General Info

URL

http://box2012.temp.domains/~chwsolut/services.html

Full analysis
https://app.any.run/tasks/0c594c04-a894-4e7f-bf5f-db4d7437de62
Verdict
Malicious activity
Analysis date
3/14/2019, 21:21:40
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Changes internet zones settings
  • iexplore.exe (PID: 2864)
Reads internet explorer settings
  • iexplore.exe (PID: 3516)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3632)
  • iexplore.exe (PID: 3516)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3516)
Application launched itself
  • iexplore.exe (PID: 2864)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
34
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2864
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://box2012.temp.domains/~chwsolut/services.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
3516
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2864 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

PID
3632
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
449
Read events
379
Write events
67
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2864
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2864
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{CFA9183B-4696-11E9-BEEC-5254004A04AF}
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E00140015003800DC02
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E00140015003800DC02
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E001400150038009803
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E00140015003800B703
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
31
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E001400150039000E00
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
24
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307030004000E00140015003B005C00
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
28819A94A3DAD401
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2864
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307030004000E00140016002B00DE03
3516
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3516
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
3516
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3516
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
37
Unknown types
5

Dropped files

PID
Process
Filename
Type
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cropped-CHW-Solutions-Logo-Design-Icon-Only-150x150[1].jpg
image
MD5: 44217b10dadda3fdf18db4fa9d11ab78
SHA256: 1198594d97a27de10d3be6acfea242abf52ed34504692b383d647e7690a783b7
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wp-embed.min[1].js
text
MD5: 2dce40d16f9ff6332d3cbb7ae488a2b9
SHA256: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\sow-image-default-b37b538aacbf[1].css
text
MD5: 35fcad0760ec2b544dfb4c0b724ddbc5
SHA256: 4aa7b7ec1133b3e5b9c7d1e86ce1536d4c2350791f189020172bd1a25616a06f
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\IMG_1079-150x150[1].jpg
image
MD5: af7c6b9ae17ba45e5c760c4e180a3492
SHA256: cd830c95f7dee3819d654f1f0c3704cbea7384d3ecbc022412e8301b8237bfab
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\854-layout[1].js
text
MD5: c3daad002ea53dbd455f00c0bbcb7cdc
SHA256: eebb57478d160030277a2af36a3c8b0cbbfcd1fe8f448c1ac01bac03242b6269
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Megan-CHW-Brochure-pic-150x150[1].jpg
image
MD5: 63e769bf13c8ad9daddf7e518015b22c
SHA256: 19d58b4b94a24a74c50f6837e3f77a250a53efbfe55ac31ebb3e24f226d09979
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Megan-E-bio-Picture-150x150[1].jpg
image
MD5: 4e0f0a98fe29308166e1f785e7d2c6ad
SHA256: 197d3ba82c77a12a5486be7131b8b7baeae5c761b545832aa75e0156ebd395a9
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\collect[1].gif
––
MD5:  ––
SHA256:  ––
3516
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 6bfa7218f5a3fe62d572275288be9221
SHA256: 1d82ac2c89e668893c547fd1f408864d2d850391e5a7401a33d60d86d0ea4d50
3516
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\854-layout[1].css
text
MD5: 44934ca946b9d168c7725bde3f37da0b
SHA256: ad18168d277456d06135db61a597a4179a505064a91b0ffb16cb7bf3ffb1be73
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\about-us[1].html
html
MD5: fa18ac1516b71e785a03197e80f93dd5
SHA256: 5e4469d32c5003aad5cc81f03fe70a705e6fa38d899c51c86e989ae73ae5cfe1
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\v2[1]
text
MD5: 91a12e553f8729fb58d01eddefc3ae73
SHA256: 5e9cfd928bf37bc1437e55f73b6446d09e64bc1dd5795a3e0f0b92edbfefa7fe
2864
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: 161d7722ef22b3e4cc3116fbac3816c0
SHA256: e7438f6ce2d852d1ab9297a1f643f0701138a9051fc12e9be7e69875f69a3c05
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: bcd4a4f4220f4e98e0687d2d47755a77
