General Info

URL

http://www.bankfab-ae.com

Full analysis
https://app.any.run/tasks/f98c158c-4cbb-4fac-afea-7e2b1145c997
Verdict
Malicious activity
Analysis date
5/15/2019, 07:17:03
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads internet explorer settings
  • iexplore.exe (PID: 2916)
  • iexplore.exe (PID: 1276)
  • iexplore.exe (PID: 3552)
  • iexplore.exe (PID: 1032)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2916)
  • iexplore.exe (PID: 1276)
  • iexplore.exe (PID: 3552)
  • iexplore.exe (PID: 1032)
  • iexplore.exe (PID: 2920)
Reads settings of System Certificates
  • iexplore.exe (PID: 2916)
  • iexplore.exe (PID: 2920)
Creates files in the user directory
  • iexplore.exe (PID: 1276)
  • iexplore.exe (PID: 1032)
  • iexplore.exe (PID: 2920)
  • iexplore.exe (PID: 3552)
Application launched itself
  • iexplore.exe (PID: 2920)
Changes internet zones settings
  • iexplore.exe (PID: 2920)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2920)
Changes settings of System certificates
  • iexplore.exe (PID: 2920)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2920
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bankfab-ae.com
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
3552
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\xmllite.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
1032
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:203009
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\xmllite.dll

PID
1276
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:203010
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll

PID
2916
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:399617
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll

Registry activity

Total events
1235
Read events
1014
Write events
213
Delete events
8

Modification events

PID
Process
Operation
Key
Name
Value
2920
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032020190321
2920
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
2920
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9
2920
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B229CDB3-76D0-11E9-B63D-5254004A04AF}
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F00050011000D005403
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F00050011000D005403
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F00050011000E003700
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F00050011000E008500
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
315
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F00050011000E007F01
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
83
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
E25E5D75DD0AD501
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000500110027008C02
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000500110027009C02
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
244
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F00050011002700BB02
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
77
2920
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2920
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Blob
0F0000000100000020000000FDE5F2D9CE2026E1E10064C0A468C9F355B90ACF85BAF5CE6F52D4016837FD94090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B06010505070308060A2B0601040182370A030406082B0601050507030606082B0601050507030753000000010000002400000030223020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C062000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F3390B000000010000001800000045006E00740072007500730074002E006E006500740000001400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB1D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D340300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D42000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F00050011002F00D001
2920
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Blob
