General Info

File name

autoruni.pee

Full analysis
https://app.any.run/tasks/31cc5645-9894-4373-b94e-d78e78e0c894
Verdict
Malicious activity
Analysis date
11/8/2019, 18:24:49
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Petite compressed
MD5

aae219d4e703051d60351f73ca288d1d

SHA1

1b28cbc3d27a92281ebf4754c27b9ac4a3a8c214

SHA256

56947c93fb17d3339ff2a778556f4a4f95516fb5112db61ae0804ecdcf4d1307

SSDEEP

3072:J2MWsQvnyo/CtkgEcnz7fsmqLGnQ7eMDLyPexpZ:J2jsgpYtEcnzwlLFeMD2Pex

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Uses ATTRIB.EXE to modify file attributes
  • Cmd.exe (PID: 1600)
  • Cmd.exe (PID: 996)
  • Cmd.exe (PID: 2644)
  • Cmd.exe (PID: 2408)
  • Cmd.exe (PID: 1796)
  • Cmd.exe (PID: 4052)
  • Cmd.exe (PID: 4008)
  • Cmd.exe (PID: 284)
  • Cmd.exe (PID: 1952)
  • Cmd.exe (PID: 2752)
Starts CMD.EXE for commands execution
  • autoruni.pee.exe (PID: 2104)
  • autoruni.pee.exe (PID: 2328)
Modifies the open verb of a shell class
  • autoruni.pee.exe (PID: 2328)
  • autoruni.pee.exe (PID: 2104)
Creates files in the user directory
  • iexplore.exe (PID: 3960)
  • iexplore.exe (PID: 2352)
Manual execution by user
  • taskmgr.exe (PID: 3652)
  • iexplore.exe (PID: 3960)
  • autoruni.pee.exe (PID: 2328)
Reads internet explorer settings
  • iexplore.exe (PID: 2352)
Changes internet zones settings
  • iexplore.exe (PID: 3960)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3960)
  • iexplore.exe (PID: 2352)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 2352)
Application launched itself
  • iexplore.exe (PID: 3960)
Reads settings of System Certificates
  • iexplore.exe (PID: 2352)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Petite compressed Win32 executable (53.5%)
.exe
|   UPX compressed Win32 Executable (20.2%)
.exe
|   Win32 EXE Yoda's Crypter (19.8%)
.exe
|   Win32 Executable (generic) (3.3%)
.exe
|   Generic Win/DOS Executable (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2007:08:08 22:19:47+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
144145
InitializedDataSize:
148241
UninitializedDataSize:
null
EntryPoint:
0x25046
OSVersion:
4
ImageVersion:
1
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.0
ProductVersionNumber:
1.0.0.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
ProductName:
Explorer
FileVersion:
1
ProductVersion:
1
InternalName:
vx
OriginalFileName:
vx.exe
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
08-Aug-2007 20:19:47
Detected languages
English - United States
ProductName:
Explorer
FileVersion:
1.00
ProductVersion:
1.00
InternalName:
vx
OriginalFilename:
vx.exe
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
08-Aug-2007 20:19:47
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.petite 0x00001000 0x00023000 0x00009600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.91302
.rsrc 0x00024000 0x00001000 0x000005B8 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 3.60554
0x00025000 0x00000311 0x00000400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.712
Resources
1

30001

Imports
    MSVBVM60.DLL

    user32.dll

    kernel32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
72
Monitored processes
25
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start autoruni.pee.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs iexplore.exe iexplore.exe autoruni.pee.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs taskmgr.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2104
CMD
"C:\Users\admin\AppData\Local\Temp\autoruni.pee.exe"
Path
C:\Users\admin\AppData\Local\Temp\autoruni.pee.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
1.00
Modules
Image
c:\users\admin\appdata\local\temp\autoruni.pee.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll

PID
4008
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\System32\LeChucK.exe
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
4052
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\System32\wins.exe
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
284
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\System32\cmd.com
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2752
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\regedit.com
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1952
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\spolis.exe
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1740
CMD
Attrib +a +s +r +h C:\Windows\System32\LeChucK.exe
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2912
CMD
Attrib +a +s +r +h C:\Windows\System32\wins.exe
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2192
CMD
Attrib +a +s +r +h C:\Windows\System32\cmd.com
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
996
CMD
Attrib +a +s +r +h C:\Windows\regedit.com
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1400
CMD
Attrib +a +s +r +h C:\Windows\spolis.exe
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3960
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
2352
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3960 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\jscript.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\feclient.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll

PID
2328
CMD
"C:\Users\admin\AppData\Local\Temp\autoruni.pee.exe"
Path
C:\Users\admin\AppData\Local\Temp\autoruni.pee.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
1.00
Modules
Image
c:\users\admin\appdata\local\temp\autoruni.pee.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll

PID
1796
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\System32\LeChucK.exe
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1600
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\System32\wins.exe
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
996
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\System32\cmd.com
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\cmd.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2408
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\regedit.com
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2644
CMD
Cmd.exe /c Attrib +a +s +r +h C:\Windows\spolis.exe
Path
C:\Windows\system32\Cmd.exe
Indicators
No indicators
Parent process
autoruni.pee.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
992
CMD
Attrib +a +s +r +h C:\Windows\System32\LeChucK.exe
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2668
CMD
Attrib +a +s +r +h C:\Windows\System32\wins.exe
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3428
CMD
Attrib +a +s +r +h C:\Windows\regedit.com
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3272
CMD
Attrib +a +s +r +h C:\Windows\System32\cmd.com
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3884
CMD
Attrib +a +s +r +h C:\Windows\spolis.exe
Path
C:\Windows\system32\attrib.exe
Indicators
No indicators
Parent process
Cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Attribute Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3652
CMD
"C:\Windows\system32\taskmgr.exe" /4
Path
C:\Windows\system32\taskmgr.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Task Manager
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\vdmdbg.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\slc.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\utildll.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\version.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwm.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\ctfmon.exe
c:\windows\explorer.exe
c:\windows\system32\audiodg.exe
c:\windows\system32\windanr.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\searchprotocolhost.exe

Registry activity

Total events
600
Read events
495
Write events
103
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell
Open
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell
Open
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell
Open
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell
Open
2328
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell
Open
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B992B5D5-024C-11EA-AB41-5254004A04AF}
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070B0005000800110019000F00F801
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070B0005000800110019000F00F801
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070B0005000800110019000F000203
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070B0005000800110019000F004003
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
40
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070B0005000800110019000F007F03
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
28
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Type
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Count
1
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore
Time
E3070B00050008001100190016005400
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
virus
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
urbandictionary.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
watchseries.cr
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
spiegel.de
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
china.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
reddit.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
bitbucket.org
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
bilibili.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
fishki.net
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
nike.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
media.tumblr.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
khanacademy.org
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
google.com.tw
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
speedtest.net
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
tvbs.com.tw
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
weather.com
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
AskUser
1
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019110820191109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019110820191109
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019110820191109
CachePrefix
:2019110820191109:
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019110820191109
CacheLimit
8192
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019110820191109
CacheOptions
11
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019110820191109
CacheRepair
0
3960
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019092020190921
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C66F99825996D501
3960
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE0000001D0000001E04000075020000
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command
C:\Windows\System32\wins.exe "%1" %*
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell
Open
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell
Open
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell
Open
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell
Open
2104
autoruni.pee.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell
Open
2352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019110820191109
2352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CachePrefix
:2019110820191109:
2352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CacheLimit
8192
2352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CacheOptions
11
2352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CacheRepair
0
2352
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3652
taskmgr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
UsrColumnSettings
1C0C0000340400000000000050000000010000001D0C0000350400000000000023000000010000001E0C000036040000000000003C000000010000001F0C000039040000000000004E00000001000000200C000037040000000000004E00000001000000
3652
taskmgr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
Preferences
30030000E803000001000000010000000A0000000A000000A2010000F00100000100000001000000000000000000000001000000000000000100000000000000000000000200000004000000090000001D000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009C00000040000000210000004600000052000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000002000000010000000300000004000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0500000000000000FFFFFFFF00000000020000000300000004000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000010000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0400000000000000FFFFFFFF00000000FFFFFFFF4F00000028000000500000003400000050000000000000000100000002000000030000000400000000000000FFFFFFFF43000000000000000000000001000000