SHA256: fe648b99468470d0c358d44418e24f6ed0b102cd9bc752486870715503e916f2
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\CHW-Solutions-Logo-Design-Horizontal-600x132[1].jpg
––
MD5:  ––
SHA256:  ––
2864
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2864
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2864
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fontawesome-webfont[1].eot
eot
MD5: 45c73723862c6fc5eb3d6961db2d71fb
SHA256: d4f5a99224154f2a808e42a441ddc9248ffe78b7a4083684ce159270b30b912a
3516
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 84cbd7dd7f0d7bb8382b1bd5232ed1f7
SHA256: 7dacfe582d3f974718d2fda6fc4cf9f90d3cdf6f9014d942f071a7078f3da154
3632
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\glyphicons-halflings-regular[1].eot
eot
MD5: f4769f9bdb7466be65088239c12046d1
SHA256: 13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\CHW-Solutions-Logo-Design-Horizontal-600x132[1].jpg
––
MD5:  ––
SHA256:  ––
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0d8f7cd138189d792a2f5d491d2978f3
SHA256: e44e2a2938d98a46422b95e7ea93ad1441e3c6de25364a2e86da3f73aa54e8b9
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main[1].js
text
MD5: ad500194e7538d0566fcbc1068448599
SHA256: 0eb0ecc59760c06d88f86d343c1dd4987d1c7e6b1c725149564f549a256781b4
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\849-layout[1].js
text
MD5: 8e0bde0df48c8910620c9bfd3968acd5
SHA256: c458c45959dfe8901763ad36b4d082998da57cde27e3bb39cb270911f0b2fd7d
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wp-api.min[1].js
text
MD5: 8cf9672daeca232b3c1f93b1e8d130b0
SHA256: 8eee3a7a8051fa72df3a50680c86c633ab465cfc6666aaf042a969f7bef8f858
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\api-request.min[1].js
text
MD5: b1ae1aa42eaf4df3fdc59777f5ec7437
SHA256: b5fb36601292e67e640378a8fb54effe16945559858910d4b6b771a2666a2e00
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\backbone.min[1].js
text
MD5: 710b5fe97d75f4305cd8dd472aae4132
SHA256: d1b4ad20017b52fa7d71856374122c44dc54e4a6aadc2a63f2f45f62cf244adc
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\underscore.min[1].js
text
MD5: 0bd7146b45c933ad9bfe210a41cd79b1
SHA256: ede1815b17e451c16258034bcf89a7957256c67884aefffefbb97020770fdc06
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\respond.min[1].js
html
MD5: 9cccbcd9bc6aed2bb14df1013e185ce3
SHA256: 82069c15edd6943dfaa59f5ac3f6acc86fd44a28fe925e410ccdcadec194a8ba
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\html5shiv.min[1].js
html
MD5: 3044234175ac91f49b03ff999c592b85
SHA256: e0eac80838c161f29e7c46d54fbc044d12cd164baae13255e562c6be3aa91809
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].js
text
MD5: c5b5b2fa19bd66ff23211d9f844e0131
SHA256: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jssor[1].js
text
MD5: 1397a8a69723f763949de3a6014a85de
SHA256: 504984df1c171ad985ca44af299019cb992f679c7ce1ce989e3a45f177142a9f
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery[1].js
text
MD5: bb33093a8d4f68199c4ab6702f3976e4
SHA256: fa055f2f7c5b735dbbb71954f434aed79925bc00ff2ffbc3ecfc4a790689a723
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\helper[1].js
text
MD5: 0af11e80e33169ab815f9ab2721c3745
SHA256: f85f1ce135b6810b880273cd052b8a5cc1b4a96936a2ad9d8f0f83a8ee0b0cfa
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\wp-emoji-release.min[1].js
text
MD5: c17b309d8ab4b4e9653876d3c35c397d
SHA256: c533b791a8eef65604f15d20433506e1614c693eeba9df749e8a7677e43b466c
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery-migrate.min[1].js
text
MD5: 7121994eec5320fbe6586463bf9651c2
SHA256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].css
text
MD5: 2f624089c65f12185e79925bc5a7fc42
SHA256: eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\style.min[1].css
text
MD5: 7a63f6bcae054a13315b6bf1d32dbcd4
SHA256: a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\font-awesome.min[1].css
text
MD5: 0831cba6a670e405168b84aa20798347
SHA256: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\style[1].css
text
MD5: 0d3b750fee57e1a962495944d39755b2
SHA256: 31955e986fa380b543ed7171a77ab2e2734150b1a7130c1a5537fcb5b16ae424
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\849-layout[1].css
text
MD5: cee165f8d348be1dc2557c56434f6bbb
SHA256: ec0909a0a784320ef760f20b25998b9a2c673b8e65cb6f85cca65ff932a5d464
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\froogaloop2.min[1].js
text
MD5: f9624433f960dcd3ebdb2eb2b948e9cf
SHA256: f0a7e38d3da10f50c1f5f4ed4e50d920bd6e81f650a7c2f05d200bdfa3d47426
3516
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\services[1].html
html
MD5: 01750aa5d6f488ca942f80d72b370174
SHA256: da2f03d5a6505a332a5aebbf6ac5766c044722c21bb0780316245db44280d149

