General Info

File name

index.html

Full analysis
https://app.any.run/tasks/609535cf-3479-4686-8288-5404857eab47
Verdict
Malicious activity
Analysis date
7/12/2019, 00:17:40
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
MD5

302a8c7acc5ccbd06bbc3e12cd6c5fc3

SHA1

8c6a407e1f699e5242445a9f71c30b01f8bac818

SHA256

56caecde0634dce506b72ada2c03479cf2ea956e71474695ac20c6e5569e08ea

SSDEEP

384:8TOFvFB+mpPG6nnzFLvBQzeQIyBFVHOnOhQtQXL8qctF78JZ:8MdB39pBQ6QIFhTjI3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2524)
Reads internet explorer settings
  • iexplore.exe (PID: 2124)
  • iexplore.exe (PID: 3448)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3448)
  • iexplore.exe (PID: 2124)
Reads settings of System Certificates
  • iexplore.exe (PID: 2124)
  • iexplore.exe (PID: 3080)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2524)
  • iexplore.exe (PID: 3080)
  • iexplore.exe (PID: 2124)
Application launched itself
  • iexplore.exe (PID: 3080)
Changes internet zones settings
  • iexplore.exe (PID: 3080)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.htm/html
|   HyperText Markup Language with DOCTYPE (80.6%)
.html
|   HyperText Markup Language (19.3%)
EXIF
HTML
ContentType:
text/html; charset=utf-8
Title:
Pastebin.com - #1 paste tool since 2002!
Description:
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
googleSiteVerification:
jkUAIOE8owUXu8UXIhRLB9oHJsWBfOgJbZzncqHoF4A
viewport:
width=device-width, initial-scale=0.75, maximum-scale=1.0, user-scalable=yes

Screenshots

Processes

Total processes
36
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3080
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html.htm
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mssprxy.dll

PID
3448
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3080 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winmm.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
2124
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3080 CREDAT:137473
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\feclient.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
2524
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
662
Read events
546
Write events
115
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3448
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B001600110038008E03
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
65
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B00160011003800DC03
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
360
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B001600110039005B01
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
42
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3448
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheRepair
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{BB2EE39F-A429-11E9-B2FD-5254004A04AF}
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004000B001600110038001103
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004000B001600110038002003
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B001600120006009901
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
51
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B00160012000600B801
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
276
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B00160012000600C701
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
35
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShowClosedTabs
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NewTabPageShowActivities
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://pastebin.com/
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
sohu.com
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
google.lt
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
rbc.ru
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
ch.net
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
xnxx.com
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
howtogeek.com
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
patreon.com
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
shink.in
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
youtube.com
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
google.com.tw
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
google.co.th
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
sabq.org
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
gag.com
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307070004000B00160012000D00AD03
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307070004000B00160012000E00B302
3080
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
1D1E52993638D501
3080
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
778054993638D501

