General Info

URL

http://www.pfarreleonhard.at

Full analysis
https://app.any.run/tasks/0dfa3424-5bee-4533-969a-3a07f40cd1a7
Verdict
Malicious activity
Analysis date
3/14/2019, 10:00:15
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • iexplore.exe (PID: 3712)
  • iexplore.exe (PID: 3264)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2592)
Reads internet explorer settings
  • iexplore.exe (PID: 3712)
Reads settings of System Certificates
  • iexplore.exe (PID: 3712)
Changes internet zones settings
  • iexplore.exe (PID: 3264)
Application launched itself
  • iexplore.exe (PID: 3264)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3712)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
32
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3264
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll

PID
3712
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3264 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
2592
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
413
Read events
362
Write events
51
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{9BCEE469-4637-11E9-AA93-5254004A04AF}
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E00090000001B00CB03
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E00090000001B00CB03
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E00090000001C007F00
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E00090000001C009F00
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
35
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E00090000001C00ED00
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
25
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307030004000E000900000022003502
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3264
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3712
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
45
3712
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pfarreleonhard.at
45
3712
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
89
Unknown types
3

Dropped files

PID
Process
Filename
Type
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\slider_arrow_r[1].png
image
MD5: ed421042776660aef20c40ed97c7c794
SHA256: 7768e6249242cab928be7065994c36790a64ce20f2c40f6b2cd878b519b06a47
3712
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: a423103d11e1be19faa7ae2036492982
SHA256: 05185cb542b79d03f656e25a151c6ddfb4695fd8a0cbd91ae3c335055f39c09f
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ui_node[1].js
text
MD5: 8d761999ad1d9d2d185ea883c825bc0a
SHA256: affba04d44991b4b2d5be564e52d4310de3c0c10bbdfe3697f79d6fe6a157566
3712
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 03eb4886f6f862b6a34c6090bca63526
SHA256: a1b2e6f8bc052aae895323e5f82de96e35b8b80857f4d022afff3650512e5ba1
3712
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: f0c11dcb34c610a04c96692da0fde082
SHA256: a6efea9ba9b37ce8fc7e81cba19a0f70a7bf0c30812e4f32ef7d4abb4e253f2b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\handinhandplakat-benefizkonzert[1].jpg
image
MD5: ec557ba6c2e0600a4f7eb6dd40693207
SHA256: eb23a1ea1f84f28ca29847e5a10d336b519867229adbf1eec10993fda719e1ba
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bg_nw[1].png
image
MD5: 5d0cd73df6712a9101f47a4679dc10b1
SHA256: 277d6d1108e720871b72639e39a2a3869798c360efe26ad37372cb82840789cf
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bg_w[1].png
image
MD5: 0cd97816ccfe3e166c53b2f3fadeaff0
SHA256: ea7c34f31dfc7d9bea9c81a3cc9f19f96d87d5526642ef7bcca432b3837f8b2b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bg_sw[1].png
image
MD5: 31ba178cacf828657d274fe4a4fdc9ae
SHA256: c4b5f5692b83a00cf90305458c8bb5e23f39de7b72985d48e8752342a205a4b8
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\closebox[1].png
image
MD5: 7c4e6c18b44597176fccd1c99d2696fa
SHA256: 7a6e6d94362b4f8afb35da95a3566821218a93f29fc2ef98a94c72a208ec55e9
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bg_s[1].png
image
MD5: 7a85548544cf93470860663afb3e26bd
