General Info

URL

http://www.sibatamasamitsu.me

Full analysis
https://app.any.run/tasks/69ba2dd8-af55-4226-acfd-e317afe5c795
Verdict
Malicious activity
Analysis date
3/14/2019, 15:30:36
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
opendir
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Changes internet zones settings
  • iexplore.exe (PID: 3328)
Reads internet explorer settings
  • iexplore.exe (PID: 3660)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3328)
  • iexplore.exe (PID: 3660)
Creates files in the user directory
  • iexplore.exe (PID: 3660)
  • iexplore.exe (PID: 3328)
Application launched itself
  • iexplore.exe (PID: 3328)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
32
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3328
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mssprxy.dll

PID
3660
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3328 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\t2embed.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

Registry activity

Total events
443
Read events
352
Write events
88
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
3328
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3328
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{C7CE8EFB-4665-11E9-BAD8-5254004A04AF}
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E000E001E003A001102
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E000E001E003A002002
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E000E001E003A00DC02
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E000E001E003A00FB02
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
40
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E000E001E003A006903
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
35
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://www.valenciagenthner.club/
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://fb.com/
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
zone
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
webex.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
msn.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
kaskus.co.id
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
bleacherreport.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
detik.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
guitar.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
ruten.com.tw
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
cloudfront.net
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
flirt
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
drive
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
ups.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
02C43A9372DAD401
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://www.asasas.club/
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://www.valenciagenthner.club/
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
http://fb.com/
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
zone
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
webex.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
msn.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
kaskus.co.id
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
bleacherreport.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
detik.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
guitar.com
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
ruten.com.tw
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
cloudfront.net
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
flirt
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
drive
3328
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
ups.com
3660
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3660
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315
3660
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3660
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3660
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3660
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
44
Unknown types
12

