General Info

URL

http://jdsports.top/

Full analysis
https://app.any.run/tasks/39aa15d2-1837-43be-b0bd-6708b64fb2f4
Verdict
Malicious activity
Analysis date
1/10/2019, 19:12:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • iexplore.exe (PID: 3280)
Reads settings of System Certificates
  • iexplore.exe (PID: 3280)
  • iexplore.exe (PID: 2884)
Changes internet zones settings
  • iexplore.exe (PID: 2984)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3280)
  • iexplore.exe (PID: 4048)
  • iexplore.exe (PID: 2884)
  • iexplore.exe (PID: 2760)
Reads internet explorer settings
  • iexplore.exe (PID: 4048)
  • iexplore.exe (PID: 3280)
  • iexplore.exe (PID: 2760)
  • iexplore.exe (PID: 2884)
Application launched itself
  • iexplore.exe (PID: 2984)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
35
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2984
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll

PID
3280
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\credssp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
2884
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71938
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
2760
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71939
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
4048
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71940
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\msimg32.dll

Registry activity

Total events
1110
Read events
987
Write events
120
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2984
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2984
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{4890A059-1503-11E9-AA93-5254004A04AF}
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307010004000A0012000C001B004500
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307010004000A0012000C001B005400
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010004000A0012000C001B00D100
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010004000A0012000C001B00F000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
30
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010004000A0012000C001B002F01
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
24
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011020190111
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011020190111
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011020190111
CachePrefix
:2019011020190111:
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011020190111
CacheLimit
8192
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011020190111
CacheOptions
11
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011020190111
CacheRepair
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
6A06C00D10A9D401
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010004000A0012000D000E006103
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010004000A0012000D000E007103
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010004000A0012000D000E009003
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
21
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
5
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010004000A0012000D0011003902
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010004000A0012000D0011005802
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
31
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
5
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010004000A0012000D0011007702
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
19
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
6
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010004000A0012000D0013001001
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
6
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010004000A0012000D0013001001
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
23
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
6
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010004000A0012000D0013001001
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
18
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
7
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010004000A0012000D001700B602
