General Info

URL

https://1drv.ms:443/o/s!BPphEcAZHSXLims7iCnCy149Vyre?e=XaSoClFJSESgpBQu3Xl2ZQ%26at=9

Full analysis
https://app.any.run/tasks/2a802313-47dc-4a6e-9270-b30a667d9110
Verdict
Malicious activity
Analysis date
14/01/2022, 20:19:45
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

phishing

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2440)
Reads settings of System Certificates
  • iexplore.exe (PID: 2160)
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2440)
Checks supported languages
  • iexplore.exe (PID: 2160)
  • iexplore.exe (PID: 2440)
  • iexplore.exe (PID: 3736)
Reads the computer name
  • iexplore.exe (PID: 2160)
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2440)
Reads internet explorer settings
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2440)
Changes internet zones settings
  • iexplore.exe (PID: 2160)
Application launched itself
  • iexplore.exe (PID: 2160)
Checks Windows Trust Settings
  • iexplore.exe (PID: 2160)
  • iexplore.exe (PID: 3736)
  • iexplore.exe (PID: 2440)
Creates files in the user directory
  • iexplore.exe (PID: 3736)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2160
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://1drv.ms:443/o/s!BPphEcAZHSXLims7iCnCy149Vyre?e=XaSoClFJSESgpBQu3Xl2ZQ%26at=9"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\normaliz.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\usp10.dll
c:\windows\system32\webio.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\ieshims.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\netutils.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wshtcpip.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ieui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dui70.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\duser.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\sxs.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mlang.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\xmllite.dll

PID
3736
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\devobj.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ieui.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\dwrite.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ieframe.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\wininet.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\fveui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mlang.dll
c:\windows\system32\propsys.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\winmm.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uianimation.dll
c:\windows\system32\jsintl.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\imageres.dll
c:\windows\system32\slc.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\mshtmler.dll

PID
2440
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:3478815 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\wininet.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieui.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\rpcrt4.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\normaliz.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\shell32.dll
c:\windows\system32\urlmon.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\schannel.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\sensapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mlang.dll
c:\windows\system32\windowscodecs.dll

