General Info

File name

Voice Message.html

Full analysis
https://app.any.run/tasks/04d6c70f-1373-4226-a569-9242911a838d
Verdict
Malicious activity
Analysis date
15/01/2022, 00:22:52
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with CRLF line terminators
MD5

93f1358c1f83392c8918b216b7c2531a

SHA1

a3584f36967bcf7a589352dc7d6cb864aeeaf48e

SHA256

6976c16bd26a01e466c158bab2e19d0d63307f12646c7c6b61367986150835ef

SSDEEP

6:q4VAqJmOoiFK5vc0yxRyX0OHat+fh5FZpL6YLJukyydMcGb:mqJmHio5vSxR3OHa07zpL6Y9ukrdMbb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3708)
  • iexplore.exe (PID: 520)
  • iexplore.exe (PID: 2072)
Checks supported languages
  • iexplore.exe (PID: 3820)
  • iexplore.exe (PID: 3708)
  • iexplore.exe (PID: 2072)
  • iexplore.exe (PID: 520)
Reads the computer name
  • iexplore.exe (PID: 3820)
  • iexplore.exe (PID: 520)
  • iexplore.exe (PID: 3708)
  • iexplore.exe (PID: 2072)
Changes internet zones settings
  • iexplore.exe (PID: 3820)
Application launched itself
  • iexplore.exe (PID: 3820)
  • iexplore.exe (PID: 520)
Reads settings of System Certificates
  • iexplore.exe (PID: 3820)
  • iexplore.exe (PID: 3708)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 3820)
Reads internet explorer settings
  • iexplore.exe (PID: 520)
  • iexplore.exe (PID: 3708)
Checks Windows Trust Settings
  • iexplore.exe (PID: 3820)
  • iexplore.exe (PID: 3708)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.html
|   HyperText Markup Language (100%)

Screenshots

Processes

Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3820
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Voice Message.html"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\credssp.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\user32.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\duser.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dui70.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ieui.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\url.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll

PID
520
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3820 CREDAT:144385 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ieui.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winhttp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wininet.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\program files\internet explorer\ieshims.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dnsapi.dll

PID
3708
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3820 CREDAT:333057 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\version.dll
c:\windows\system32\webio.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\program files\internet explorer\ieproxy.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\fveui.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\p2pcollab.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\winmm.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\jsintl.dll
c:\windows\system32\uianimation.dll
c:\windows\system32\windowscodecs.dll

PID
2072
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3820 CREDAT:1447209 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\iertutil.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\version.dll
c:\windows\system32\profapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll

Registry activity

Total events
16798
Read events
0
Write events
241
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3820
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}\52-54-00-36-3e-ff
(default)
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935462
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
476376748
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
176219248
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935462
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
D6C0980AA609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{48264E1F-7599-11EC-A20C-12A9866C77DE}
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000000160037004802
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000000160037003802
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000000160037004802
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000000160037004802
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000000160037008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000000160037008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000000160037008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000000160037008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B0000000000200000000001066000000010000200000001C983B31BC200066C98DAB678364D2C1EC781EE606BE73A4EF11AB8C39961EAE000000000E800000000200002000000005CD9B9A6F5775276610AACDD0D7B420D87DAF5DF3070356CC9F4256E86D02442000000036F83FF4451A1E69B24059BD6AEA15DEB141BEDFCA6645191184535FAE22C10B40000000C75A9431D88D5B40D9A2E3A74CC47A51E371BBB9D7D6C738C04242365CAC9AAD8BB6EDEADFABB95B7A1ACF8571F30524F8C828125679E8E3E50FA634C58960BD
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
706EE70AA609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00000016003A00CE0301000000644EA2EF78B0D01189E400C04FC9E26E
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00000016003B008C0100000000
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
9C74B70DA609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
9C74B70DA609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A607000001667D82C0B0C9F9878CFCB7D3380C9314B711FB8E0DD2E87586BA3970A89014699E448288A7F0C22BC8449B36B2386C8D0F5A31E3A2132028E665A3D12712CFB33F85033E63AF74FDB47D06258C2634CAA10319758DD398EE4788D641A497D017EA36C97B0486DC7BF2C15A5273EC6BCD0CAC3D6CEC588C9C498596F33DE684983DF087CDA95AFE1421BD286C87939A81F0DB6196E0089CFA8C30400E14860E4FDA2D16ED741886FFE0AFCE54E8226AA5EDA137DE892AACCCB07F39BB476B0E7A5F472B7484FD9172D1AB2E66B61E8C81A37CA73508AF0F2A56E3674AF8D32D116D89AD2AF942C24992386F1A11957219B20BA4467B7005601C28BFA645D4826FA59F8F69F3BB9FA4C51ECE19190ADB38BA0695B50354851AA391D870509FBEDAA5EE41B09179501A091183E7EEC924445BEE4877C1EC5BFA8BD39F94376131790FFFABF5F52A9A7EFE76B3F7B0EC784835287E26D3BC96A274C909531C3394158144C0363EE23ACE434F70F57FAFC470E879FAF15AB04297FEE0E39F1D87B1959C3C981D8C0C870A7A3DCFA07BA5819413082EB3766B7673CA2BAA165C87D06F01312387FEF86663428108CBC4424DB558A26E1148AEAD567633763CF83AF7DE4E4864F8B60790DA3AF2ABC27A6351B85655B907EE427B04A315F5E710F1F9772514411DD35E253C047BDFC6BD1B7DD6AD420CD989F67EFCF1EF7575C6285CE8249FE12E75C391663F00B6DDADD88EE1FD1A4B223A4FB6F800D2FFD338C103A0EC509D5BBCDEC29B8AB592E46A16E91EE6A9B8191F5D17EE702281268888B5511E8C78D0C7CAAA2787B594BA14F73F4A088CF8E359D07D70E29907CCD47467D7583235B6B8811594D42321FDCBCE0B2803E6AAAE083AE747F4360B473E