Files activity

Executable files
0
Suspicious files
0
Text files
78
Unknown types
7

Dropped files

PID
Process
Filename
Type
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\024e069d-525f-46a7-911a-7c59471d8c75[1].js
text
MD5: a8e9ea3a7e108901589151cfc876ee72
SHA256: 0b026bd86a829970332cdf41ec5065d4eae47bc35f259942e762c27351a2b88a
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\add_2[1].png
image
MD5: c08acf637da3485ddb91d550ce819b7f
SHA256: 637dd01675f7015d068b7cadcfdf32607fec872ed3ef04ef9013d203a57e2f59
3080
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: de86a6f000f8f84e20bc7eb2c7d320e3
SHA256: 6a5e064af00286681a3ae734e5407a2ea883955d875c5490e597d1ddb8eda021
3080
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 7b31ba10ead1655776a1399d53cfecb0
SHA256: 1e87a7ee7dba5b2ffd0f245339b8a74ede0538c3371b8b778356a09c2684d669
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\728x90_custom_safe[1].htm
html
MD5: ced9fa9f29a82fdfd5bfdd74f9213370
SHA256: 0bdf1f83ff26a6834a8f829fd313f38c41e9108e9e36a79d7fcfdd508e2f3c92
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\cd-top-arrow[1].png
image
MD5: efe22de3178c96657231ddb886fbaf26
SHA256: b800c476dbffdc764f06f0267e3d5b0f8ae0a0c3764ff4e7787f7f388455dd27
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\tags[1].js
text
MD5: 30e6b08d4b0bb4dbe79486415eabd002
SHA256: 2932b803ae4bc59f4fa1f3df05c532aad52906207ad75579e07ec52d956df3c0
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 6614b75f3e5d627bd422bbc8edec33d3
SHA256: 5d78f00eef1ff331971767b08b6365a3b8f17a5101974033baa4c1fa50c5da6e
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\monetization[1].js
text
MD5: 93bc69752f722a7d314af89497daceeb
SHA256: d7dea9b2c3ef275e3fd279a59d73f7c5d7224c833ec34bd7fd0aad6293ddc9e5
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\footer_opera[1].png
image
MD5: 0d50fe9184a08349aeca4820a7948fea
SHA256: 520fcb233d72b3e30c4491aab4ac425baac5faa0918b47491419a8d7bdeff387
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\facebook_circle[1].png
image
MD5: df9d3852095ee88d48e96677794c9b64
SHA256: 71f870b7243ed05cae8e4707adb82c8d6b30174bcd83e5d9b7c60bdee8bdbb6b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\footer_linux[1].png
image
MD5: a2a4a0cbbe46a344eb9bc3a29fb6ba1c
SHA256: e1ec9f1acf0830d76c1a807a32cd47398e0bcbc6dfac6d4792f2a3ab78cd4a29
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\twitter_circle[1].png
image
MD5: 742e69e4ea660eb06e4b9bd33a11985d
SHA256: 9db7a21dd14ba20bee6dc27da7e4cd799a936e9b1b5dee203f24d503b2e89b7f
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\footer_windows[1].png
image
MD5: 41cad9a0876e6400efbea8900214d99b
SHA256: 1e46d7ead177a073e065d10eead66856f03521f60ebab4def0d58c9c971ecd16
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\footer_macosx[1].png
image
MD5: 04e4caf8d305a6ac52e8da255dda1568
SHA256: ea834ee6d3c746a617db8d9bcfe8fb91cda36b1ff34c1c5771f45f833bdcec3b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\footer_android[1].png
image
MD5: a4e3082f14f4a97c4eda3bcf34d678c3
SHA256: 79b2fa9032215e3dff51865bbe0024d7cb9b3f1914b1fb79944347dbfe48374b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\footer_ios[1].png
image
MD5: acd0cf34f96dc97487dc9988e8faf98d
SHA256: df85c7193b05044e0cc8443a8122e92051590e6b86eb0668e43e175a7e7868f8
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\info[1].png
image
MD5: 48afeb8bea2d1b4c3e20ca11603bbdb9
SHA256: 703d23efcb49183ab7f2795739f547fcd42c3d73e77f47b6c614892bb6666cea
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\160x600_custom_safe[1].htm
html
MD5: bc7bee2414d26c39304da822e0473d07
SHA256: 1d1c3305fc6569ae4f61e1c911365f8ce68db1b6e9651ce300ef812353cdcdc0
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\footer_chrome[1].png
image
MD5: 5d564b1931edb42d634e4535d44ab521
SHA256: 96a39b4bca3cb02f0fd18724047cff37cf7ca2ed43240e1631a101e2e308dbd9
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\footer_firefox[1].png
image
MD5: 399183965f278a7e090ec650793cc904
SHA256: de9f869660ffdfc25464f11930933413a3e1efa363dfd35267b9ba7843731adc