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
7
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010004000A0012000D001700D502
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
25
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
7
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010004000A0012000D001700E402
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
17
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
8
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010004000A0012000D001E00B200
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
8
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010004000A0012000D001E00D100
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
20
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
8
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010004000A0012000D001E00E100
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
LastCrawl
ECEC423110A9D401
3280
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011020190111
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011020190111
3280
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011020190111
CachePrefix
:2019011020190111:
3280
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011020190111
CacheLimit
8192
3280
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011020190111
CacheOptions
11
3280
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011020190111
CacheRepair
0
3280
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829

Files activity

Executable files
0
Suspicious files
2
Text files
81
Unknown types
4

Dropped files

PID
Process
Filename
Type
2984
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFCCCB0E8D4664626F.TMP
––
MD5:  ––
SHA256:  ––
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\BrkWQBYeWQJdrvvW[1].jpg
image
MD5: c5e9d1042010041701d959745951da66
SHA256: eeeeecd93dbc85ab4cb0ee82c41c8b9d0f66a2f042de8443ae4b574c73ff3458
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{6E4FBB38-1503-11E9-AA93-5254004A04AF}.dat
binary
MD5: 517c8de85c1dd3436567e20be810ad42
SHA256: 5a364cecbc9bd1ac3853f7e33b0cf2793ea653a158219a0e7c906375ea642333
2984
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF27DCB5576C3A7C6F.TMP
––
MD5:  ––
SHA256:  ––
2884
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[2].htm
html
MD5: 8646887488aa7652445d5cc74d26f0c0
SHA256: a9b9956d9e8cd8d69b928002f9b3244b797d760e1c3930fa215a235bd2cde93e
2884
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].php
––
MD5:  ––
SHA256:  ––
4048
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\f[1].txt
html
MD5: 73cd7f14c4fa4bc5618ebda8f35c3562
SHA256: fcbb02f309aa2c5ecd3886bd713cf3075144a15a9439514c385fdb9bc6172962
4048
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
4048
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\index[2].htm
html
MD5: 6422056e3b3d62bda358671e79243d4d
SHA256: 131df5228caf71aa62a70f97bc5fbf1d54549d76304ed22d8f4106afc6bf9f3a
4048
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\index[1].php
––
MD5:  ––
SHA256:  ––
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\index[1].htm
html
MD5: 6422056e3b3d62bda358671e79243d4d
SHA256: 131df5228caf71aa62a70f97bc5fbf1d54549d76304ed22d8f4106afc6bf9f3a
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\index[1].php
––
MD5:  ––
SHA256:  ––
2760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\f[1].txt
html
MD5: 73cd7f14c4fa4bc5618ebda8f35c3562
SHA256: fcbb02f309aa2c5ecd3886bd713cf3075144a15a9439514c385fdb9bc6172962
2760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 01c9f51f5fa33f50d8f399d1abd5b176
SHA256: 8b41a011bf9531b55e5871ee35329548d957b307002bcfbc281238b1f7448af4
2760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
2760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\index[1].htm
html
MD5: 112cf1ae8aad6939a57fd6aa82b73c9d
SHA256: 9b4846ab196d716d4764dc144e209be2aae50074aba931a6e50e773a8d7c03d5
2760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\index[1].php
––
MD5:  ––
SHA256:  ––
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].jpg
––
MD5:  ––
SHA256:  ––
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].jpg
image
MD5: 70f1149673c6dc1dbc96101a3c41693a