Dropped files

PID
Process
Filename
Type
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\d-math-word-problems-hard-math-worksheets-challenging-for-s-on-middle-school-math-worksheets-addition-the-best-i-challenging-math-word-problems-worksheets[1].jpg
image
MD5: 237f854e080f61b8f84ce22491bae79a
SHA256: 9f270c8beb91b6d2ae450c7f37f388a9fe649c0871817d4928fc4e9bc0d52f82
3328
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 69ec757b5e5c4b91dc88c15980367672
SHA256: 743ebc227494e7967fda097827bf32b2cfaffe73bea80d1ce513ff3202737ae5
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\d-math-word-problems-ideas-of-grade-word-problems-grade-math-worksheets-picture-in-difficult-grade-math-word-problems-hard-math-word-problems-with-answers[1].jpg
image
MD5: cd889d5f9fd6f73b032d4f24821de95e
SHA256: 8e6f8195dc94c28bb45fc88910840308d7a588ebbf5467c4d2258a0d441eecab
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\hard-math-word-problems-must-know-challenging-maths-word-problems-book-5-hard-math-word-problems-with-solutions[1].jpg
image
MD5: 1601e93fb9fb321f78480e3f7f0cd2d5
SHA256: 7051bfdbc2940408e21843d24bc4bb2a534a52b89f86c6a901cb1c00dc116cf1
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\hard-math-word-problems-other-size-s-hard-math-word-problems-with-answers[1].jpg
image
MD5: b18a7118a427fdccc5ae235e2952f1e5
SHA256: e7d3aba4c1b9de1922d6a22341bb335ff6875dd8c489ba79ec692a47e3ec849a
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\hard-math-word-problems-best-solutions-of-word-problems-fractions-grade-math-worksheets-with-difficult-hard-math-word-problems-for-7th-graders[1].jpg
image
MD5: cb31d77a47b66d75aea82740a278dfe8
SHA256: 6afdeb2782f38b7a74a069a48816ba3beb5f9a0d3afef4529b69d14fb1e2c2eb
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\hard-math-word-problems-math-questions-hard-math-practice-word-problem-on-com-math-workbook-hard-math-word-problems-for-7th-graders[1].jpg
image
MD5: 8543d79d2f40cf049b37b427f85e51af
SHA256: de5fe5dc6b597def5fb4d0554dedc3d97cae2ad3c1a54ed7b1b5a1535a4ab434
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\hard-math-word-problems-hard-maths-questions-year-year-specialist-maths-unit-exam-revision-short-on-math-word-hard-math-word-problems-worksheets[1].jpg
image
MD5: 11cc51ba039c42258cde845b1efbcd63
SHA256: 7b97f01947acccfca47bb836517309ffaa36aa27dfb5f04f3082c4b23eb29bba
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\hard-math-word-problems-hard-math-word-problems-for-3rd-graders[1].jpg
image
MD5: b866d9d5c8bd9ff5a3e52fdc404a3451
SHA256: 9a3da8cdef17f4d6f28690322516a832c37cbec300b04c7de78d82439a309970
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\hard-math-word-problems-hard-math-word-problems-for-8th-graders[1].jpg
image
MD5: 634b87c04355cd737a2356e917cda9bd
SHA256: d3301d28aaac46a9141bf6c207b75834dd6b80f695b5992c77cefaa7698ee81d
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\hard-math-word-problems-hard-math-word-problems-worksheets[1].jpg
image
MD5: 585ecc3c80688c2af1c99f029e3735ab
SHA256: 000e020c1fb2da523cb7b5b8ccaa9631221ec73d21277e7dcac8dd7fc9152f92
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\d-math-word-problems-best-ideas-of-middle-school-math-man-challenge-of-the-week-on-difficult-grade-math-word-problems-hard-math-word-problems-with-answers[1].jpg
image
MD5: d82786819524eaa2de612cb3f5c3fa62
SHA256: 251356ae22569e2aff59515f26ef760d71bcfa1ea49cf311514a9c73f9aec109
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\hard-math-word-problems-hard-math-problems-for-graders-grade-5-grade-6-grade-7-are-challenging-math-word-problems-worksheets[1].jpg
image
MD5: 568597aed480df79fe956ea8650dbac3
SHA256: 1a676e0cbf12c54c7ae4a04207653d15e66fdd05f66a61ab7ec781999c2e1555
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\hard-math-word-problems-equations-distance-rate-time-word-problems-hard-hard-math-word-problems-for-5th-graders[1].jpg
image
MD5: 16a1ea6a38a22f32ab234def1ab1b121
SHA256: 027651976aca595da379bfdc3f6db3725d7f3add7c788119ad63550aa4dd78cd
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a4abef8ce223043252d42ae94ee28bc1
SHA256: b0278531dd2cfde219311c15fa7529c8e34e6d36af00a1ffe22916c593938af5
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\hard-math-word-problems-best-ideas-of-math-worksheets-for-grade-1-word-problems-grade-1-math-word-problems-term-hard-math-word-problems-for-5th-graders[1].jpg
image
MD5: 846ff7adb98ac19d8ecfe4732396848b
SHA256: 6e9e2fffe4cec366da0b08e345f0c5ddf7fe9cb10c3cf0e5302bc8b32e17abb8
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\hard-math-word-problems-a-primary-math-us-6-challenging-word-problems-hard-math-word-problems-for-3rd-graders[1].jpg
image
MD5: 53132e8c55109c367fc91be420c27bcc
SHA256: cf8d7d736134d256b76f6805e2b4ac93c5a1306495cba41e66c167f143243840
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\hard-math-word-problems-a-primary-math-us-1-challenging-word-problems-hard-math-word-problems-for-7th-graders[1].jpg
image
MD5: 329ed064bc8f7016b0713de0d7869499
SHA256: 5c0c330a64ea3e48fec2fcabe05837b85fc0302edda411debf23b3bfe94773a3
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\JTUSjIg1_i6t8kCHKm459Wlhzw[1].eot
eot
MD5: 29c1d31f7d9bc4f5c1841eb14fbf5cd7
SHA256: 45ea589c36cd33266bc70b81bd0c42332fbbb6fa58939cd31282096624f7fda8
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fontawesome-webfont[1].eot
eot
