General Info

URL

http://box2012.temp.domains/~chwsolut/services.html

Full analysis
https://app.any.run/tasks/a8f66ebb-f653-4786-8208-ce967a8ded12
Verdict
Malicious activity
Analysis date
3/14/2019, 21:25:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3692)
  • iexplore.exe (PID: 3536)
Application launched itself
  • iexplore.exe (PID: 2980)
Reads internet explorer settings
  • iexplore.exe (PID: 3536)
Changes internet zones settings
  • iexplore.exe (PID: 2980)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3536)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
34
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2980
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://box2012.temp.domains/~chwsolut/services.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
3536
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2980 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

PID
3692
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
451
Read events
381
Write events
67
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2980
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2980
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{625D52C3-4697-11E9-BAD8-5254004A04AF}
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E0014001A000200CA03
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E0014001A000200DA03
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E0014001A000300DC00
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E0014001A000300FB00
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
34
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E0014001A0003004A01
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
32
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307030004000E0014001A000500F501
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
CC095D27A4DAD401
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
266C5F27A4DAD401
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2980
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307030004000E0014001A000D009301
3536
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3536
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
3536
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
36
Unknown types
5

Dropped files

PID
Process
Filename
Type
2980
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\main[1].js
text
MD5: ad500194e7538d0566fcbc1068448599
SHA256: 0eb0ecc59760c06d88f86d343c1dd4987d1c7e6b1c725149564f549a256781b4
2980
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2980
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cropped-CHW-Solutions-Logo-Design-Icon-Only-150x150[1].jpg
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\IMG_1079-150x150[1].jpg
image
MD5: af7c6b9ae17ba45e5c760c4e180a3492
SHA256: cd830c95f7dee3819d654f1f0c3704cbea7384d3ecbc022412e8301b8237bfab
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\854-layout[1].js
text
MD5: c3daad002ea53dbd455f00c0bbcb7cdc
SHA256: eebb57478d160030277a2af36a3c8b0cbbfcd1fe8f448c1ac01bac03242b6269
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Megan-CHW-Brochure-pic-150x150[1].jpg
image
MD5: 63e769bf13c8ad9daddf7e518015b22c
SHA256: 19d58b4b94a24a74c50f6837e3f77a250a53efbfe55ac31ebb3e24f226d09979
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\sow-image-default-b37b538aacbf[1].css
text
MD5: 35fcad0760ec2b544dfb4c0b724ddbc5
SHA256: 4aa7b7ec1133b3e5b9c7d1e86ce1536d4c2350791f189020172bd1a25616a06f
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Megan-E-bio-Picture-150x150[1].jpg
image
MD5: 4e0f0a98fe29308166e1f785e7d2c6ad
SHA256: 197d3ba82c77a12a5486be7131b8b7baeae5c761b545832aa75e0156ebd395a9
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\collect[1].gif
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 72d0e690f878148e8ef5391508eadf93
SHA256: 1a3377a976611fcd5b3443101a5c32c8a6f679789c16b2882fd059cc07793308
3536
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\854-layout[1].css
text
MD5: 44934ca946b9d168c7725bde3f37da0b
SHA256: ad18168d277456d06135db61a597a4179a505064a91b0ffb16cb7bf3ffb1be73
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\about-us[1].html
html
MD5: fa18ac1516b71e785a03197e80f93dd5
SHA256: 5e4469d32c5003aad5cc81f03fe70a705e6fa38d899c51c86e989ae73ae5cfe1
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\v2[1]
text
MD5: 91a12e553f8729fb58d01eddefc3ae73
SHA256: 5e9cfd928bf37bc1437e55f73b6446d09e64bc1dd5795a3e0f0b92edbfefa7fe
2980
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: 4ef5ce86804fa7cf11074bfc29bcd389
