa
SHA256: d6782be5498d02810b2b100809425e8d72f71a98d969a4dda0d9df4b76fcd43f
2308
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\BR2J0ZY8\iplogger[1].xml
text
MD5: 95f74e9ba3b0fc3f45feda1cd1f5499c
SHA256: c21b2b44dbda5c73865a0eb3eae6bcf547dea2b790ecceaceb555acb3c589a37
2308
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: e00b8528a0a4d00a8af7717f814a1b08
SHA256: 822999a201005155aeb94bd32688aefb808a7b908fb375c3befa51f832c0ec13
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\f[1].txt
text
MD5: b1becba1d79b8668fe22d46ab6288b82
SHA256: c531a3e0c599861273a8486f7610cdf3f405bdc0bb32fdf9f49d555e6917416f
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\es[1].png
image
MD5: d92a15c775a48c8d2debdf7e2be18d67
SHA256: a404bb411b01245dcebbe340e26271c30779608d9447388a8e541c86b44729b7
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\ru[1].png
image
MD5: 5c7c3efbc358f12647a7f34da40cb5bb
SHA256: 1e7ed8d99e99434211158fce4712bb638abda3296c30b4e20cdfa484116db81e
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\big-spy[1].png
image
MD5: 52722a5b6a500345c527e663b82ffb19
SHA256: 505b9b89a00c10fc2aaa8c8019ade62b4b5ed44181c330ab86e9df689402c45b
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\wowlink[1].png
image
MD5: 6a92339bb6afdfb2a8b82052bb8c07e2
SHA256: b74e7686dbdb660250e3cd26cb406c3ee0197018334d3d2d415af35dca8c222d
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\big-img[1].png
image
MD5: 0be70709b4401d08dd253fc78d7484cf
SHA256: 829c4700ec00eabdb10a86e006053433f2a1447c9c52f98233aaa116cbdb1c8f
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 57228b59bcab0c508da7771b8d243e4b
SHA256: b5f31e40cae00606ebaadcae1819c15033354a7cb9ce35890eefcf391a5bd815
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\pt[1].png
image
MD5: ceffc72b3ed546602a8d52e69e9681f1
SHA256: dffdaa6e3d0e23286162d8a7e3748ee8d4bd37cf57ec4b0a0d9aa044257af2be
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\header[1].png
image
MD5: 2ae5d662f21025bf6e597794b81da433
SHA256: 91e327d57053ebbf6ac8d6e2ee254c2c38f698da1f20fab7e535fbf4f6fb4656
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\us[1].png
image
MD5: 4d9877ce99764a83ea3c3967c0f79b4a
SHA256: a1c8686de0852403b653535c059b45ff3716adc221e30a64c0a479df6a18f63d
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\headline[1].png
image
MD5: 98701847c56acc7059d213676300d26b
SHA256: 063d5a23a4afc05d993addf488c94992b900cb807bbbc457ad770cfacf29d89f
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\leaflet[1].js
text
MD5: bb0fddbb23e81d39cd1a264b4d6d9f9c
SHA256: e8165148436ade4c48e186010ea276df1834af51b04c7129be9de891d688a81c
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\clipboard.min[1].js
text
MD5: d58db7c7cfbeecf08b112eecd8a2c0d4
SHA256: ef447502e528abad9f4b4bbe1a2484b7aa86d02916e8762b9259ff249821e0ec
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\monetization[1].js
text
MD5: f1e37f26673275e6067c026e595b148f
SHA256: 7e7b17e13dd03d519f88050a16ef4f3b50a9bf25f889c949d4376436db40323c
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\index[1].js
html
MD5: f3bbe8e0e9447d59cb2af612a1b509ba
SHA256: d50729f375aa8b5ad6fd7b63e0ca141ee9d885356672cd9c830a9f3242952760
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\excanvas[1].js
text
MD5: c466e683cc30546ee3f295829a0c009d
SHA256: 9218244a85db27fefc81711876fd4c4214426c4135f37f50e8963cec71475749
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\index[1].css
text
MD5: 8a35999a204b588d224e3937324f94dd
SHA256: feb2bf25712d6005840e41d0aae75fe40a4c32f548deca2d44125a66949d4f99
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\iplogger_org[1].txt
––
MD5:  ––
SHA256:  ––
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\iplogger_org[1].htm
html
MD5: 839a6dc84e8655dc401300fef5f4d794
SHA256: 6191eb1073e46416d59ab8718ccbaa7e5c25769ec0163a881090e4eb1bfa4ccd
2308
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: caa9af6658a03012d508f1addb624d8a
SHA256: bb0967c1bcbee0408f49d9dcc283806228909d689679b4c1554c1d8d81fc427b
2308
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: e7eca92774d488c7b82fc4cba7a69f23
SHA256: fe468cf551f12dc0b9f2361647b10a919ce1cb6f6f0e2f8f467c1633467fe92e
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 7711e92da707b70c82d5da6b48abcc05
SHA256: 4cfb512bf16be3abe599424a41795df976550c41efd951403cb28ab347c7bbf1
2548
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2548
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWV8CO7H\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CWLL2NIG\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH8BQ2HK\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDYQXTZS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2308
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 43f940824bfa15b8a19500b8cb1e3e44
SHA256: a14f9d6ff05ab287e42b9274a07399ec0668542415f8272e07a25ed52a88f5db

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
27
DNS requests
11
Threats
11

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2548 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2308 iexplore.exe GET 301 88.99.66.31:80 http://iplogger.org/ DE
html
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2548 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2308 iexplore.exe 88.99.66.31:80 Hetzner Online GmbH DE malicious
2308 iexplore.exe 88.99.66.31:443 Hetzner Online GmbH DE malicious
2308 iexplore.exe 104.16.126.175:443 Cloudflare Inc US shared
2308 iexplore.exe 108.161.189.78:443 netDNA US unknown
2308 iexplore.exe 216.58.208.42:443 Google Inc. US whitelisted
2308 iexplore.exe 94.130.135.12:443 Hetzner Online GmbH DE suspicious
2308 iexplore.exe 172.217.21.194:443 Google Inc. US whitelisted
2308 iexplore.exe 88.212.201.210:443 United Network LLC RU suspicious
2308 iexplore.exe 216.58.208.46:443 Google Inc. US whitelisted
2308 iexplore.exe 45.60.155.5:443 US unknown
2548 iexplore.exe 88.99.66.31:443 Hetzner Online GmbH DE malicious
2308 iexplore.exe 173.194.76.156:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
iplogger.org 88.99.66.31
shared
unpkg.com 104.16.126.175
104.16.123.175
104.16.124.175
104.16.125.175
104.16.122.175
whitelisted
m.servedby-buysellads.com 108.161.189.78
whitelisted
ajax.googleapis.com 216.58.208.42
whitelisted
pagead2.googlesyndication.com 172.217.21.194
whitelisted
wow.link 94.130.135.12
suspicious
counter.yadro.ru 88.212.201.210
88.212.201.216
88.212.201.198
88.212.201.204
whitelisted
global.mf-realty.jp 45.60.155.5
whitelisted
www.google-analytics.com 216.58.208.46
whitelisted
stats.g.doubleclick.net 173.194.76.156
173.194.76.155
173.194.76.157
173.194.76.154
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.