4F605A3C8BF105AEF8CED113A871B2AFB1D65077CB8D494D30002A4760C7CDE4392BEA68025561C9821166E3E1378DE035534F04D2381F4605FF137BBAA760E84354BE7DCB4EBD289C53BAE3B74EBE7EE143354AB25F92142ED3C43095C19B684AFA681C0964B8ED1D549BB5E980F2A93F3499E86DAA8CD7449EE006D25D21861C30B6E3BA91E23743832DF88253D4814C03BA80611B6BB0CB83929DFB94AC60522E4174D8B53926FBB5904BA4F36727ED38CFB18705E4BDB1C27A9600F60B187F4FEC6D899263DA9729F050AC1E43B9D72F881BE095B11F3525358F794886CCF8E3966F575AFE7207DB74A639295F58810EC45EC9E34FF717BA5F297E4C509EE0D2021BD3CDF5108027D2EC11131A244590751AA99D646319E3E304119E8EACCE07E60F19ED1FD367C4FCC47DA6403D689B33EFA23A8284E3B1D0C08B9CA91891B654EDF43342DB9BFF5BCD3BAC5BC30FAA3E7D90C6917AF09095FD956366013C69FC5312679547765BA6A63A2E41D6C1064E64BB337566F344225C8CD7F38648E173E348F8A839B068ECF19EC91C9667CF5A440541C96648367E7BC8BF50C989C73A3B01EDAED05F06484DAE12172328D0CCBC32F6CC9B5C0F5FFBB2EFA6E8A72FA5FC0064202C58DCFC599A033D9D2C2E926E97A2762677A6E97C428200053CE456C79E9F376D92361EB7A583202465DCA5F9907A2D25E53BD49EED26D33E1F8AD33A15A588B26D274606EFF637D82AE4C8FDB8B9D7B9BE07B401C17677B5719124F7356CCD1DCAF9B9E59EDF0AD9D582F21A3B5ACA020014B0458D648B8820F2389C319C3ECDFDF927F658964C47A50AE6F0E15C6121476B160BBEB34ED9F2C1D9CA43DD38E235866FD8BF03024241A2421F9E9D1D34C39126F15F82B4C6BF902F2292AE2E7C4077AC2AC17B55EAB7C82647E53BA85C51561698EBE72E71399B9642E8E4BDBA6FD0198E8299BF5F32AF4E084A8E6DBAF2ECFCA05B9AB2F877CA63CCD196E3BE2AC635A30037EBC115624E0293AC206C7858BCA974AD0F7D24831E5E97B739A76515DE08E76BB430B6C16CD54985EB93262C8B5335599E1E464A9A99B93145950DA10E5F1D9FE2CC67499C20DF80904FFD956A3F6DD80CFD24313E1E7A948DA7BF6E6C479CAFD6B574A8A68507BC49C13AB84D0B974E7139B017D48B1C52D7FF9BE4C75F38208C0BA82BA0A3CFCE0007995A0858C3C7C6F1ABBD7082EA9310BC23626649EC5CDBEE88F5971AA91DD942D6E5FBC69D3C7947DDA1C9A1558F29FE9A216BA4010CC77E7906D38A90C656935BAC8AF5B2B3DB59D2B2BD89AA7C5BE5B06FDB0F3375FFDB3513389398137C18CE8AC9851467AA4915D012DBFC128C90532C202C9FECB825843139D5C981F0F264D46E175A00F235FC1AC9354B93DC2184A18F994A5C8E7C374E22F03258BD41808B63491BE3413F9B146C39546C03B78CA9CCF88CD0B5007D754184C1CF6D2665F523BCF789CC851492EC8503650872961F33E806218ED139EA6F31EDC61EBFAC6C2C1014EA3429C47A98BABB5E957164A6AF08F49DFD0F8413D7979209DC2DEF98D3E5E4F7F44972577679749FD7D61CBBF6FAD7D391DA392F8255322993909AE0BBDB8926350790B5AC6031B2E6C0B61D2F5DEA5F945240DEFA0DA2E00809123F99929C0B97816A58141180D7784F2781D3D0E5CF3498D57AD15ED30BE2B6175A6AAB940401D97334AC2AA8017CA3CF91FDF5FD977FCA2843C2E8742EA9B88DF134C4D4F28F2D9B449C4C0363A3DBBB49586BD8107E094250E14B35896A308B9A037E0A04509FC12B0E18928DD419BD9582D1148E6E75655E0E27E5C30B3C00CEE37960929F4D739FBD2CAA21687C010000000E000000385835324E41646D516B412533640200000000000000
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B0000000000200000000001066000000010000200000005F80D86D4BAB70D955D35809CD57F53564C5FA479E7A310D9CF0D81D4C860DEB000000000E800000000200002000000086E0FBE8363BFB5AF08BFC6EA74FBBFD76B8AE11A3E67A2F518D46FA229AE6C35000000072E11571BD665AC3B18B56244F951EE0009704438FA1B058930AA4F401A8D506DB355D06A5A1C77BF0C47EB6F7D446B3D3AE972189FB7EB802BE14372FC4E42D2B08A2134B992F19B28A8E8ACCCBE4E54000000054F944CEC5ECDC8C124FA94967BC136401D49E86B0513DC32B4410B5A0BDE6B98362DA8AFF7781151B50B4593CFDFDED933513C18BF813331D3A4FF9B2A526F4