0400000001000000100000004BE2C99196650CF40E5A9392A00AFEB2090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B06010505070308060A2B0601040182370A030406082B0601050507030606082B0601050507030753000000010000002400000030223020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C062000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F3390B000000010000001800000045006E00740072007500730074002E006E006500740000001400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB1D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D340300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D42000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
2920
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Blob
190000000100000010000000FA46CE7CBB85CFB4310075313A09EE05090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B06010505070308060A2B0601040182370A030406082B0601050507030606082B0601050507030753000000010000002400000030223020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C062000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F3390B000000010000001800000045006E00740072007500730074002E006E006500740000001400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB1D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D340300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D42000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
2920
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9
Blob
040000000100000010000000D6A5C3ED5DDD3E00C13D87921F1D3FE40F0000000100000014000000254F527930383ECBE8B1B23D4940698C516F5A7C09000000010000005E000000305C06082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030606082B0601050507030706082B0601050508020206082B06010505070308060A2B0601040182370A030453000000010000002400000030223020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C062000000010000002000000073C176434F1BC6D5ADF45B0E76E727287C8DE57616C1E6E6141A2B2CBC7D8E4C1400000001000000140000006890E467A4A65380C78666A4F1F74B43FB84BD6D1D00000001000000100000005BF364BFA439F0B0B5487931C26C8A950B000000010000001000000045006E00740072007500730074000000030000000100000014000000B31EB1B740E36C8402DADC37D44DF5D4674952F9190000000100000010000000A62B124070201C18D5E44196E10EE6CB2000000001000000950400003082049130820379A0030201020204456B5054300D06092A864886F70D01010505003081B0310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31393037060355040B13307777772E656E74727573742E6E65742F43505320697320696E636F72706F7261746564206279207265666572656E6365311F301D060355040B1316286329203230303620456E74727573742C20496E632E312D302B06035504031324456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479301E170D3036313132373230323334325A170D3236313132373230353334325A3081B0310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31393037060355040B13307777772E656E74727573742E6E65742F43505320697320696E636F72706F7261746564206279207265666572656E6365311F301D060355040B1316286329203230303620456E74727573742C20496E632E312D302B06035504031324456E747275737420526F6F742043657274696669636174696F6E20417574686F7269747930820122300D06092A864886F70D01010105000382010F003082010A0282010100B695B64342FAC66D2A6F48DF944C395705EEC37911416836EDECFE9A018FA13828FCF71046662E4D1E1AB11A4EC6D1C09588B0C9FF318B3303DBB7837B3E20845EEDB25628A7F8E0B9407137C5CB470E972A68C022956215DB47D9F5D02BFF824BC9AD3EDE4CDB9080503F098A8400EC300A3D18CDFBFD2A599A2395172C459E1F6E43796D0C5C98FE48A7C523475C5EFD6EE71EB4F66845D186835BA28A8DB1E32980FE257188ADBEBC8FAC52964BAA518DE4133119E84E4D9FDBACB36AD5BC395471CA7A7A7F90DD7D1D80D981BB5926C211FEE693E2F780E465FB34370E2980704DAF38862E9E7F57AF9E17AEEB1CCB28215FB61CD8E7A20422F9D3DAD8CB0203010001A381B03081AD300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF302B0603551D1004243022800F32303036313132373230323334325A810F32303236313132373230353334325A301F0603551D230418301680146890E467A4A65380C78666A4F1F74B43FB84BD6D301D0603551D0E041604146890E467A4A65380C78666A4F1F74B43FB84BD6D301D06092A864886F67D0741000410300E1B0856372E313A342E3003020490300D06092A864886F70D0101050500038201010093D430B0D703202AD0F963E8910C0520A95F19CA7B724ED4B1DBD096FB545A192C0C08F7B2BC85A89D7F6D3B52B32ADBE7D4848C63F60FCB260191506CF45F14E29374C0139E303A50E3B460C51CF022448D7147ACC81AC9E99B9A006013FF707E5F114D491BB315527BC954DABF9D95AF6B9AD89EE9F1E4438DE211443ABFAFBD834273528BAABBA729CFF5641C0A4DD1BCAAAC9F2AD0FF7F7FDA7DEAB1ED3025C184DA34D25B788356EC9C36C326E211F667491D92AB8CFBEBFF7AEE854AA75080F0A75C4A942E5F05993C5241E0CDB463CF0143BA9C83DC8F603BF35AB4B47BAEDA0B903875EF811D66D2F7577036B3BFFC28AF7125855B13FE1E7F5AB43C
