General Info

URL

http://www.corpbenefitplan.net/6b48bee421?l=22

Full analysis
https://app.any.run/tasks/f2a44b31-ec1d-4417-9e79-c85a138cb601
Verdict
Malicious activity
Analysis date
6/12/2019, 03:01:50
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executes JAVA applets
  • iexplore.exe (PID: 2448)
Creates files in the user directory
  • iexplore.exe (PID: 2448)
Reads internet explorer settings
  • iexplore.exe (PID: 2448)
Changes internet zones settings
  • iexplore.exe (PID: 3144)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2448)
  • iexplore.exe (PID: 3144)
Application launched itself
  • iexplore.exe (PID: 3144)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
40
Monitored processes
8
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe javaw.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3144
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\program files\java\jre1.8.0_92\bin\jp2iexp.dll

PID
2448
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3144 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\program files\java\jre1.8.0_92\bin\dtplugin\deployjava1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\xmllite.dll
c:\program files\java\jre1.8.0_92\bin\jp2iexp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\duser.dll
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2684
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "update"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3020
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1560301356"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3896
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3268
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "update"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
932
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1560301362"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2388
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

Registry activity

Total events
601
Read events
426
Write events
161
Delete events
14

Modification events

PID
Process
Operation
Key
Name
Value
3144
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B7BCF75D-8CAD-11E9-A09E-5254004A04AF}
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060003000C000100020010004C02
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060003000C000100020010004C02
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060003000C000100020010004603
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
28
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060003000C000100020010007503
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
608
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060003000C00010002001100DF01
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
98
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\iexplore
Type
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\iexplore
Flags
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\iexplore
Time
E307060003000C00010002001200AA02
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Type
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Flags
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Time
E307060003000C000100020012000803
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Blocked
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Count
2
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Time
E307060003000C000100020012003703
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Blocked
2
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Count
3
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Time
E307060003000C000100020013002401
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Blocked
3
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Count
4
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Time
E307060003000C000100020013002C01
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\iexplore
Blocked
4
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\iexplore
Type
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\iexplore
Flags
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\iexplore
Time
E307060003000C000100020013004601
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\iexplore
Blocked
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8AD9C840-044E-11D1-B3E9-00805F499D93}
VerCache
A81D374BC73ED401A81D374BC73ED40100000000402603005C000B000E000200000008000E00980309040000
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore
Type
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore
Flags
0
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore
Count
1
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore
Time
E307060003000C00010002002600B802
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore
Count
2
3144
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore
Time
E307060003000C00010002002B00F602
2448
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
66
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\corpbenefitplan.net
66
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
0
2448
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\corpbenefitplan.net
0
2684
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2684
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
2684
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2684
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2684
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2684
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2684
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
update
3020
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3020
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
3020
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3020
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3020
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3020
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3020
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1560301356
3896
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3896
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
3896
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3896
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3896
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3896
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3896
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false
3268
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3268
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
3268
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3268
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3268
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3268
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3268
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
update
932
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
932
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
932
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
932
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
932
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
932
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
932
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1560301362
2388
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2388
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
2388
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2388
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2388
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2388
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2388
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false