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
47
TCP/UDP connections
12
DNS requests
5
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/services.html US
html
unknown
3516 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/style.css?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/css/bootstrap.min.css?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/css/font-awesome.min.css?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/849-layout.css?ver=1e5128d0462f9a847fa4408c45729b21 US
text
unknown
3516 iexplore.exe GET 200 2.16.186.83:80 http://a.vimeocdn.com/js/froogaloop2.min.js?ver=5.1.1 unknown
text
malicious
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/jquery/jquery.js?ver=1.12.4 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/jssor.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/helper.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/wp-google-maps/wpgmza_data.js?ver=5.1.1 US
compressed
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/bootstrap.min.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/html5shiv.min.js US
html
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/respond.min.js US
html
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/underscore.min.js?ver=1.8.3 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/backbone.min.js?ver=1.2.3 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/api-request.min.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-api.min.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/849-layout.js?ver=1e5128d0462f9a847fa4408c45729b21 US
text
unknown
3516 iexplore.exe GET 200 172.217.18.174:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/main.js?ver=1.5.4 US
text
unknown
3516 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 US
html
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-embed.min.js?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://chwsolutions.com/wp-content/uploads/2017/06/CHW-Solutions-Logo-Design-Horizontal-600x132.jpg US
image
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/fonts/glyphicons-halflings-regular.eot? US
eot
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/fonts/fontawesome-webfont.eot? US
eot
unknown
3516 iexplore.exe GET 200 172.217.18.174:80 http://www.google-analytics.com/r/collect?v=1&_v=j73&a=94315428&t=pageview&_s=1&dl=http%3A%2F%2Fbox2012.temp.domains%2F~chwsolut%2Fservices.html&ul=en-us&de=utf-8&dt=Services%20%E2%80%93%20CHW%20Solutions&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=IEBAAE~&jid=201668330&gjid=1171635024&cid=2139741133.1552594919&tid=UA-91090046-1&_gid=903254809.1552594919&_r=1&z=1893240463 US
image
whitelisted
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-json/wp/v2/ US
text
unknown
3516 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
2864 iexplore.exe GET 404 74.220.219.168:80 http://box2012.temp.domains/favicon.ico US
html
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/about-us.html US
html
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/854-layout.css?ver=5b1a36bb71dae6535f9b1829110b8847 US
text
unknown
3516 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3516 iexplore.exe GET 200 172.217.18.174:80 http://www.google-analytics.com/collect?v=1&_v=j73&a=27333927&t=pageview&_s=1&dl=http%3A%2F%2Fbox2012.temp.domains%2F~chwsolut%2Fabout-us.html&ul=en-us&de=utf-8&dt=About%20us%20%E2%80%93%20CHW%20Solutions&sd=32-bit&sr=1280x720&vp=1276x560&je=0&fl=26.0%20r0&_u=AACAAE~&jid=&gjid=&cid=2139741133.1552594919&tid=UA-91090046-1&_gid=903254809.1552594919&z=985269695 US
image
whitelisted
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2016/11/Megan-E-bio-Picture-150x150.jpg US
image
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2016/11/Megan-CHW-Brochure-pic-150x150.jpg US
image
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2018/03/IMG_1079-150x150.jpg US
image
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2016/11/cropped-CHW-Solutions-Logo-Design-Icon-Only-150x150.jpg US
image
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/854-layout.js?ver=5b1a36bb71dae6535f9b1829110b8847 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/siteorigin-widgets/sow-image-default-b37b538aacbf.css?ver=5.1.1 US
text
unknown
3516 iexplore.exe GET 200 74.220.219.168:80 http://chwsolutions.com/wp-content/uploads/2017/06/CHW-Solutions-Logo-Design-Horizontal-600x132.jpg US
image
unknown
3516 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3516 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 US
html
unknown
2864 iexplore.exe GET 404 74.220.219.168:80 http://box2012.temp.domains/favicon.ico US
html
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3516 iexplore.exe 74.220.219.168:80 Unified Layer US unknown
2864 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3516 iexplore.exe 2.16.186.83:80 Akamai International B.V. –– whitelisted
3516 iexplore.exe 172.217.18.174:80 Google Inc. US whitelisted
2864 iexplore.exe 74.220.219.168:80 Unified Layer US unknown

DNS requests

Domain IP Reputation
box2012.temp.domains 74.220.219.168
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
a.vimeocdn.com 2.16.186.83
2.16.186.49
malicious
www.google-analytics.com 172.217.18.174
whitelisted
chwsolutions.com 74.220.219.168
unknown

Threats

PID Process Class Message
3516 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3516 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3516 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions

Debug output strings

No debug info.