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
19
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F00050011002F002E02
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
205
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F00050011002F004D02
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
64
2920
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2920
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000500110036005703
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000500110036005703
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
154
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000500110036005703
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
51
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
5
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F00050012000400F902
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
16
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000500120004002803
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
138
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
5
2920
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000500120004008603
3552
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
29
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\consorsbank.de
29
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
20
3552
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\consorsbank.de
20
1032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
9
1032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\consorsbank.de
9
1032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
0
1032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\consorsbank.de
0
1032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
20
1032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\consorsbank.de
20

Files activity

Executable files
0
Suspicious files
13
Text files
101
Unknown types
21

Dropped files

PID
Process
Filename
Type
2920
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF72529251E59F8B86.TMP
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\ProximaNovaTW06-Semibold[1].eot
eot
MD5: acf655b8a38db2a386d2642408b48a7b
SHA256: aa789642c07d840999a29ed69ced23cc14d7237c5832674ccddeb6bb3282b4b4
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{D4963381-76D0-11E9-B63D-5254004A04AF}.dat
binary
MD5: f5d3dd6ac221fd15924a8967b6aa134f
SHA256: 0caa84a23e2ee3bc851dff7ed231e672949fec69cabdc1da2e147d17fe7b05c6
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{D4963382-76D0-11E9-B63D-5254004A04AF}.dat
binary
MD5: b9d383879eabac7d3dd9dab28aaba5a9
SHA256: bcad3d9f9684c03e83b93cedf10dfec2248a3c0485a11a261d4591c9291daf66
2920
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFE33D9D0D360479D8.TMP
––
MD5:  ––
SHA256:  ––
2920
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF52704AD1190B19E3.TMP
––
MD5:  ––
SHA256:  ––
2920
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF12cfcb.TMP
binary
MD5: 74d99914462af37b93f81b0c1c67eec1
SHA256: 9a63adcb6ca89b847a439ad9705a8a049aab28ab6d4610020d0f2b5321b7c2af
2920
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 74d99914462af37b93f81b0c1c67eec1
SHA256: 9a63adcb6ca89b847a439ad9705a8a049aab28ab6d4610020d0f2b5321b7c2af
2920
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\49206H8DPPBR2BZK6OBD.temp
––
MD5:  ––
SHA256:  ––
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2920
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[7].txt
html
MD5: 6788853ea30e14cb4f46a21afb3aaeaa
SHA256: b2a034f3d6e75222ef2db2ecd19f9a842ddc8634543135e216a454e44937398e
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[6].txt