Registry activity

Total events
23592
Read events
0
Write events
149
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{520AEF28-7577-11EC-A45D-12A9866C77DE}
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935428
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
ED8884148409D801
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
342347312
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935428
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
642511375
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E001400130031007301
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E001400130031007301
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E001400130031007301
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E001400130031007301
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
F537B4148409D801
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
F537B4148409D801
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00140013003400860301000000644EA2EF78B0D01189E400C04FC9E26E
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00140013003500F00100000000
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000904E703913F363148ED1C428CC2F1E4255FC0AE0CDF907402C8DD54B172EABDA58378037BB58126292409AC279A558D2EC23A554C0A3BDB2812EB0C79669021E42250DAF0DAF51FBB4DC22A39AF0AA2ACBDFC86E768F48C7170DD1F526EE7193C637848C68979F03A2C59CA1DD5583F02C515FBA0F5BFB6A35498B5DF45B30B5898F071F9EAF87479D1B9732F373B04240976A6655A8C26FA30168672952F9B33E4C2FAD1E99E67A86FE5DA09BEADE0E84D2EE42BD160B982557A638FC71D4CD4B8E525907F4B78CBB8ED812995AB4F90023D80AB645F7B19369EA69ED594F43C075D557B95FD40A90EA13681563A4D538A8E903E5D5DEBE0959DC8121AB67D2FE200D713A7C6E93AD350ADD06A50EA8F98230E776674031C34593489705D4C4EBB1C7D883E9CC55A38C178628C0AE40A5D1B6215499A634534F82E953094A9108472F4EC648B8A9B7108F9748541C5F49B6155D250CFD0ADB95C4E0B4556E0744025B962538E4AC97E1107E7A01126A114F4260126037723E3935BC988A0C0E8401C03ACE58F9F6831F7CC73F677EB7D5BD2037F035F525AA59F3AE3149A8F59E665FA2F44A785D9AEAFFD88425F35D942030B3F22B6A623F1766EDFB302051EF5011730BADB0C49362137BBDDD75A13999AA3584E26784BD9138E140E1F66826DFEA498E200C0465A81E32C92E54E5F746E5CC7AFBD8B015E9EB29F2FADE35793308B9FD45F9D66FDA2F63C2B83236A0486CA061148191A13D5B69B41C75F3916BAEA468BBC2DD2219EC4EAB1B1B5D7FC0E0AD3ACEAD1D47AFBEE861E8783BA0A93BE0E3212AB46E857DDA05F788884BCC08D6E0C95275895D2807ABFC6DB6060CFF27A51981114D3E872572EC3D81C98D7838CDA51CCAEE69D47940FAC0564BB44760564294FB586416F82D9A8B71912323DE8A02EF5E73F2EA5DEA80472D9BC04430923BA6081F17A0F442A1793D6EAF05BB7C81318AFA17BA16273084C08F52F1E2CEA64AB27377C6A441A1A763B44F7CF611C096D87DFA18013CA83B01B98991992B2272B842A4344EFD39B87CB82460872F602E3389B9B0F1A689FEC52785B6D5B14EDF9224BE0BA1CB0B29397B4F4D23A80170194B767B864B74A6D770665F480ACC56F429E5D72AA8B676FD2EEEB779C74358EDD34F7B46CC072A969D4B23FA503BAC5D3939979FFCDA340489225BC1B2C64C4E4C66909261E46C21C7563FBDED3A0BBF2DDA6FF6D017A81AA50BC191AC2ADB82F6D9C16857A9051813A627F4266B192B5BE8C44C850D51E034CA261327108CF13ACA4DEFA9F725EB175B08A46C6DE499058396A30F5C54A2127D257B61164BB0B957E5D86E6F17B5659528DBB1DFBEB812CB7A6424A4F2BFBF452ED512DD83172CA2D593C1AF69AFAD736364066378D2FFE08BBA4E8537A16F434C23D6058374CBC97C4C74598B2AE21720CA7B980DBAE5E2ADBD039F293E1B95DEC88A2E1ABE27EE37BA370B39230BA004AF9D1DB2D5F1F1CB6758926735AD5C8145EFF86B61F62F33C4E166645B542E8C6E1394E429B52D315F82FDC16F93B87B467504871C10AED0EE670BB00987E0EA13249C7780C7B6CD8DAF82EA5B44CADCFC4EF08FE97D8AE89BD4986E1CC2D8FA9ADBD4A397CFACA58AA8C009AF09B01FCF145DC6F6EDE2301D50AF9100553525893EDE3E6AC02F4BD3C5572DC2D38B5153A9EBBDB259D82394CCEE45080917DCD14D591C7BEE5FA9D0B3E7BF71677CC49AE23A72E8AF8A0EA3E9F60353089E6004ABE4C83CB65C76B50D10339863A1CCD1BEEA47E54F1A51EB3368644FBEE9C1DB7D21DE80A546AF1E4A727A13E71BFB286B9C5DB8CFA62160C9E206C7A71A7F068EAEB1FCA03D6D9570ADB05AAF0AD6114EEEF17A555004667506B7821250D953D02DFEDBFC61C8CE5461B0A74F8F35CE23819BA8C536FFC4E8725F714FABEC262A3D2F5F87D20BCA3B2E01A90DC8004A08F5558F227A566499C7366B8B4A9B37967D3D9587B03CB87DB49ECCDDD6CD49D3EA24C4B33AAFE12BA6FC7FCF4FCEACFE8FE116951BEBB19992E21287D93CE3AA003AB22498A5ECB6AD77D3E5D9B87924129FDC8E339940F36A457721F2014F83D74A31B1B29379617E2F0E2108221983A516233F19A9BBD4DB3FE6B63FD8027A10C93312AAA4C1FEB75C5B58FC668EFAEA595962EB056AD8857BC492E1331B1549657FD39EB011BCF974F58CD495B86880C52462CA5F80B008060359F9281E5F23587760B0D46DEDE5E946E3B243FCBF06597669D61AE40704A7C938A55901F33EFAF897FEABFE9519CB9818B5CC32CF1E39A8562FBDCA011931A9C306E08ADE3A0B42CAAAA7544637F64E7DFD0AF05067B9B545F5B51B2AE70865803C4BFBAEB783F17AD38E76EBDDF2B89DA98319FB8008794A4879AD410EA1484E68620C7D56280CC598B7C373AD8E6EA9DB50C8E60B59016648404A022E430D56A8D93A5FB59C196A1B44A253453742A7B2EF7C44A7BEF12F15348D9EE60851A31D7B6630753A4FD27A7501B246F5B83D4EB5A5B5F363F726CF4D878BD8CE9F3BE8BFB9CB36ECC940D7CCA97051A51D25CFF4734B911D496A968537FBA3DE03302747EBC1985BD7C3506D5DC604F120DD54F3FD4F20D83C348A8AD6C0E74A33C3FB28C7AA3B26544D07F3C768017101CDFF0DB4B03F07E601CB7DEDF14499408084270D89BF1412AA1AB33F57E649501FEF40280790F1CD0B79203BF15A97E64FE3A29B48C5B8563AAB0757B854433D4C44D71D1BB2010000000E000000385835324E41646D516B412533640200000000000000