SHA256: a1a350824f313e8709918ac14b85033fd3c4352c888941c2c6c0a9d9414e3c33
2884
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\f[1].txt
html
MD5: 73cd7f14c4fa4bc5618ebda8f35c3562
SHA256: fcbb02f309aa2c5ecd3886bd713cf3075144a15a9439514c385fdb9bc6172962
2884
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\button_back[1].gif
image
MD5: b383b3b0f6d8a5a3075ae481ff428905
SHA256: 8db7867795832a6fb8fcb53b2bcf59230cab6080e6286f65fb56ca02290cf63e
2884
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
2884
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].htm
html
MD5: 43ec8c3418afe4acb803fcccf5622764
SHA256: 78d07a24f5ad22aaf6ac015bac03f8c291ab96cb1c451c251b9905ab7d71fafe
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\inaadex[1].png
image
MD5: 3b07377281e4d0a947a12fe32f22c28f
SHA256: 6d581de55cf9323239ec4fbecf96d5ccbabff7ddd5612b73777f7d171626b15b
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\icon_xia[1].png
image
MD5: 42b805fef73ccc9ccba3544aa07ad72a
SHA256: c26decee15368975abd6434ed7f67b2d787a056daf3ecb9482b82d21703ef634
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011020190111\index.dat
dat
MD5: 6f951284b583c26961b53af71df887a6
SHA256: 176dda88016d1f4524481b868b2efc2c32b37ba059e146cfe59039676432223a
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011020190111\index.dat
dat
MD5: 4fe428b661c2d0686cafa053bf1224b2
SHA256: e36895f87c59f60703fecf1bf5c0d901a44d9ae30dcc29e07fb9a8d6e431a88d
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\safe[1].png
image
MD5: 8f5b867f143ed066721e7d2c488b29ae
SHA256: 6e712599e6cfc5ea932837fd26965accd5c3ddbbc8bfed4ba81aa06f45b9560c
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\youtube[1].png
image
MD5: 5d6a2fa7cb5ce5c1663374d6dc7e7d4a
SHA256: 0ad3732c792ae7536f84523988a6472846336fd7288161060f452ea05314bc43
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\snapchat[1].png
image
MD5: 4b08d59052eb21be8d1e34824e2445f0
SHA256: 30a6905581dbb7f542618c44a53c3e21c552d8b87e77ee85a47bb6075283ce62
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\Instagram[1].jpg
image
MD5: 4b60e0a9226e035009ce2b2f72d2542c
SHA256: f9db1d0a105901dbf9c618118674e32f8e19ea6c66c2b1a451db148d47b2529b
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Twitter[1].jpg
image
MD5: 6f838b047eafe1051e0e7ff6345f3f4f
SHA256: b14d73ac96d310cac9d8be7cf685fa6728339281c29eb29332fece28dcae2216
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Facebook[1].jpg
image
MD5: 3f8cacf69440cde670c59bbf4ab75f72
SHA256: 3c95ce3787ec8f31cc76edd43c4956b4eb637c01d90557b3821a7697955ef4a9
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ecom-usp-extensive[1].jpg
image
MD5: 5aee2c53f77c4d66ea5b15d93adf1110
SHA256: b8cdadac1d554abb8d695eca9315e08d518a969dd3713c9cff6e0b60cd757a3f
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ecom-usp-icon[1].jpg
image
MD5: a987e69e6320771c1afbd46ef87abace
SHA256: 0af16260842f3bd2d4754b1233c9ebf011af2827cc476299de94d206d76daff2
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ecom-usp-free-delivery[1].jpg
image
MD5: 705cbc2de1484185b5ce5431b0f157ba
SHA256: 78a6564274218754734e33ffa609f09134e96a483753f65ef3edd5b07c2b0b1e
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\country-select-arrow[1].png
image
MD5: e36d5e595521c98ea86a0bef35826c15
SHA256: a5e96cd09c1956cdff43feeb1bb4848dbf8f4218b36838632e2c8ca62e0f69c7
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\go_to_top[1].png
image
MD5: b51aa00550d52b39c119ae9166c796f0
SHA256: 6d94ae256e8aef68a1e83c5cbefbe34921ec8c0fbd0363029b475d61ec15b2bf
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\G8nWyOlB0pgOWSTC[1].jpg
image
MD5: 157fefed9b997c895957ccd8d1374845
SHA256: c63a405a5f36a0a2201887359a393cd257f02ebf60581cf45a420ffc27d15a0b
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\SoNJVTL4kFJvNbkq[1].jpg
image
MD5: 866bcbb10960797a9bc25230bf465881
SHA256: 1826b2f6ca48293acd609c3c3653af4dd28726c740806a40f373bfa589ff0d0d
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\OSMlYi5PokxeQH0F[1].jpg
image
MD5: d97258f4364e1cade055f1b628682186
SHA256: 71cfe410a1de3ae9eb2deb1a5d49dfd13660a9130cd6275394e2ac0b34f35391
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\De4Y3DuSFAVTsZAl[1].jpg
image
MD5: eaf4f8020b2cb345fbb06176cfeed89c