html
MD5: 1ad57870b6e851dac2044eecc1f03d91
SHA256: 830bd507f77216d6395b050cbb23fd923fc26b5b90c5bcb086b46cd0d3bf8cc9
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[5].txt
html
MD5: e1affa6ef1c2e473ce8f32fef1758ffc
SHA256: 642fd6d8f4c88488c6244b784ab8fea5d74026d1c349ec86d9ea28cea227e851
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[4].txt
html
MD5: 8cacd236b105a6ae4c971ed6157bd6f8
SHA256: ab04cf6cba3448d869e0856e94d18ddfef18f22f0fd0f16794519e0020c16256
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[3].txt
html
MD5: 4ff2aabf833b5f04a9b2b68a5cd8ebab
SHA256: ff86aad5aa0ff6fc518507faf9bfe1b33ed7848e0d2ff57ee1c8bc8d91d10082
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[6].txt
html
MD5: 12f6156a5c971cd475bf833e78b34921
SHA256: df372d957a462ee62dbb4e3c99470074c0f754f387582bfd1850f37761ed77fc
3552
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\L677MXQP\aktionen.consorsbank[1].xml
text
MD5: 6424944e28844741b7b14e174658bc85
SHA256: dbf54e1e1bc9f17a1e7bcc824a6370a822945f9ff9412f211b77944ffabfd711
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 4cacfd9121021ce73a1afdcc3339e855
SHA256: 79fb2a0efdef33e961d0765fea7cc895d044ce74f69f123708238f179c2fc7b0
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\s_code_DE[1].js
text
MD5: 65d5a20c61e8010f95718f607d8f2865
SHA256: 77682aef5cdc2e816d24e71b72aafea7b303f3f49a999910ba9670c030bb89b9
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\ev_beste_angebote[1].htm
html
MD5: 28d4a8538855946098944fc996839963
SHA256: 316380250585f642b48431313bfc4bbfeb3f5e46b34550cd1398267fbfd6f355
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b353554f3759f7702c747f9ce2fa5be8
SHA256: f9de7d1c726eebefd722e0077751b7ab3b2427401635782af3a1f41a8e82d2bd
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\ev_beste_angebote[1].txt
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: d4d4954f59318742033e477cf781ae58
SHA256: 2e4071c6f2f9602c89b5af0d96076a1a78cd8ef21fc4fc606f0624f981f48e71
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: ffd1abb248966dc301a4ef884567a1f3
SHA256: 0cb9104ca63e07c118d8ed2e804c1f8824a53fee63543ed1a909f337c86b035a
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: fbaaf1c5ab6fdc25332d1e9e8a75ff99
SHA256: 9e8ab3228986ae3277fa7be3fd11392df0209461449765d6c317a2199f02202f
1276
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\om[1].js
text
MD5: f7504835faafe668bae95bfbf7992157
SHA256: f5896f5dd7e4813bb487c6dd9cd2f9289c3f7a4098c996c0c9b31b89a9649299
1276
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar9004.tmp
––
MD5:  ––
SHA256:  ––
1276
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
1276
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab9003.tmp
compressed
MD5: 7eb117d4f238090940dbe43efbcdf1f4
SHA256: a45a77d256628943190f8aa0f4673496d11dba6bc3569796b6f733465fd005e4
1276
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 2b99744c6122f26be97ebaaef16ab7b5
SHA256: d48d28338ab54de61d5e1c1f4787b6c9d8a34cb8063e321b9737f38a733d5210
1276
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\ads[1].js
text
MD5: a6b3ff07133a1f3c32e36f968894a130
SHA256: e88cc84c668b836ba35caae9d7e3bb3b33f7f641162ccfd927509b262e93745d
1276
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\serp[1].txt
––
MD5:  ––
SHA256:  ––
1276
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\serp[1].htm
html
MD5: 200aec9c06acabd38cd4265f6e936980
SHA256: 3017ddc9f29888ea175df6d00581f362713e28140bbf90a4c068888477563f40
1276
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 4ea9322b837a0c24826e690efbf8f508
SHA256: 943a0432d896d55fb31e85466c59d07bb3cb7907605f91b35e74c9d984078113
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\home[1].txt
html
MD5: 641d5869c9ab8a85e5e86b8fd2d89041
SHA256: 99245e8fe0171f5616061672467c3ee7159209af2ead8e9f440967006016e059
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[2].txt
html
MD5: 2b676869571a9545b6cddc7e2dabb4a6
SHA256: f563b506f77c45fd264687511509cb106b4a08c3b3d47acd5ec4ad4a59f1cd3f