Files activity

Executable files
0
Suspicious files
0
Text files
28
Unknown types
7

Dropped files

PID
Process
Filename
Type
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRTOAJK3\all[1].js
text
MD5: 8d70daa2b330f6111c108003ceeebfa2
SHA256: fc3a60612727fc66e47e47d4de4b1d4e5d46021f8d779ee1e9880a1ebf508359
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V94GJJU8\deployJava[1].js
html
MD5: 9c1ae8d324e45716080572dfc20993a3
SHA256: 358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\google-tracking[2].js
text
MD5: cb69354140690c78a11bc529198ea347
SHA256: fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\load_training[1].htm
html
MD5: 73e0af5a532cda93446bd62b1aa0f10d
SHA256: 9bf3598a49a8fe5d08b2c6b1fea85f694cd03f9b6d1fb3415f2412664e999ae1
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\load_training[1].txt
––
MD5:  ––
SHA256:  ––
2448
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\18L2ZIVZ\www.corpbenefitplan[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2448
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 951933b1b59295083f41ba36d0ea99c7
SHA256: 66a1c939847581d871ffee63744f21d2dfdea582de0c442b7ebd0d9235b0163f
3144
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: d6bd2095e40e566a12e556fadd0dd77b
SHA256: 818d4bce96ccccd20570641b4a2dc373c55330c9a7a5157e39e646b6e82d4ebf
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRTOAJK3\analytics[1].js
text
MD5: 80e9f663857fe3a4f3b2826ec5ab4377
SHA256: 8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: 0030dc13d4fc3aa251edce64251ac21b
SHA256: 35ec0876b223b0073aac01f9f7d343e178ca0ea3a732e47c7594a431ee4c46c6
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\wmp[1].js
text
MD5: ffd2cc77bb64d40beeb5d561fffe1f79
SHA256: cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRTOAJK3\realplayer[1].js
text
MD5: 3d7be656672c16a34806c13388410325
SHA256: 88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V94GJJU8\java[1].js
text
MD5: 2bec0061039dc3fb25fc20aaf611d5b9
SHA256: 4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V94GJJU8\plugin_detect[1].js
text
MD5: 00a513f07603df01e3b99be00f370754
SHA256: 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\pdf[1].js
text
MD5: 0d5882d41c8b6e40059c8d9acbcf1518
SHA256: d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 8213e34ca04a1cf72659d9f285cb968b
SHA256: 709f6c9bc353b44f58e8faed5877a105a8eed80f3373b3fb7b4f4420dfd25ebd
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V94GJJU8\flash[1].js
text
MD5: f9ad9a096894ba248e4a1f73e7eba1be
SHA256: a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRTOAJK3\quicktime[1].js
text
MD5: ee73f2f47d51116dc40b85a6b57eaf20
SHA256: 6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\silverlight[1].js
text
MD5: e6dd596d2bc204ea573b868b92028c26
SHA256: 0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\jquery.min[2].js
text
MD5: 8fc25e27d42774aeae6edbc0a18b72aa
SHA256: b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\jquery.min[1].js
text
MD5: 397754ba49e9e0cf4e7c190da78dda05
SHA256: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\all[1].js
text
MD5: 8d70daa2b330f6111c108003ceeebfa2
SHA256: fc3a60612727fc66e47e47d4de4b1d4e5d46021f8d779ee1e9880a1ebf508359
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\bugsnag-2.min[1].js
text
MD5: 85ff02da974c920ae6bfe5f6a602183f
SHA256: 9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\google-tracking[1].js
text
MD5: cb69354140690c78a11bc529198ea347
SHA256: fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 30e0aaf444c3a974a041c7928fb7a96c
SHA256: 6b7c27af558db77cb20d03cfbaf3a0a34899637026b4f355dfbdfb6c31f15333
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRTOAJK3\6b48bee421[1].htm
html
MD5: 0374b0908206ee1aee80f59709725528
SHA256: cb58e27b226aeaa809531b3b58b7aad8d981ed1708c4fb31f593a6c0f315c7fb
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\6b48bee421[1].txt
––
MD5:  ––
SHA256:  ––
3144
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3144
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3144
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: acaeda7cd03f1f218d9b096bedcdb25b
SHA256: c67240eeba67edf588191b180fe9f591d563fc1acf04a590d356bede2415d7b0
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V94GJJU8\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UC0CPG4\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRTOAJK3\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K3Q0K47\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3144
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2448
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
13
TCP/UDP connections
39
DNS requests
8
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3144 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2448 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/6b48bee421?l=22 IE
html
unknown
2448 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/assets/google-tracking.js?g=6b48bee421 IE
text
unknown
2448 iexplore.exe GET 200 52.50.125.73:49152 http://www.corpbenefitplan.net:49152/alt_pixel_click_6b48bee421.gif?correlation_id=8744ecbb-4152-4e0b-86c6-69ad905e2257 IE
binary
unknown
2448 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/assets/all.js?g=6b48bee421 IE
text
unknown
2448 iexplore.exe GET 200 216.58.206.10:80 http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js US
text
whitelisted
2448 iexplore.exe GET 200 143.204.178.230:80 http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js US
text
shared
2448 iexplore.exe GET 200 172.217.23.142:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3144 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/favicon.ico IE
––
––
unknown
2448 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/load_training?guid=6b48bee421&correlation_id=8744ecbb-4152-4e0b-86c6-69ad905e2257 IE
html
unknown
2448 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/assets/google-tracking.js?guid=6b48bee421&correlation_id=8744ecbb-4152-4e0b-86c6-69ad905e2257 IE
text
unknown
2448 iexplore.exe GET 304 143.204.178.230:80 http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js US
––
––
shared
2448 iexplore.exe GET 200 52.50.125.73:80 http://www.corpbenefitplan.net/assets/all.js?guid=6b48bee421&correlation_id=8744ecbb-4152-4e0b-86c6-69ad905e2257 IE
text
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3144 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2448 iexplore.exe 52.50.125.73:80 Amazon.com, Inc. IE unknown
2448 iexplore.exe 52.50.125.73:49152 Amazon.com, Inc. IE unknown
2448 iexplore.exe 216.58.206.10:80 Google Inc. US whitelisted
2448 iexplore.exe 52.216.233.235:443 Amazon.com, Inc. US unknown
2448 iexplore.exe 143.204.178.230:80 US unknown
2448 iexplore.exe 104.111.217.243:443 Akamai International B.V. NL whitelisted
2448 iexplore.exe 172.217.23.142:80 Google Inc. US whitelisted
3144 iexplore.exe 52.50.125.73:80 Amazon.com, Inc. IE unknown
2448 iexplore.exe 108.128.144.223:443 AT&T Services, Inc. US unknown
2448 iexplore.exe 216.58.206.10:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.corpbenefitplan.net 52.50.125.73
108.128.144.223
unknown
java.com 104.111.217.243
whitelisted
tslp.s3.amazonaws.com 52.216.233.235
shared
d2wy8f7a9ursnm.cloudfront.net 143.204.178.230
143.204.178.125
143.204.178.142
143.204.178.148
shared
ajax.googleapis.com 216.58.206.10
216.58.207.74
172.217.16.170
216.58.208.42
172.217.16.138
172.217.22.42
172.217.22.74
172.217.22.106
216.58.210.10
172.217.16.202
172.217.18.106
172.217.23.170
172.217.21.202
216.58.205.234
172.217.22.10
172.217.23.138
whitelisted
www.google-analytics.com 172.217.23.142
whitelisted
dataentry.eu.threatsim.com 108.128.144.223
52.50.125.73
unknown

Threats

No threats detected.

Debug output strings

No debug info.