SHA256: 13ae17d33ba132640379fb31c198ea12bb0b8913188581e0d48392ea59489388
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\2e2VFZH5IYst6ktw[1].jpg
image
MD5: 9fe0a09a069dee3e735f3cb1de13675e
SHA256: e55c26b90338390a80731cba029e72e493430eabda40c8d44ca11e4d886e549d
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\gSGTlOsAc7EYyQDl[1].jpg
image
MD5: d94d041f15cc5eb0a2a4932bbc5aee39
SHA256: 9842a497c39d9271c24bfc66fe61cf20c4f1a8a32d50067cf97716304a3bb11d
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\rwfc2iKjeCFmYYnJ[1].jpg
image
MD5: 8bee3a0d4e70399cb54ad14036d8bead
SHA256: 28ed1eb198bf776512cafb0a63cc7356f59c914bb72491f150099e211f0e9c36
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\f[1].txt
html
MD5: 73cd7f14c4fa4bc5618ebda8f35c3562
SHA256: fcbb02f309aa2c5ecd3886bd713cf3075144a15a9439514c385fdb9bc6172962
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{651E8A3F-1503-11E9-AA93-5254004A04AF}.dat
binary
MD5: d6822be9a65a6e674d202a2a8d02945e
SHA256: 09d5730cca2d57f82ab59de722c80e372b5750b98c2c60a61f40e89cd0e8aa28
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\VeeM4hlLDF0IILVW[1].jpg
image
MD5: 0145dfb96941f0bfa03cd2ee734b0a20
SHA256: 8441e0f90da2f42ad8ab1f2f614a820a24a10ad9a4e957ffe0d3afcb5ac48e3d
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\itzqg5sgwnLU1nJl[1].jpg
image
MD5: 90d3db38919c670adb162fed13a7f1e6
SHA256: 0f73c27f16968e8bc077d2ae53bb3517097ca81940b962905344223fb9a4c78f
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\HwvxI2uL0azC6nI0[1].jpg
image
MD5: 89302991ed33b035b52aa1db909de5a3
SHA256: dec47b8ba03f5db5a44b7b080dbc90bc41ef1a89053064a5823b0fa7ad24f5c9
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\kHG9psdICZrVHmWo[1].jpg
image
MD5: 992653997bd4cb158c03b9aac09f2ac7
SHA256: 10c2a49a737cce82169558020cfec3801439b64f1e9a4269a464b90c5fc8fab8
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ADadmK62GK4GaFPj[1].jpg
image
MD5: 78cbcdb6422e31aedace90a46e79d95a
SHA256: f6f7255951362eeeeee45ac7319bcb4029ac73dfb361f7dc66c7af48cd7d6da5
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\0ME1WcKkk5dmtWYu[1].jpg
image
MD5: b40ef591e867f6a131454a3f95e91423
SHA256: 65e590035c339df68aa4063ec094c0ba5c5c7039a4941bb75ba29fc1007bad77
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\iesYO4HwBlhxaKuj[1].jpg
image
MD5: cf7103d4af2f75395ee12fc443d77160
SHA256: 2c56dda63887b0d08c73f421c3df50f1c60f0baf7f254f3b448f4bc18253fe89
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\TpXscVbZGUiauEbc[1].jpg
image
MD5: 2a456f85d45ebf5a5eecfc00e4b10bc6
SHA256: 988bfc50c3a2b5a8b284aa14a666164762f1cc0206eba846ed05efeb65fc8785
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\RckePjwqisFiKRCi[1].jpg
image
MD5: e5a7d8c224f2292fd164f9c0dcc942b5
SHA256: 5ec9eb3dd384246add04cc526500e58836b5bc8fda72c91c5dc71f9159e0bf1f
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 8886641d590d896d40b43c42235861ad
SHA256: f7de58f73b39c747fd785cc377bf2ade5fd27bd17f7000e5dc433afca44a235e
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\R6RHZqB0qI4jEO2G[1].jpg
image
MD5: 177188e41d0c4acddbc497f04bd4cc81
SHA256: 8edf0cabd776deb2054d69ddcc396843efdd77105f568d71806cff06a76fa0f3
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\fVPkE85zLO9UnPKA[1].jpg
image
MD5: 67e4ae70114e2e3f8ec241d83a3a45c3
SHA256: 5de313158e6a98e085de82b584f2a1b1780a4f9a5e38ca690198b61b68d1e620
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\1[1].jpg
image
MD5: f821c9c6721918af1e14f64526aef48a
SHA256: c11212c258bcf53255c3c4d4d7711aa9b04d85755c4a7123af5eee4385988451
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\3[1].jpg
image
MD5: 6b7f8177b7dea50f4d7cc08bb417852c
SHA256: 370a694b4b5c021603042be51956c0545a35106901dae8b97d7c2a70c52ee163
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\2[1].jpg
image
MD5: 82cdb1886cc050e28e0ed6bedcaf7d4b
SHA256: 2e1042b18fc8d1ae29527778fdd48864e7fdfca55b08f5c3f46a56eeb6a78893
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\L3KxCkUVDkV40eXQ[1].jpg
image
MD5: f0c13b03f12fb70eb624bb8159eb576d
SHA256: 6e25ab3cbdb58a2f7f614be016ddc1dd54121f4e5275e25fbaeb448caae44026
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\arrow_down[1].gif
image
MD5: 3ac64d523029669a03f24d3e501e61ce