SHA256: eb3ead86dee26eca4b6806b34ec2a74ea15c74ccb12d6b751865bac396c39597
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: c2b6cf82cdaeef43442c842559050746
SHA256: 76bb128bea13ef3faee88480da9e9ef07fb383dad39ee14743d0445d98ee3134
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bg_se[1].png
image
MD5: 430fc6f0dd9f9295e2ce0e7538bd581a
SHA256: 113bb841faa5da4c61398dee88773d68b0bc33d59c3994315970d49f5f6003c7
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bg_e[1].png
image
MD5: 0bbbc0d10ba763284fc84f74190615c6
SHA256: 5b3eb5e38c2d4fa8ecccb5980dae0ee5755f6cdba8bf20500b4602f5aae16e4b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bg_n[1].png
image
MD5: 6a67408f02861701990167e57961a938
SHA256: 646019eb2d205a9231e7907231d032617bb7331263b70cf66174c59e45d0aef1
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bg_ne[1].png
image
MD5: ab23f11832ebb483cdcf36c09ba27d4a
SHA256: 527c9c38b1b7ec2272925664e92de9871fb3f4f92ca9c408f5e448b113d181da
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\familienfasttag_2019[1].jpg
image
MD5: aad03f23ddfe280bff27c4ce1f6c4749
SHA256: 6f8e9088474c2a8fca3f9a566ce540f998dee35d573179e75fc1d8aed9dff7d1
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\kerala02[1].jpg
image
MD5: fd79da3dd71e96e421bc2fc2c218ba8b
SHA256: 8f9e3955b49fc24aa89f09c94bcc1e068d32ac03084ccdb2bd6f5f4511c90087
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\topmenu-a_span-active[1].jpg
image
MD5: 6e709bb3131595029c3518bc1c1cee47
SHA256: 09abb59439c5341fae46ed01adf519cd43e2c56f82f5f3262ffd9c9aece40e9e
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\moduletable-bg_dark[1].jpg
image
MD5: 1995e5fac7f284de5157f142097b9ebd
SHA256: f63e52b30823d27af056b022dc01fdb8439205818c48418abc4ca63a787132d2
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\cb=gapi[1].loaded_0
text
MD5: 8ab2d5be75fe320f71e721d5c883418b
SHA256: 906b69a1ed3faab78b73892492f554deb9af2948dc3455ecbe2d5d083c8b66d4
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\footer_bg[1].jpg
image
MD5: 8e4caa83e7b4a0b702bb06d89d4bb26c
SHA256: bb558362a9705f28d6f7a82bce93184fe6035722d69bf1f1f5003700ff9d4aae
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\livt_erlebnistag[1].jpg
image
MD5: 80b9e8497e3aa4e8abc7e2e2004fea9c
SHA256: c99a92c9a2196616c45f7feab944bf08b641833a71a6a29aacf2d8c0ece9f94b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\2904682500-postmessagerelay[1].js
text
MD5: fefcd8c65ec64d1cfafd2f5f79b9e541
SHA256: 6a53da0777a29bea7186e4454f97bb2c1a29d95294d5ea1ce0ea1cd4c33a4f0c
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\alphakurs_titel[1].jpg
image
MD5: 0ec117f5327ff7f3f3e184392b5d3d2a
SHA256: c69ecbc1ab2c9b1e349d59ae888dc1e25db013622791a62c561752062004e45d
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\kinderliturgie_logo[1].jpg
image
MD5: 200486fa68edc5c0363ffc30dba49935
SHA256: f037d22b621d58a5c6c1d10ceb9a776d285a3d9f5c9fd30a1371c343da01af16
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\rpc_shindig_random[1].js
text
MD5: 20af506b248aebd5dffbefbe2fa1f580
SHA256: 11c82337022c45ba05c9c633779afa9333abb2a9dbbcca3e23f0356be1aaeb2c
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\googlelogo_color_150x54dp[1].png
image
MD5: 9d73b3aa30bce9d8f166de5178ae4338
SHA256: dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\robot[1].png
image
MD5: 4c9acf280b47cef7def3fc91a34c7ffe
SHA256: 5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\postmessageRelay[1].htm
html
MD5: d1d3a0c5fdb9b6512b6018deafdbff28
SHA256: bde59913a8160c84eceb5ca84cd78a8c35981efc4239f2d1cf8213cfac832d4f
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\postmessageRelay[1].txt
––
MD5:  ––
SHA256:  ––
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\popup[1].htm
html
MD5: 5802c5fd0afa79b3a62c65bd6a008dd0
SHA256: 6aa5e42a42602a6b30de8dfb45eec125a71883f816190b4a5bb9f9254a6fd646
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\tooltip[1].htm
html
MD5: 419b0a8980caec29cbfea52d359d48ef
SHA256: 1548db02be3fb8206f3e1d383a59c0be473f09b8e1d3075dd05797d05287b014