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B000000000020000000000106600000001000020000000B865CD6D08E04D4CE325B178703E740A0063694EFD56DF146DF0E984473D5D0E000000000E80000000020000200000000FBDCC26C75B5669082E57899164B31A2D413AD848769FCB4993C0DC1DD22E2B1000000071E1F0E814E3E40D328BCE955E968D2F4000000096C61AC68564D3DAB40A1B08D8638BCAA011D53A49A25DE799E0E83FCBD50FAFC3171D7EE0153AD65EC5658907B195860C1E79CC25A1695786D4F9FE8FC7FDE2
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000000170000008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000000170000008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
27
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000000170000008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000000170000008003
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F00000017000B003400
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F00000017000B003400
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F00000017000B003400
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
28
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F00000017000B003400
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935512
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
3820
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B0000000000200000000001066000000010000200000000836C2971BA87AA4E14754C3A55141B447A52246F531018F64C0BE715851D92E000000000E800000000200002000000088AB8A89AF00726DFC3EBA14E60AEFFF59E1FDEBD3F0EB772EE69644257E75AC20000000AB8D5709AE0FD25ED2892819B833DCF0C7620AC07D69784164A56213A51EEDF440000000DFEFE11BBD6D88A2A4DE3A646DD905771DA16DBD079B932F7EC73B1E39A6D2ACB5DF27D09A314A6C303036E8ABCE998E273D1BC8150EA1B96E786B6E6A25B0F7
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
403A6D20A609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B000000000020000000000106600000001000020000000C9C56C366B960A8897DF25B88370E71543AF47426B66186B2EE69C990241600E000000000E80000000020000200000003C3D1460BE7735196CFC342F80A3F09B3E9BE280A5E4A7839CE1A3CC7AF7935C20000000129154B6CC3BD3EDD62161AAB6B999137593B7FBB96267954D8AFF3FF3D2EBBE40000000A4BABB000BF5CF40DB24E03FE686300AD5DE3F86A42E0DE25160B211B397F51B05EA86AD391BE354E5BAB08E685E25C16248CE9FE6E2E9C93E7B0794DD0D4C10
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
E00F4122A609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
90FDDE22A609D801
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B000000000020000000000106600000001000020000000C4E677D0368F2A60315E5501F7A6831323535902EF1879C72F9CA1CDFD449F45000000000E80000000020000200000002A706A6E6A1AE193C9716783661C08A2E721364976C6FED61530884A5B961F0B2000000093A799A9C3ED6AEEF5BE8B7AADE692AE5AB4C0A5602FDEF26922996C3D48E94A400000001F4B35884F56EB8078A5FB88A1B3EE08377208821EC5DC3E057011F4525C7455EE0982597A149D7684D7299E34325EE905C826E6EFD5E67696716C07A140D9E7
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B000000000020000000000106600000001000020000000C28C339050F4DAEAA274B7F673C06AD50D08C874743DDA354668645F4AB76B08000000000E8000000002000020000000A733E5AB52B4F588D0303C1099B264F43F6186AF882FEB42D0AEB466252CB321100000004E34719D8CFE554B71049B91BAF6950440000000880675B19B121CD6E75AF839A5872A9DB198DA470B018840560F62D336880047D1A0E8A90DBD6832A4689F3517E154C57AF946F4F8304F88B15DE81AC66ABC06