MD5: 674f50d287a8c48dc19ba404d20fe713
SHA256: 7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\4UaHrEJCrhhnVA3DgluA96rp4w[1].eot
eot
MD5: b2958ead874df0d3ed1202291bc5c22e
SHA256: 9b7f1e7eb25d763698135ecc254c467288bc90b1fdfeeec743322110183e288c
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\font-awesome.min[1].css
text
MD5: a0e784c4ca94c271b0338dfb02055be6
SHA256: 820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\style[1].css
text
MD5: caf33df2243cd59f2383bdeac4c37a66
SHA256: a12be6b61f9ce9d17c37161ca4d1afd3159e399affd3f273d3681457c432f5b5
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt
text
MD5: 54eeaafa3c2ed7ee67224dc7e5c3455b
SHA256: 66f8b666849f1d1917cabf38239354de0bbb9089c6895457eba0c2edbe2cc6b8
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jquery[1].js
text
MD5: 8610f03fe77640dee8c4cc924e060f12
SHA256: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wp-emoji-release.min[1].js
text
MD5: 15d0c302dc74fd87bd9cfeab513e13e4
SHA256: d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery-migrate.min[1].js
text
MD5: 7121994eec5320fbe6586463bf9651c2
SHA256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\asasas_club[1].htm
html
MD5: 2e89e5aa2bf58195f69b8773a3733105
SHA256: f044f5af34d378dc4ed319736c74fe529ae41c33f88acf2f6eac1d2d1f927c18
3660
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f0852bfeb293199dd06ebf600f4d32a4
SHA256: 48be6b4ce865750e6d1e4231f8e9add4366a5356e90d3996cb21cfe1aad4ca7e
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\hard-math-word-problems-multiplication-word-problem-worksheets-grade-hard-math-word-problems-for-3rd-graders[1].jpg
image
MD5: ee495f35d3d2b532f9bd4b72636f57bd
SHA256: 19ee951db4ed9eba3aa343b05d9c0aa5f93f266c08d8672aec2ad6b1c5954525
3328
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: b867623f0ebbd8ab345565274147b055
SHA256: c143aa9ccbe094d3f458d4d13a31b0d3cd656aed6eb73274d833390c2c37fd04
3328
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 03c2808940acc68bd39f1bfad3d03c90
SHA256: 12deae34657def75581fb1414cf6e80e162fc756a9e1a44e9e15220774a369a3
3328
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: 2d3fb21e46904bad4dd27f0e5778f21c
SHA256: 270e0742e014cff5911d2531cb8fefe6769bf313704d8efcc6e5ce9df052944c
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: 449145f7bd98e90e915a0e087a868199
SHA256: a0330b32fa35c3d8e7d6d1f924cddc699de0d469a035d0e0dea0b9a69d7d99de
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\opensans-400[1].eot
eot
MD5: 77ff7c7f933f217ef1293452e6de6de3
SHA256: 278eca87489ac9998015a84141632dcc778c16df71958835029879ea3d3bfbbc
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\opensans-700[1].eot
eot
MD5: 5281996fc5e0b7a766eaee928bd7123e
SHA256: 368b82fdf6e99815f10efa81120057ed3ea283c4a5abc4e5204473578a1ac0fe
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\opensans-400i[1].eot
eot
MD5: b65a44e1c6c2d42daf9f20a8c08e067b
SHA256: 2d80a84811db8fc86ddccaa07fd4e8df22c33b578f674d21bc4efbeaaab7594b
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\error_icons[1].png
image
MD5: 6547c5fb2d63fcb74cd2467030071c18
SHA256: 09b4776a08d6df046909a3a3f54a9b58c858d55c0abbfeade9bbdeabc025118f
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\opensans-600[1].eot
eot
MD5: 2010fb390506d647ffd001661bb9167f
SHA256: e4731df81feb1afcfed0f3d583bd0760b550af9d7b6e499c65ad0d771fcf4e36
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\opensans-300i[1].eot
eot
MD5: fc2cb1a0bbf3294cd276fdc34538d0f2
SHA256: b5b38b2fc120908c86f73a14a6b18e98f230a4b4e4be0566edc5799be289df0b
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\opensans-300[1].eot
eot
MD5: 566e3a1d44c9cdb02891828c686a60a6
SHA256: a95920ff81b2bc13a269aac4e13d17db7303bd442e847eee2aad411716b04202
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cf.errors.ie[1].css
text
MD5: b6664be34fa5f99c65e55e8d721cb511
SHA256: 5e490c30bfdfbddad8d38d625ad878e7cde78ea766538efbda82add7f19f435b
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cf.errors[1].css
text
MD5: 3d041bd798b1c6a68c1cb4f3a1fd6b8a
SHA256: e2dba22a9ee028e3aa09baa7c36e14c86effba2516862aad01019c06e757b375
3660
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: c9f394e5bb8d7cad2ccd328d99d1f506
SHA256: 1b307a848e270af708516eb6354ea9e6e84feb89dade251837b55dcfc735f729
3660
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0619710f0def20daec0286f7d18419e2
SHA256: 7c0eb8ca5a16109de964c2f7c7911750871a1b58c947e062ee2797c0d60e9ec3
3328
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: be28da3bc863828ce411e3712849535d
SHA256: 8f00319d6b68382f179c3b4e2d5160b25d7bb22371825aae09e238824afbccab
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3660
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
3328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3328
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3328
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
40
TCP/UDP connections
18
DNS requests
7
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3328 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3660 iexplore.exe GET 521 104.27.145.40:80 http://www.valenciagenthner.club/ US
html
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/cf.errors.css US
text
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/cf.errors.ie.css US
text
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/fonts/opensans-300.eot US
eot