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\top-dark[1].png
image
MD5: b402562d11ee33ae10ae81744b20b511
SHA256: 0108b37bbe635c191b51aace88a4cb5757ad4b2c490ed498f4080f9e6f7bedf5
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\aschenkreuz[1].jpg
image
MD5: f83abd12e8e371f27bc78853176c55ad
SHA256: 05d358a284650b62315e07fd4b4da77938ad34291e7e0c173fb716c82d7c2938
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\emailButton[1].png
image
MD5: b9bcb736ef81212cd01ea4c4cee90f72
SHA256: d270f4958312cbb2bee6660323cf2fd1aacc3669c22a0769d4fc5b960f0d24f4
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\DGSlogo_signet[1].png
image
MD5: 23da510b7a296fa2f8917ed7c4aea921
SHA256: c5d139d5507d58fcbd652c159c7862186f7dc071b445c2473cbe1f6388829efc
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\printButton[1].png
image
MD5: 3dc7ee09b0bb8d8ef3276214590b3f98
SHA256: fccff3ccf5d63396db6e7e1b46144a4d3d441d815d229ad920fcc5d262679908
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\gospelchor[1].png
image
MD5: 0546d6453124ff07309e56622549efa7
SHA256: 0182dd120bbc71f794bc70bd20a3c9b797814af5b501f13dcda313a2288be513
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\spirmostl_logo[1].gif
image
MD5: 16dcaec682b6b260dcc99876b7c5c97d
SHA256: c920e898b6c5c294b11236401c3a58ba737cc7546689017fdd23c5dc900a7182
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\meditation[1].png
image
MD5: 918cc275979673b19bb99490a57afcd9
SHA256: 215954c8286f3b81bc02fb057becf9b592486b5be1fb853d18107051962eabc8
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cb=gapi[1].loaded_1
text
MD5: 34a29194d3f28908ab67fa950b2f7e28
SHA256: 61ac5f5e50ed182e273e3a1f7a27d5a9cde202f2202c97b73826d438c9f40bdb
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\experimentelle_liturgie[1].gif
image
MD5: 1375ef20e6356317c5d5a48e010e0fbd
SHA256: 3690f8a58129acdbb4a0ef4a6b72bb71d01fa4819ce80d8d732f0ce244c22fec
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cb=gapi[1].loaded_0
text
MD5: aca11e7c4dcbae1a4fbf046b12ee0944
SHA256: d2a0db91fc620965137738769f51384904ca37a13062d69280169823c20e8d4b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\linkedin_log_24[1].png
image
MD5: a9cbb647004fa24723c56ed2f1174782
SHA256: 29701ceb7851cad464eba2fb8d63bf3a66720a0fc19fc0766ca05e50e764389f
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\google_log_24[1].png
image
MD5: f6fdd8d68b9132990e4da60526b034ed
SHA256: fb1a97500771c29b09644e87be00069967984dc9ad170094fd8c85010527b1d8
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\plusone[1].js
text
MD5: 6887f87cccaaefedc82599a6751a7b8a
SHA256: f7841bd255dcbf73213419449607f0ac3f7e6ea5ce88eef412d41f167da60056
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\slider_arrow_l[1].png
image
MD5: 9639680ec2ccf895ee09f2bad68ee08f
SHA256: fd4064120ff1bfb7bb4f4993fa28ddf8856aa86904cf08d696641a61505d31b3
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\twitter_log_24[1].png
image
MD5: 41e7e15a991d3d354934b381d38d990f
SHA256: ab7bf23b7e12ca0d025c4c45662e002621091a966c1d4cf8b7221c7067a64e9b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\digg_log_24[1].png
image
MD5: dd2569b70497c8cc7c07d8b5456650b7
SHA256: 1e5a8d50360301c028833a514ccac1b588a912234c8fca6b791541e0f863d917
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\kirchenfenster[1].jpg
image
MD5: 44fef5b24b4bb1d4f545cc1233dd9b17
SHA256: 9893c2f78513379e4e445f827bfcb030a316d42b4e3935a5119fe3d13f3ec931
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\leonhardheader[1].jpg
image
MD5: ceab0a61f165ce31128fd32b1480a900
SHA256: 9143d8c54b02c4e44781d1c04b416245da04bf7293655a4bccd5703a925f9f8c
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\facebook_log_24[1].png
image
MD5: f6f5679d21aa2acb969b1b2c0d82f242
SHA256: 4f2e9a7875031ea4ec3db85fc1573f96a4b832a315c6dbeda6ec0609e6fdddf2
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\pfarradresslogo[1].jpg
image
MD5: fd7feaa28e82622e3c940b26b643680e
SHA256: 355ad9d96041c53f0ba9dc61fe52ef82b064ef18e99a6e2ae33c203d3d594150