SHA256: 2cdb0318804c5157ed66040e0ce6f7b617ab5a9e9d90fcc611a632df924883ba
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\21[1].png
image
MD5: 1a31868f72af05dcbfc80bded2743788
SHA256: b9ad9fc9c21f2aa79e67783b19e1a341a39e4770617b1416c9149d60ff79bea8
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\header_icon_register[1].gif
image
MD5: e253f670adb502eac47827e4b7b40e77
SHA256: d5612eca83df9ad5b0855bf545472f285568b9a021290494c7244df1158cf6c8
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\scrollbtn1[1].png
image
MD5: f02e31a350054ab8131fb07d6512e02e
SHA256: db3a779792d05ba35b1de5e3e6f118560ac4810d7793483f1dde0459fe942803
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\close_pic[1].gif
image
MD5: 870d46133d0c4361886ff23522b3fe41
SHA256: 7d9c0764f2cae39aeb12d5f9396cb63d25a0227edda9821c18789197d8018ea9
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\header_icon_menu[1].gif
image
MD5: 66083baae04406789fbdf0bb0933f0e9
SHA256: 600c9692330edc06be5da3049d59b1a437b0435666993c806b230f802143c537
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\header_icon_cart[1].gif
image
MD5: 543874c449809fd2da143f60534541c5
SHA256: a3c405e671e4a49403102e8fbde7d0b9e1880238cc1b8668d53b880004ee060c
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\spacer[1].gif
image
MD5: 1c7a3dc7d7d329b796b651a5a439c4fb
SHA256: b66148b870defc89e420958852610d461ce77b92eac0196fdfc9ec57ae40b769
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\logo[1].gif
image
MD5: 60087e820e93f84e174540a8b4bb4030
SHA256: 6136522afcee1bebbae08b4b9a90f210a011119fd0cf79c4fa97bb9c6d87223a
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jscript_z_swipe[1].js
text
MD5: 6602f65afb8906a18006e242e424afe1
SHA256: 92b2679c6216c4022071f5d00a397ac99b98be7e7fd47c14fb1492f916e4cffd
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jscript_jquery-touchslider[1].js
text
MD5: b1c97732fcfa3be6457c0b2320b01a97
SHA256: f50c4bd617a6ab13114b502942580804630d54dbf84b48ad4d60f32728f8738c
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jscript_xcategories[1].js
text
MD5: 0ad9f5b63cc81e33e6f0f4342cb1d1ff
SHA256: d668776af15def1fb0fb4b21f07f9c3d79ca4025c13a0c94a355ffd034122656
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jscript_jquery-1.8.3.min[1].js
text
MD5: e1288116312e4728f98923c79b034b67
SHA256: ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jscript_jquery.cycle[1].js
text
MD5: c36ee71a9dd26d6f3fea9531b48ff140
SHA256: f969671cdbae0007370b6e1fdfe99a24da6b5c90fdbbc68499b79d6e2b6c306e
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jscript_slider[1].js
text
MD5: 9658566209061c3bf88c97ac17682b1a
SHA256: ad7a1ec74bca5021598899453a043e3fdf7105c0fbe8d7e57261991d33799e64
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jscript_menu_conf[1].js
text
MD5: f03bc391ba617a0bc6d70fc098fa2bf0
SHA256: 4dc3ea0106f36a9141c6f0972e80e0bb5922ca0dbc2b6314e59094b362844ffd
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jscript__jquery.min[1].js
html
MD5: 20823d253933e36fad8f20eff982368a
SHA256: b9978e48086a6856e1114c78b7a5993a82ba246ac0f2e20b61b627b2238cd28f
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_res[1].css
text
MD5: 9d6a8d74f3dadc939495bcc642fb6995
SHA256: bb25bc59ceb288f161b5c829f80a69fe4f3b75a248316ae28cf3126ba5e96d08
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_categories_menu[1].css
text
MD5: a11594a88669a36d6605cf4e0eab49eb
SHA256: 48c413d1fb3d8c65a66476c4095fdc3c45be5dea30d4a7296e97271c92ec5f63
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\stylesheet_znew[1].css
text
MD5: 0f31caedd1e37406c75151b1c22a6cec
SHA256: 75807ec9f513c0923cfea32ebda81e228f0a33a5773253f82bb52d30c952caae
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stylesheet_productupdates[1].css
text
MD5: 666d49d8649fae80bdc7dc01a6b3c7d6
SHA256: d84e98bf39118d1dde7441fc4c3fc054c874e491edf892e09f62390cb582019e
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\stylesheet_footer_menu[1].css
text
MD5: 4d33f605b1a4afc3a6c181114966cec2
SHA256: 2136357cb5267aaa449549cea9d7940cbc37f1ecfbf69cf79044d9ece631154c
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stylesheet_slider[1].css
text
MD5: 9fde55290bc21d5c14f9402fe9ecec2a