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\home[2].txt
html
MD5: 9c7b613358a186ee365b1456c6b4832f
SHA256: db10b7e88e548329f5e3711e2223e926ccce5afc9f196a6b429abb8936574176
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\home[1].txt
html
MD5: b93a29b877df535149192a0a80e154cf
SHA256: 28142681d5699b1da25e4dc23d88a8866006965fb1cdd04626dc3b14e9160528
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\home[1].txt
html
MD5: bbba32b0c447b8cbe37dfc5461e2cd28
SHA256: fdf8109b094bc5041738df31776a59c0f27067e7d098f2ea0e0a3fcbd15985b0
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\home[1].txt
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\reach[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
1032
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\L677MXQP\aktionen.consorsbank[1].xml
text
MD5: 6424944e28844741b7b14e174658bc85
SHA256: dbf54e1e1bc9f17a1e7bcc824a6370a822945f9ff9412f211b77944ffabfd711
1032
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 1e5915589bca3160efcf0a0994129b05
SHA256: 969258d41dab5f4e997914b822bfac39111ab53fac28145f02aa38d5e3be0ef7
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: a16549da256e0b1a56461b3c22fded15
SHA256: 76777511137b1707f6a74060dfb05ccfa6e574dfaa8305050c9f9b7e5fd4aea1
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\evr_mqx[1].css
text
MD5: 79914079e2068f5ab5ee8eb083f905e8
SHA256: 0d5264774615121e9f9ccc98332966b8b65781a0d42f9e104437f71e36b3e7ce
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\style[1].css
text
MD5: 006edd925bc20b75df9b31961ac3ebba
SHA256: c163abf0b2f2374396c9bce7e3706adc57abc68224eb6a8ccba51559f88cb5af
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\icons-s82e2730ae3[1].png
image
MD5: 88274caa55b0a4bafca3aa30a98770c1
SHA256: 71d7cd57de53504d9162975809b96584469fe26225a2ee58aae147965a13136a
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\beste_angebote_teaser_292x180[1].jpg
image
MD5: 9e78bd7182806173a62263650e9e19b0
SHA256: d28f28dd80600f5cfa62e00219c78b61f9b02d2cb3316ae39f9e758af8218363
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\fondsuebertrag_small[1].jpg
image
MD5: 9fcd4a53317bff6c0490401ec32c5a18
SHA256: 50c0083d8861bab16ca0d38dfee278b60fb1a241b735ddf013c50fd69724e422
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\youngtrader_small[1].jpg
image
MD5: ebe42ff44e99835abdbd459ed9ee4878
SHA256: a7568188a742378025ee06172811ce71f72c1e61bb06c5d839da4d6313bd2f3f
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\arrows-s1c3bbec473[1].png
image
MD5: 97c4026a58b0251abae5054c044effe4
SHA256: 0daf58dbd98046da4b82e1212fc3acd01ec75de114eba33e5b0dae5d5029dcd2
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\tc_CBWeb_Footer[1].js
text
MD5: 6566f04849bfe172419014e933923f56
SHA256: f9b176015f8374c4fb7bc5992c1137f33ff3f869d798b1ee48bfc0afdf58655e
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\header[1].js
html
MD5: c81ae1018e38df188a48568cbf24660b
SHA256: 21b8cc8ae68e70acdc3033b2bc6ee8afe34a3daa809e4bb0efe3adbd8bc38c54
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: becaba58705cae11ed1f2bb6bd4b0710
SHA256: 45501279aff8783ae1dfa0172022cb76c3ef2e7d53464b0e748f967b5ad4b88c
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\_cookie_functions[1].js
text
MD5: 288ff5083c43fa6b48b242a59e15cbab
SHA256: 64619f775f8b8389f5d4aada1d6426bc53ba219bedd08fa67ea10fcf3c5ece76
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\site[1].js
text
MD5: 379a3addef0d9eda944192f27513e2cb
SHA256: d0a9ffc5ca24f4f24afd0eb4b33b2312f7c2d69059437d898526ab71b539d34c
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\footer-contact-mail-2x[1].png
image
MD5: 500306da94326f42f71ed7376e924a6f
SHA256: 5f0fd8191592f15d2fc867d10e28a9d577a92ed50663e7d9e35d06995dafc105
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\ProximaNovaTW06-Light[1].eot
eot
MD5: 82aa012de4eb0e9db87a416d7f55c085
SHA256: 9d8e12ef1d7544c758d0e49e312fb2097b12770980119b47563c7be216c44b32
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{CABE1DE9-76D0-11E9-B63D-5254004A04AF}.dat
binary