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000000C9DFBDCBBB7CD4CAFBB227DBC3F1C3E00000000020000000000106600000001000020000000154A4F6602373FE3FBBAB672FA4605EC92FE641A0966A11C1E868F4F4973EE59000000000E800000000200002000000078EBD71D88CB891D90660CD7162095398F05CF9919A2D7B35BD61D6533C4A1EA500000003A9BCDE39DD6C282EE26383AA46A5588B5080C3D92E3AE6CC528071777DEAA3319F10A8F6EF47E181D310DB91DBB7392A47732825AB369BF07B03014A01B5EDFAF3847B419587F11F8089CCF8CC315CC40000000C400316050EE553AC5F083BE55692FD418C432C6220A039C2A678309B35400B967154083F92064994D2302EA4623C522C8145CF3A3841765370A68F4B8F61E33
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000000C9DFBDCBBB7CD4CAFBB227DBC3F1C3E000000000200000000001066000000010000200000002DE677B1258C504D385FE493DC5820619E10C9013208E51C9FB5F6A4F30E484D000000000E8000000002000020000000F73D348A65716BA98B0EC3DD976525D59CB4D538521CBB7A631B370F5C1D981910000000427935BD106AD33B53D16C690801AD8540000000E5F6CD4EA1658CC110BF758EC1D2CB4CFCB13D23A1CDB83F24972052256FA1CEDCAE195505D5D0BDE3F7A88DBDE7753B39FE438E4D25112D02877FBE52E143FE
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000000C9DFBDCBBB7CD4CAFBB227DBC3F1C3E0000000002000000000010660000000100002000000011DEDDECA54BA9433A2460B3D7D203089EE7B908DA21112C1EEA1B0DC50178B7000000000E800000000200002000000089BDCBA003DE3F1920AAB826E892C373FC8542D37AF6817CEF48FA517E0A800F10000000EB3260CDE4B288462A17B6E7F1D6EB604000000096209CC1955C0E09ECE54DC9F39D01188C429F15571AF5FF0BFC6A1A95EEE217D6359C29FCB6BA2AAE1C635E47B5B5F8EA2D66706562865221F9257A202DCAFF
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000000C9DFBDCBBB7CD4CAFBB227DBC3F1C3E000000000200000000001066000000010000200000003C6A9DD13437F4978526F440467027C581C0098F3CA73071C13F9212CCBAAE93000000000E800000000200002000000048F932B65102983609C24F8762A08DA42FD9CEA5C98B9D5CCD51A8C00E15604B5000000092567E1746C0AB896E3157DA05A8FF34CC9991C1E908A3B55976E82C4EA8D03C21F2A19AB84B821470E564E6C9E804D6EB10DA859510C62D021C09AFBDF5C6038C0F4018D56E4E783E09034AAC078922400000006F8284AED1DC4575E58CD52131C35B194976A6A34BA55F759760C7AAF61F841957E9464A35DDE5BFDF704A45BC9389F05456A6C5D3841EB253431F26544BB9B4
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000C048444783C4EC273E1D1CBAFC5243A185251C243D3E557E5C803BE40716F6BD883FA6942B005619420AC893C707595399BA5E753A9EEDF6D5FF295DB0B7FA3E3DFBF994BDEC78B70BE46870959919F975A5E9BEE6FF3E93627C1D905A62342C749CA44F142A5CAE0ECB13ECA40461CB2E04A136DC019621D015CFC3FDB592A78E41C1854659545A34DFAC2CC1E80AB7E1F8ECFAA744338C51ECA4776C526E74F40CE41FAE182466144072F6FEE5711C9FA1E0E98C68D243A71F932712D72DB42F1C99F643096880590EDB95C09BC50D0D20B0D30A0E83BA79D03FDAEFE5673A0C91E9E729CBA31A5F69589B5DAA742B3A9337F30AD446F0E21D2080771D2065388BCA37F1FD3D3F49712D5E28B25D07AD1B4ABC185B570A5B28D127E91D8690A02904471F413772B846DD5A1253E71D7BD93FF7B14375FF8F0FDAFB7687DB10F38D369A7E364BA3EC08F156532D305837EBE82EA92C235107F45B1316F9B2C450D6BC28F57BE731E9D74E5A3BE09128AF72AD69AAB68BD8C5F55F13A5143231172470054EB278FEADD3F97B930BEB2BA58ED03B5182639F5334CC9F7879C230D9966351497ACB8CE01CEA7398502C626D60A71D3F2EACC806D03299B1C6D433B04E7381B3729B38AAD2D908C54E82F57406B01C675BD58F8EE85831199DE70A786B63F22F3C8C74C2156D4682A5D58FDDA14FD5E6A9BF4C749E41C8EF9C8B4B6E0D15CB6C7764219505C185E6F5A4416852EDC0D6B8C295EE103F9ED664E4377D548A36D9C2BBE9FFC2EF460EDE0CF82D370BD1BC2827647260D45423966340A35FA6E275BF1ABCAB6CF8D70E00AE84E071325F7C9AB351CFACE83DDED00F13F95035D79E0C1D49F42307CE2CFB9931AB2041634BAC88E15E16477C5AB4293B05469A9ACE4B7696A207B6505C6F43EB5065B1052AFFC5DCCCBC3DF7FEE0E24A4D61ACA52C1B75A09638CD2C66FC7EF3095E177A0D3398B931C0231694F5AE9C97C09D28871B280FCCD61FC16042D729C02CCB2AC8E8551A8640515530944DA4D0856D20A6EDFDF89B01E5B6D7E073E399EFCA35BBBEB252395EC1A2895B4CC8E9CF2BB72B30AAAF87D900869378C94D16C8673ACA55ED079B38A7917AECCED37ABE79FF9B8309AB3F7FE7D4F8A9E068BCD5FE73104E87D5C6F0AD5AF9E55DF5647226F2A988B07525113F99D213848BFA3716282E47740D89A4B5A99AE78349B50AC6C748DEB1AF73B01216EE56977B230FBC6252E16D7D057675410093BCFFC3A86B9AB724A324687C24A20612F212427BCC00E5BCB94CC3843A698C8734023C6B2959