SHA256: 60050aa6f2abe6b74e95fc6606a23da2284193b9d7e5f1fe5f55c90bc5f09147
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_css_buttons[1].css
text
MD5: 2b43c5405a583ccc26c735a8a0c73b65
SHA256: f6205680ede12d120a99e66448b68438cafdc200ada324ef14a12451b6090edc
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_cart_header[1].css
text
MD5: c7af725ce3db549f0c123e6b47eebcb8
SHA256: 2230dc3c3e53321d9738060d44014c60ba1aad66270aa2bfa222a2a4d0ad8cf4
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_select_popup[1].css
text
MD5: 915f779982573421343f4d78735aac7f
SHA256: db554d36f8b62df5f880d235d01183ddb53d12fd273268bfa0c63bd2ad0fe56a
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet[1].css
text
MD5: add00dcc998f2d5e6c2c5c9f63d610fd
SHA256: 8bd5ad0021936541aabc78542eecc499f87c7030c5f467582233052ca5c389c4
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jdsports_top[1].txt
––
MD5:  ––
SHA256:  ––
3280
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jdsports_top[1].htm
html
MD5: 7b59114cd1139976ed02a601001d1187
SHA256: d3ea0f1200e1e90cea62b6fb1f423907a15219e3774b28792b0dc6bbf7c2ab0a
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2984
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2984
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
85
TCP/UDP connections
26
DNS requests
8
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2984 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/ US
html
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_cart_header.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_css_buttons.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_footer_menu.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_productupdates.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_select_popup.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_slider.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_categories_menu.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_res.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript__jquery.min.js US
html
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_znew.css US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_jquery-1.8.3.min.js US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_jquery-touchslider.js US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_jquery.cycle.js US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_menu_conf.js US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_slider.js US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_xcategories.js US
text
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_z_swipe.js US
text
suspicious
3280 iexplore.exe GET 404 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/salomon.jpg US
html
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/spacer.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/close_pic.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/header_icon_menu.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/logo.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/header_icon_cart.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/scrollbtn1.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/header_icon_register.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/21.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/arrow_down.gif US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/1.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/2.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/3.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/TpXscVbZGUiauEbc.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/fVPkE85zLO9UnPKA.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/L3KxCkUVDkV40eXQ.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/R6RHZqB0qI4jEO2G.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/RckePjwqisFiKRCi.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/ADadmK62GK4GaFPj.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/iesYO4HwBlhxaKuj.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/0ME1WcKkk5dmtWYu.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/kHG9psdICZrVHmWo.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/HwvxI2uL0azC6nI0.