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\close_promo[1].png
image
MD5: e04ba5b7d4ef4477f0fecd1eeecb8a5d
SHA256: 3e2c5ee3e670df454c774cd417f12f4ca3083db68091f9184fb29efd2af4877b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\twitter_svg[1].png
image
MD5: c54a60e5043ea550cc57939dcd219fb1
SHA256: 2a8f23d3c4e9b734cbbdc94448337ef2598d61bcdd475dd5a4d1b7fdaf019152
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\hello[1].png
image
MD5: 9885e183322cd220b79afed066d22421
SHA256: 8040db06855291ee0489a814aee5d975ce5acfe272b26ec98597b005e4d5789f
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\google_svg[1].png
image
MD5: c9f85aa1aa112c81cd6eb7bba5d9b1b8
SHA256: 2a07386b035d6a1f9aa82fb1edfa61dc65be2479b62a7909986e2b82d1151b84
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\facebook_svg[1].png
image
MD5: 8484d98922ed8020ff09202443d836ea
SHA256: cfda531c613a3bacfd789e014cd6f5c9c792d50f136dc15c7aa65144a2af1f7a
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\highlight[1].png
image
MD5: 3a6a6bad5553d1a5f5f6d8dbb1930575
SHA256: 2260a485b55a9c33f252cbeeab84359a4b1c0c995e6b2d6492a54d2c793aa565
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0b55c72c100bb681de1d34de0a903b0b
SHA256: ca9a16f8e6305de991c81b3d39c1bd54a16f15ae2c4403de1ee97e67e68430f7
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\j[1].ad
text
MD5: 38a737c944e638986a6e55468d1af7ae
SHA256: 7ef972f4716db94e440cd885503d5404dfc366af54f6af916f36bd0d0bc3472b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\steadfast_3[1].png
image
MD5: 058f56c202c758bf116bf79fae41e554
SHA256: 030321a4f2cb7dc8e1a72bd85c8c15b9fd5bd1dca60de4f3ae653e712ff65b38
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\j[1].ad
text
MD5: 4963b46affac0a722a6254863816dbee
SHA256: cf4b2a9cef04c8838412657549d3182e4d812540d97754398a056e6804568458
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 03d031fe87461db145276a96de9d1b73
SHA256: 7c2918a12d9220ca9fc72b2ddd1ea841093614b47f33104d855a0fed7ef6e7e1
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\displayAd[1].js
text
MD5: 93613d7d62aa3f6dfdcead1ca16cd607
SHA256: 25d02755c2c0d38b3aa1025b9beadf9f80e78ebc34d80cf1a6b67b2a5c4b0757
2524
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 26a35e0389d616594e0d274c088851a0
SHA256: 4c56dd30b701d9fa023646e0938e4071a2859abc783231d211492a607bf17113
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\tags[1].js
text
MD5: 8c29fa4db0db7a941c8a86ee5f100161
SHA256: 92b87abb356374a643171cd4158fe037c7913548ae9a13a1530273da4d048beb
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 5a9d7a30aa4b753e47de2b6c3b9962e3
SHA256: 7a368b2c17b6d106f9621882de77f141947c1fa3a58704fe2d8712425a91d5d9
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\analytics[1].js
text
MD5: 4d88a66690f3506e6a2112b1c4dce0b4
SHA256: a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\public[1].png
image
MD5: dd39038d65d4c33e37e15eaa61e575d0
SHA256: 1fb72c2609597452b616197d9cf4bd65e48e5ceb998936aeee8ee8994b1c403a
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\dd_signup[1].png
image
MD5: d242e37033719ef87cea81b305029cb6
SHA256: 0f857b21296554f6f155efab47b59ed4398183c9c8e83f7374d6263a7c9eafcf
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\dd_logout[1].png
image
MD5: 8452e595cf51664e4204a74cb3ad6ea1
SHA256: 745cb8eb9fc2582d544db11e3d1351a9c96f1b65bfcbe96fc1506527a18cb2e6
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\dd_settings[1].png
image
MD5: 7515a9b3e172119ca8953f8b336dac31
SHA256: 2aa1657cc01cbd5e50c8a6de27ea8e811cf8c2bb8d182d8946c628ad3fe0b4e3
3448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: 1d0af452df4039d61c6d76977b604a3a
SHA256: d6e39160837e9b2428f95f1b224c073b1ce12ca98a2c74dfd88ef287df7f5117
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\dd_alerts[1].png
image
MD5: a2f13121508a84ea9100888d8590b420
SHA256: df418a54adb533554fec3e2a4fb348625f539469f11380963942511835a3c771
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\dd_pastebin[1].png
image
MD5: 3553627907c829d0524bf1ba18889ef3