FBFC40EB4795D03F28E75274D89CD30EF978A8E6D4F0F2310C6515387573D11161058F97181BC20535754CD7C992D875A2B553F33ED9048089CBE95458DF487EB3DEC580462EA459175CAAD9137EEEF47814E162B85E87F1685B3633A7D162EFE029580F57EE3FF6663C8C67E57EED705433078721A1698D54B379C7FB68647D4A850C22217BE3C3A9B46234BEB3748F2CB3824180C09A3FA374E4996DC4438D9691368219F56D82846663BB773E9EA2C534923956DD91317F3F06D94A058CA646EFCC60177CF1409FF10ADC6E3D31E9DF5622298B1623E3E4B2DFF7D04AB097303E99EDFA3045A6DDF548FFD0D1A214EDB96636118D5C207E6F95D886B57AE8A21D7BF905311C0AFE12BBCA811A5C2C8CFDD25EA76001BD1214BB8F4F651F9F4E2E66A5199F1B5CE4E8326B5739DEB573C3B4F13CB1912BAA424EAF1E7AAA586910DA284F9ADADE2817E5682F4C2B322EA9721BB59E62D8039AD626781490A785621BA22842E3AB683F7B0E81742FEC2350017C0C49D259D9BA83B1F55241CC2EC60FFAB2B75F1129004C5FACD20913F7588CD892D0D4762B4448D6BF564FB764DB5CD5A4196FB84CFA0B9F3384FB26A461A7CF035534F00AD6AA72393F6860D840DB96AD881E9B30CDAF67EFAB23B68E0BCEA595F68225B51184DC522D8B671097AD73BC2467D38718124ED9671A6A52F75D202DD5DF85289657908B3F140E497F0C95DA0DFA2A9B7D581C7ED9A86202C3E170431188CBE503386CE297D676C397CC4A9763298B809B1993441F5CE37210C92CDCC85B1371FA32840C547B3C6181F34B9D469F32DD1260C6925A6A4FE67E355B711F71B7E219E27B2D96E75472DC060CD7D652BDBB82C0FD77ABC075CFADB28DEF31B2028C01AB75717DE548D047981DA7330EFC0F8BBD2F24305B30BA3DC3094B216CB12C532F95BD287EB521647BA2AF7DE0A158CD4B06F80A334C69CFDC05DB0D673FDEADA507E5B9122096D1FDCDAAD470B524E86874A859F3CA1201BCF15F17CA0A1BB188A7014F9D1EF430C57ABE5882DE5D7C16DD023EF3693874E7D2D65D0444E0FD4529400AC5C8762045CB8B29847F27293BCD03D7FA8237C89CAB2F019FAE993213D78D096A7C8040D3DB896769996C8F493CDA45F736C29DE1FBA9210A302DF159E5C36E77F4FE326685813231858E4DFC6695A868EBA193AE4233DF4B32A6D87A4BF458B9AA65959D30B5AA508198054A330D218814B94A35A28D5982D10F895B342BE7B08FBE0881B833F0C902BD56E92A8CCEE5561F6329835CB1C4E1C4A2DEFE753B8D0AE02D555C6B22BBE4C8E0D8FCBAD0F7EB067C67539E05FCB898C42FC9B9730C5377A3EDC07161CA5BE1436F96734822663336EF4C1F7761D413905392D3B182108509180546CD62C01B1F18C90154EEBAF9318D538A257F468CA462E518149B52E40197E54786F3270114FA83C915D99BC90D82DFE5312CF942A2581A30BCD7D3332AA3EB2AACC9CB31C20E9384AB2528C86A7FF569BA20BDB728A02391C8318DA92317B0415FBA434BC9F1FF1237EFE660E98C30B9DFF32A76D8E6EEA95A879DE88EEA3205BF758D7CC99CECEFD7BF11732830E22AC262515A50204EBD91427C0D0A653623EC51E39A619B15ADAC3E363AC85E35DD813D3AB031FA7C378D6D7DB23631B62F065068C3335AD077D7431DEB697E6F133E0A374A1C8228796EC1A51EB4C86A372DEC9DA8DE3BA321769209CCABE235D8175104D3AF441593534BD21E232B5739819BACDB02C76FD6AA8545A42ECCEB432EF4B5010000000E000000385835324E41646D516B412533640200000000000000
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2160
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E001400140004004703
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E001400140004004703
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E001400140004004703
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E001400140004004703
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935478
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
684269187
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935428
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
684269187
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935428
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E001400140025003003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E001400140025003003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E001400140025003003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E001400140025003003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
27
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E001400140027004003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E001400140027004003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
28
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E001400140027004003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E001400140027004003
2160
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
28
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\live.com
NumberOfSubdomains
1
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\live.com
NumberOfSubdomains
2
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
9385
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onenote.officeapps.live.com
(default)
9385
3736
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\live.com
Total
9385
2440
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2440
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2440
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix