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/fonts/opensans-700.eot US
eot
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/fonts/opensans-600.eot US
eot
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/fonts/opensans-400i.eot US
eot
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/fonts/opensans-300i.eot US
eot
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/images/error_icons.png US
image
suspicious
3660 iexplore.exe GET 200 104.27.145.40:80 http://www.valenciagenthner.club/cdn-cgi/styles/fonts/opensans-400.eot US
eot
suspicious
3328 iexplore.exe GET 521 104.27.145.40:80 http://www.valenciagenthner.club/favicon.ico US
html
suspicious
3660 iexplore.exe GET 301 104.27.145.101:80 http://www.asasas.club/ US
––
––
malicious
3660 iexplore.exe GET –– 104.27.145.101:80 http://asasas.club/ US
––
––
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/themes/leento/style.css?ver=4.9.10 US
text
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-includes/js/jquery/jquery.js?ver=1.12.4 US
text
malicious
3660 iexplore.exe GET 200 172.217.22.10:80 http://fonts.googleapis.com/css?family=Bree+Serif:400,700%7CMontserrat:400,700 US
text
whitelisted
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-includes/js/wp-emoji-release.min.js?ver=4.9.10 US
text
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 US
text
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/themes/leento/css/font-awesome.min.css?ver=4.9.10 US
text
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/themes/leento/fonts/fontawesome-webfont.eot? US
eot
malicious
3660 iexplore.exe GET 200 172.217.16.131:80 http://fonts.gstatic.com/s/breeserif/v8/4UaHrEJCrhhnVA3DgluA96rp4w.eot US
eot
whitelisted
3660 iexplore.exe GET 200 172.217.16.131:80 http://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459Wlhzw.eot US
eot
whitelisted
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-a-primary-math-us-1-challenging-word-problems-hard-math-word-problems-for-7th-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-a-primary-math-us-6-challenging-word-problems-hard-math-word-problems-for-3rd-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-best-ideas-of-middle-school-math-man-challenge-of-the-week-on-difficult-grade-math-word-problems-hard-math-word-problems-with-answers.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-best-solutions-of-word-problems-fractions-grade-math-worksheets-with-difficult-hard-math-word-problems-for-7th-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-best-ideas-of-math-worksheets-for-grade-1-word-problems-grade-1-math-word-problems-term-hard-math-word-problems-for-5th-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-equations-distance-rate-time-word-problems-hard-hard-math-word-problems-for-5th-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-hard-math-problems-for-graders-grade-5-grade-6-grade-7-are-challenging-math-word-problems-worksheets.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-hard-math-word-problems-for-3rd-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-hard-math-word-problems-for-8th-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-hard-math-word-problems-worksheets.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-hard-math-worksheets-challenging-for-s-on-middle-school-math-worksheets-addition-the-best-i-challenging-math-word-problems-worksheets.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-hard-maths-questions-year-year-specialist-maths-unit-exam-revision-short-on-math-word-hard-math-word-problems-worksheets.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-ideas-of-grade-word-problems-grade-math-worksheets-picture-in-difficult-grade-math-word-problems-hard-math-word-problems-with-answers.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-math-questions-hard-math-practice-word-problem-on-com-math-workbook-hard-math-word-problems-for-7th-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-multiplication-word-problem-worksheets-grade-hard-math-word-problems-for-3rd-graders.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-other-size-s-hard-math-word-problems-with-answers.jpg US
image
malicious
3660 iexplore.exe GET 200 104.27.145.101:80 http://asasas.club/wp-content/uploads/2019/03/hard-math-word-problems-must-know-challenging-maths-word-problems-book-5-hard-math-word-problems-with-solutions.jpg US
image
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3328 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3660 iexplore.exe 104.27.145.40:80 Cloudflare Inc US malicious
3328 iexplore.exe 104.27.145.40:80 Cloudflare Inc US malicious
3660 iexplore.exe 104.27.145.101:80 Cloudflare Inc US malicious
3660 iexplore.exe 172.217.22.10:80 Google Inc. US whitelisted
3660 iexplore.exe 172.217.16.131:80 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.sibatamasamitsu.me No response unknown
www.valenciagenthner.club 104.27.145.40
104.27.144.40
suspicious
www.asasas.club 104.27.145.101
104.27.144.101
malicious
asasas.club 104.27.145.101
104.27.144.101
malicious
fonts.googleapis.com 172.217.22.10
whitelisted
fonts.gstatic.com 172.217.16.131
whitelisted

Threats

PID Process Class Message
3660 iexplore.exe A Network Trojan was detected ET TROJAN XLS.Unk DDE rar Drop Attempt (.club)
3660 iexplore.exe A Network Trojan was detected ET TROJAN XLS.Unk DDE rar Drop Attempt (.club)

Debug output strings

No debug info.