SHA256: 7fc2927c6ecc0e0402558ef08cdac15420bf7699cc9c5976f2ae72a3af10d0d1
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\dd_messages[1].png
image
MD5: c547e56a72dbdc1f2c889eef5864ce5e
SHA256: fd1fd8dff30cc102766aa53409d2f292e413e5b9b4be66814c697c90e1c48da3
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\search[1].png
image
MD5: 2e332d3857d9f490afa80278fed2c59d
SHA256: dcf1268c850c2e448c01958bd3fc92fe2ae6a661353ac6238104ebfb57b04cbd
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\pastebin_logo_side_outline[1].png
image
MD5: c04332b579f7bfad2a866291611efc6e
SHA256: a0bb893da5412b75e25ef7bb44285e3e0de74c550f7a2a7e40cb5fd29f82ba41
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\menu_down[1].png
image
MD5: eb7a9d7f59f0de3098b4472890978dbb
SHA256: 56c4ce67d315f88d68e3e1a5a52049bc892096c4aab3e534226c29704886af20
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0077038753d210d35259c1b3f00e2589
SHA256: 627d31bd89d4498acea5f8c3cc5711c4fb04735ef3d29f1213d2900d8d0dede8
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\header_bg[1].png
image
MD5: eb35ccd611aba7ad8f57f807a34385e6
SHA256: 7a735f35356d3ca513b6c242e3f4c1034557e01faaa774b4e14feaef46ecdaac
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\linebg[1].png
image
MD5: b9d3fd2f70ce593bbb4975c7f73a1489
SHA256: d45d1b49b5918ea0ffa0b3d119995b96b558147f618f0ea1897906252be7bcb4
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\guest[1].png
image
MD5: c07d2d8c224a71d2bd407547060918d3
SHA256: 3a0173182211c356718cc39291f5753a21fefe7422665f2bcd2a2798e02e846b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\t[1].gif
image
MD5: d44ebb7184c776b663f036174faa361a
SHA256: ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\js[1]
text
MD5: e145d79f48199de331bcff3a527bf750
SHA256: 26291b01952a8bc2b3d017887eabe8333921c10ba35123168d857ff61e392515
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\select2.min[1].js
text
MD5: 20b2763c0b177fe852309949cadd2a88
SHA256: 4598a43124dcf116a169dfe92aa176f552ed3dcdf7b2493c719a76a4f65cf377
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\select2.min[1].css
text
MD5: d8e0f13d36d91e52d7b87cb9fbde723c
SHA256: 6825f2517a695b2fc21140d7535076290907cbeac447008fb598efebb10d38c3
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\pastebin.min.v3[1].js
text
MD5: eb31f0c11dca3b14aa69ea6567577370
SHA256: c553d405e7a0d873f69083ecb231e12a1123206c612d8fd8c675e9eabb264f3d
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\pastebin.min.v9[1].css
text
MD5: cbc49fc485d106324f7488f1f6520f08
SHA256: 7e4498335b6f73a222e423a935274212a50b0ec452b25bdac10181622a75285d
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\pastebin.ie8[1].css
text
MD5: 05667dccf52b82862bb3011ba0c2f94b
SHA256: 34f32c3139a13995eb43292182478f5c182e9a1c8015195d3ed980331a6f3536
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\jquery.min[1].js
text
MD5: 4a356126b9573eb7bd1e9a7494737410
SHA256: 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\pastebin_com[1].txt
––
MD5:  ––
SHA256:  ––
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\pastebin_com[1].htm
html
MD5: 5a33069c20232b27be5d9b2cde5c739d
SHA256: f0f7664758062b212782489d69541c454f0c481cf80811efaf71e5def8d2a81a
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 3f3215d2bbf41d54743f394138119ca5
SHA256: 14f2ef6bb21bec2b3f88fbbcd223be5d75bb8d5aee5960eb2483603dec70c3fe
2124
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 9317946368dac6f983e1e353c729a7cc
SHA256: 89bfac6dd0046501247c671b82abad5ccdb2f59ca3f49fd258b69673c84002f3
3080
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: c8c656c2506ba690f6609caac5c16f8d
SHA256: 4152ab6b575c9d9da18120c08c17bb95ce050f4ff9c31700e671d0974875b276
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\collapse_nor[1]
image
MD5: 1db46b84e85cdb17503ae7207aaf7b0b
SHA256: 07d2d752739539b205d0f7f3e3ac3a84538151e817f647fa55d7cf2470abd6e8
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 7eafdc92fbba00c0addea71af0e964c1
SHA256: bb6ff5801cc9d2e612ab2e8363efb0f5ca59660b4b120f1b58f25f61da7944a2