SHA256: c5927086b565f1a991146052f9167f46683b8fef2daf9252b6f7ec8f276cb755
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: e219733ba19ed49c632434cf9a264df0
SHA256: 1a9a6261d531d0e276c2717df4f21fbed45bee715334fc2b3f8341428cc40834
3536
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ba4f0263cf06796a2b99a47a556bee9f
SHA256: 1a1b6dc61b36f8d7b6a84337104f4ad8b49af8a385d4cdf059a119299a779483
3692
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\fontawesome-webfont[1].eot
eot
MD5: 45c73723862c6fc5eb3d6961db2d71fb
SHA256: d4f5a99224154f2a808e42a441ddc9248ffe78b7a4083684ce159270b30b912a
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\glyphicons-halflings-regular[1].eot
eot
MD5: f4769f9bdb7466be65088239c12046d1
SHA256: 13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\wp-embed.min[1].js
text
MD5: 2dce40d16f9ff6332d3cbb7ae488a2b9
SHA256: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\CHW-Solutions-Logo-Design-Horizontal-600x132[1].jpg
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 8faf7548fed3d7ec17f7d81ab3fe1c6e
SHA256: 4be8126fd99e75d87cae41f04474c9a306f5379149096fa1fb9b075c8136d878
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\api-request.min[1].js
text
MD5: b1ae1aa42eaf4df3fdc59777f5ec7437
SHA256: b5fb36601292e67e640378a8fb54effe16945559858910d4b6b771a2666a2e00
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wp-api.min[1].js
text
MD5: 8cf9672daeca232b3c1f93b1e8d130b0
SHA256: 8eee3a7a8051fa72df3a50680c86c633ab465cfc6666aaf042a969f7bef8f858
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\849-layout[1].js
text
MD5: 8e0bde0df48c8910620c9bfd3968acd5
SHA256: c458c45959dfe8901763ad36b4d082998da57cde27e3bb39cb270911f0b2fd7d
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\backbone.min[1].js
text
MD5: 710b5fe97d75f4305cd8dd472aae4132
SHA256: d1b4ad20017b52fa7d71856374122c44dc54e4a6aadc2a63f2f45f62cf244adc
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\underscore.min[1].js
text
MD5: 0bd7146b45c933ad9bfe210a41cd79b1
SHA256: ede1815b17e451c16258034bcf89a7957256c67884aefffefbb97020770fdc06
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\respond.min[1].js
html
MD5: 9cccbcd9bc6aed2bb14df1013e185ce3
SHA256: 82069c15edd6943dfaa59f5ac3f6acc86fd44a28fe925e410ccdcadec194a8ba
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\html5shiv.min[1].js
html
MD5: 3044234175ac91f49b03ff999c592b85
SHA256: e0eac80838c161f29e7c46d54fbc044d12cd164baae13255e562c6be3aa91809
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].js
text
MD5: c5b5b2fa19bd66ff23211d9f844e0131
SHA256: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery[1].js
text
MD5: bb33093a8d4f68199c4ab6702f3976e4
SHA256: fa055f2f7c5b735dbbb71954f434aed79925bc00ff2ffbc3ecfc4a790689a723
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\helper[1].js
text
MD5: 0af11e80e33169ab815f9ab2721c3745
SHA256: f85f1ce135b6810b880273cd052b8a5cc1b4a96936a2ad9d8f0f83a8ee0b0cfa
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jssor[1].js
text
MD5: 1397a8a69723f763949de3a6014a85de
SHA256: 504984df1c171ad985ca44af299019cb992f679c7ce1ce989e3a45f177142a9f
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery-migrate.min[1].js
text
MD5: 7121994eec5320fbe6586463bf9651c2
SHA256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bootstrap.min[1].css
text
MD5: 2f624089c65f12185e79925bc5a7fc42
SHA256: eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\849-layout[1].css
text
MD5: cee165f8d348be1dc2557c56434f6bbb
SHA256: ec0909a0a784320ef760f20b25998b9a2c673b8e65cb6f85cca65ff932a5d464
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\style[1].css
text
MD5: 0d3b750fee57e1a962495944d39755b2
SHA256: 31955e986fa380b543ed7171a77ab2e2734150b1a7130c1a5537fcb5b16ae424
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\style.min[1].css
text
MD5: 7a63f6bcae054a13315b6bf1d32dbcd4
SHA256: a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wp-emoji-release.min[1].js
text
MD5: c17b309d8ab4b4e9653876d3c35c397d
SHA256: c533b791a8eef65604f15d20433506e1614c693eeba9df749e8a7677e43b466c
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\font-awesome.min[1].css
text
MD5: 0831cba6a670e405168b84aa20798347
SHA256: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\froogaloop2.min[1].js
text
MD5: f9624433f960dcd3ebdb2eb2b948e9cf
SHA256: f0a7e38d3da10f50c1f5f4ed4e50d920bd6e81f650a7c2f05d200bdfa3d47426
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\services[1].html
html
MD5: 01750aa5d6f488ca942f80d72b370174
SHA256: da2f03d5a6505a332a5aebbf6ac5766c044722c21bb0780316245db44280d149