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000DB27555D32534EFE29EDEACCD536ECC70E2D10F09C131B03433CA262AE2EDF878312ADE13A33717B156DD170BEEBFBDA62EC3ACD7B76DEFF1A348732E9E5DF3E460EEADD2CE0BD61BC85A87ABC406FA53E0C4B50C7B593F39D9586713361C977BFBABA76257A2C55B9D720BB7DEB8782F52D4A075DF20C535F00AD6844C21C6A15B88FCE3721D799A3026274280A1789EAEF2D22C64BB03BCE13A2B38527A2647FA7BE933FF5595AC3A6B57EC7BE9213A4F292CE4DE2DA646870CB70CBB2BF3F942677A4521687C2AE631805A927B4A1C6D682A0EBD56DE046B5F4FD46824D2347D7CDBF58A4AFE7A8D9F2C504662701613CE90D0B4678ABED83D0470EB7509B2359034D40BF1B7F5EA87BEB019954CC26C28CF7B953E10E447B49A94071CAFAAB4BBF280E875D696F702773EBE195350009B547701EABCFC03B9857AFCF3913084F0789EF1C68075BD108237A5F5D25FCB1839688C5452F78654564FFF3BE351B044CF2C49E90665E6B1F1262314EA3F45A80EA2B6A71BC4A97F1461CFC008A8C09B835BF2D77373ADE1FBBFA789297AEA4F57EB02B34F2CC721A00110A1BB252009C86D8E95395B7C98FA6A15442D35630769F7E2A1BAC4997BDC6E83C05BE0B88F39CA2F26FA1DDCE3AA02CE6F16E3F9CD39206861561B1A42B44B0B41970B3403AE6DE680CE8B58CB27C5B4C6F7606896097E75E873B7B3B9B6516912AD775CA2AC9DD6B779D82A3F970CFA760E5E39791E877D4A5F0F1FA41BA7FF3F42776C594F7C81BD69FA8B3DFF77718CEF3D666E0DFFD06B578BD824E5F7AFA49FAD8D044D2E4988A561C5C3B4A27BD37B3AB9667185D16AB8B30744B81B7C5FBCC328D12D8AF023458433E0A64F5B7CAFA70C8E4AFCA22C0F2D16E7769E376B2D59E9AE62DBF79CDE035F9A59BB52609A25B9AAD8B4B4C71A853126E1C172C3F2BC699632BBD1DD71C412D58C75F2BF11132AD05B8CCB218C9FEFE3B874D076B352C291700960EFF413B7A49F409E45E1A0BA134CF29761E55B9D37442992677729BE96969D76CB1746C8016AD8E72AF25C2164675BAB6D9BE363263D9F0AB0C8DF27BC96C9A57B58590DE32D2BAF5AAB19DACF2E16B94724B84B98FAED3B51AC2717E7A328AEF0075E836F2FB018E711CC703FB7BD12E2845890ABB69206457909F9147E338552CCF9227C074FB5BB1BF31BCAA830FA64FFBF6C308F273D838C0FE569C9C79A7A1D0C45127BFB77DAD607875CFCCD31A9C908A850701B930F2B9586C4F7346064464FF54FBAB6F15FDE949CFE68804ACA89F5CF1BD3FE58EA524B77220846A9237E610D061FE1141C076E36A8A21B87A79A79BA565F4551158E1CE0A9F19706B03C16F6541A6DC2297B382E6D625C3A6134D01438C4020D9ED4993D39DDB42B18BD231B3C485CED85A88C8E3363F794FE86EB76910F29105C9C9BC6C81125184FCA7405A30C54F8426136E024242F59427003EB900E0FDB783BEF0772EFB5B04FE8076FA27BCD04486F745E156446D9797BE4FD197D8FA0E30B11693E8270751F72DAE329667AD39BDFA3C211FC8E476D4AFA9524C20162A15D5815F08F2778B0AB6A0A46A704684C5EDB562B1F95E53427104DD31805D2B57E14B7DAE0041D2E0CF6DEF57BF34434CEDDB4406F48C4C205B8E100CE5973074320D8CDAD53346F128D2B328A8C79782EABA67BE224D83E96F688D658ECB5B193EF42B52745F07BB7EEE90679C8DA02D8C9C6BE2A49216511B03F285C803CB595D55FC621118353B89B826C572717F615674F1C3CC2F27C7C5BAE009437AA02AD8639EAAD634F09FB03F15A53E41522F290A971EA982D4013213F81EE870FA4C52FEB0ABB53F58569765FDDEB6D03AD30ED7FE949F363F10B0DDD8984DF2F8DC7944D4C04AF58DDB71137E5F296558C354F8C68B158586BB1B7C221FB5E3BCB00F72A919CCE9AF6D2F1A38250469CAF9FAB48F3D2D0FCBD0AD1A74F9970C65A839C9CEDC11E1DE56722BCB04ECEEB1B66DD2F9EF8EB32C4F9CB26FB6C54113752800E5EDA2D83AC3598DD6A662A22DD39645A5634243CBF08C0CB4CE16BCE53609598DE1DAD2E30418E0FB1EFA695FF1330F31B19B13C7E4D1E3E067A4D8FD804FC765CA1C90F93C5EEAD958210465C987493EF634E73F5C7E7E98359D1B7AEA45360FA913C39CCA8FC010C3749260EF54FC6C11F66E55BA43F077079F257C62F07A2A8B05C1EC46D0F040F5A876713329DF5B1235FB27A723841F74AA75236046C655DB37B009D1D81809A2FD71B6DBFDB3ABF5DA48D7CBF12431D999B78E6FB42E32405EA7132AA11D0B9248FD50C91E73FD299F9383D0A0D04B4D38A2DF98EE9A5F0921852A2BD929E64188B45FE56B09EF1556594D7366490F5BDA0935B31ACB7E83ADE76EB72F5C3AA40A1E048AE13822B347F6539BA8E01BC38E40B0513E362EDE5891FF0F6C7EA7F726055D397A1136709A23B71DC3961021DC846FA306880EBE518FFD485776CD987ED78BC554CECB26CEA0971E923C8FB610DF94CEDDEFC0A664D488CB72A24BE6DBB1AEC6348681E748181573D692360D1FA63EAA4C20E38CCDAFC07281E4C39F8E44E78C4FF7F803ECDE4F3E6313A7230E1D8DFAB28E169B1971C61EE1DCD4986AE154806571D1DFC62767F423E18006F771A14C46F2FB281B46B83CB3C61E4D4BB816F93228AAE4C6B27B36E490620A93AA99706D483142EB74B717D3D1419B27724EB4260A248B8A18AD50FA15EEDA5BE597D25E935721FB75E34DA110DD75BE381A1275F2DFE33A881BF3AEAAC2A4371BBAA5188B0FE239225CDB995D9281C5D89B1570CF7B656FA9E70C825680A3B91E220CA55AF8C4435842DABB360077B992F1CB35C998643161300F3CB6C68BEF8FEE84ACB2B1A3A559B5A3C712C77B29553D80AA64D71AFFD21545CC35360CC1F340F55CB6DC07311CD5C04074871FA6E39D87C956D6D6EC7BB8A1F9126EFEDCE937909A4C18F15C23C2E14998DF8C35EA32B43D3C36D2C8CA37FEE3EC0F743723F3FC8AB204B4B62F9C334B80711F58711DB64EFA97AB5A4DB43D5357BAE01A6A94EB600842516A6F83AB6EAEDCE3A0327CF91FDD99FBABC54D42DBDC0D4AC4010000000E000000385835324E41646D516B412533640200000000000000
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD5BE99547F991419C02DC29C12858B00000000002000000000010660000000100002000000013428F05DB7AA30AC33F6AC1E3B8124A661519D78C390E5D80754832355C4E26000000000E8000000002000020000000DD94A41406B51A5E4EC29FB504CF039916AEBC78BDD464ECA9BEF09FABA12C2F50000000B9597103C1FF484AF2AD8B8B05FA25C788AF4F760B57A24B9FCF00D6E505287B2CB882A8A6830A8E474114010BACB803F3F1B654E3EED2AF2001291CD9CC6E048CF3DB75295F68502AE15010BD0E630C40000000B859FF057263CCBB906D9816B4C598CC1231F363B16135B64ACEDAD0CB8D52658A8571CF7733B98FBBE53E6A0029A5530C49D2734786358BD35EC83EEC40EFC3
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000000170030004601
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000000170030004601
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000000170030004601
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
29
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000000170030004601
3820
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
29
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A864E5000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workers.dev
NumberOfSubdomains
1
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workers.dev
Total
9
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
9
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\summer-rice-0fad.ivan-ray2807.workers.dev
(default)
9
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
0
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workers.dev
Total
0
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\summer-rice-0fad.ivan-ray2807.workers.dev
(default)
0
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\summer-rice-0fad.ivan-ray2807.workers.dev
(default)
24
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
24
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
227
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\summer-rice-0fad.ivan-ray2807.workers.dev
(default)
227
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workers.dev
Total
227
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workers.dev
Total
140
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workers.dev
Total
24
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\summer-rice-0fad.ivan-ray2807.workers.dev
(default)
140
3708
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
140
2072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:

Files activity

Executable files
0
Suspicious files
11
Text files
25
Unknown types
7

Dropped files

PID
Process
Filename
Type
3820
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat
binary
MD5: 3f910d1b0f059d06ca257b99a80b6d76
SHA256: c059ddb75c03c94d2c4c9b49c57d320e953dfdae2f4ee2b1a87845792ca9490d
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ellipsis_grey[1].svg
image
MD5: 2b5d393db04a5e6e1f739cb266e65b4c
SHA256: 16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon_a[1].ico
image
MD5: 12e3dac858061d088023b2bd48e2fa96
SHA256: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\ellipsis_white[1].svg
image
MD5: 5ac590ee72bfe06a7cecfd75b588ad73
SHA256: 6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\c3e37ce41c0dff45d615bd5382c0db17[1].js
text
MD5: 3f6d75f50592a4f37dca0ec65b29c6af
SHA256: 0eb1a312be8c5dc51483708c14c61b58a2004f303059bec03a2e151465ccc727
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\a3107e4d4ae0ea783cd1177c52f1e6301641404589[1].js
text
MD5: d64aa51eb1a65bb656563d96dc2812e4
SHA256: fdb2a3669d1211f3d4b395d6eb50db37a8dbb0f4d374463140114c8fe2d63e06
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\lodash.min[1].js
text
MD5: c8515f131f3194c32a3670c8e274fab6
SHA256: 23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
der
MD5: c4815bbdddd37a45a6df78b6c330d07c
SHA256: 29e78bf056e19e529bd143d9c325ae9ff506c0b25b5b8c477171575d5d081186
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\microsoft_logo[1].svg
image
MD5: ee5c8d9fb6248c938fd0dc19370e90bd
SHA256: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\vee-validate.min[1].js
text
MD5: 5e18e3d4c35864304d38c3c284f6071b
SHA256: 7649e92aa760b806193241148e8b88f3bc12c4e6cffbc35622a99477db798242
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: 80d73da6623a64c03af2044472134444
SHA256: d09304ceebe2a0e6bb3681aa3b693adbdfbe166ff40824ffb7d9273989989dea
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\vue-i18n.min[1].js
text
MD5: 3c74fd5b6645cb0c44bbc7c1f07f6120
SHA256: 20527289ca6a43abafb1fa42079d6c68425c583d5f93960eae5b5737bf28493b
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\mobile-detect.min[1].js
text
MD5: ad5e6902874557b076942e11a9416b43
SHA256: fc8b081ba3d5a5270fb663b4856ce474277a52421f98a3b8aa385100c342a3d8
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
binary
MD5: 647af325d5d7107dadb2de919dcce444
SHA256: e4dbcc074298cd05b596ca3a8f7e3c5507aafe184506029f6054492dd60d599f
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery.min[1].js
text
MD5: c9f5aeeca3ad37bf2aa006139b935f0a
SHA256: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].htm
html
MD5: 86d26a0497738a0b3a19660339013342
SHA256: c634c15347845c378f5a4660a2c23b97f6691c8a72143b9c38dd4414c78d54af
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\vuex.min[1].js
text
MD5: 7101720ffaa05035a439a00c348cb05a
SHA256: 5f1597d8c4ad4932102d5f5fbb0c35b827d7ccfc58a30ff6cdfe9dd0c3e5efa7
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\Z1uD32sgAlxy7QrCYj49P[1].htm
html
MD5: 86d26a0497738a0b3a19660339013342
SHA256: c634c15347845c378f5a4660a2c23b97f6691c8a72143b9c38dd4414c78d54af
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\vue.min[1].js
text
MD5: 6c81f02ad0bf8e12a66c18cab188d029
SHA256: 9e0156dd49c03744e79bbea60eebbbb94b5811c1b71b91f5fb38a8270dedfbaf
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\8877d2136671a06adec2cde0b0e336bdnbr1641404597[1].js
text
MD5: 79f77c73207261e3236bae680bb2b9a5
SHA256: 74116901ac0ec12dd7af88a1e9ac55a5531f2dac5da8053cfa70042d738587e3
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
der
MD5: 34615e035f22e0f62abb877ef4e65b52
SHA256: 77da562e421b1004406ebda1a1e2576b3b04d6d6e62bbdff40b8c67e0a3c6486
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\8877d2136671a06adec2cde0b0e336bdnbr1641404597[1].css
text
MD5: cb372b95dfcaf79cf09da253aedea8b1
SHA256: 118f4d0a8c85bfbe5e7dfa3162e04e73c6fcda9cf1736b28f9472aa7e03ba2af
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\af0fa9b4e6608aa25f5366974586cfc9nbr1641404597[1].css
text
MD5: f3abff91550a2d1369fc0d18662acab9
SHA256: ad15802e1e050a68743940ee80df17ec71a7a18c2bc8c3f0d24d97be1db0e960
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: c5cb5c0296e864af80f970f0ea083066
SHA256: 2d784dbce7280d94c7aab3ea556a945a1fad6a0bebe4688737e87686be324d0d
3820
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\vue-router.min[1].js
text
MD5: 5d3e35710dbe02de78c39e3e439b8d4e