Files activity

Executable files
0
Suspicious files
20
Text files
76
Unknown types
20

Dropped files

PID
Process
Filename
Type
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\wac1-cdc297b4[1].js
text
MD5: cdc297b451dbb9e8eea693c529c28ecb
SHA256: b323d86681653d7e2e92716f79f18a324b1337dd9ad3d456644ca9fb7493ffa3
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\oreolazy.min[1].js
text
MD5: 229d9de4f7b8d1790509bf9b028c8e60
SHA256: 96ea19ceb158641d0e666ef7b8115214b84e02974c3c94ca4ec2cc5583653de7
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\wac2-bf8b3319[1].js
text
MD5: bf8b3319ed0ed69caab2a9d22d6f274d
SHA256: 71d842c9de99f8965d973113b192dd688f1b5d6615a177251c3f141e2ef5f771
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\wac0-efa56458[1].js
text
MD5: efa56458e1ea847a88104532afa18c2a
SHA256: 09f6c8293dec26567f220f12acd488876fbbf40ad2c67e0f0f4766de6bda8981
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\oreonavpane.min[1].js
text
MD5: 9c13f975a6db4b54fccd4bd4d3850319
SHA256: 65da92b3ecb65ddd4048e6e7b4062ad66e6a125495020b9395fbedab45f45491
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\common50.min[1].js
text
MD5: 5f9afa96c6961232e98836024372d598
SHA256: 82d2b13af0bade4bc43bb6b8a38754889b3dc52af62c6e24443e74fc897f3172
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\onenote-ribbon-sprite-lazy.min[1].js
text
MD5: 6d5c23fb97ec71df17deb6c3dcec109a
SHA256: cd123e94a53fd8ee024bb9cb5b250ab3f10fd3da5c1771f566ace9207861082a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\common.min[1].js
text
MD5: b07ec8577d45d22152b5cc70f7128d6c
SHA256: 992e32a03176f12e020f1f7ae36d9d2ba19bc0e8e172807846aee28497b3fab0
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\appChromeLazy.min[1].js
text
MD5: 5429c3d4286be0adb929a686aa43e2f8
SHA256: 5cd61cd6ab9db248091af94c01f0824e69c375b3cccd7e01b2c4c3880d390f47
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\appChrome.min[1].js
text
MD5: 9660fd8d50033721db5c80dd94635730
SHA256: a25008edb3c5a634713d440075245b10443df1e32c4c58774277abe293ad6070
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\appIconsLazy.min[1].js
text
MD5: 24526a07aabee46e7716a6579433712c
SHA256: 276bd96919e19e004b27ba6637995203e80cd7ac6408358a55e131b833e5cc6a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery-1.7.2-39eeb07e[1].js
text
MD5: 39eeb07e6802e2b57f5e10a9ad9bca24
SHA256: d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\officebrowserfeedback_floodgate[1].js
text
MD5: 700852c9edf76da1bd8218a60e4cabd5
SHA256: 561c5ed544f49622b3a48ce24fc6cb4b9a7158491feecc79f349e017ba9aaecb
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\onenote-intl-mlr.min[1].js
text
MD5: 97cbb79a3da276936d47270bcb82ee77
SHA256: fc3130fe1753477c94b2f15145b8ab2ece5eee77daabc29170648d3930d08866
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\onenote-ribbon-intl.min[1].js
text
MD5: d6a8ec98c5d18d2719b1c6904f57db7d
SHA256: b29bcce934d1d66fd44adc531527b9d29dff7e85603fd3cab9b635099d916989
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\wac_s_office-ff051758[1].js
text
MD5: ff051758fb366e834057b18926855a4a
SHA256: befd6b76fa27121afcbc45c7ffaf1ed27728d1e37bd803bd7bda09417c408a5f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\box43[1].png
image
MD5: d212459353e8fd1d2514c77703d44f1f
SHA256: 7ad89a907bfe47019d905b92d0c203082aa75852d39b480e6fbe1718a8ea3647
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
binary
MD5: 13ee686c7c0fda1bfa5c2ecd9799d6b5
SHA256: 47eb9a5f7b2b2667b51a4ae0e320967e8edc989a6ad2522b6deb922f49cb0d56
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\navigation.min[1].js
text
MD5: 91df32d44d96d05480e913144a22265c
SHA256: 6a6468d1b1cc362abb9fc9e18be6d2d2e6199dc329ab6c9167d6ba4ab1252f31
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
der
MD5: f863a6eb6d9b1b8b52ab00b2e8c45391
SHA256: 7faf57d518816ff59b18937f551d2053789b7ff304c696c4a1428a46c6899e19
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\gmail[1].png
image
MD5: 65cdb97a5456baed0af1301408347e94
SHA256: bd16be92685d5ae1a58f84177c09db8d71e3486d039db7dfef80c7b2d4865ddf
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\bootstrap.min[1].js
text
MD5: 14d449eb8876fa55e1ef3c2cc52b0c17
SHA256: e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\hack-run[1].htm
html
MD5: 1304294c0823ca486542ba408ed761e3
SHA256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\css[1].css
text
MD5: 04f7435b2672fbe66984ea436e7087c6
SHA256: f9088c15a062f0c7708c3864c5e261a2e4961dfeb0f150df744faec2e3b74ad6
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery.min[1].js
text
MD5: 2f6b11a7e914718e0290410e85366fe9
SHA256: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
der
MD5: c4815bbdddd37a45a6df78b6c330d07c
SHA256: 29e78bf056e19e529bd143d9c325ae9ff506c0b25b5b8c477171575d5d081186
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\popper.min[1].js
text
MD5: 70d3fda195602fe8b75e0097eed74dde
SHA256: a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
binary
MD5: 24045ec65e641652a511d9a662885579
SHA256: 1bcab977597602e47100ca7b590c6afac50e46e3ce86b0339afd1b69fd0b48d7
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery-3.1.1.min[1].js
text
MD5: e071abda8fe61194711cfc2ab99fe104
SHA256: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\hipoint[1].htm
html
MD5: e252d27b86c61a55f920b6895939394a
SHA256: 43ec0ef16a9741691f830f88a13b44cc1b141b52431c6f06ce7f5724bec772fc
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
der
MD5: 79b74a9512f703a2a56ca99adb7186d5
SHA256: 77af672c20db17cdb6fc3e8a432bd561eb9681f962d7cd29e0a403d6b14d766c
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
binary
MD5: 372706c918f0b41a4f3d94e8f7089d1d
SHA256: eb399362b663ed2194225b37a0155c9060239c86447f939b6c119e061288fa52
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: dbf078815de4323cf09c85409b46e321
SHA256: 9d2b2fb4f79c8c2f8c1d5bb13882a3754a2ef3b97921295af4a8a84f6eb9c879
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
der
MD5: 6dc758dafca329c85c8bbc01cc0ad57b
SHA256: a3d5afda772958b0ae1a2f3cc1f2657836a732c54266ef7eb9df5844e4a19973
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery-3.2.1.slim.min[1].js
text
MD5: 5f48fc77cac90c4778fa24ec9c57f37d
SHA256: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
binary
MD5: 0e04d815bd5af6859889c57156a473c3
SHA256: eaf238c71981636ab1d3d077626e34b116dd44d3289dd65c4246fcec6ebc69d2
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: 77846f52751b1ee517e3d4ffeffc8423
