General Info

URL

http://www.rules.securestudies.com

Full analysis
https://app.any.run/tasks/9f85e407-4f7f-4343-8e70-d3a79c624fbb
Verdict
Malicious activity
Analysis date
14/01/2022, 21:35:12
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3096)
Checks supported languages
  • iexplore.exe (PID: 1252)
  • iexplore.exe (PID: 3096)
Reads the computer name
  • iexplore.exe (PID: 1252)
  • iexplore.exe (PID: 3096)
Reads settings of System Certificates
  • iexplore.exe (PID: 1252)
  • iexplore.exe (PID: 3096)
Changes internet zones settings
  • iexplore.exe (PID: 1252)
Creates files in the user directory
  • iexplore.exe (PID: 3096)
Application launched itself
  • iexplore.exe (PID: 1252)
Checks Windows Trust Settings
  • iexplore.exe (PID: 3096)
  • iexplore.exe (PID: 1252)
Reads internet explorer settings
  • iexplore.exe (PID: 3096)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
40
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1252
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.rules.securestudies.com"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\version.dll
c:\windows\system32\profapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\credssp.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dui70.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\duser.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\sxs.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mlang.dll
c:\windows\system32\devobj.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\tquery.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\actxprxy.dll

PID
3096
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1252 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winhttp.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\webio.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\mlang.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ieui.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\winmm.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\mscms.dll
c:\windows\system32\icm32.dll
c:\windows\system32\uianimation.dll

Registry activity

Total events
16572
Read events
0
Write events
157
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935438
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935438
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{DC31AADB-7581-11EC-A20C-12A9866C77DE}
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E001500230010005600
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E001500230010005600
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
38BBA19E8E09D801
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E001500230010005600
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E001500230010005600
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
7E7EC59E8E09D801
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
7E7EC59E8E09D801
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E001500230013001B0201000000644EA2EF78B0D01189E400C04FC9E26E
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00150023001400560000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000CCF5790B5FED6624A2121CB23883B89651A61FBAD9EBE42C08E7FD0B8B90D22014C0348B87AE92D52E6FF7804D892E2568270F3854891EEB25AEF003BA5BFD0A3EFF1C17C110CA0F98E8F9FBCE3C25EDCFAC2D1E4218B9C533A2E8F9DA9FDF118AD3F5D8B4B31C993E9F1D0B0939A27AA857D8F9FB374B7D51E3D271D8FC4955D55CC369D2378CB1F1B29DC1471ED82A444787F6418839C54791DEA9B512601A72BB0306623DC1887A4338EDEF8C9778009CD8F529AA380541CC6C4F108141A2770E0A044B6355CBD77074764D2444DD0476BEEEC23C432D77B4C90A51E927910C76A8A2654A053C0C5A4393C184CF3CBCF45BA751E0D095AD6965D74DEACCE322144626F6925F5F81224FC5724E95E5FD3808B5623514F5E70B2F290B246D7627067B44BFDB90341FE7B9AB1C20F120216195D4C0DA6360F7BA5FEA7F37CC1AF46D8BDF8AC50B029BC86AA39C9B3A4B4D8FBA8B1171935BFF96F03EC8C21C408869F61779F14B2F0BE78F352E60348A95E1861F66999C02DABF821EB4677629581B75A002FDF12C6F63E25D8B0D9D06D17974D8E4F10A35CE5533C1ADC572B052A1BC71088A8E71E65B57927044ECBC10769294661B28DCDB78E7D0977CB6A0D31C89C4C73867877FF1B5ABE9A38DD73DF80CB270B6333CD948F075FC2C769D6AAD395ED2A7BB1DF94308929DCBE8A5731FE33CCE61E457B1E5182F1E758E9325728C2BB177F43D43730CBE365D9610A40A957575BEFB61856F267C28F7E5C7DD8CC4305449E67D9E9FB3899FF765B1FBDBE1A9AE6BE93FE306F1514D522665DC1BCEC12FBBBE4E42E9934E513B39694FB11B52D40AB11CADCABE6457268DA84A405812796EBD56D16FB25BA6C703954DAC0E8B393A690C8ADB5B426C133B9717190C111A02CFDA345320B0993C19CB95EB33D99E9AAFBA9759B43976B97D41D7C71695EE178E38E3B3568F363B3B26EA90763BE8CCF1339E64B611CBB7C39CB36A65D7824DE2731FB1E5DE95623327B0BAB290656FDEAF991C4F9480AF35E975233842F74428CDDE6B1459295322233C89AD4D9B22D37A2DA25DE5CA40AAA8FB10D68C7D9D2E6F08030E8FBFAC67417F1DCF80BC875BE56F1408ABD70A3F23BC52EA2836F61F2895978EB39C0E3208AA957124533D104577933C08E0ADF27F610A44FC1CF0713415497841281A79808D13C4C586E3160B683F93611DC924680B56AC70B12B8E17B1377567846EB7DD21B60A79D81BB1E312385DFA7BFE5744CF576BCEEA47348BB7832E4C31AC5FC1309E301E338461E95E9EB45835EC5FFADB2DA9E890E4D374794C941DFB723C0796EA06F4F5BD31E65D9140810233B64A59F9941A7DA34FF1FEB122F170628624BBBC8C7DE668EBAA4831B0FD7D733AB3E1D9D9955A22057163D459731A1A2B16EB3367B76224256A6F9E71B7984BEFE7BEEEC2F9370251E3C9D3D36AF73B0BDF1F6FC7999E90DA3203F8259CAB5D81D547591445A1E348EB4DD0BD056C663F972990B9EF7B4E0C6C525F871CCD48903E28388F10DF657B3199E95EFCD639700A97B56C7A41FD246B34F3856C9BAC4CDCCBACFB1BF82859B95B4067827B56BDE3C000BE65BA3CF51519D427A5F829D9159ED5812697CC404EA3F32A031C5B5D720D901E0C00AD589309222FA5CC5F174919D44E2442F2A7FC3C24FAB8B1E9ABF05785690D3DEFBA0F3DFD51CD20EEFFA035C73CB001387E9E82F1DB0567A1376963FFDAAE96A16F904B85D78755764778C4CFCEE0773FA4712A7C76AAD9217820E71D63950A65F3D1EBDAE3A25F972455620D4662B1A73DC889E300C23E0B6995E3016FC57FDA143EEB1CEF7555F1FC6C6B9F65DEB21052BE1C48329844FDB00F2BCAE4F8DA9F1AEFF16BE3DB5924A8B8EEA614BF9C1AB205D0C9C0428098D6BF4B9812441756B5BFE1E7C4FB94CF10A18342B33A766623C21B88C1166F7DC169898A3B0C7C9E906CC6B021E1B594