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 3563eef4907ba8be647e926a9378d22c
SHA256: 27174d00de4742187dd323b0934c162f643dbfd9b1a830f95150f1d658f3230a
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\moduletable-bg_light[1].jpg
image
MD5: 846e7579f0cac4db40e219f28586f445
SHA256: 45321b0eefccf5ffd717b7400e491dc5fad62197909ab36892b74e5fb5b33d67
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\orange32[1].png
image
MD5: bef45ea79ecb7e9001e3acc166cdb21c
SHA256: 022a473868122a3740a0385749143222d272aaa212a8de3ec89dcc86de1b35db
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Hintergrund4[1].gif
image
MD5: 74b08e17e9db396f7993997e4c62b92e
SHA256: 4be2a42c1fcae5b51d35e5bf89e599d3dfa6c69cc4700397970444f89a934b06
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\system[1].css
text
MD5: 6ee37cc0fc51e3ca6a8b6427499b6376
SHA256: 4e613fe3e74a7af0e4b3504bd27ea2af347ad46cfdd761afe34ef674e4804ae9
3712
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D8UBDKF2\www.pfarreleonhard[1].xml
text
MD5: 19f8adce6e8111fcf701703f64df775c
SHA256: ed41c29ccb015a3336c48bc9f0d3c732a191743224b468893d7cdcb655998199
3712
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D8UBDKF2\www.pfarreleonhard[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3712
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 7dcbbdb7fcdfeed8ca8f3d8dcc59c34d
SHA256: 6cd2757e89afb922fa63bdca35ec39347cc20acb7a551f8b77ba52e01c3477c8
3712
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 89ba5c0543fe6005feca3a76d4ddaaae
SHA256: 984cd4d4fb06c63ac8a85ed079f10d0642256daf64c1f3747c0aa84cf6f387e2
2592
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\nivo-2.6[1].js
text
MD5: 768632d8cab4b69401ae63f94ecbf27b
SHA256: 8241f3df77de7f67895c09824986e6baa4a6a0d1e4bc25003b6dee90b4169e24
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\nivo[1].css
text
MD5: cd15fc3b49349ed12704f674f003acf5
SHA256: 269c003e1486e3c3f8aea8a6ff211dd05aca8c4a05137dcfc59fb2315a1b5319
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery.ui.accordion[1].js
text
MD5: 2657664ff62089429f095ff835a02f22
SHA256: d37b78007f333430f13067165f5af9fb5d1f21024a8ec156be853c4810ab4c17
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\footermenu[1].css
text
MD5: 9de01bd5135df7e11c40eb8e7140ffcb
SHA256: 34b7f37d98406c23b404381e5ca07425ffea60fb68478cb140cc5607d3406919
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jquery-ui-1.8.16.custom.min[1].js
text
MD5: ca7252eba6cdb4b91783cc04076f9939
SHA256: e3369fefd7fcb760e4e6fbd667ccbada1d6de5d20e0f61769d0c5837856f5ce3
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\style[1].css
text
MD5: eec6dc878e0d549229388399c2d0bcc4
SHA256: 1369b54b7472df7d0095e1f8c3c1822c707a08941be9ee8062f9a3ca3e6452b6
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fusion[1].css
text
MD5: 0b8c97484d7fc2015ed4c1a5d9fc211c
SHA256: e148c30ff09608135755336833c41b17ad92dd3ff4411778cbc9ac201e7b23fa
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\modstyle[1].css
text
MD5: 57854f36fa19b70f6df5bfcadf5f8254
SHA256: 8bbde976f0344f94b817aeaf7bad53d87d085991676ece6330c92f1d162de368
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jcemediabox[1].css
text
MD5: 97620fb9c10c44e4496bd61c24ec6ebf
SHA256: 57602744859ed777fc6b5a335f9d5d10d0265445a35237de4fa2c41324189b2d
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mega-tm_ul[1].css
text
MD5: ab86d86c8d5fb0c1619a01cb2ee5d39d
SHA256: 0d1f1d2dbfc21fd59d4b051135c9065c0c9ce8448d4ea99cdc788bd5b73717c5
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\uvumi-1.1.2[1].js
text
MD5: d3a068bf1fa4208bc2deef85b85ca4bb
SHA256: 01b66586558a9daf2dc33d4bbbac1a5634f5707bd28580374e42c8dc1e5721f8
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jcore[1].css
text
MD5: 8fef1b7d5bdf803a3fd05f69ac181e27
SHA256: f8c5b13fa50ee9ec70c0243640f7c1282a370e85e520618af3d603e7dda19ad5
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\template-css3[1].css
text
MD5: 14d14f2179b3430229738e53fdd7cbf7
SHA256: e52591fdeeed482efaaf4aa304b0c5c17ad707633ad061606c754393dea04b0f