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/itzqg5sgwnLU1nJl.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/VeeM4hlLDF0IILVW.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/2e2VFZH5IYst6ktw.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/BrkWQBYeWQJdrvvW.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/rwfc2iKjeCFmYYnJ.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/SoNJVTL4kFJvNbkq.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/gSGTlOsAc7EYyQDl.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/De4Y3DuSFAVTsZAl.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/OSMlYi5PokxeQH0F.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/images/nk/G8nWyOlB0pgOWSTC.jpg US
image
suspicious
3280 iexplore.exe GET –– 183.131.207.78:80 http://ia.51.la/go1?id=19824525&rt=1547143950787&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=32&ds=The%2520world's%2520best%2520bras.%2520The%2520sex&ing=1&ekc=&sid=1547143950787&tt=Nike%2520Sneakers%2520Sale%2520Store%2520Online&kw=Air%2520Jordan%2520New%2520Arrival%2520Nike%2520Air%2520Max%2520Nike%2520Air%2520Zoom%2520Nike%2520Free%2520Nike%2520Casual%2520Shoes%2520Nike%2520Lunar%2520Nike%2520Roshe%2520&cu=http%253A%252F%252Fjdsports.top%252F&pu= CN
––
––
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/country-select-arrow.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/go_to_top.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/ecom-usp-free-delivery.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/ecom-usp-icon.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/ecom-usp-extensive.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/Facebook.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/Twitter.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/Instagram.jpg US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/snapchat.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/youtube.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/safe.png US
image
suspicious
2984 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/favicon.ico US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/inaadex.png US
image
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/arrows/icon_xia.png US
image
suspicious
2884 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/index.php?main_page=page_3 US
html
suspicious
2884 iexplore.exe GET 404 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/salomon.jpg US
html
suspicious
2884 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/buttons/english/button_back.gif US
image
suspicious
2884 iexplore.exe GET –– 183.131.207.78:80 http://ia.51.la/go1?id=19824525&rt=1547143996881&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=0&vd=2&ce=1&cd=32&ds=Nike%2520Sneakers%2520Sale%2520Store%2520Onlin&ing=2&ekc=&sid=1547143950787&tt=Shipping%2520~_~%2520Return%2520%253A%2520Nike%2520Sneakers%2520Sale%2520Store%2520Online&kw=Air%2520Jordan%2520New%2520Arrival%2520Nike%2520Air%2520Max%2520Nike%2520Air%2520Zoom%2520Nike%2520Free%2520Nike%2520Casual%2520Shoes%2520Nike%2520Lunar%2520Nike%2520Roshe%2520&cu=http%253A%252F%252Fjdsports.top%252Findex.php%253Fmain_page%253Dpage_3&pu=http%253A%252F%252Fjdsports.top%252F CN
––
––
suspicious
2984 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/favicon.ico US
image
suspicious
2760 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/index.php?main_page=page_4 US
html
suspicious
2760 iexplore.exe GET 404 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/salomon.jpg US
html
suspicious
3280 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/index.php?main_page=page_2 US
html
suspicious
2760 iexplore.exe GET –– 183.131.207.78:80 http://ia.51.la/go1?id=19824525&rt=1547143999397&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=0&vd=3&ce=1&cd=32&ds=Nike%2520Sneakers%2520Sale%2520Store%2520Onlin&ing=3&ekc=&sid=1547143950787&tt=Privacy%2520Notice%2520%253A%2520Nike%2520Sneakers%2520Sale%2520Store%2520Online&kw=Air%2520Jordan%2520New%2520Arrival%2520Nike%2520Air%2520Max%2520Nike%2520Air%2520Zoom%2520Nike%2520Free%2520Nike%2520Casual%2520Shoes%2520Nike%2520Lunar%2520Nike%2520Roshe%2520&cu=http%253A%252F%252Fjdsports.top%252Findex.php%253Fmain_page%253Dpage_4&pu=http%253A%252F%252Fjdsports.top%252F CN