CB3057940DAB5A92E2716BA453E8C94A65A7D9C21D46C716E8CCD7E6E0E4B7127ADB03BA5A40023F18E8E93CB7196DA175B4035F0B113E60F90BC0A9EAE3DAE9F6D3D9D56BF8E80D705A6272587EA72035CE25811A97771BA603D5198148DDB939F56D067CEEDF9C0E75A36407078068202232489C43CEE6F19BB656DDE612223537046BD0F6B68C0D8E4E349B482C1A834B96D3684701632F3AF780139D20C4E4B4C025D38B547E7BD8DE00FEC684D4D262DD440A6BCB30754AC4B7BAD4C13F40429F5427087310B8B045EA5D165338279A3CBA1438C7EF0BCBB31BECC46933D5955419D33613E337FACA10EBCFD5E478704755B4692A3FDBF4AECCDE8C6A407FFB2192722C1C978E852994984C9E79FE698434C8B1BABF27E89EEA7B1E7706809CD1E0707587CCA68EB694BC3B3598DE62CA79F1CDE911BA74A19597F29F248F589523B291AA2245440A3230FDD6DFF66C5243F4EB2BD4C3E88EED5997EF3CE2276B7C01C39839EF63B38C44D64AF0D03D27B2F05F84A7A8F376133801DEED9912E109B02779B201E40AC406F0FF695F2C3FE679A4DF2CF79A6425B7B9ECD7C2BBE9EBFC25772BDFB0D6F8802ACFEBCBC0B4FE94B355021938674494D5EA9AF47021435D2B0345BA71184A34B9141737D3C71C18AA9EC80F926990CDBD14D6C3D5012F50B7ECA0D2689DD8CF96A58BD238045F19BAFD2024F84E29D4C57B2B1D19C3D029B9CBDCB259E7C4B0C345E99D024BE7A4715CA9A9795E2F289724396EBC8046A93AE799010000000E000000385835324E41646D516B412533640200000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A30000000000200000000001066000000010000200000009A0539DBA4DD2ED5FD617080DF881DD0B81A5AE3AA7330090885581B5E70C0D4000000000E8000000002000020000000EDEE1ABCDEDD596159A7474CBFDB036472E7D380AC37CD49A6F6962A03A5DE30500000003AF403F7875092D1FBAE325C42B7A7B06B9AD4A71EE535D3D54BD8A121AF07ACA76EF38F334637CFA3537AF9289F48BBB32E92E61869B22CB83B1A7C9DC7FE144ECA960C6C5809AFD0341368A80ACB494000000032D720603E13131A2023508601501CA4C2337F4FBC14656B4E8D0A2479D801DB4A727118BEBF9722F81B702BDCC794DA167DC1BA0A2DC9E96C75C13A8BA5E590
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A30000000000200000000001066000000010000200000002AD749E81D1C1F6D82CE4935F22BB6DB72E789EBB401BA8DDE4B340D7AEF314E000000000E8000000002000020000000BF22BF64F1D6D157F671887E4E1CC78710D1CB4E80F6C08A795C995C39EDFBD810000000E2978D8053F0564F32C438BE7D627A3040000000DB47476B7397A3B5DA5B52B63F32BE33A9E753C11BCA7C2B32365FC669325124E7BE106D4FA36FDA4382A9845BD180C76AD0C5592BD27852A3CD4AEEB51509ED
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A3000000000020000000000106600000001000020000000E4C4069F32DC199C4A4135108223C03CD89EBB229D0227D03215BA3EBC18C670000000000E8000000002000020000000FA5F8146B6FDE11FF2B5C87A95C5021A5061A3AF794F04C4B74292C3F031D6B71000000062D6AEE0FCA3CF0DB5C0A3926478675B40000000EFD41BE4395E135038E00CC1734F93006D38D8A7E0ED26776F2E2BBDF5477CA591B4A7CE3C70CD541A540ADF60CCB4AA379FB707A5AC3CA4B0D5DE577CCC1E02
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C08000066A3132E91CC849714BDA1E57A5AA97C0BB46591AF2AE66B96F2DF5F29169951EE37E8CAF92EE906D8353563015DC5DD4733BC3BE8CD0DEF6FAABB8C0E1097E01BE99E1E0F3AF839E1B3AEA19303655D7BDF00B914E9047C28F612E5F44B2AA892D751EAA68E51B73456B6C4E23B037750D818DC2E1EE1C8CAF7D7C1E3674130E823ADE254CCEE6F5E3E45BC47A4FA166F3EB5BB350CAC0B9BCD85048204A22D52ECEBC6FC92AB8E8E8A3CD6B8DD92D64131E2EB5E53F6555D99791B6CC3038FC9519B3A3182C5D9F35CE4A6C688C65603D1548638937474B379D243014264952A74B17C5B3AA39DA5D3D4391B446B9A043E1604B86BF56AF88E4E306922B8FC9E7334E1E35B282D630FF497AEB0267F23981EE48A7DFF7711F947EFC703B43B4670FB284D86BEF02230229C546E7A3D25FFB025E368F4AC35D8CE28C885FEC8D5892B9ACC5920038655CB17551DFEF93993E88EDBCCEF11CD4C03ABB8484D7836E01CF947761A61D3A07C46FD5CD669517438C5D849875FDF757D49BBEC7CE5F19305425C7B2AA84730DA9215CDB6852BC20E3AC37F0A441974EA031612A6EC7FC4813D9B0936647A2517AC5E0F7149339DC9DD6D0E3A397C67AB874F580837D69160DF41C11BEE009FDEE8C3C1CE887A2598AA55967CEAC46FE4FA775F6DD55E1C4177DD413ADBB8BD9DFC4485DFD1E37A76FE54B70D2E6EAD7718F1C782E4C8833BB17E2BB5FABFA130FC60FA965EE6BCF6BF44113C88243F4E9BF83023551BE81C670B1DB9E4656A5EB2C8BF9818F30B3E5B6E446344C8465AFE9D3A93A78569DD40C7B8211841388D42087614AAEE8750878EEFDC1885E2C185708672D01F2894212C9DF5AACE2A42226ABECEA1D550F7DFB9B4E8604434CF9C44B2C61B6344176FDC6AA384C8621E56DA36F5A3DE867B4CB83289DF065A8B82105FB42EEBDC741B7EC164330CFFA80D2080C1ADD7496C3ADF09A219CB751046EA2DFE0D71124088F540C3426621E282663B6B69CEB9AAA5FAD930394CA6F112DEBCEA36F604B738D4888A3061E80F309106D38CA7F66FF00942B885230BBDCB97ACF4CD4FD49E4F393A71E9AD73A15715838C4F9820FA8958E45D6AD1C592FB549E28D69CA0CDE1C9F478D3A5E4ABD1BE509BECE2579B6A425F1E0B7CF4020E4730C87D428A3B141B58B3724F5A6A38D40F8732F4BB045A5C53086E43B982DC3403D576D3B0CF0EFA04D49449F59054285F7C2ADD6C6B09206012301F32AC8C1EB7016225346EBCA599AD0E82D4EEEA80DF87C3CC8AF8F777264BCB89809FBAE2ECC34B9A34445929B8470DDD199BC6EE31079F8635C52FAB44E86CAEC30BF7F2421C3213D206D793FF3EF1B2E30D2833F4F3DAC78D4BCE905C5E5D741C0093E75974A37E2C940B41109BBF3C526F71D1C754F52DB3F958CA0D7AF7A2A9BEBB76D253660164B4AFF2895B217D86E92DE04CFAC46BC52AE8C6F7F82AEB8B5BE97A4B3C359D984132980B50EDBB9EB1676F22367360E49821FEBA72973AE358981D6529894BEACC572437134BF3BC214B82E820967930DBFD37F64E301CCFB058D1C0EB73AC7868AAF4AB9A602DFFF41AD9400E4E10C917602D4B077491704029FAFCE688B664FEBA2209718F9087D7735BC96C7A5ECF96827F59D833DBE6B22390B97EDB20CD7D32F0EF06439F7375E4B822A5F95F62B42C5EC09AE65D52C87A6C98EB04A9D25DAF3CFF2A52B3E58ACDE2EDEF0059A284B941204394F6D215C444374E423895AF791BD7E5E9B5FC4D9B6EC9EE7711AFAEF59C186547AF8713981D37459EDE345C029718E90C02D87343EE5586700FA9B3C1B14A50174692967BF7387D2A13D131327C6323A42899F51F6F3338A8F2B09B8FA5556BBD28118A1C95DAC749998AF88CD656051BCE5ED7104A02B4173DE4BCA7D6D94CBBC92581E1A4BD620E5F81731E6A9358909749CFEFF6610F9911654143FC76BF118FEE7EC2AB81799EB4D4383E02B8868F5679F75601F2499957532C74C0CC7187678D977546C71EB32DA553209B662967400E16B25D544AD820CEF3DE507B5F7E3920BDF01B2D36238412D031313EA4FF3D2848A886265E3E4AF66D3F4023C35A96C93E2F1F547E7A2A3DAC4D93DED74EE7E63ACA1B0AD1BEACEB61C65464417B6BA6C151FCDCF9A48B44F6BA60E8EA54FD6A5C9C3D9FF247F9CD953C5DDE94BC25D8E60BA265AFAB1749D1FC02FA5FA93DD3F3E6C984FAC6FABC98016831FF92F17FDE5C928FF17E9B6AC97593B5139C4541DB5C5E5BBE3AF6D824CE9BFCCCAC91BB53A070FB47CD03C992D