MD5: b28848fed6f48bac169e042ff7ebdc23
SHA256: 4c29602681c2260f68215b98b2b61adb09eab4e2ca46ee05e7fa26792ee93a5f
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\ProximaNovaTW06-Regular[1].eot
eot
MD5: 33fb7f29df35d154fc74778f66fb53c6
SHA256: 60985f566408628ab42f9c4dd6b7f71a5ca39b20a3c044261ccd932c59f06962
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\footer-contact-callback-2x[1].png
image
MD5: 0f8f78ade7e5a237345a475dc4a75fa5
SHA256: e5758514e029d8617552af7c39a3e01083ff599dfde9b3b641caf07b2e24d3b9
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\s_code_DE[1].js
text
MD5: 65d5a20c61e8010f95718f607d8f2865
SHA256: 77682aef5cdc2e816d24e71b72aafea7b303f3f49a999910ba9670c030bb89b9
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\ProximaNovaTW06-Regular[1].eot
eot
MD5: 33fb7f29df35d154fc74778f66fb53c6
SHA256: 60985f566408628ab42f9c4dd6b7f71a5ca39b20a3c044261ccd932c59f06962
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\CompatilFactLTW01-Regular[1].eot
eot
MD5: 3ca73dd46548124778987d8bc8abdf52
SHA256: 6856aa18478d6d593abb0d2fad7ae93e6623cfd3e3457e8b9bb366e15a360a62
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\ProximaNovaTW06-Light[1].eot
eot
MD5: 82aa012de4eb0e9db87a416d7f55c085
SHA256: 9d8e12ef1d7544c758d0e49e312fb2097b12770980119b47563c7be216c44b32
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\ProximaNovaTW06-Semibold[1].eot
eot
MD5: acf655b8a38db2a386d2642408b48a7b
SHA256: aa789642c07d840999a29ed69ced23cc14d7237c5832674ccddeb6bb3282b4b4
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\CompatilFactLTW01-Bold[1].eot
eot
MD5: 0c718f27dd9833dc90818dcd4e2902d0
SHA256: 01d21c53ca82d03e4ac0a2be148c97bc03a1da49b0383acd8d9e17dd35eaf69d
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\tc_CBWeb_Header[1].js
text
MD5: e685618fb175d1cea16cac59644c52a3
SHA256: 212aee90cb7a6ed8b02fb0a060f9b102f411b208b17c9d09b51d4fbb9e3753da
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\evr_mqx_ie8[1].css
text
MD5: d7b7e59ac7da1df566b62318af1d4611
SHA256: a691aca1a3d9515825fb00899386cc9aa12a73fb1d2c1549bec32c6c854dcc20
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\jquery-3.2.1.min[1].js
text
MD5: c9f5aeeca3ad37bf2aa006139b935f0a
SHA256: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\above_the_fold[1].css
text
MD5: 47583cd31a3b5f2dd02309fddd465d8d
SHA256: df9c35c1a581e1d926eb26cd8e562ca99fb8953b9806ae32977c8ab8ce122100
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\at[1].js
text
MD5: a987887f11aafba9a33e9fbe11f291ab
SHA256: 30fdc93396908990b071690b5fdf2f0069d63496584f372e9425a8e57709bf96
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\ev_beste_angebote[1].htm
html
MD5: 28d4a8538855946098944fc996839963
SHA256: 316380250585f642b48431313bfc4bbfeb3f5e46b34550cd1398267fbfd6f355
1032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\ev_beste_angebote[1].txt
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 4d2b7ea340045a870eef3d4e1de24905
SHA256: cb3c029f5941726aa75e73e2c7dc6fa41af77a4c343c9c0199e1cda49412098a
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 41b88fdb5e6841914a1519531c4ae155
SHA256: c3dd1ac91a72cbfd062466396139b73f263b01b711032ad57c0b7762193884cb
1032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar6BF6.tmp
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 7eb117d4f238090940dbe43efbcdf1f4
SHA256: a45a77d256628943190f8aa0f4673496d11dba6bc3569796b6f733465fd005e4
1032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab6BF5.tmp
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar6B38.tmp
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar6B27.tmp
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab6B37.tmp
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab6B26.tmp
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 9c042f4853479d066497339a012fb1e4
SHA256: 0f4698f85f5cd40fd2aceee35ef2eebade728a868457bbebf33911e0318fd34a
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: fd78aefeca638c8b8c7dc74c2b979143