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\top[1]
image
MD5: 90ef16b85e7f5469a2e66ea877706854
SHA256: 4b39669bcc31b750e718fcebad952e058dd5f047bcaaf132aa285e8bc72c9996
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\help_16[1]
image
MD5: 0c82e0f286a6f7ad80c8ae1f16836d20
SHA256: 8ec0948024268565e2c956c3b0b29b8e83a93f5a12ca9f8142814ceacc047811
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\close_nor[1]
image
MD5: 073ad35b460551cc0f0bb93b8a1c0264
SHA256: d9a4409feaafcd35f6261941963177a508524c526c87c5171bc85707d165fe9f
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\expand_nor[1]
image
MD5: 897ad8408a1cb6a37f8c8a1756c6e3fa
SHA256: 1d0059946a9c05b0747fe7208a96be14b5ee888f33fbf3eab2d9a01518eb3569
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\NewTabPageScripts[1]
text
MD5: 765888745d8041977e869cca85899ebb
SHA256: c5b5bfe1e05239c4546c50c7e37ee89c0c34a9fd12a923321d93d54602131055
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\tabswelcome[1]
html
MD5: feeadc5ac2822eba76af190dd5697011
SHA256: a61b3cbcbfa0f127739d8a73ad6375db85fa725938318e5c7cb7f187a69aaa43
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M1PW2HXM\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 7bbd525ba6b548250e091fa2151c48e4
SHA256: 8f2f7ec895440b77f9ada57d0a2efaba9f35d0565969d4f3619c374cbd025021
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CPJKL7F8\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2124
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TGBR34B\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\js[1]
text
MD5: e145d79f48199de331bcff3a527bf750
SHA256: 26291b01952a8bc2b3d017887eabe8333921c10ba35123168d857ff61e392515
3080
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3080
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3080
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3080
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
24
DNS requests
13
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3080 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2124 iexplore.exe GET 301 104.20.208.21:80 http://pastebin.com/ US
––
––
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3448 iexplore.exe 216.58.207.40:443 Google Inc. US whitelisted
3080 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
–– –– 204.11.109.75:445 Exponential Interactive, Inc. US unknown
–– –– 204.11.109.76:445 Exponential Interactive, Inc. US unknown
–– –– 204.11.109.77:445 Exponential Interactive, Inc. US unknown
–– –– 204.11.109.78:445 Exponential Interactive, Inc. US unknown
–– –– 204.11.109.78:139 Exponential Interactive, Inc. US unknown
2124 iexplore.exe 104.20.208.21:80 Cloudflare Inc US shared
2124 iexplore.exe 104.20.208.21:443 Cloudflare Inc US shared
2124 iexplore.exe 216.58.207.40:443 Google Inc. US whitelisted
2124 iexplore.exe 204.11.109.75:443 Exponential Interactive, Inc. US unknown
2124 iexplore.exe 172.217.18.174:443 Google Inc. US whitelisted
2124 iexplore.exe 66.102.1.156:443 Google Inc. US whitelisted
2124 iexplore.exe 204.11.109.68:443 Exponential Interactive, Inc. US unknown
2124 iexplore.exe 108.161.189.78:443 netDNA US unknown
–– –– 13.224.227.118:443 US unknown
–– –– 104.20.208.21:443 Cloudflare Inc US shared
–– –– 108.161.189.78:445 netDNA US unknown
–– –– 108.161.189.78:139 netDNA US unknown

DNS requests

Domain IP Reputation
www.googletagmanager.com 216.58.207.40
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
tags.expo9.exponential.com 204.11.109.75
204.11.109.76
204.11.109.77
204.11.109.78
whitelisted
pastebin.com 104.20.208.21
104.20.209.21
shared
www.google-analytics.com 172.217.18.174
whitelisted
stats.g.doubleclick.net 66.102.1.156
66.102.1.154
66.102.1.157
66.102.1.155
whitelisted
s.tribalfusion.com 204.11.109.68
204.11.109.67
204.11.109.65
204.11.109.66
whitelisted
m.servedby-buysellads.com 108.161.189.78
whitelisted
d2na2p72vtqyok.cloudfront.net 13.224.227.118
13.224.227.111
13.224.227.64
13.224.227.103
malicious
dns.msftncsi.com No response whitelisted

Threats

No threats detected.

Debug output strings

No debug info.