424BA66E490D3129062C392D6D6415A50E0E19F2D45AD68E80547ECF167853458E6A7C1D9D4ABBE36DB5B0C348C173592AA7FEF721C73F9A90E143FECE6BDCADD241E954911E8C0BC61C52E95DD7AFA34E5764E67D52E56BAE702456E6B93C8C1F2BDCBD223AA872A6AA02B37D48AAA74F066EF6E63FFF99BC3B104F2E525BA918C25BFD17B11015BC88BECB5AB67180713EFDDD829041018B8C1ABE852958A8A77F709E29F3C897C1E28117C833114BF2BB19EE8C75E473121D3B4F1CD01C6EBECD1F4EDA94DC1E7FB15A149D20845064D4CDA6CE62DDA577A852527538B62155255CDC701631643CEF43DC2B40C502874608AE1549220FC36784278DF512378C521F65D4B9EBFF8276449128D5DEC65418DA72D05AB5A6B0D4C291235754D5B97D6C375AC1DA3F89D04589F8F1BBEE26B738FE2C09923F7E2A173DDBE1585643615D2FCDD028FCFC77643CD9766355C9BB117179F7CD176BC176C0456534101C17C9AE4806CDB0A37592ACE8A5EB0B0FAE980CC2375DD11D94E6C92B74D62905BAD04923B7B32EA8D4CD1872C240538D2BAE7E4A3A2315C68E79C190F257B65FA4627DF2F4F3369FAF1B68161D636EFE1C4A2A8E02442C474802C73DBF9E699DFE88CA2B9073F905CE7A5EC7395B76CE8A7BEE0671CA84D0EBACB8211EB72AD00349BD5C5C54319C5CDBBB1798144AB19032A7859A8F89EE435E1169F19CDF3ACC8483E0DA81E65EE458C955FBAB9A13E7871B7C2E9AE5BCD91CACFF5A563D90C4612AD53D04DC15DEEEE6C586055AC36A6E60589FF67D6010000000E000000385835324E41646D516B412533640200000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A3000000000020000000000106600000001000020000000032701F5B9F509FA9314452AAB348E6686CC063147B2E2A358CF9AF212F069F9000000000E8000000002000020000000EC4ADCDAF5300E4A95370BC3907A37F99A8232A1DA20A7DE0112790A263DF6A450000000D2B09D1475F4F44C7E0E176D2E9C654932B69F763285B9BAB277B5066CB72997ED36E6952EFBECC823219C3C775DAD25B21D5C4EC094AE678275F8FF76A4C8E5E3F02211B11987A53533F59E53E71EC740000000369F9C70570A7FDD3E804E7B6F73C83C1EAB724C8AF96CAC6A793CECDAE4BF9FA3F8A1ADEB56ECEF791C0AEFEFC0FE0890EFF824158646E162A98789BEF1FCBC
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000DB27555D32534EFE29EDEACCD536ECC70E2D10F09C131B03433CA262AE2EDF878312ADE13A33717B156DD170BEEBFBDA62EC3ACD7B76DEFF1A348732E9E5DF3E460EEADD2CE0BD61BC85A87ABC406FA53E0C4B50C7B593F39D9586713361C977BFBABA76257A2C55B9D720BB7DEB8782F52D4A075DF20C535F00AD6844C21C6A15B88FCE3721D799A3026274280A1789EAEF2D22C64BB03BCE13A2B38527A2647FA7BE933FF5595AC3A6B57EC7BE9213A4F292CE4DE2DA646870CB70CBB2BF3F942677A4521687C2AE631805A927B4A1C6D682A0EBD56DE046B5F4FD46824D2347D7CDBF58A4AFE7A8D9F2C504662701613CE90D0B4678ABED83D0470EB7509B2359034D40BF1B7F5EA87BEB019954CC26C28CF7B953E10E447B49A94071CAFAAB4BBF280E875D696F702773EBE195350009B547701EABCFC03B9857AFCF3913084F0789EF1C68075BD108237A5F5D25FCB1839688C5452F78654564FFF3BE351B044CF2C49E90665E6B1F1262314EA3F45A80EA2B6A71BC4A97F1461CFC008A8C09B835BF2D77373ADE1FBBFA789297AEA4F57EB02B34F2CC721A00110A1BB252009C86D8E95395B7C98FA6A15442D35630769F7E2A1BAC4997BDC6E83C05BE0B88F39CA2F26FA1DDCE3AA02CE6F16E3F9CD39206861561B1A42B44B0B41970B3403AE6DE680CE8B58CB27C5B4C6F7606896097E75E873B7B3B9B6516912AD775CA2AC9DD6B779D82A3F970CFA760E5E39791E877D4A5F0F1FA41BA7FF3F42776C594F7C81BD69FA8B3DFF77718CEF3D666E0DFFD06B578BD824E5F7AFA49FAD8D044D2E4988A561C5C3B4A27BD37B3AB9667185D16AB8B30744B81B7C5FBCC328D12D8AF023458433E0A64F5B7CAFA70C8E4AFCA22C0F2D16E7769E376B2D59E9AE62DBF79CDE035F9A59BB52609A25B9AAD8B4B4C71A853126E1C172C3F2BC699632BBD1DD71C412D58C75F2BF11132AD05B8CCB218C9FEFE3B874D076B352C291700960EFF413B7A49F409E45E1A0BA134CF29761E55B9D37442992677729BE96969D76CB1746C8016AD8E72AF25C2164675BAB6D9BE363263D9F0AB0C8DF27BC96C9A57B58590DE32D2BAF5AAB19DACF2E16B94724B84B98FAED3B51AC2717E7A328AEF0075E836F2FB018E711CC703FB7BD12E2845890ABB69206457909F9147E338552CCF9227C074FB5BB1BF31BCAA830FA64FFBF6C308F273D838C0FE569C9C79A7A1D0C45127BFB77DAD607875CFCCD31A9C908A850701B930F2B9586C4F7346064464FF54FBAB6F15FDE949CFE68804ACA89F5CF1BD3FE58EA524B77220846A9237E610D061FE1141C076E36A8A21B87A79A79BA565F4551158E1CE0A9F19706B03C16F6541A6DC2297B382E6D625C3A6134D01438C4020D9ED4993D39DDB42B18BD231B3C485CED85A88C8E3363F794FE86EB76910F29105C9C9BC6C81125184FCA7405A30C54F8426136E024242F59427003EB900E0FDB783BEF0772EFB5B04FE8076FA27BCD04486F745E156446D9797BE4FD197D8FA0E30B11693E8270751F72DAE329667AD39BDFA3C211FC8E476D4AFA9524C20162A15D5815F08F2778B0AB6A0A46A704684C5EDB562B1F95E53427104DD31805D2B57E14B7DAE0041D2E0CF6DEF57BF34434CEDDB4406F48C4C205B8E100CE5973074320D8CDAD53346F128D2B328A8C79782EABA67BE224D83E96F688D658ECB5B193EF42B52745F07BB7EEE90679C8DA02D8C9C6BE2A49216511B03F285C803CB595D55FC621118353B89B826C572717F615674F1C3CC2F27C7C5BAE009437AA02AD8639EAAD634F09FB03F15A53E41522F290A971EA982D4013213F81EE870FA4C52FEB0ABB53F58569765FDDEB6D03AD30ED7FE949F363F10B0DDD8984DF2F8DC7944D4C04AF58DDB71137E5F296558C354F8C68B158586BB1B7C221FB5E3BCB00F72A919CCE9AF6D2F1A38250469CAF9FAB48F3D2D0FCBD0AD1A74F9970C65A839C9CEDC11E1DE56722BCB04ECEEB1B66DD2F9EF8EB32C4F9CB26FB6C54113752800E5EDA2D83AC3598DD6A662A22DD39645A5634243CBF08C0CB4CE16BCE53609598DE1DAD2E30418E0FB1EFA695FF1330F31B19B13C7E4D1E3E067A4D8FD804FC765CA1C90F93C5EEAD958210465C987493EF634E73F5C7E7E98359D1B7AEA45360FA913C39CCA8FC010C3749260EF54FC6C11F66E55BA43F077079F257C62F07A2A8B05C1EC46D0F040F5A876713329DF5B1235FB27A723841F74AA75236046C655DB37B009D1D81809A2FD71B6DBFDB3ABF5DA48D7CBF12431D999B78E6FB42E32405EA7132AA11D0B9248FD50C91E73FD299F9383D0A0D04B4D38A2DF98EE9A5F0921852A2BD929E64188B45FE56B09EF1556594D7366490F5BDA0935B31ACB7E83ADE76EB72F5C3AA40A1E048AE13822B347F6539BA8E01BC38E40B0513E362EDE5891FF0F6C7EA7F726055D397A1136709A23B71DC3961021DC846FA306880EBE518FFD485776CD987ED78BC554CECB26CEA0971E923C8FB610DF94CEDDEFC0A664D488CB72A24BE6DBB1AEC6348681E748181573D692360D1FA63EAA4C20E38CCDAFC07281E4C39F8E44E78C4FF7F803ECDE4F3E6313A7230E1D8DFAB28E169B1971C61EE1DCD4986AE154806571D1DFC62767F423E18006F771A14C46F2FB281B46B83CB3C61E4D4BB816F93228AAE4C6B27B36E490620A93AA99706D483142EB74B717D3D1419B27724EB4260A248B8A18AD50FA15EEDA5BE597D25E935721FB75E34DA110DD75BE381A1275F2DFE33A881BF3AEAAC2A4371BBAA5188B0FE239225CDB995D9281C5D89B1570CF7B656FA9E70C825680A3B91E220CA55AF8C4435842DABB360077B992F1CB35C998643161300F3CB6C68BEF8FEE84ACB2B1A3A559B5A3C712C77B29553D80AA64D71AFFD21545CC35360CC1F340F55CB6DC07311CD5C04074871FA6E39D87C956D6D6EC7BB8A1F9126EFEDCE937909A4C18F15C23C2E14998DF8C35EA32B43D3C36D2C8CA37FEE3EC0F743723F3FC8AB204B4B62F9C334B80711F58711DB64EFA97AB5A4DB43D5357BAE01A6A94EB600842516A6F83AB6EAEDCE3A0327CF91FDD99FBABC54D42DBDC0D4AC4010000000E000000385835324E41646D516B412533640200000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00150023001500F602