Files activity

Executable files
0
Suspicious files
4
Text files
55
Unknown types
9

Dropped files

PID
Process
Filename
Type
3960
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF3b6785.TMP
binary
MD5: 916b9682702d811641d8c7fcdd146bcb
SHA256: d24208e0b22f9921896b87a27a24bc6781aa3038b8bb92bcd4d495712e49f4f5
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\Passport[1].aspx
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B992B5D5-024C-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF90211D0C59908284.TMP
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TRKHNCENEDTDIM3TUBUS.temp
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2352
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 8fadbfe89f8d0ef6bac8a9c31307528f
SHA256: 6dd169ab8e3fbb898dc34c9c299423d15d113fec23219b738fc43f5056091beb
3960
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFBDF7159A9DA58A30.TMP
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B992B5D6-024C-11EA-AB41-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{FA126392-024C-11EA-AB41-5254004A04AF}.dat
binary
MD5: 9403c2b36b8a80bea929b9dd8d73e8e1
SHA256: ed0c191341fdab67cdeb3f0a5364e7c607f78c24def1019e4c30a0f258eefc9d
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{FA126391-024C-11EA-AB41-5254004A04AF}.dat
binary
MD5: fb70bc08e3ff648ae188a82ba4d70e30
SHA256: 1061f8766f43a2bc1e4c751f9b14fffadc6b48282a7bea165803b183affce227
3960
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD4F867201A538D8B.TMP
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFE0E0FE977F50F886.TMP
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\th[1].jpg
image
MD5: d930a70b3787833ba8b38af6803c8660
SHA256: bb69f661d7f28f4425684588ae023a3588c49827c1fa2c16ec6d9547512284c4
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 02b69cfdd33a5a4e5feed736a5e45d0d
SHA256: ee8d27f230c395bd797420d2b01d08e04dd26a4870c6ed6944e885da9eda858f
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\r[1].gif
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\trans[2].gif
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\trans[3].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\trans[3].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\trans[3].gif
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: d99048840f01d0a6d2cc85d876ca4fc5
SHA256: 2cb3d357d6fec38849596112f55c780580f39f18580f9d6a7cd38521972e387d
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\th[1].jpg
image
MD5: 879af7c33304f5531e31286511c0b4e0
SHA256: 9063b72d0f613502e6d7bcada6a7a702cff9d36c8fbdf738e07220b0ba1558e7
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\17206c36[1].js
text
MD5: 574beeb68701dcc2f211679ea2f4ab85
SHA256: d15d5b729a365c704512806a4ae1524b1ee717ecf5b44cdee61384cf78c0a9f1
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\68debe6b[1].js
text
MD5: 43074316e56250d690307e06afd18020
SHA256: dd6f68825d5c69e7d484de0911f5540bf077b89373bc36b34e05c403bf936835
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\b376bcae[1].js
text
MD5: 58942d40bcd99c06b44800f21594e0e5
SHA256: 6f492d0188eb84daad4ac98b2b062c4555273826ac07803b025df419f248c395
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\444ff825[1].js
text
MD5: eb705d4d1417c3ba17a878fa5c9f3b54
SHA256: 834f369b64b26fbcee4d64989088acf3df2b30739032fd5905bdbd93aee21ce1
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\e58e5083[1].js
text
MD5: 718c9d9c2d2a498de3c6953b6347a22f
SHA256: 66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\64097ea9[1].js
text
MD5: 6932cd1a76e6959ad4d0f330d6536bb4
SHA256: 041eb2e6f2582f4c19c0820acf9a0e9a2c7262edede0d397a5f6f0215e83f666
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\search[1].txt
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\3938fd08[1].png
image
MD5: a2427317501d1b69d453b45c27055f93
SHA256: 6de3c5d37793237d5cb92df07025e0c1a984b4877d5c344319e34431e5d72fb6
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\search[2].htm
html
MD5: bce0de8db0fb5031fd88167d2774ca39
SHA256: 81d3fe1f97e6e9746032b6032e8664ce0e08953b608165a8c019602dc6a07113