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\meneus[1].css
text
MD5: 0a3d4ab96a9af4dbeb0291c7f768c28f
SHA256: 3f18a1019411ec9287e6e2e0fb08cd123ff776f50ec164ae2a07b92285405ec6
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\modules[1].css
text
MD5: b9210ab530cb859087a11ac9819c0f42
SHA256: 15d76f391151ad2c7e14286a5f56adab77485a3c90902694726a9b8649c0799c
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\template[1].css
text
MD5: 06fcf3758af0627a2f558e8615159b51
SHA256: ee06c0197972452ebb24fae731425453860d71bf3a0502ab908d198bf4b76cf4
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\system[1].css
text
MD5: df7e63c3bb675469ae3eb8dbbb01b48a
SHA256: 08297f5532e380d22d9df81765efc9e171897b22a46df63f311a70d0bd5b8286
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jcemediabox[1].js
text
MD5: fe4f1fc321224f27e9279b5b1745e6c7
SHA256: 21ac3b89403d3813a9fd2043891740373f5ff2ebc91045efa046f058b966f949
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fusion[1].js
text
MD5: 3b1d661bfe76ac97d3db3d102f050a48
SHA256: a68613daf86df6215dc797bb918e13026c7fcb46f1a76f808b36d679d67a3b83
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\sfhover-ie[1].js
text
MD5: 8fd3a357627b586a19fcb0d0ebf2d6e9
SHA256: e7b84e6c5a8822caee3bd952d5ecde7bbb9e385387a3a94f926fce6fbc774f3b
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\modal[1].js
text
MD5: 44ecfb2a39cf39a942fde3bb3b043529
SHA256: d4df2dad4f048198eb2a61d0a1cd27a9a9e15dbbfbdacee22444ebb469a71291
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\caption[1].js
text
MD5: be60114718bb93f4e89a7602fe7f1b27
SHA256: f5cc274c8a1a22962fe4e603dccf4278b267c030d945d8cd1b568d3d93da0e6a
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery.min[1].js
text
MD5: f1e4f84e79dcfb4554241a9f8b8d2a48
SHA256: f97667ef208e359af1e7548539b77f1b7adc6b46a25e68b89ec6335fdecbd722
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\core[1].js
text
MD5: f0f867d965d63951dc5d06b73400edd8
SHA256: 31790eed66d0747ee7d3deea3ce02bbf23ccf98b170be573f90c0847ce3f5e5a
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\mootools-more[1].js
text
MD5: 3101e339b82ff560b2341ed5eb53a1ea
SHA256: 01aee3a291b4142d561f88a9f592a8eb286c26932b006aa8f53ad7699b39c707
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mootools-core[1].js
text
MD5: a2dae4f1b5c1c2947956d2bae8426dd4
SHA256: 97e6d159666d4c218c732d77d7cfea6f40097ddff357cf8b3153521efce7f8cc
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\modal[1].css
text
MD5: 2dac640fd156ad6413bdfae7e50e7c50
SHA256: 93a425782ebdba877718a517ea6d5ed1ac4573129f3e47888ff796d2a4408e6d
3712
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\nsb-opac[1].css
text
MD5: e7934d90015364bfa3ba9fb138581c0e
SHA256: 33033a7b75e12b328aa6f8e7c7b1f2971efb1f8283bc6f0be74aba0ec2601cbf
3264
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3264
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3264
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
80
TCP/UDP connections
83
DNS requests
11
Threats
7

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/ AT
html
suspicious
3264 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/plugins/system/jcemediabox/css/jcemediabox.css?version=114 AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/plugins/system/jcemediabox/themes/squeeze/css/style.css?version=114 AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_roknavmenu/themes/fusion/css/fusion.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/components/com_jevents/views/default/assets/css/modstyle.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_nice_social_bookmark/css/nsb-opac.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/js/mootools-core.js AT
text
suspicious
3712 iexplore.exe GET 404 74.125.140.82:80 http://html5shim.googlecode.com/svn/trunk/html5.js US
html
whitelisted
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/css/modal.css AT
text
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/js/core.js AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/js/mootools-more.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at//components/com_gcalendar/libraries/jquery/jquery.min.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/js/caption.js AT