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00150023001500F602
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00150023001500F602
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00150023001500F602
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A30000000000200000000001066000000010000200000006CA9C4AAA8320FA86B01A34A9A09A23B144D5C40D86AF60FC732DEC2C577E8C1000000000E8000000002000020000000DFEEBAE3B6082A532E3D57EA5FE5B8CAC1F548A6B71905871602F1630E8A2EC4100000009089A75B9CE5CB0D37355285F75197814000000083F0D67D0880996D84C945FCC9FC597EFF10BD2BAEFF4FDF443B38CFBE523AA8D434BB27CF611AA66CA37B60AB3C1EB3A92F9472B0C0C0A5B5C4033EEC1AF32E
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A30000000000200000000001066000000010000200000008C5887F34600C8B9CC17AF6FE80342F85D4FE5B059273BA5F29F5CAA486C5F6C000000000E8000000002000020000000686D5831BD8461225175C7DCCE64EA6CDECD4F827D3D61F20E1AB3AADD1D515550000000CF6590FBEC799C6F3BB3F6648E29D50C622A65E65D9299F03BEA249A711996C7D8D46C3F066C51854F3EB1197D5FA7308C6A85CF7E7ABA8F11D9481944CFDD3B59F2E7E6B5369BFA465F08F33D8311EF400000005D2E1762DDDBDBD8285AB49D890046BCB69A8C07D3BBC9C42C3A60A007B518A73A8D73DC42E4ED73C853BBEF43418D5F6AFD8A65B8A7F539277E4FA55A42FE49
1252
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
quizlet.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://rules.securestudies.com/
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
xvideos.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
fmovies.to
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url2
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
903462AD8E09D801
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url1
0A215BAD8E09D801
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
fbsbx.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url10
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
deviantart.net
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url13
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
expedia.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
google.com.mm
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
kapanlagi.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
epochtimes.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
tutorialspoint.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url6
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
duolingo.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
gizmodo.com
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url12
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url3
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url4
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url5
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url7
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url9
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url11
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url14
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsTime
url8
0000000000000000
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
.eu
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A30000000000200000000001066000000010000200000000A981A4554BA1AA404BCD9D51275537BE593F1CE771D5069CA5ED6252843478D000000000E80000000020000200000002DB8F31A1D03C3C717C5C23D5390D5CF4BFAEE1F748D7481B7B29A23F893AE212000000087B81974C0845162ECDC1D471D15FBFB3DCE922F941B5C09E502F6FFCB5C6AD54000000052902204613B89346B391AFC9B34052D446F8440F2EC3391A62BFF62DA01D8342000943387DC56E2BB7CF88C0ED7C7A61DBEF02E1FE5DC5045C7BC1316FB31AA
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935438
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935488
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935438
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
500DCEB78E09D801
1252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000001F4968D20F3AFB4D9BAFABCE32FF3A30000000000200000000001066000000010000200000002491A7DB4B4BAC901301F32F07777045D1C128DD7685E901109DAB4F830A68DA000000000E800000000200002000000068C6B2847020D75963EF81A568394B242F4C40B6D1EFBCB2FF6A50C387E30A7020000000A289713B7967D096C5CA183DF565F60445A3D1712368D7E2C8847A803830C12140000000B49B84E75B8DB45A028F364D1846EB1243BF8DAFC13DAEA4E3EDC77729D0324585824BC839A7268C64E2AD8CF291D8409B33A89CE9E3B3CE10642501CE4C08B3
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
3096
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:

Files activity

Executable files
0
Suspicious files
6
Text files
154
Unknown types
2

Dropped files

PID
Process
Filename
Type
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[1].htm
xml
MD5: ed665cdbad4cf8b34c7761b507005bdb
SHA256: 6f34dcaa5d84e9690dab60d1d624dabf47b3f4948b7a8cf4bdb642fcd04be242
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[8].xml
xml
MD5: ed665cdbad4cf8b34c7761b507005bdb
SHA256: 6f34dcaa5d84e9690dab60d1d624dabf47b3f4948b7a8cf4bdb642fcd04be242
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[1].htm
xml
MD5: 5ade33878e836d403511beef8cee0dc6
SHA256: 1dbb2794048d6137f759980660fabbf551d5c0b5ff3720d5ac9c4a7a76181dd0
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[8].xml
xml
MD5: 84bd6b25f958802d8b27e2dbd4a3f6ef
SHA256: 26604a88b5cd33aad74c3c0721f0c1ed4be24ccbb8aefd292e64954078b24f92
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[8].xml
xml
MD5: 3a7e9268fa6e09c6d894c32644ac63ab
SHA256: 1c0b2e5bb5f636a55062326aa637780635863b3b5bd613a9328948aa9827cb7b
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TTUHCS3U.txt
text
MD5: 899887d7c95d256fe9261a102a0e6f3e