SHA256: 961acb7cf066881549bc48dc3bef7f0718ed75a13688e97570f809b25baa732f
2440
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\bootstrap.min[1].css
text
MD5: 450fc463b8b1a349df717056fbb3e078
SHA256: 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
binary
MD5: ca0e80d1fcf2a1f061829f874d37948d
SHA256: a1d2f5e6eeaa57226f44985c6c15d9f213f409c2a17fde4173908153f37cda13
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
binary
MD5: 7872d5b4b72b3fa5005b2c00c9fb8414
SHA256: 3af92cd04276bd025e6839b53ceeb615b5f655d2451befd0240f83f602f98b01
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\one[1].png
image
MD5: eca50172a6583b16e553e9917fb710fb
SHA256: fff5919a2cbaceae0528522b6c73e4f1d549ca8ee13c680b50ed377dfd2b61f0
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
der
MD5: 3a9132fb193502ef5e73b14a1cf53955
SHA256: d8960d8c731b72ac75ccb4e9680234a9a7b085aec9b5f446478b62f0c2438456
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
der
MD5: 9b980225c891790166a8a8535bb4e178
SHA256: eefabcf46b58056a1447b6a084046fafdbe7d8f512415eff473544202fe1e047
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC5A820A001B41D68902E051F36A5282_30F701A5D3F3E340D2DF9758F7784007
der
MD5: 4304c78bab547121bca304b1a9ff5785
SHA256: 05dedbf370bbcc574e1a62154757718225909ef427fcf6c50b6c5fc33e760a2a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\44327025345[1]
odttf
MD5: b83db46379a90931dbcec27e30d37c0d
SHA256: 1522f5c0f14d035c42540d84ad4d00d92b72240e91784c15c59e12921a1f0d79
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\listAll[1].json
text
MD5: e9fb5a0df105c6f7f80e8b650df56aab
SHA256: a24470762a1f9f5f069c0f70ef53d693d08b7c99797935800ff294bd3b2566f3
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
binary
MD5: 67f96766a99f63da982ff1bc9eac2275
SHA256: ea2e8df69aae35fbf5236670a3a659a12c6e6a6460ba10bee61b2910231bd66b
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\healthSmallOffline.worker.min[1].js
text
MD5: 0823b8663198be65388f77043ad91d54
SHA256: 1660f93875d1da617c7a02fb1d912368adbf233a65c2465aba12ceb43d7d4545
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
binary
MD5: 62fb2dcf9a7c35ef55b9e6aafece2fa4
SHA256: 911e420b4a0458bdbb8d950e65ef70edb7208829d8c58bdbe85503565cea8452
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
der
MD5: 1ba78c901bf35f9710be47ae2a6b3d25
SHA256: 7e96651546ae845fcfeb2a1b3149e6b9edb3198cfb4e6a8155c60951c1874585
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\GetImage[1].png
image
MD5: 6a250bfa936e7f2ef6b3739002d84638
SHA256: 8a8d0de448cbbb1025b1254d323d694f6420d70f271f2ba8f8fa8702b9ca5dd2
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\box42[1].png
image
MD5: 5d71229f6ca9ebff5f7972f01b547c7c
SHA256: abc0fa95b72f082cf4fbb18267cdbd282f2909b65b1b479d7f339db41769946e
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
der
MD5: 029fb7dd858601813ae129d575d2b242
SHA256: 98dba01c5b1a4c1dd4abe3819dbb8a9846fecc746bee19bc15b4626d4c7b62de
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\36796050726[1]
pi2
MD5: ccae5a3cbe37c4f3cfbc3f98e0b93f36
SHA256: 5802737795e427edef6224d56cf32f9641f938adf6c919dc829ce4f748d9afab
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat
binary
MD5: 6a18ad37e50b0c5090742145e3dfa948
SHA256: 49879a021950cf73405537cdb67934f10232bd7a49929e6d2be54b28549a6d37
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\FavIcon_OneNote[1].ico
image
MD5: 7a7a4890caaa77025e1b33a6d6e474ee
SHA256: 9e1da5bf715135491519a188cad977db6cba414071e2407b69d63221379d8802
2440
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_30F701A5D3F3E340D2DF9758F7784007
binary
MD5: 4698a9beb7fb689a6ffe734f935a9b0e
SHA256: daff9a28c94ec057cd47580dd5243f2c57757c8f6190079593d5c27053872666
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
der
MD5: 8b9862899b44c5652d1d8952b90b6926
SHA256: 5f99c7ecc9c233963a19d6aeb1efa179231a7a36ed56c994b75849bef93eb776
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\onenote-navpane-strings.min[1].js
text
MD5: 830098cc39708409d691548e0c097767
SHA256: 35b2a69a145bde905c3bbb3f91bc99dfe75036015e69fd2399652dace85f48fd
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\OneNoteDsES5[1].js
text
MD5: f661a6fdc99438911ff74d6a135b909a
SHA256: 080bea9e8a2d68806b72153b3d231eb7d3aeb57b5c1f592610da8f0bbfc4582b
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\CommonIntl[1].js
text
MD5: 2856e19f0eb00db8866004bf17451e72
SHA256: e6a50817083935c4f50fe778cfe39e544b1bf0a4876d3f76758ca8e6c6692c5b
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\wacBoot.min[1].js
text
MD5: 53a08d45d03d2cf03755a198f20c2530
SHA256: 64674b12d776f21f95af9d10b8fcc5f8dfe720e35b56b1d29a7ee3cd689bab97
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\es6-promise.auto.min[1].js
text
MD5: 889f6a354b79c38bdf62a8792a65329d
SHA256: 5f1addaf2e9f5922aed63d802f2b8afe01c543ed81a7be99ad1e9fdd05c8e3b6
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\Box4Intl[1].js
text
MD5: bc493e8fb9bd013b8e6f0900929c0f4e
SHA256: d379f9dc23a8e04a555433d409e7c1a78d09e3ae9ddbd07b97d919b2170833bb
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7RYGIJPD\onenote.officeapps.live[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\wapsw[1].png
image
MD5: 93a322c8b54119cfe9b2cea455e9204e
SHA256: 390577d35c959ffe7dd2af4519c04410a04fdc4a433b151e27b049fc4a1ab3e9
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sharedheaderplaceholder-icons[1].woff
woff
MD5: 2e33bf8bec243e8ca65ade2c6ad2ccac
SHA256: e5c1e39ebd1262067f33a6505542dde5b313b2b6e68f0f125d10164e027ef7e3
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\WoncaIntl[1].js
text
MD5: 644d85f3508f0a57fb7b9b7ef5dda3e5
SHA256: 29db8ad8c3f0896786480626880dc28d2d26860119d93fe2919fdba45d3a0c5a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\wacairspaceanimationlibrary[1].js
text
MD5: 4d07af76bab425647a1882400750b489
SHA256: 234cae682920ab63f3184948f1e4103b89201a274977ed31097b844cc323afa1
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\MicrosoftAjaxDS[1].js
text
MD5: 819fb6e39b4171551eb4d6eced6201fb
SHA256: d8326bb4760631a8487732482af651a31c4d630a4a86a5c34e1bb44cce542e02
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\common.min[1].js
text
MD5: b07ec8577d45d22152b5cc70f7128d6c
SHA256: 992e32a03176f12e020f1f7ae36d9d2ba19bc0e8e172807846aee28497b3fab0
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jSanity[1].js
text
MD5: 503dbbcc83eeb2b323238c330124f30e
SHA256: cf8e38af39f430eabdce3ce75277990346a5127907562ee3f30640aba82e9798
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\onenoteframe[1].htm