text
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/plugins/system/jcemediabox/js/jcemediabox.js?version=114 AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/js/modal.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_roknavmenu/themes/fusion/js/sfhover-ie.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_roknavmenu/themes/fusion/js/fusion.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/system/css/system.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/template.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/modules.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/meneus.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/jcore.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/template-css3.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/javascript/uvumi-1.1.2.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/ AT
html
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/mega-tm_ul.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/javascript/jquery-ui-1.8.16.custom.min.js AT
text
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/nivo.css AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/javascript/nivo-2.6.js AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/css/footermenu.css AT
text
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/javascript/jquery.ui.accordion.js AT
text
suspicious
3712 iexplore.exe GET 200 81.4.122.193:80 http://track.positiverefreshment.org/s_code.js?cid=220&v=24eca7c911f5e102e2ba NL
text
malicious
3712 iexplore.exe GET 200 81.4.122.193:80 http://track.positiverefreshment.org/s_code.js?cid=220&v=24eca7c911f5e102e2ba NL
text
malicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/css/system.css AT
text
suspicious
3712 iexplore.exe GET 200 81.4.122.193:80 http://track.positiverefreshment.org/s_code.js?cid=220&v=24eca7c911f5e102e2ba NL
text
malicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/bg/full/Hintergrund4.gif AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/images/module/moduletable-bg_light.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/bg/orange32.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/banners/leonhardheader.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/banners/kirchenfenster.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/banners/pfarradresslogo.jpg AT
image
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_nice_social_bookmark/icons/facebook_log_24.png AT
––
––
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_nice_social_bookmark/icons/twitter_log_24.png AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_nice_social_bookmark/icons/digg_log_24.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_nice_social_bookmark/icons/google_log_24.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_nice_social_bookmark/icons/linkedin_log_24.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/logos/dgs//DGSlogo_signet.png AT
image
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/images/logos/experimentelle_liturgie.gif AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/logos/spirmostl_logo.gif AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/logos/meditation.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/logos/gospelchor.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/printButton.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/aschenkreuz.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/emailButton.png AT
image
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/modules/mod_roknavmenu/themes/fusion/images/top-dark.png AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/gospelchor/handinhandplakat-benefizkonzert.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/plugins/system/jcemediabox/themes/squeeze/popup.html AT
html
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/plugins/system/jcemediabox/themes/squeeze/tooltip.html AT