SHA256: 9fb341cb1f2ebd3f83d97018b2fa9e803aba3eacc2357e5ae9e9da907d6fa0fc
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[8].xml
xml
MD5: c006b77db767a0b629e1578fd0e14044
SHA256: 67dbd23993751f3306e5d62f46f91047a27ac6f06d4f6bfd4742ac3c45b66c74
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[9].xml
xml
MD5: 5ade33878e836d403511beef8cee0dc6
SHA256: 1dbb2794048d6137f759980660fabbf551d5c0b5ff3720d5ac9c4a7a76181dd0
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\4CnDwe7zZO-u1KsbDLKMrJvgDOQ.gz[1].js
text
MD5: f2a77932e1c406577c4ab9d3fff9cc4e
SHA256: 7e768f806574acedce4eb398fb045087d2ae60aca7e5aaba36172fd0c3523fbf
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\authorize[1].htm
html
MD5: a8715fb84d4a0a83a91e8ff6fe7d666f
SHA256: fce37455c63dde3c6bef6ee59efb886aaa53ad140a9f29ddb29647e93f9ab482
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[7].xml
xml
MD5: ceea410fff6c0fb79fbeb1d9de4da2a9
SHA256: 4423222e6194dd70e76b5cb773d49322438f322fe87a332bac50d6c609cbb177
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLRR2KZF.txt
text
MD5: 2b5af0e0c4cc22755f240bef58fe77c9
SHA256: af1b7da8c555dd8807e91313856e3a08910b4eb7969a67df319f57fe762fbddb
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[1].htm
xml
MD5: 84bd6b25f958802d8b27e2dbd4a3f6ef
SHA256: 26604a88b5cd33aad74c3c0721f0c1ed4be24ccbb8aefd292e64954078b24f92
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\ELqKWpA6KkapLUFbOLS-IQ2zfXc[1].jpg
image
MD5: 968c49ac8a1a3ef85f2884f226c55742
SHA256: e441afc03f067d1d85df1f69eb8f482bfda697cc217e11e1547b3ce964b15b2a
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\Passport[1].htm
html
MD5: 232461ac46abfbe06a8a64325f27e147
SHA256: 1915cb755b5d98010425c3fedba14e8d0ad08da3ca24f3248ab159bbdfc6ed32
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TA40HYF.txt
text
MD5: 0e0a2e9476ce3f29386a771e1f139e84
SHA256: 5a04e41bd22d0de0e338149bccfec1b2dc8139340ef8b645af9994d3a3dcb880
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[1].htm
xml
MD5: c006b77db767a0b629e1578fd0e14044
SHA256: 67dbd23993751f3306e5d62f46f91047a27ac6f06d4f6bfd4742ac3c45b66c74
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\olDmcxJ0RfBy1PQIY51XMK-7EcM.gz[1].js
text
MD5: b743465bb18a1be636f4cbbbbd2c8080
SHA256: fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\n1OpOA_06BB2azk26qZMA1tECTU.gz[1].js
text
MD5: 22bbef96386de58676450eea893229ba
SHA256: a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\n_C4vBfAV3O9RfkGjfduaZoxjAs[1].jpg
image
MD5: d7ae018ea70fa15f5e5389e4f96ad768
SHA256: a4f4a44961e03a073e3f351f296ec19c50005aa96360a9e5cee50e0587738fbb
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\n1U5gwBiwMo7s-fWOh2kSe3Kils[1].jpg
image
MD5: 05034eb84e5e7915ca36eb6fe59dfba7
SHA256: 9bec2e05752c0699db84352bb6e3dd4e5daa927d32ec8123966f4a8fdf8b181a
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\OS6R34RV.txt
text
MD5: 3ab60187e19257c8dbaffad349ffa313
SHA256: 5704fe724ce8abfc8e0326cbde02989080d0f42ab3d980d638ad3cee6792ee39
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\b4Jy0kwhnsWcsDQyuzAEsN7RmhQ[1].jpg
image
MD5: 094fab391b9b906b8a88922ce6827471
SHA256: e7daff9bbb32681540e010fb10ba87d51938b42b275d0c422e253ced0dd96b79
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\CMm2G4GK3T9XHTMByeN2QI1OVUs[1].jpg
image
MD5: a0bff1a68eab91dac459f3b2eb4b3de3
SHA256: 7db453c22084aef847e1ca04e9fc1b1cf0d468a5c11abf3c09968c840cd96a87
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\4-Y2Q6m6z9NfNelYzNLoBe2w2f0.gz[1].css
text
MD5: fa87dbc11057ebe7593f5dfa632ecdc8
SHA256: 223ba2ec0cf89cf63f7342cad8ba677a99b0753a7efd6e072ae5c09500e2e56c
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\kBH4DSEA84cgV7IKw7_Bwvm2NpI[1].jpg
image
MD5: 5ccc9b225b51915169d6f4c27fa26c9a
SHA256: 10d8d2141a01589a82b139b01a75b74d9dfab16d273c9b2ec7f5087d3ef16b3b
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\Fsa_OI0AplCnVoXGca8ALOo0S0s[1].svg
image
MD5: e38795b634154ec1ff41c6bcda54ee52
SHA256: 66b589f920473f0fd69c45c8e3c93a95bb456b219cba3d52873f2a3a1880f3f0
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2GUOB0VA.txt
text
MD5: 8ef152db8fcb67b4e25c13a24e72e480
SHA256: 22c99bf8be6f5762ff44e48dc55452ff9453276a1352f524eadcabe16fff22ea
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\H_VmuFPRwWZ4UrVl0mPztnf3z5U[1].jpg
image
MD5: b545c910f9993f7f930513db793f4ee0
SHA256: a797d6446620b867248b43792b9aa457b42adbb7099d9b3129e0d7743daf67ed
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\N55Tc-oLNOuzZam9OghLsR0GD5U[1].jpg
image
MD5: 8bc40a6f56cb4477bfb120a472920ec1
SHA256: 9050d49d0786f054bc4b7da42690b034c208a4736b7de430383a3333a51c9835
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\KC_nX2_tPPyFvVw1RK20Yu1FyDk[1].svg
image
MD5: 6601e4a25ab847203e1015b32514b16c
SHA256: 6e5d3fff70eec85ff6d42c84062076688cb092a3d605f47260dbbe6b3b836b21
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\FCZOL47T.txt
text
MD5: a9924aef6ed45ac9a7fb00a41a34b21e
SHA256: ca5450aaa6802774cd68c387d55689492dc9425db2852afb07af6e497be6ffe2
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\sbi[1].htm
html
MD5: b4d58441a8ceed22c4420165d2205e1d
SHA256: 561c2edfe4dcd60f7c0cf89317e5c86cb5427d9cacfb800d341d7c7144c43dc7
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\4L4QdyjTv0HYE2Ig2ol9eYoqxg8[1].svg
image
MD5: 91cd11cfcca65cface96153268d71f63
SHA256: 8ee1e6d7a487c38412d7b375ac4a6bd7e47f70858055eeb7957226ada05544be
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fdVZU4ttbw8NDRm6H3I5BW3_vCo[1].svg
image
MD5: d9ed1a42342f37695571419070f8e818
SHA256: 0c1e2169110dd2b16f43a9bc2621b78cc55423d769b0716edaa24f95e8c2e9fe
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\UYtUYDcn1oZlFG-YfBPz59zejYI[1].svg
image
MD5: 88e3ed3dd7eee133f73ffb9d36b04b6f
SHA256: a39ab0a67c08d907eddb18741460399232202c26648d676a22ad06e9c1d874cb
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\kiGH9ukZK6Q4hvtDtwwVc1yvueg[1].svg
image
MD5: 620580657e8a45b4a7b8450b8da5cd32