––
––
suspicious
3280 iexplore.exe GET 404 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/salomon.jpg US
html
suspicious
3280 iexplore.exe GET –– 183.131.207.78:80 http://ia.51.la/go1?id=19824525&rt=1547143999928&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=0&vd=4&ce=1&cd=32&ds=Nike%2520Sneakers%2520Sale%2520Store%2520Onlin&ing=4&ekc=&sid=1547143950787&tt=Payment%2520%253A%2520Nike%2520Sneakers%2520Sale%2520Store%2520Online&kw=Air%2520Jordan%2520New%2520Arrival%2520Nike%2520Air%2520Max%2520Nike%2520Air%2520Zoom%2520Nike%2520Free%2520Nike%2520Casual%2520Shoes%2520Nike%2520Lunar%2520Nike%2520Roshe%2520&cu=http%253A%252F%252Fjdsports.top%252Findex.php%253Fmain_page%253Dpage_2&pu=http%253A%252F%252Fjdsports.top%252F CN
––
––
suspicious
4048 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/index.php?main_page=page_2 US
html
suspicious
4048 iexplore.exe GET 404 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/salomon.jpg US
html
suspicious
4048 iexplore.exe GET –– 183.131.207.78:80 http://ia.51.la/go1?id=19824525&rt=1547144005569&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=0&vd=5&ce=1&cd=32&ds=Nike%2520Sneakers%2520Sale%2520Store%2520Onlin&ing=5&ekc=&sid=1547143950787&tt=Payment%2520%253A%2520Nike%2520Sneakers%2520Sale%2520Store%2520Online&kw=Air%2520Jordan%2520New%2520Arrival%2520Nike%2520Air%2520Max%2520Nike%2520Air%2520Zoom%2520Nike%2520Free%2520Nike%2520Casual%2520Shoes%2520Nike%2520Lunar%2520Nike%2520Roshe%2520&cu=http%253A%252F%252Fjdsports.top%252Findex.php%253Fmain_page%253Dpage_2&pu=http%253A%252F%252Fjdsports.top%252F CN
––
––
suspicious
2884 iexplore.exe GET 200 104.233.213.89:80 http://jdsports.top/index.php?main_page=index&zenid=qd90bihh5mdmcv15eefifd2ot2 US
html
suspicious
2884 iexplore.exe GET 404 104.233.213.89:80 http://jdsports.top/includes/templates/N_Shoes_mobile/images/salomon.jpg US
html
suspicious
2884 iexplore.exe GET –– 183.131.207.78:80 http://ia.51.la/go1?id=19824525&rt=1547144011084&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=0&vd=6&ce=1&cd=32&ds=The%2520world's%2520best%2520bras.%2520The%2520sex&ing=6&ekc=&sid=1547143950787&tt=Nike%2520Sneakers%2520Sale%2520Store%2520Online&kw=Air%2520Jordan%2520New%2520Arrival%2520Nike%2520Air%2520Max%2520Nike%2520Air%2520Zoom%2520Nike%2520Free%2520Nike%2520Casual%2520Shoes%2520Nike%2520Lunar%2520Nike%2520Roshe%2520&cu=http%253A%252F%252Fjdsports.top%252Findex.php%253Fmain_page%253Dindex~_~zenid%253Dqd90bihh5mdmcv15eefifd2ot2&pu=http%253A%252F%252Fjdsports.top%252F CN
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2984 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3280 iexplore.exe 104.233.213.89:80 PEG TECH INC US suspicious
3280 iexplore.exe 220.243.212.50:443 QUANTIL, INC CN unknown
3280 iexplore.exe 31.13.90.6:443 Facebook, Inc. IE whitelisted
3280 iexplore.exe 183.131.207.78:80 DaLi CN suspicious
2984 iexplore.exe 104.233.213.89:80 PEG TECH INC US suspicious
2884 iexplore.exe 104.233.213.89:80 PEG TECH INC US suspicious
2884 iexplore.exe 31.13.90.6:443 Facebook, Inc. IE whitelisted
2884 iexplore.exe 220.243.212.50:443 QUANTIL, INC CN unknown
2884 iexplore.exe 183.131.207.78:80 DaLi CN suspicious
2760 iexplore.exe 104.233.213.89:80 PEG TECH INC US suspicious
2760 iexplore.exe 31.13.90.6:443 Facebook, Inc. IE whitelisted
2760 iexplore.exe 220.243.212.50:443 QUANTIL, INC CN unknown
2760 iexplore.exe 183.131.207.78:80 DaLi CN suspicious
4048 iexplore.exe 104.233.213.89:80 PEG TECH INC US suspicious
4048 iexplore.exe 220.243.212.50:443 QUANTIL, INC CN unknown
4048 iexplore.exe 157.240.1.23:443 Facebook, Inc. US whitelisted
4048 iexplore.exe 183.131.207.78:80 DaLi CN suspicious

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
jdsports.top 104.233.213.89
suspicious
js.users.51.la 220.243.212.50
malicious
connect.facebook.net 31.13.90.6
whitelisted
ia.51.la 183.131.207.78
suspicious

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET DNS Query to a *.top domain - Likely Hostile
3280 iexplore.exe Potentially Bad Traffic ET INFO HTTP Request to a *.top domain
2884 iexplore.exe Potentially Bad Traffic ET INFO HTTP Request to a *.top domain

Debug output strings

No debug info.