html
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/fastenzeit/familienfasttag_2019.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/livt/livt_erlebnistag.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/einewelt/kerala/kerala02.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/aviso/alphakurs_2019/alphakurs_titel.jpg AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/images/aviso/kili/kinderliturgie_logo.jpg AT
image
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/images/footer_bg.jpg AT
––
––
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/images/module/moduletable-bg_dark.jpg AT
––
––
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/images/topmenu-a_span-active.jpg AT
––
––
suspicious
3712 iexplore.exe GET 200 81.4.122.193:80 http://track.positiverefreshment.org/s_code.js?cid=220&v=77e997b1f7de3bc9b07d&rand=1552554043237&key=ZG6uS9hekoygd5gcRO28UvTWBpYSCFFvCWj59ovpfPHDD7LFQD6YoPJbo%2BEueGwFXF59E4TdPu8OPMBybw%3D%3D&0=0&1=&2=16 NL
text
malicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_n.png AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_ne.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_se.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_e.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_s.png AT
image
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_sw.png AT
––
––
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_w.png AT
––
––
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/closebox.png AT
image
suspicious
3712 iexplore.exe GET –– 81.19.145.91:80 http://www.pfarreleonhard.at/media/system/images/modal/bg_nw.png AT
––
––
suspicious
3712 iexplore.exe GET 200 81.4.122.193:80 http://track.positiverefreshment.org/s_code.js?cid=220&v=5f210213d05805d3ca4d&rand=1552554043674&key=01JONZesbLVEr49JlZovAABQj45WbjR2q1rFL5tVaUCillz%2B6hBhiy1AkNTub%2F9BmDNCWbC9RIkJLc5vVA%3D%3D&0=Mozilla&1=Microsoft%20Internet%20Explorer&2=4.0%20(compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20.NET4.0E)&3=-1&4=x86&5=0&6=1&7=-1&8=0&9=Win32&10=-1&11=Mozilla%2F4.0%20(compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20.NET4.0E)&12=0&13=-1&14=y&15=0&16=0&17=TypeError&18=1280&19=720&20=1280&21=692&22=32&23=96&24=96&25=-1&26=-1&27=en-us&28=en-us&29=en-us&30=0&31=1&32=1&33=3ff56767417ec016871c48caa2508091&34=-1&35=39&36=1&37=1&38=-1&39=1&40=0&41=0&42=1&43=1&44=1&45=1&46=1&47=0&48=8&49=0&50=CSS1Compat&51=1&52=0&53=1&54=0&55=-1&56=windows-1252&57=5&58=8&59=17514&60=0&61=0&62=&63=0&64=&65=&66= NL
text
malicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/images/slider_arrow_r.png AT
image
suspicious
3712 iexplore.exe GET 200 81.19.145.91:80 http://www.pfarreleonhard.at/templates/nld_103_25/images/slider_arrow_l.png AT
image
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3264 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3712 iexplore.exe 81.19.145.91:80 World4You Internet Services GmbH AT suspicious
3712 iexplore.exe 74.125.140.82:80 Google Inc. US whitelisted
3712 iexplore.exe 81.4.122.193:80 RouteLabel V.O.F. NL malicious
3712 iexplore.exe 172.217.18.174:443 Google Inc. US whitelisted
3712 iexplore.exe 172.217.168.205:443 Google Inc. US unknown
3712 iexplore.exe 172.217.18.100:443 Google Inc. US whitelisted
3712 iexplore.exe 216.58.207.67:443 Google Inc. US whitelisted
3712 iexplore.exe 188.241.39.12:443 Hydra Communications Ltd GB unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.pfarreleonhard.at 81.19.145.91
unknown
html5shim.googlecode.com 74.125.140.82
whitelisted
track.positiverefreshment.org 81.4.122.193
malicious
apis.google.com 172.217.18.174
whitelisted
accounts.google.com 172.217.168.205
whitelisted
www.google.com 172.217.18.100
whitelisted
ssl.gstatic.com 216.58.207.67
whitelisted
analytics.clickstat360.com 188.241.39.12
malicious

Threats

PID Process Class Message
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3712 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions

Debug output strings

No debug info.