SHA256: 91de3100632e986cdb6897793ef1b2a8655b15ed4145098ca489856c043d207e
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\NnFHhz2jL6yzChtIhaB5IIVKY5k[1].svg
image
MD5: c04c8834ac91802186e6ce677ae4a89d
SHA256: 46cc84ba382b065045db005e895414686f2e76b64af854f5ad1ac0df020c3bdb
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\STsYNkn8ZlUuDUX3qfX90zogAv0.gz[1].js
text
MD5: 089533a89988f24726efe44f6cd638f7
SHA256: f02e370e83207129033591fb8e6a0f2d496c85bfed951c86ae64f88466b1ba68
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\MK4HQK15.txt
text
MD5: bf82d76ed5c95997fbaf4cd6c621a490
SHA256: a24584d185c38b5309690a70a58f35d9717c3bac9973a8170ec5730f4c7b00c8
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\JoVtU0YtyY9tw3IdM7NM0MLUXGk.gz[1].js
text
MD5: f3dadddd1d9b3252672cd8de949c731e
SHA256: 3552926acb1d6a7ba94abc8b64d99af160dded3ccf9e37a1e0eeb0bae2995579
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\iT_V8KBI7eC1TQv70SZIlBffTUA.gz[1].js
text
MD5: fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA256: 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js
text
MD5: 270d1e6437f036799637f0e1dfbdcab5
SHA256: 783ac9fa4590eb0f713a5bcb1e402a1cb0ee32bb06b3c7558043d9459f47956e
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\hLIJkdTrOxcvwVdcjNc-Ci4kLok.gz[1].js
text
MD5: 8d078e26c28e9c85885f8a362cb80db9
SHA256: 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\6W_Zv5zcDQCg_th_95TrpRjJVpc.gz[1].js
text
MD5: f01bc3a4b5c24f6b0924c0c82871aa86
SHA256: 79693d0729578767ef9fd27c34a56490208670a5526fc57742e65f614e232e8e
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\LqBcF6Ml2TywK2INgNL-J_Ml5Rs.gz[1].js
text
MD5: 479216236fda2895f7863d6bd326dd92
SHA256: 5cef48726848d8813413a7c48bdef686d1c9e95ed8042959d545022b283cb6dd
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y03CKOQC.txt
text
MD5: 928e73f40fbb6851f29c4a6696ce37bb
SHA256: 7fb24ec9170ed116a2fd073756a9ebb79bc6f84678c8994510bd0dc89ba2de22
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\e18WoGB0Fl3Fh_de5Qlf5D_DTk0.gz[1].js
text
MD5: 8c8b189422c448709ea6bd43ee898afb
SHA256: 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\UMc3LQfNxSkvn2QdRt2WMsv397Y.gz[1].js
text
MD5: e3c4a4463b9c8d7dd23e2bc4a7605f2b
SHA256: cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\RL6HEoSHjZWll1BAzkMgFXLPLhI.gz[1].js
text
MD5: b763477ddc5eb909d2e9c84c95b4404b
SHA256: 184ed7cd7bd9ddb09d7d478c3f831d10762e5603142c5b0ecbb7ede2a14d1fab
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\LE_d8dc_TAW7HlSuXKxKfy6Bg7I.gz[1].js
text
MD5: a88a5293d75512d92298fe8bb41b06c2
SHA256: 7487afb96b50489315e4026c51f3b9a719aeed4c33cc8b378f75cefa6f8eac36
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\5ZeCNP-uUJOft0EeiTJVHgcU_PU.gz[1].js
text
MD5: 52aa469570e7f09f519e54bf2e359b2f
SHA256: 30987f9f364b9657f3dee75e6365079b30ea3a166c5806d2aa065ee9a451cd49
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\-4lWPvsxE8kxJO-eEYkwR6dS34E.gz[1].js
text
MD5: b10af7333dcc67fc77973579d33a28e1
SHA256: d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\YDPw12GCamHEHYsA4VTcTjF_dZA.gz[1].js
text
MD5: eeeed5aba386d1a03da945810a0d99a4
SHA256: 560b1788789c05ea711011c2498c0996c135c25a3f2b6d9288189e9a8d05ae33
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\pNsvmKeHtE2msyItPeNI850_WaY.gz[1].js
text
MD5: 47cbede36de0ebbd12a1b59bcf86a2bf
SHA256: bfa7b06e7ef287aa665e575b0163eb25935bb6e4615e562fc25257e3e3b07c84
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\GI3gsA8XtBYO2fyjvpbPLpAf9HI.gz[1].js
text
MD5: fb79039a844db58bbcb5854b1d9b302b
SHA256: 88b2e9ec9f0425e6719e3135e5ac6bda65013d7eaea0517f5ab5965994bf19cd
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz[1].js
text
MD5: eee26aac05916e789b25e56157b2c712
SHA256: 249bcdcaa655bdee9d61edff9d93544fa343e0c2b4dca4ec4264af2cb00216c2
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\CVUWxAZGjNucYCJREBKhe2GiyKw.gz[1].js
text
MD5: 62fc1c28e48a9ab91cfc5e61c6b6967a
SHA256: 98351b47324f7f97c29d831d6ab649aa99c589c15ce6c3b332c0a04b205196cc
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js
text
MD5: f5712e664873fde8ee9044f693cd2db7
SHA256: 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\7m655Ud2BRXxznIYtGVzYp1pj8s.gz[1].js
text
MD5: 84fd3fc97faafcf8fcca752ecbff270e
SHA256: c996e21f2e6a6aeb85d1bd1b865879f9bc57ba397860abd5bcf883ee7da24936
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\B6z3MALNFEeBovQmI37aEJvT4eI.gz[1].js
text
MD5: 17cdab99027114dbcbd9d573c5b7a8a9
SHA256: 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz[1].js
text
MD5: ef3da257078c6dd8c4825032b4375869
SHA256: d94ac1e4ada7a269e194a8f8f275c18a5331fe39c2857dced3830872ffae7b15
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\T_fuRJ5ONhzzZUcXzufvynXGXyQ.gz[1].js
text
MD5: cb027ba6eb6dd3f033c02183b9423995
SHA256: 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\pXscrbCrewUD-UetJTvW5F7YMxo.gz[1].js
text
MD5: d6741608ba48e400a406aca7f3464765
SHA256: b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\556L3YBQ.txt
text
MD5: a86251a7fe4ad4286d4bdfa0fa17ec05
SHA256: f32b604cec559c387dc8243913ffb504c0512ac43d96520df4103675d38ed24b
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\MstqcgNaYngCBavkktAoSE0--po.gz[1].js
text
MD5: 55ec2297c0cf262c5fa9332f97c1b77a
SHA256: 342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\JDHEvZVDnqsG9UcxzgIdtGb6thw.gz[1].js
text
MD5: b4d53e840db74c55cc3e3e6b44c3dac1
SHA256: 622b88d7d03ddacc92b81fe80a30b3d5a04072268bf9473bb29621e884aab5f6
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\H0tBeYy8ok5qbeZq9Oge36K-zeo.gz[1].js
text
MD5: 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA256: 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\1N2fgWADDFlnesGu3TaYOUF_w_U.gz[1].js
text
MD5: 8a05bd26740a7f637498ed8e7601edc5
SHA256: 48e3dcfb2f8c2cd777e76a67c2df31610a771e1bef8af92127561b41838b3cb6
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU9ESAVN.txt
text
MD5: 3f0df2c538ccbe76b096b89b170a6f7a