SHA256: d9d6c74501d7b896b0ad5ed2e24be827a823490d8a422091db3935e029763217
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: f4b40c60900081a230747ff6feeb0627
SHA256: 27210988182af48b6fd84a087a7a273290e9bf0f4b0fed1ed3e7231f8c4f09ad
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f8ba827813eb2fe1ed4eb1ce1a1ec591
SHA256: c1f036b9a062edf5c328cf1bf497fdef23c382af322798650f281064c87835b1
1032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\numbgh[1].png
image
MD5: ec70170225cc35d1d96df53fd8ec3c3d
SHA256: 529e300612dac8f038100edef89f026a641e88748449dba72b74d16106c9666e
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\browserfp.min[1].js
binary
MD5: bf90a93a9923ed3444c5a19eab773ee3
SHA256: fd9b7f50e3cb858a45273f11590cb8a2efd1bfa68d6450c5f217ef3781994661
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\Top_Banks_in_America[1].cfm
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\numbg[1].png
image
MD5: 4add8d450c597fe75d749e20023e32ed
SHA256: b2f55a2635a53f49cd0a37e22755d73c572273e0f4c76db1ab2348b30c34e2a7
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\bodybg[1].png
image
MD5: 5082ce2ca4166a85ac3651bc34ec3ec8
SHA256: e5c767653898a8e9acb1e966aca9d01f39a45609557d1a4811ad26cd48234a1f
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\search-icon[1].png
image
MD5: 750928ec52c1b77aa2e72d76895d3a96
SHA256: cf2e997ed10db7eef3394c65ec68720fce20c858bf202a8c83328b7c1586d87d
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\logo[1].png
image
MD5: 9c98595145e8a8f5a7b6d4f88dceea6a
SHA256: b690a0cc0ad3a4899a5e6c52e4a5c7ca6c2f334f946c72b2aafecb316d83b932
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\arrow[1].png
image
MD5: 9b3b30bf536e8e02958b60fe30988cd3
SHA256: 368c4a249c5eeb012917122f5314af8f89e7a7cc583d8bef33950f60cf0214d0
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\min[1].js
text
MD5: 5563332ad6af63c9c94cef15761be544
SHA256: 4efec11a42893d4df0249174cbe5afae24a5734f5ded35c5e84c56bf9f473ec2
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\ubuntu-r[1].eot
eot
MD5: dba7374f1813f5d55190c2851181409f
SHA256: 645a384c895a5e3f9abdfe2c8fe1bdab2cfbae6e69ba711f58dd3f237f2839fe
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\Top_Banks_in_America[1].htm
html
MD5: f23a535a3999433ed52d085aab402f1f
SHA256: d62c33d25000f9fd0aa7d386ebb957b6100b26dcfe8ec70066c7d503d6931abe
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\libgh[1].png
image
MD5: f7b06b634b1d6a88ef2b4308eec1825b
SHA256: b2a2e95373594e8886a28794ea4b448563391ba6871c79e530cd5c76d86bd4fb
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\ubuntu-b[1].eot
eot
MD5: 7993208d5e2a6f3d6f461b69b292a47e
SHA256: f61d164b9e4c3dbdbe6f34b7d9fca55a3b9dae1929aa65e59408673410662fd3
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\bodybg[1].png
image
MD5: 5082ce2ca4166a85ac3651bc34ec3ec8
SHA256: e5c767653898a8e9acb1e966aca9d01f39a45609557d1a4811ad26cd48234a1f
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\kwbg[1].jpg
image
MD5: ac32f78c89e9e21e66009a46e538e8ca
SHA256: f38235e9eeeef5f8b2e931c53a950b8afa0691a4f8bdd32fc79708318cee71fc
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\browserfp.min[1].js
binary
MD5: 06c87300f65fd13bf8a3d53f40f1bf90
SHA256: f91561f1bfdf8787854be2cfde3d490320b193115190c5cd1dc2f9f8d81498b3
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 358a398ca871abe8c5b4ef7f433c7ea9
SHA256: 9ad0b7026f2672b9bd62ec0f1127cbe381523ec4c0ef17f6118dc22c0206308c
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\libg[1].png
image
MD5: b06cc0ee3c9be723861a2fe8f3b594e6
SHA256: 3d876c43f21d31d03eef6d5b51e9cf7d28f6b0f017239300980af88522a173a0
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\logo[1].png
image
MD5: 9c98595145e8a8f5a7b6d4f88dceea6a
SHA256: b690a0cc0ad3a4899a5e6c52e4a5c7ca6c2f334f946c72b2aafecb316d83b932
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\arrow[1].png
image
MD5: 9b3b30bf536e8e02958b60fe30988cd3
SHA256: 368c4a249c5eeb012917122f5314af8f89e7a7cc583d8bef33950f60cf0214d0
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\search-icon[1].png