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\8732336e[1].js
text
MD5: 887c2442acc22ea3224fc59a837b8fff
SHA256: 976d6f0d84f5e42f4b02a7f9c383d9c8c8b0cfd046c8e2a7f206e1a02eb26247
2328
autoruni.pee.exe
C:\Users\admin\AppData\Local\Temp\~DF45A01FF3041716F4.TMP
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\trans[2].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\trans[2].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\Passport[1].htm
html
MD5: 232461ac46abfbe06a8a64325f27e147
SHA256: 1915cb755b5d98010425c3fedba14e8d0ad08da3ca24f3248ab159bbdfc6ed32
3960
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 916b9682702d811641d8c7fcdd146bcb
SHA256: d24208e0b22f9921896b87a27a24bc6781aa3038b8bb92bcd4d495712e49f4f5
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0d09de5fb34967df9db269cd5520eb24
SHA256: 573e4168ec28eeb0e4a00496ac73534793c6685f62d508b3be1b803ff56d07db
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 64bbdea9a2201f9217c0966ac5db2a28
SHA256: dfc061c9de23dfa9b2d685f5c520ce15b75403dc2bef4ed1f71c5e0856817c23
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\7043dce3[1].js
text
MD5: 1ee99ab92415f0488005d70fcd04a494
SHA256: e1e572527cc9d58fe1170acc7a9f20136d2a14b63d626e71e83c4af164aec6ab
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\6798a322[1].js
text
MD5: 2ac240e28f5c156e62cf65486fc9ca2a
SHA256: 4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\aea7e831[1].js
text
MD5: eee26aac05916e789b25e56157b2c712
SHA256: 249bcdcaa655bdee9d61edff9d93544fa343e0c2b4dca4ec4264af2cb00216c2
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\f1d86b5a[1].js
text
MD5: a5363c37b617d36dfd6d25bfb89ca56b
SHA256: 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\0120f753[1].js
text
MD5: 29f923ce9081eb6f3a4ec6fb9fae4144
SHA256: 3bec214ac9e22f60c35b0c4a5368abc6034b4cd5450579febe2c66db726f82b1
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\1c156e04[1].js
text
MD5: 342c45b19647a38831f4b4f8e5c6a54f
SHA256: f686da72581587afbcaeb42cb4b8372c16e7106769f5ffc767d8cb9699a9c6aa
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\f8c6dd44[1].js
text
MD5: 0fd0568e7b5068e209ac15210ae56ff2
SHA256: b87a66df064550755c00f605c7463007675490e64346a26dd60246d00e8a09de
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\d772c6a0[1].js
text
MD5: 12ae5624bf6de63e7f1a62704a827d3f
SHA256: 1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\40e1b425[1].js
text
MD5: 8aa44a43984d65ffc6df173e6e7b5aa7
SHA256: 6b7edfbfcd5f21a9db2a481d0fc00059dc4125a57b835f6987953f065b6b7bdb
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\9fb0244f[1].js
text
MD5: 15b3902161777182e717ab2a1c39fe56
SHA256: 0a71002a7d065574bc1dec7437fdd804b15b0a9ed72717e7ecb904902cdf9f07
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019110820191109\index.dat
dat
MD5: 5082d4305592c353aec26dc933483fa5
SHA256: 0e4d81f181095db243374740f0c2c217f7e69b75d7227efcc5ba4451e17cf695
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019110820191109\index.dat
dat
MD5: 8584dcd00dfb722fe7ace90eb556c1c5
SHA256: dfebc871177dd813562db03cdfff6d663970000c29e58807072c9c114a86ed69
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 6712ee10632f1c9a23fe91b238d9b4bb
SHA256: aca7c5bb3ce0720d90adb2296960a8cba54d7c711ffffec238c707aeeae1cc9d
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\19b40d8c[1].js
text
MD5: 1f66989591ba2941ad580fc977fe2b70
SHA256: 32db3c853f4e673d42654bf6d27857a32b56e1cccf4b80b31a426cc151b9af63
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\search[1].htm
html
MD5: 96f1d8fb7cdf13a65a714c024fd406a5
SHA256: 604668670975e42e5c3f4dbf40323cdfeb5d4df29ab3887b54765bce8764f040
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\SharedSpriteDesktopRewards_022118[1].png
image
MD5: 6eb597bc9922d9d154724c1c95a3c1be
SHA256: 58d05090811e4a2284fb6bd99e5f4af8c5dc62ea2bc0a2cea92c2ec366d7386b
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 050a1d75aba0fdac58b13f54df4da08a
SHA256: 41f51c2f6be418cfeb81712ccbdd0175d4e1e2d2570e00de2f4b48a3061c71a9