SHA256: 611fe34e7c6446b5313ab21d4c98677341e22e6228fa581520caebb241918fd9
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNR64SID.txt
text
MD5: 8062f1d402ed6daa47135c329fd7c226
SHA256: 8c1942aa3cad3c93bd24b3d392057be4c7c9de200167c480cf7dfb50e07b5b75
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GDCU9U8P.txt
text
MD5: 4a3ffd30a62daffe4e330f935e9f7349
SHA256: 3200149f57b3f8dcd60afedc190e7f627ac9a2ff0bdf1709bd68a4a71feebac8
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3II94W3T.txt
text
MD5: 271db33db1aa870cac0f648fd86c208a
SHA256: c4313f84b56a1333b2e30c9c102124f2eb9f37bd3b64dccdb6efa4574337cf84
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VQPL4KLO.txt
text
MD5: a2735b835a96324c0d1a42bb455ccaad
SHA256: 668a465014b1d86692220af287bb4dffe8fdeb3774a30ec419a30ba0965770dc
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TEJ6UW3D.txt
text
MD5: e260831ad9a4f91992c96f7df08681a6
SHA256: b6640ea749641a91d29c2252c80bfd54f3093573be797c5e6d0d4a4aad5ddb97
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\16PW9SME.txt
text
MD5: d6bb77d5dcea1f1d563b205b4ecab433
SHA256: 80dcd2cff89fdef7742af9238c8191b9441f052f3680ea3f7e0a2eb0b2c99345
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\D20AE34V.txt
text
MD5: f194f2bf815e3b51a977cab5f007fa1e
SHA256: 4ad7856eb7792f9973e9490dfb14d50443c821b30c3ee6fdb6765df75725ba24
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js
text
MD5: a5363c37b617d36dfd6d25bfb89ca56b
SHA256: 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat
binary
MD5: c61ccb593b689dfc4e18b4b75afd33b7
SHA256: 33b667d4d6aa8b8bc282479500ea6bb08d17cc8a9e897c5904845af6960bc280
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\search[1].htm
html
MD5: 7e99d65e1cf2f93c779379cbda6d4eea
SHA256: 8f4d5b56b01a9c2f4e1bc4e5cdeb4134b53880d94431fd037e7beb4c3df6a574
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Jl2vUSlEIqWjk-99MuYp4W74zvQ[1].svg
image
MD5: 6d8ef11cb1c03b39d9ed4e4c9a2190b9
SHA256: d72beae30a6b2b36c3e03847ce4ea04211d7373d4066ff937a7a05df4e0c3db6
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT4DRRA7.txt
text
MD5: 42c8fad1abed77f117d4b9c11b72251c
SHA256: 93fe1916748a4f3e5e6a2d51e2aaa368f13ef5a3843a8ff719ba160c92fac200
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[7].xml
xml
MD5: 339c978d02b5193b7c5bba47fdd08cfd
SHA256: 0487d7e7d23740b27c6854e4cdafc04d86fb17dcfbbb02ae5f12c89dc55b06f1
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon-2x[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\4nFpsJ4NFXzlOgDGX-GPMUxfLk4.gz[1].js
text
MD5: a3a4d99559761fb14e63c2d3d249d1e1
SHA256: 64728cf6f8151894642cca039d962fc1ba48f922b59819cc936b09f6b238fbcc
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[7].xml
xml
MD5: 5550157987eed12b93ba7eae0f055db6
SHA256: 5fe002d75965218fb65504d0c4331d8b551d8f626d6018a9e77a71c6c200ee3a
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[6].xml
xml
MD5: 4ddcdaa0e7bcaaf318ef5819cadb75c5
SHA256: 1a09a201ad56521dd4f2c7ce3f3d5f2fd0b1080636b88b3661bf2728d7962b9d
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[6].xml
xml
MD5: e62886420148f299dc14fa377513a516
SHA256: 1efa26926c359fe160f88b84a03d47386739aed82fe7592c3c633cf2a9c9330a
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\i3t3vGbFsQ-XpUOCob6i88omBUs[1].png
image
MD5: 6e1044bda1abb6ff4100d817545e9384
SHA256: 8ce6de2ae3879a698339bd47dc17e4f86f62504f073e8ed2174eac756702ae11
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[6].xml
xml
MD5: 6983d444005bf0f3e8b2b1f0718f6719
SHA256: d1fd9ef666a1051fc62eb6ad7e4430cbbfed4c3dd503960522af69c9e00634a7
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[7].xml
xml
MD5: 90699435656b694439f19b0761ba426a
SHA256: 45dc796c5e9f1eda56e90b33c75be71d5d180c04fbbc391ddd88c538b2dd27b3
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[5].xml
xml
MD5: d7d195f61be8368005ed0dcb6da1ef54
SHA256: a5ce4568a3a187e2261e0cce1e1891efa90eb0b5bfa548136e22ab01e8723af4
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[5].xml
xml
MD5: 4cd8cff97bb3769d78729f6f11113210
SHA256: 55e8744b5f258f25e864e885a1f1b025ad7ab132b93e56a40648b1b1a3a10c3f
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[5].xml
xml
MD5: a784b448d7b1ef31532507304aa3ebd2
SHA256: c6c46f346ce919d191ef2a0af3da1b625f4235515c3ac2111918ecf2ebf66817
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[4].xml
xml
MD5: 20a2f221646a3b9ab3dd8d909a679b49
SHA256: 8c6a3132cd7f90ebae6c3dff1d86e374696021400141f6e5e65f880879944893
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[6].xml
xml
MD5: 910311b8574af2748ddab1fd9481949d
SHA256: 5deae5ea0b7ef73546539fef369a71f8f41a7ba0ca4988a4de4ecf27c03ff79e
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[4].xml
xml
MD5: c5e18f57f400438e00a47e17cd1ce382
SHA256: 1bd4e5b0f911b8de42818fdf504e91e09d1ade19b56b395b7cb93fddf35718ec
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[3].xml
xml
MD5: a233f8acb8760f58ec41e3b7c70ec7df
SHA256: b62d1cefeb16c67351aca4e62cd13985d7e6d78773ec8de50af6dc7f765c103c
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[4].xml
xml
MD5: 6f50b8adfb692b2ca27c40993a5bc1ff
SHA256: 9e2f17ce6c58ade5b53c8281a68fcb1486f290747b85db5459f6bc683f8efc53
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[4].xml
xml
MD5: fdad8ded1936725eea9f59bef4c487ff
SHA256: 0b28a6ed4ff0250a79fff4a4c62b4979e9c738f605b4691a9829a94d72ffb173
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[5].xml
xml
MD5: d093c44eab3c831c04c27a36f8f9b519
SHA256: 11346512184e1283844b91b4ef5fcdd1587a668021603d5a8e5b2d853e2cdb82
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[3].xml
xml
MD5: b602e8a7ce1be688594a472491e7e024
SHA256: 489941c6e147b8af140ed7644c8a0ddf86b845ba248774f2e4e60cf9435f73a7
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[2].xml
xml
MD5: c08ca959f3d1ce70206a611fcbf495e6
SHA256: 7c8e92e91051ba740be138be16951b9d880286df9ba44d1329567afde02ef6cc
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[2].xml
xml