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
49
TCP/UDP connections
14
DNS requests
5
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/services.html US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/css/font-awesome.min.css?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/849-layout.css?ver=1e5128d0462f9a847fa4408c45729b21 US
text
unknown
3536 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/css/bootstrap.min.css?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 2.16.186.49:80 http://a.vimeocdn.com/js/froogaloop2.min.js?ver=5.1.1 unknown
text
malicious
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/style.css?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/jquery/jquery.js?ver=1.12.4 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/jssor.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/helper.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/wp-google-maps/wpgmza_data.js?ver=5.1.1 US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/bootstrap.min.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/html5shiv.min.js US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/respond.min.js US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/underscore.min.js?ver=1.8.3 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/backbone.min.js?ver=1.2.3 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/api-request.min.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-api.min.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/849-layout.js?ver=1e5128d0462f9a847fa4408c45729b21 US
text
unknown
3536 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 US
html
unknown
3536 iexplore.exe GET 200 172.217.18.110:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/main.js?ver=1.5.4 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-embed.min.js?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET –– 74.220.219.168:80 http://chwsolutions.com/wp-content/uploads/2017/06/CHW-Solutions-Logo-Design-Horizontal-600x132.jpg US
––
––
unknown
3536 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/fonts/glyphicons-halflings-regular.eot? US
eot
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/fonts/fontawesome-webfont.eot? US
eot
unknown
3536 iexplore.exe GET 200 172.217.18.110:80 http://www.google-analytics.com/r/collect?v=1&_v=j73&a=417585577&t=pageview&_s=1&dl=http%3A%2F%2Fbox2012.temp.domains%2F~chwsolut%2Fservices.html&ul=en-us&de=utf-8&dt=Services%20%E2%80%93%20CHW%20Solutions&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=IEBAAE~&jid=335250151&gjid=828244566&cid=843688274.1552595166&tid=UA-91090046-1&_gid=2051324888.1552595166&_r=1&z=197349902 US
image
whitelisted
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-json/wp/v2/ US
text
unknown
2980 iexplore.exe GET 404 74.220.219.168:80 http://box2012.temp.domains/favicon.ico US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/about-us.html US
html
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/854-layout.css?ver=5b1a36bb71dae6535f9b1829110b8847 US
text
unknown
3536 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3536 iexplore.exe GET 200 172.217.18.110:80 http://www.google-analytics.com/collect?v=1&_v=j73&a=958312705&t=pageview&_s=1&dl=http%3A%2F%2Fbox2012.temp.domains%2F~chwsolut%2Fabout-us.html&ul=en-us&de=utf-8&dt=About%20us%20%E2%80%93%20CHW%20Solutions&sd=32-bit&sr=1280x720&vp=1276x560&je=0&fl=26.0%20r0&_u=AACAAE~&jid=&gjid=&cid=843688274.1552595166&tid=UA-91090046-1&_gid=2051324888.1552595166&z=1462649878 US
image
whitelisted
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2016/11/Megan-E-bio-Picture-150x150.jpg US
image
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2016/11/Megan-CHW-Brochure-pic-150x150.jpg US
image
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2016/11/cropped-CHW-Solutions-Logo-Design-Icon-Only-150x150.jpg US
image
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/2018/03/IMG_1079-150x150.jpg US
image
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/siteorigin-widgets/sow-image-default-b37b538aacbf.css?ver=5.1.1 US
text
unknown
3536 iexplore.exe GET 200 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/854-layout.js?ver=5b1a36bb71dae6535f9b1829110b8847 US
text
unknown
3536 iexplore.exe GET –– 74.220.219.168:80 http://chwsolutions.com/wp-content/uploads/2017/06/CHW-Solutions-Logo-Design-Horizontal-600x132.jpg US
––
––
unknown
3536 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
html
unknown
3536 iexplore.exe GET 409 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 US
html
unknown
2980 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2980 iexplore.exe GET 404 74.220.219.168:80 http://box2012.temp.domains/favicon.ico US
html
unknown
3536 iexplore.exe GET –– 74.220.219.168:80 http://box2012.temp.domains/~chwsolut/about-us-copy.html US
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3536 iexplore.exe 74.220.219.168:80 Unified Layer US unknown
2980 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3536 iexplore.exe 2.16.186.49:80 Akamai International B.V. –– whitelisted
3536 iexplore.exe 172.217.18.110:80 Google Inc. US whitelisted
2980 iexplore.exe 74.220.219.168:80 Unified Layer US unknown
2980 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
box2012.temp.domains 74.220.219.168
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
a.vimeocdn.com 2.16.186.49
2.16.186.83
malicious
www.google-analytics.com 172.217.18.110
whitelisted
chwsolutions.com 74.220.219.168
unknown

Threats

No threats detected.

Debug output strings

No debug info.