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\search[1].htm
html
MD5: b934d9b9278e53205e79e555c4bdbf9e
SHA256: aef09b3f4854943b45e647caa7398c705eca5564f3163154ca180f196ae2df28
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0fbeebc61187747900ba863df4b393f3
SHA256: 9c777be4c1991a860db850dd39f5771ab17859a19b918050ed38bb08af8d4717
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 8dd68dc6bccdf6be72fe67e8c8b58af6
SHA256: 38bd67a7c25b4ae2d477f1ead7ad3b78ebc44b7908733a559798e09d490e59c3
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\qsml[1].xml
xml
MD5: 48d71f4cff339e1199e0f08a0096b613
SHA256: 4f88ce72439709357d5d3256d14337b40424565f1415ed91d0ce981608e40b80
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\qsml[1].aspx
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 0dd8c8710577c117b49a77dd3921233c
SHA256: 2775268116126a02a46e82ede37efb1986b0db59ee55dc46cf3f0a4c0565149f
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: fa25bb791a2e1e76df65006302f65da8
SHA256: 50500cbe8f9538248a66e4fd4ae5cfd514f6de351329d218d59cd807800ab17d
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\qsml[1].xml
xml
MD5: 831ea94f37918ad02959b7f0cb5fe893
SHA256: bf1826ba98ba3ce4255deca4544c400a825465253757de0fe0ea148e9a5c1b35
2352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f04e904bd39ae9c7c6f755c1b257c8be
SHA256: 1876ec97c3ab368f4a9095cf088cee4696f62c79a7b73f4cc22b4cd2ceb31c12
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\qsml[1].aspx
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: f4b496e1f6d9f7f9e822f8aff0e33f1a
SHA256: 4448b0e06c05bd953809f21f25dbb740d3ddac53dfb3c0a28cae500fb60998fb
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3960
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3960
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDGWKQOD\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F05JY564\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTLVW6DA\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z54ZG8HZ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 762aead4b3fa12d3bc8c1b23884520ed
SHA256: 35d94e2ce63f6c34400735f05b8befc7a98055d139a43c5699d5ac652aa4ba56
2104
autoruni.pee.exe
C:\Users\admin\AppData\Local\Temp\~DF299836BC8AB5C7FE.TMP
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
51
TCP/UDP connections
25
DNS requests
11
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3960 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2352 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=v&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted
2352 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=virus&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/sa/simg/SharedSpriteDesktopRewards_022118.png US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=10B6CA08E8354BCBA0CD30EB86F47A1B&CID=3684C52AC8836D472B68CB24C9DA6C6F&Type=Event.CPT&DATA={"pp":{"S":"A","FC":62,"BC":-1,"SE":-1,"TC":-1,"H":-1,"BP":-1,"CT":312,"IL":2},"ad":[-1,-1,772,444,1089,121,0]}&P=SERP&DA=DUB02 US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/search?q=virus&src=IE-SearchBox&FORM=IE8SRC US
html
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/8/2Y/cj,nj/4c10930c/19b40d8c.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=8DD3EB8374174B65A4A1B84B21C42228&Type=Event.CPT&DATA={"pp":{"S":"L","FC":8,"BC":230,"SE":-1,"TC":-1,"H":324,"BP":387,"CT":402,"IL":7},"ad":[164,746,772,444,1089,498,0]}&P=SERP&DA=DUB02 US
compressed