MD5: 875ba926ce489d2e8844159bf88aef22
SHA256: 7bcc97b14431d5f6f0204f72b1f3507bb367da4763c14eb33c9b770fefbcd8b3
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[2].xml
xml
MD5: 1f4d1b68d08ed9dd3ca321a732878773
SHA256: 1147e3e664e129e1a80fc41299b930d1a141361721641e5c0fcf2d05b069b346
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[3].xml
xml
MD5: ea4f06341467b44a125e888bca3295bd
SHA256: 419ca0ba7dea040fb4c39fd85349c3bd8fd635e2ceee657750f6f0b382cd5bb1
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[3].xml
xml
MD5: 9c4b6095ea29a39099348ab14713c1f6
SHA256: 901f0f5c40ec4755cb72552d1e8dc6dc406f6afb59fb06ee437c558bc5c79324
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\qsml[1].xml
xml
MD5: f0d8a7403a2da8b3b4433033ef5fbe35
SHA256: 97efcc7a67bb355c9ec251e1a7f59b97589b4d30a8e1323d099735ca1556bb2c
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[1].xml
xml
MD5: 0806df028ac185269bddf8dea2f66f18
SHA256: 20130eb0ed947af732f4f21ca6846c33170d7596a5baa1b20527f288b5cc2804
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver5EF7.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[1].xml
xml
MD5: 090e4506654c64277b5ebef05cf75675
SHA256: d39b38d01dc552e5b976c9b42d294778a5606777d7dc9df9cea3bc675477fef9
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: 410b6184caa83b9d154d351871ead473
SHA256: 49fc10b4efc0dff1756ef26dc83c5b79d5890bc86281951f7a157af9e9974a07
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[1].xml
xml
MD5: 73f5d0d80252ac284783419c5f37d4ef
SHA256: c671e07b085951f32d4503350385a0bf3bc4c19c0c886df61c7c0961cb1b554c
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWRR9S76.txt
text
MD5: e6d917308df850e30054e6cf4a266b20
SHA256: 6372857f7660b90e0b9fb4155eb787cd7bbd2fd2cf8e5a7f28b1e7992ed5d756
3096
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[2].xml
xml
MD5: 9fa34c705d9a49f1336b469cd51c3b84
SHA256: b58b4bd7dc96b1bffd78b3beaa5ead378f32d02eba86db55c30d9ec509cc6c2e
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCSSGFRX.txt
text
MD5: 3dddf6e20b803f656a7302dc810e4b44
SHA256: c55b0d156ec9c346d07f02acb16c4137241b70c4fa746f274a719fc1ab3d3574
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\S4UJTGXM.txt
text
MD5: 0dd5574e5928999b2c5a6320e0af4b89
SHA256: 9de4ec609db97aa3702cd96129464d7c0fc9f0136ba2679970e627c0d5f00404
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\R7ERZAQP.txt
text
MD5: 03e6cec5339bec742799fb4398cebc91
SHA256: 598a9a0d9dcb072ef3bd2d3c890088537fbbb10329a45e3e13005ec37ebcf99a
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YP1V6FZI.txt
text
MD5: 91be58e4cc3209e4693922bd467ba70e
SHA256: 1dea6e5028431b04b38a13b384faba5083e0c2fb7570c5fc94d46a441c803b32
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZ4F6FXF.txt
text
MD5: 3961ae007c1c201908ffa14bd985abe8
SHA256: 1375926a05bce972a3e4eff611b905e8eeed76ebe81fc580c8e6a70479978170
1252
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: ad55bd80ee59ab8391fa9e5e43f56b30
SHA256: 1d0cefa75dfda6ed48f90f66719d2bdafafd5cc6bf81185f5069364d50afd40e
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\91YXUMOI.txt
text
MD5: fc6b5f1fbcfe9bb9d94eb7c6670033de
SHA256: a1515e86ba19055a1331740cba7490c9db911d6eb6a7ee6ce59077b2fd6a6f4b
3096
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FH6XT9Z.txt
text
MD5: 9aeb91265200a7696e8d5544b9881f03
SHA256: 1527848865cfb6c10de44caccb994a565a9ea8fe7f4f32e1d37552531715ca49
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
der
MD5: ac68acf50745357d4ea92b214d9e7132
SHA256: ae3f7fde380d2d90571a61378e52b1bc284b4c4c6a1e099f6f022395ebed6154
1252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
binary
MD5: e79b95a635f88544c273d92e374a8885
SHA256: 52cf49ba8adb249d509acee1af671dd3f28b8359ba9e02167fc3d065626bf68d
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
1252
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 99ea9fe823bdae693bb60ee0649bf7a0
SHA256: 345325ba57fffdc65e14be08d49263dc1aed5981e80997bac799745f38c4026d

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
5
TCP/UDP connections
24
DNS requests
14
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1252 iexplore.exe GET 200 2.16.106.171:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d85cd64283bf8617 unknown
compressed
whitelisted
1252 iexplore.exe GET 200 2.16.106.171:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?827d66014578e129 unknown
compressed
whitelisted
1252 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D US
der
shared
3096 iexplore.exe GET 403 66.119.41.96:80 http://rules.securestudies.com/ US
html
malicious
1252 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 192.168.100.2:53 –– suspicious
1252 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
1252 iexplore.exe 2.16.106.171:80 Akamai International B.V. –– whitelisted
1252 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3096 iexplore.exe 13.107.5.80:443 Microsoft Corporation US whitelisted
3096 iexplore.exe 66.119.41.96:80 Savvis US unknown
–– –– 66.119.41.96:80 Savvis US unknown
1252 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3096 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3096 iexplore.exe 40.126.31.6:443 Microsoft Corporation US suspicious
3096 iexplore.exe 20.190.159.136:443 Microsoft Corporation US suspicious

DNS requests

Domain IP Reputation
www.rules.securestudies.com No response unknown
www.microsoft.com No response whitelisted
api.bing.com 13.107.5.80
whitelisted
ctldl.windowsupdate.com 2.16.106.171
2.16.106.186
whitelisted
ocsp.digicert.com 93.184.220.29
shared
rules.securestudies.com 66.119.41.96
malicious
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
login.microsoftonline.com 40.126.31.6
40.126.31.8
20.190.159.132
40.126.31.135
40.126.31.143
20.190.159.134
20.190.159.136
20.190.159.138
whitelisted
login.live.com 20.190.159.136
40.126.31.143
40.126.31.137
20.190.159.138
40.126.31.6
20.190.159.134
40.126.31.8
40.126.31.1
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.