html
MD5: ad3b7fa7162486c12960e5e430732e79
SHA256: c9f497764df1f3455fe6f3242633fe622e35ad58949422c1563931d3099329bc
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\OneNoteIntl[1].js
text
MD5: ddb75f5214d6fe7433a11cd2718551f8
SHA256: 1a13c86d31a32ba7964a2c4255188a41393c53fd088065e5a67630d4870387ff
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\onenoteSync.min[1].js
text
MD5: c4b639c1323bc752fd5db2404c30244e
SHA256: 6d3d1aab4ac1986bb525f26a23dc172f5bbe86c925c71f84dd43e6320bf00aae
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\iepolyfills.min[1].js
text
MD5: 2e278557486c8875db934b5673bb0f19
SHA256: eb1835b86c2ebf3ab989c55924e372b5d80285921dc4fe13cd358de97517b07f
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\OneNote.Refresh[1].css
text
MD5: b46b4efea1ca8505f456a53c0dda9120
SHA256: 03bb8abc1b9a5dce76172346223fd8a4d1e50b79ff2f4b66e5a5fe2d3ed7baa2
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\EditSurface[1].css
text
MD5: a230e20feecbb758d7c13303a657eedd
SHA256: 816a0f42a2bf473213a47be1dde62215811d54af1151a1e9916dc215df6ec776
3736
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\H591DG0B.txt
text
MD5: 6bd415035e5c01223c7ec23d8a266b7c
SHA256: 3c47a10a8042b38dc73186fdd4ff690ca45b3a99a054470d471eb5ba7da3b8bc
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1
binary
MD5: 1b46a595e8afaad422d89fd15d46fb03
SHA256: 2178e13dec8c710f126060c6b9d6e1638de01f5293528736c12353c1f71b773f
3736
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZY22M6LX.txt
text
MD5: ef9efe886a9951db81e1e11ec5d910b5
SHA256: ccd3009a4d21f042b856825ef57f5c85663f17071708c8f9f4a51738bdebef55
3736
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\H3UIXPUP.txt
text
MD5: fc8cc8da6cc6e874f23ed7d7516872a0
SHA256: eabff7dcbaf7e8e1bee7bee5f37c4e869673160a52d23b58a5cc81060688ba62
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\aria-2.5.0.min[1].js
text
MD5: bc6439d8cfdd722a54869204ef8ee971
SHA256: e62cb84db10132ea9201bc71a8a93663db97092841687e15a2ecbf7d95ccded5
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\invis[1].gif
image
MD5: 74996e793f8888edd815ccfed177f5ee
SHA256: cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\onenote-boot.min[1].js
text
MD5: 6f5ed1569c1fa3c6f9d389e2249d75e4
SHA256: b2f29b565e05b218e8cb69aa50f6c1b5fe940a42d12877c7407b16e4250b4f8a
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A07532D6AAE6A04052D31515DB38D1D_7CCA9233CBE4173C11816F65619AE59E
der
MD5: 85eaa123c696cf9bcd06c4db03fec4c8
SHA256: 34bc6de3fa5359dfa948ab17e2ae2690524bef7e7a3fb8284171fd74555b396a
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\clientstring[1].js
text
MD5: 06271f27d5d5e9ff84b58528e381d6e9
SHA256: 4ef48d34b6de50b3f08a7c470b018759427815a28ba831655a9f20f708ebfdcd
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\iciconmap8w5v3[1].png
image
MD5: a3785fb010aae2bb3fa284e2d32d2cb4
SHA256: fc76b9828cea03ad4732fb7764636cfdb2c4898f10bcebe1ccdb7654d3ce721b
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1
der
MD5: e521eff0152df53442bb5f3df689f37b
SHA256: ddbcebda56a120904bccf0e661146fc1aacb8e82d20b7d7a8d57b0b1bb210a65
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\onedrive.live[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A07532D6AAE6A04052D31515DB38D1D_7CCA9233CBE4173C11816F65619AE59E
binary
MD5: 3459ad855ca9b50098cfcf4e51cdd9ba
SHA256: 6752694c8a761881812225b1090b8ca4e342e211236397e005a1f049d5475ca7
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
2160
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: 5b0ca877e697e9dfea6ba31380e38cd7
SHA256: 66de0153be0d04d8335122e79ee69da3c46228eb14cd534f12a75e8fa4ac9a4b
2160
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB1E8.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\urlblockindex[2].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\maincss-3d633429[1].css
text
MD5: 3d633429d8e6291c54ff4705e0abff53
SHA256: 63aef72d236cde38c258f82e8797d13cb24cd903f01e83732eede839aa5cf2c5
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\filescss2-7859787f[1].css
text
MD5: 7859787f547559f309a1c3bac15b1484
SHA256: 85b57eaee8f090113ca4eb0584c8e22f1e1a891efbac13b9251676ea5e968449
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\filescss1-11eb1969[1].css
text
MD5: 11eb1969d9ac9f1efc77d65620a7ecc1
SHA256: bd88d1e741693ab877b020059b46be7cf4ef62b46017b2489a8cd1bf9ce5b9fc
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\clientstring[1].js
text
MD5: a588666ceb8d81e8b04bed1a8b343493
SHA256: 1b85916d715314f2099370f4f2fb2b73681bd2c37ae57b165310a4dffe1b41f0
3736
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9V5V4PQ.txt
text
MD5: 588cf4570a9076bed8f34fba56c982f0
SHA256: 64e510cfcd1ebedf6fc6dc0dd045a3e13f72dfc5aa72945e19badb4178e002c5
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
der
MD5: 9c129a9fb04e7107688a7bef828a19da
SHA256: 68c8fadf7e6473c47570c6df544249e5ec358e716b347fd269a7612512eccd3f
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\redir[1].htm
html
MD5: 9d4d511ce6e9082c08767d3bd644358c
SHA256: cdbf76db114d1fcd2f5c8b68789a43c8c7972e90f8ecc57e098bf567a4e363e2
2160
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
binary
MD5: 4b91b2d790109fe56e96928f05b59bce
SHA256: 4615d748cac31d44ab24d93e527cea5a1dd56c5892cbea3e9b2f4641328f66fd
3736
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\48HYY59N.txt
text
MD5: f7de6b7ca82240c153eef4c5afdbc1a7
SHA256: a9092c8ac312f09018484038616ecb425840b789fc9114760140527f3d953b8a
3736
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\J0G1AJTV.txt
text
MD5: 17a72b998dc0c36d34720429cd3adef2
SHA256: 5a4ce55c1e5ac2483546946ad263dd1dd045fbe3bc16505789df8297f79dfffb
3736
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\view[1].htm
html
MD5: 2ca7e20c9642f9948bffc5b5fcf17583
SHA256: 5f383cd13bc94dc73875c6b164b4c574b36b6cfc1b5fb0ea1248bda94895dc91
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
binary
MD5: fcd50120e29c2094d35a162b674f2044
SHA256: 9639a01cd40ab9eb87272242af1ceb878ff4e35ac1ad6abbd6ad1bdd8c255704
2160
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2160
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3736
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 66781e5fd9991a606886f0ae250e1750
SHA256: bccdd55a5731897900d20b311142cf1a181faa11b94beaaa345a5b4e6d62ca68
2160
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
der
MD5: ac68acf50745357d4ea92b214d9e7132
SHA256: ae3f7fde380d2d90571a61378e52b1bc284b4c4c6a1e099f6f022395ebed6154