SHA256: 5a01a4f435ae1e511d874f1abc960898902b1d6d4731c3cf0f3383b1ec3ffd1d
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
binary
MD5: 84579aedd9762c21961d2cc0d780e4cb
SHA256: 33ea829d73641865621bd44a4ca6c5da2459fdafad781165ef7b2fc205fc982b
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
der
MD5: beab9da0aa8e569dd7b0dedba4676d02
SHA256: 7c5ee0ff5ecd229ba442c639096cfb79d50d7fc6841a8e99693393a920a70c33
3820
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: 8402cce5fceb54519445722c37a77938
SHA256: 6f290c96bc6171b8bf566794f135ac5ed4f85b615021556bc3e0a69ce0a0cadc
3820
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\53OQLJDL.htm
html
MD5: 86d26a0497738a0b3a19660339013342
SHA256: c634c15347845c378f5a4660a2c23b97f6691c8a72143b9c38dd4414c78d54af
3708
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\axios.min[1].js
text
MD5: b371b4971205183230cc6c734c09bd7c
SHA256: 6b2114a050aed49f4a24237d4d1f437b75ca10c6fc8623eae23c0558c53a7e21
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
binary
MD5: 32f7afcdb73ea435371cd9bfbc85406e
SHA256: f928da24b74e31ba0eaa420665bc8b02a041d654b3e98e48c80643568e17100c
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\summer-rice-0fad.ivan-ray2807.workers[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
binary
MD5: ea9652f2eeff48225604967b059aa426
SHA256: 23351904681f95e6cade5f3439be139b1ac345256584af13dc9fb8bcfa82697a
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
der
MD5: 4ce3ebbc54bf47d856f19f1bdfd546bd
SHA256: 03887a592e96c10969759d00f7e8e58a8323de635fa9946b111ce1cf3abc6d76
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 35fa46194f74bd1f3c55ef405b4d1663
SHA256: 631006a3efe085454f39762da67a5a2d138a2ca553b94b10afa8e4d0149bd7f5
3708
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
9
TCP/UDP connections
33
DNS requests
19
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3708 iexplore.exe GET 200 95.140.236.128:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0292b2356d7d1850 GB
compressed
whitelisted
3708 iexplore.exe GET 200 95.140.236.128:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?87c41a559c6da05e GB
compressed
whitelisted
3708 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D US
der
shared
3708 iexplore.exe GET 200 93.184.220.29:80 http://crl3.digicert.com/Omniroot2025.crl US
der
shared
3820 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared
3708 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
3708 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D US
der
shared
3708 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
3708 iexplore.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3820 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3708 iexplore.exe 172.67.182.113:443 US unknown
3708 iexplore.exe 95.140.236.128:80 Limelight Networks, Inc. GB malicious
3708 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3708 iexplore.exe 104.21.53.100:443 Cloudflare Inc US suspicious
3820 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3820 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3708 iexplore.exe 142.250.185.195:80 Google Inc. US whitelisted
3708 iexplore.exe 104.16.122.175:443 Cloudflare Inc US shared
3708 iexplore.exe 104.16.18.94:443 Cloudflare Inc US suspicious
3708 iexplore.exe 142.250.186.170:443 Google Inc. US whitelisted
3708 iexplore.exe 199.36.158.100:443 US malicious
3820 iexplore.exe 104.111.246.178:443 Akamai International B.V. NL suspicious
3820 iexplore.exe 172.67.182.113:443 US unknown
–– –– 172.67.182.113:443 US unknown

DNS requests

Domain IP Reputation
api.bing.com 13.107.5.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
summer-rice-0fad.ivan-ray2807.workers.dev 172.67.182.113
104.21.59.187
unknown
ctldl.windowsupdate.com 95.140.236.128
95.140.236.0
whitelisted
ocsp.digicert.com 93.184.220.29
shared
crl3.digicert.com 93.184.220.29
shared
valdia.quatiappcn.pw 104.21.53.100
172.67.211.252
malicious
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
rikapcndmmooz.firebaseapp.com 199.36.158.100
malicious
ocsp.pki.goog 142.250.185.195
shared
unpkg.com 104.16.122.175
104.16.125.175
104.16.123.175
104.16.124.175
104.16.126.175
whitelisted
cdnjs.cloudflare.com 104.16.18.94
104.16.19.94
shared
ajax.googleapis.com 142.250.186.170
shared
secure.aadcdn.microsoftonline-p.com 104.111.246.178
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET DNS Query to a *.pw domain - Likely Hostile

Debug output strings

No debug info.