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/5i/cj,nj/a96870c9/9fb0244f.js?bu=Et0f_h-fH6ofgwW7H68fiyCxH8Ufyx_5H_cf6R_ZHucd6h3cHg US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/30/27/cj,nj/3f1e2270/f8c6dd44.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/30/2e/cj,nj/4c7364c5/40e1b425.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/30/2y/cj,nj/bf587ad6/f1d86b5a.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/59/2N/cj,nj/4df0cf24/0120f753.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/6l/5l/cj,nj/6e795a8b/1c156e04.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/Zc/cj,nj/338d9ed1/d772c6a0.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/6h/cj,nj/f28dadef/aea7e831.js?bu=AYwG US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/1bS/cj,nj/a39998e4/6798a322.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/Zg/cj,nj/e3aaa69b/7043dce3.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=8DD3EB8374174B65A4A1B84B21C42228&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Object%20doesn%27t%20support%20this%20property%20or%20method","Meta":"http%3A//www.bing.com/rs/6l/5l/cj%2Cnj/6e795a8b/1c156e04.js","Line":1,"Char":%20undefined}] US
compressed
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=8DD3EB8374174B65A4A1B84B21C42228&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27SVGElement%27%20is%20undefined","Meta":"http%3A//www.bing.com/search%3Fq%3Dvirus%26src%3DIE-SearchBox%26FORM%3DIE8SRC","Line":9472227,"Char":%20undefined}] US
compressed
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/Passport.aspx?popup=1 US
html
whitelisted
2352 iexplore.exe GET 200 104.211.96.15:80 http://0aded00a6d775f04dab8037898d97c75.clo.footprintdns.com/apc/trans.gif IN
image
whitelisted
2352 iexplore.exe GET 200 52.231.32.10:80 http://6bb1c7dbd1a65614eeaed84b5f3c6605.clo.footprintdns.com/apc/trans.gif KR
image
whitelisted
2352 iexplore.exe GET 200 65.52.143.224:80 http://31119e79512735c863ec70af046eb0a2.clo.footprintdns.com/apc/trans.gif NL
image
whitelisted
2352 iexplore.exe GET 200 65.52.143.224:80 http://31119e79512735c863ec70af046eb0a2.clo.footprintdns.com/apc/trans.gif?31119e79512735c863ec70af046eb0a2 NL
image
whitelisted
2352 iexplore.exe GET 200 104.211.96.15:80 http://0aded00a6d775f04dab8037898d97c75.clo.footprintdns.com/apc/trans.gif?0aded00a6d775f04dab8037898d97c75 IN
image
whitelisted
2352 iexplore.exe GET 200 52.231.32.10:80 http://6bb1c7dbd1a65614eeaed84b5f3c6605.clo.footprintdns.com/apc/trans.gif?6bb1c7dbd1a65614eeaed84b5f3c6605 KR
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.222:80 http://fp.msedge.net/r.gif?&MonitorID=AZR&rid=8DD3EB8374174B65A4A1B84B21C42228&w3c=false&prot=http:&v=4&DATA=[{"MonitorID":"CLO","RequestID":"0aded00a6d775f04dab8037898d97c75","Result":125},{"MonitorID":"CLO","RequestID":"6bb1c7dbd1a65614eeaed84b5f3c6605","Result":282},{"MonitorID":"CLO","RequestID":"31119e79512735c863ec70af046eb0a2","Result":15}] US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/G/cj,nj/299bcf8f/8732336e.js?bu=HUjpAewB7wEvLy8v8gHXAS8vLy8vL6MBtAG3Ac4BrAEvLy8vLy_9AboB US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=8DD3EB8374174B65A4A1B84B21C42228&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Object%20doesn%27t%20support%20this%20property%20or%20method","Meta":"http%3A//www.bing.com/rb/G/cj%2Cnj/299bcf8f/8732336e.js%3Fbu%3DHUjpAewB7wEvLy8v8gHXAS8vLy8vL6MBtAG3Ac4BrAEvLy8vLy_9AboB","Line":1,"Char":%20undefined}] US
compressed
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/search?q=antivirus&qs=n&form=QBRE&sp=-1&pq=&sc=0-0&sk=&cvid=8DD3EB8374174B65A4A1B84B21C42228 US
html
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/QM/ic/ead77415/3938fd08.png US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=019CC60FE10745189D77BA896275125F&Type=Event.CPT&DATA={"pp":{"S":"L","FC":8,"BC":286,"SE":-1,"TC":-1,"H":489,"BP":536,"CT":567,"IL":24},"ad":[164,774,772,444,1089,498,0]}&P=SERP&DA=DUB02 US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/th?id=OPE.B4GAGH8gTXN99g300C300:OPE.ugrt8Mwklbc7%2bg300C300&w=86&h=86&pid=21.1&bw=3&bc=ffffff US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/1bU/cj,nj/4dc95416/64097ea9.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/1bO/cj,nj/d5712f1a/e58e5083.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/1bQ/cj,nj/2c4394e9/444ff825.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/1bE/cj,nj/1aef785e/b376bcae.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/8/cj,nj/c69aca52/68debe6b.js?bu=BrsBvgHOAdQBxwHdAQ US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5i/1bJ/cj,nj/54ec784f/17206c36.js US