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
20
TCP/UDP connections
87
DNS requests
44
Threats
4

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3736 iexplore.exe GET 200 2.16.106.171:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?54250d5b91e94eca unknown
compressed
whitelisted
3736 iexplore.exe GET 200 2.16.106.171:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d68f4ae558fb6517 unknown
compressed
whitelisted
2160 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D US
der
shared
3736 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D US
der
shared
3736 iexplore.exe GET 200 104.18.24.243:80 http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRSHuNsR4EZqcsD%2BrdOV%2BEZevGBiwQUtXYMMBHOx5JCTUzHXCzIqQzoC2QCExIAID0mTAYs5VcQIg4AAAAgPSY%3D US
der
whitelisted
2160 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared
3736 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA8XGkjG8iOAkhjNLtbdwOg%3D US
der
shared
3736 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D US
der
shared
2440 iexplore.exe GET 200 18.66.92.73:80 http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D US
der
shared
2440 iexplore.exe GET 200 52.222.250.112:80 http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D US
der
whitelisted
2440 iexplore.exe GET 200 52.222.250.185:80 http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D US
der
whitelisted
2440 iexplore.exe GET 200 18.66.107.220:80 http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAebvagl9jZ43t8GJbkVRes%3D US
der
whitelisted
2440 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D US
der
shared
2440 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
2440 iexplore.exe GET 200 104.18.31.182:80 http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D US
der
shared
2440 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
2440 iexplore.exe GET 200 104.18.30.182:80 http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D US
der
whitelisted
2440 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D US
der
shared
2440 iexplore.exe GET 301 104.219.248.46:80 http://shopget24.com/images/sampledata/hack-run.png US
html
malicious
3736 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3736 iexplore.exe 13.107.42.12:443 Microsoft Corporation US suspicious
3736 iexplore.exe 2.16.106.171:80 Akamai International B.V. –– whitelisted
2160 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2160 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3736 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3736 iexplore.exe 13.95.147.73:443 Microsoft Corporation NL whitelisted
3736 iexplore.exe 104.18.24.243:80 Cloudflare Inc US shared
2160 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3736 iexplore.exe 13.107.42.13:443 Microsoft Corporation US malicious
3736 iexplore.exe 13.107.6.171:443 Microsoft Corporation US whitelisted
3736 iexplore.exe 95.100.208.244:443 CLARO S.A. DE unknown
3736 iexplore.exe 92.122.252.175:443 GTT Communications Inc. –– unknown
3736 iexplore.exe 52.109.88.143:443 Microsoft Corporation NL unknown
2160 iexplore.exe 92.122.252.175:443 GTT Communications Inc. –– unknown
3736 iexplore.exe 52.109.32.63:443 Microsoft Corporation GB whitelisted
3736 iexplore.exe 92.122.253.206:443 GTT Communications Inc. –– unknown
2440 iexplore.exe 3.86.152.72:443 US unknown
–– –– 18.66.92.73:80 Massachusetts Institute of Technology US unknown
2440 iexplore.exe 52.222.250.112:80 Amazon.com, Inc. US whitelisted
2440 iexplore.exe 52.222.250.185:80 Amazon.com, Inc. US whitelisted
2440 iexplore.exe 18.66.107.220:80 Massachusetts Institute of Technology US whitelisted
2440 iexplore.exe 69.16.175.42:443 Highwinds Network Group, Inc. US malicious
2440 iexplore.exe 104.18.10.207:443 Cloudflare Inc US suspicious
2440 iexplore.exe 172.217.16.138:443 Google Inc. US whitelisted
2440 iexplore.exe 142.250.185.74:443 Google Inc. US whitelisted
2440 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2440 iexplore.exe 142.250.185.195:80 Google Inc. US whitelisted
2440 iexplore.exe 104.18.31.182:80 Cloudflare Inc US suspicious
2440 iexplore.exe 104.219.248.46:80 Namecheap, Inc. US malicious
2440 iexplore.exe 104.16.19.94:443 Cloudflare Inc US suspicious
2440 iexplore.exe 104.18.30.182:80 Cloudflare Inc US suspicious
2440 iexplore.exe 13.32.99.121:443 Amazon.com, Inc. US unknown
2440 iexplore.exe 104.219.248.46:443 Namecheap, Inc. US malicious
3736 iexplore.exe 20.42.65.89:443 US suspicious
3736 iexplore.exe 2.16.186.96:443 Akamai International B.V. –– whitelisted
–– –– 2.20.22.197:443 Akamai International B.V. –– unknown
3736 iexplore.exe 40.90.142.224:443 Microsoft Corporation US whitelisted
–– –– 52.142.114.2:443 Microsoft Corporation IE whitelisted
–– –– 152.199.19.160:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
1drv.ms 13.107.42.12
shared
ctldl.windowsupdate.com 2.16.106.171
2.16.106.163
whitelisted
ocsp.digicert.com 93.184.220.29
shared
api.bing.com 13.107.5.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
crl3.digicert.com 93.184.220.29
shared
onedrive.live.com 13.107.42.13
shared
spoprod-a.akamaihd.net 2.16.186.96
2.16.186.58
whitelisted
p.sfx.ms 13.95.147.73
whitelisted
c1-onenote-15.cdn.office.net 95.100.208.244
92.122.252.175
whitelisted
ocsp.msocsp.com 104.18.24.243
104.18.25.243
whitelisted
onenote.officeapps.live.com 13.107.6.171
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
c1-officeapps-15.cdn.office.net 92.122.252.175
whitelisted
onenoteonlinesync.onenote.com 52.109.88.143
whitelisted
officeclient.microsoft.com 52.109.32.63
whitelisted
fs.microsoft.com 92.122.253.206
whitelisted
aluminum-powerful-rainstorm.glitch.me 3.86.152.72
23.23.235.119
3.90.93.100
52.44.125.193
3.234.98.145
52.45.138.32
unknown
o.ss2.us 18.66.92.73
18.66.92.70
18.66.92.207
18.66.92.28
shared
ocsp.rootg2.amazontrust.com 52.222.250.112
52.222.250.185
52.222.250.174
52.222.250.42
whitelisted
ocsp.rootca1.amazontrust.com 52.222.250.185
52.222.250.112
52.222.250.42
52.222.250.174
whitelisted
ocsp.sca1b.amazontrust.com 18.66.107.220
18.66.107.5
18.66.107.157
18.66.107.199
whitelisted
ajax.googleapis.com 172.217.16.138
shared
code.jquery.com 69.16.175.42
69.16.175.10
whitelisted
fonts.googleapis.com 142.250.185.74
whitelisted
maxcdn.bootstrapcdn.com 104.18.10.207
104.18.11.207
whitelisted
ocsp.comodoca.com 104.18.31.182
104.18.30.182
shared
ocsp.pki.goog 142.250.185.195
shared
shopget24.com 104.219.248.46
malicious
cdnjs.cloudflare.com 104.16.19.94
104.16.18.94
shared
ocsp.usertrust.com 104.18.30.182
104.18.31.182
whitelisted
logo.clearbit.com 13.32.99.121
13.32.99.36
13.32.99.33
13.32.99.69
shared
browser.pipe.aria.microsoft.com 20.42.65.89
whitelisted
static2.sharepointonline.com 2.20.22.197
whitelisted
ajax.aspnetcdn.com 152.199.19.160
whitelisted
c.live.com 52.142.114.2
whitelisted
skyapi.onedrive.live.com 40.90.142.224
shared

Threats

PID Process Class Message
–– –– A Network Trojan was detected ET CURRENT_EVENTS Possible Glitch.me Phishing Domain
–– –– Misc activity ET INFO Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2440 iexplore.exe Misc activity ET INFO Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2440 iexplore.exe Misc activity ET INFO Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing

Debug output strings

No debug info.