text
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=019CC60FE10745189D77BA896275125F&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27SVGElement%27%20is%20undefined","Meta":"http%3A//www.bing.com/search%3Fq%3Dantivirus%26qs%3Dn%26form%3DQBRE%26sp%3D-1%26pq%3D%26sc%3D0-0%26sk%3D%26cvid%3D8DD3EB8374174B65A4A1B84B21C42228","Line":9453939,"Char":%20undefined}] US
compressed
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=019CC60FE10745189D77BA896275125F&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Object%20doesn%27t%20support%20this%20property%20or%20method","Meta":"http%3A//www.bing.com/rs/6l/5l/cj%2Cnj/6e795a8b/1c156e04.js","Line":1,"Char":%20undefined}] US
compressed
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=019CC60FE10745189D77BA896275125F&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Invalid%20pointer%0D%0A","Meta":"http%3A//www.bing.com/search%3Fq%3Dantivirus%26qs%3Dn%26form%3DQBRE%26sp%3D-1%26pq%3D%26sc%3D0-0%26sk%3D%26cvid%3D8DD3EB8374174B65A4A1B84B21C42228","Line":9453939,"Char":%20undefined}] US
compressed
whitelisted
2352 iexplore.exe GET 200 13.107.4.254:80 http://b30b530a7eb3c42ea753ae4ed2cac8cc.clo.footprintdns.com/apc/trans.gif US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.222:80 http://71808839d8e3a25db93011a00897dc6c.clo.footprintdns.com/apc/trans.gif US
image
whitelisted
2352 iexplore.exe GET 200 65.52.143.224:80 http://2f8f0165b666d7ca8dc758d18b5df6e1.clo.footprintdns.com/apc/trans.gif NL
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.222:80 http://71808839d8e3a25db93011a00897dc6c.clo.footprintdns.com/apc/trans.gif?71808839d8e3a25db93011a00897dc6c US
image
whitelisted
2352 iexplore.exe GET 200 13.107.4.254:80 http://b30b530a7eb3c42ea753ae4ed2cac8cc.clo.footprintdns.com/apc/trans.gif?b30b530a7eb3c42ea753ae4ed2cac8cc US
image
whitelisted
2352 iexplore.exe GET 200 65.52.143.224:80 http://2f8f0165b666d7ca8dc758d18b5df6e1.clo.footprintdns.com/apc/trans.gif?2f8f0165b666d7ca8dc758d18b5df6e1 NL
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.222:80 http://fp.msedge.net/r.gif?&MonitorID=AZR&rid=019CC60FE10745189D77BA896275125F&w3c=false&prot=http:&v=4&DATA=[{"MonitorID":"CLO","RequestID":"2f8f0165b666d7ca8dc758d18b5df6e1","Result":32},{"MonitorID":"CLO","RequestID":"b30b530a7eb3c42ea753ae4ed2cac8cc","Result":15},{"MonitorID":"CLO","RequestID":"71808839d8e3a25db93011a00897dc6c","Result":15}] US
image
whitelisted
2352 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/th?id=OPE.%2bUp0aICpNxwJkQ300C300&pid=21.1&w=120&h=120&qlt=100 US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3960 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2352 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2352 iexplore.exe 13.107.5.80:80 Microsoft Corporation US whitelisted
2352 iexplore.exe 40.90.137.126:443 Microsoft Corporation US unknown
2352 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2352 iexplore.exe 104.211.96.15:80 Microsoft Corporation IN whitelisted
2352 iexplore.exe 52.231.32.10:80 Microsoft Corporation KR whitelisted
2352 iexplore.exe 65.52.143.224:80 Microsoft Corporation NL whitelisted
2352 iexplore.exe 204.79.197.222:80 Microsoft Corporation US whitelisted
2352 iexplore.exe 13.107.4.254:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
api.bing.com 13.107.5.80
whitelisted
login.live.com 40.90.137.126
40.90.23.153
40.90.137.120
whitelisted
0aded00a6d775f04dab8037898d97c75.clo.footprintdns.com 104.211.96.15
unknown
6bb1c7dbd1a65614eeaed84b5f3c6605.clo.footprintdns.com 52.231.32.10
unknown
31119e79512735c863ec70af046eb0a2.clo.footprintdns.com 65.52.143.224
unknown
fp.msedge.net 204.79.197.222
whitelisted
b30b530a7eb3c42ea753ae4ed2cac8cc.clo.footprintdns.com 13.107.4.254
unknown
71808839d8e3a25db93011a00897dc6c.clo.footprintdns.com 204.79.197.222
unknown
2f8f0165b666d7ca8dc758d18b5df6e1.clo.footprintdns.com 65.52.143.224
unknown

Threats

No threats detected.

Debug output strings

No debug info.