image
MD5: 750928ec52c1b77aa2e72d76895d3a96
SHA256: cf2e997ed10db7eef3394c65ec68720fce20c858bf202a8c83328b7c1586d87d
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\ubuntu-r[1].eot
eot
MD5: dba7374f1813f5d55190c2851181409f
SHA256: 645a384c895a5e3f9abdfe2c8fe1bdab2cfbae6e69ba711f58dd3f237f2839fe
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\px[1].js
text
MD5: f84f931c0dd37448e03f0dabf4e4ca9f
SHA256: 5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\px[1].js
text
MD5: f84f931c0dd37448e03f0dabf4e4ca9f
SHA256: 5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\min[1].js
text
MD5: 5563332ad6af63c9c94cef15761be544
SHA256: 4efec11a42893d4df0249174cbe5afae24a5734f5ded35c5e84c56bf9f473ec2
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 0a652369e1d44df93169807613363a22
SHA256: e31268573e8bb68a38d10659c9e12ebac69969787422276ccf259a6401686d5e
3552
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ccaf99217ec76cc02f551393541cc9c3
SHA256: fd09f3515434113bdcb364a213c93db1f5824f8e814e3e21544346028e9e98c8
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\iyfsearch_com[1].htm
html
MD5: ab03d2b431ceabeac711c8260733e0b0
SHA256: b86b6c34a5e0523a1bcf12be86c80f277921fed0f5657490ae873ef7be972a51
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\iyfsearch_com[1].txt
––
MD5:  ––
SHA256:  ––
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: 63f604765feb3b50ce989ddd54e1c198
SHA256: 89fbe139ceff30205b6045a0cbec37a22ecad71335f464f9fe11bf4f1d1c57c4
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: 815ccefa4676f61b0edef5f72c8099cb
SHA256: 0a83c8456693bc77cfe9f880fcb4193bfcc02174dd7e3f4a0493e6ef61b66a26
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\js3[1].js
text
MD5: db3cacfb57ba35d3fcfdbbcf7d46bd42
SHA256: a606134e35db97024d04789609660c94f87f660dc259d91db5180e32787d4dad
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: ab34250531dd7d2bcd705e4285ec4bcd
SHA256: 9d633d85b0207349b85798e7a07721b27a925244df1d727c97d69a39ed531ab1
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\bankfab-ae_com[1].htm
html
MD5: f2d03694ee6c4d450fe78b69a53d0039
SHA256: 60783070c15d96394851f04af118e18f29ef4b1c033592e1d7d97bc9c2cb4e06
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\bankfab-ae_com[1].txt
––
MD5:  ––
SHA256:  ––
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0fbafa35d676c7b2571cb449adc9f9e4
SHA256: 0bc0b0a6f24ac14a1c5a9eb90f803ce301fe0a54483c49d564d4d1d59a656827
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C95XNXEP\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2920
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3552
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
48
TCP/UDP connections
103
DNS requests
22
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3552 iexplore.exe GET 200 54.72.9.51:80 http://www.bankfab-ae.com/ IE
html
malicious
3552 iexplore.exe GET 200 185.53.179.29:80 http://parkingcrew.net/assets/scripts/js3.js DE
text
malicious
3552 iexplore.exe GET 200 54.72.9.51:80 http://www.bankfab-ae.com/track.php?domain=bankfab-ae.com&toggle=browserjs&uid=MTU1Nzg5NzQzNC4yMDg1OmEyZmFjNjNjM2YzZGNhYWY1MDhmMTAxYmI4ZTQ1YWI5ZjlhZTZmNThlY2RiNGE2MGM5ZTRjYzhhMmJhZjkwZjE6NWNkYmEwZGEzMmVkMA%3D%3D IE
binary
malicious
2920 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2920 iexplore.exe GET 200 54.72.9.51:80 http://www.bankfab-ae.com/favicon.ico IE
––
––
malicious
3552 iexplore.exe GET 200 208.91.196.46:80 http://iyfsearch.com/?dn=bankfab-ae.com&pid=9PO755G95 VG
html
malicious
3552 iexplore.exe GET 200 208.91.196.46:80 http://iyfsearch.com/px.js?ch=1 VG
text
malicious
3552 iexplore.exe GET 200 208.91.196.46:80 http://iyfsearch.com/px.js?ch=2 VG
text
malicious
3552 iexplore.exe GET 200 2.16.186.106:80 http://i1.cdn-image.com/__media__/js/min.js?v2.2 unknown
text
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i1.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot? unknown
eot
whitelisted
3552 iexplore.exe GET 200 208.91.196.46:80 http://iyfsearch.com/sk-logabpstatus.php?a=VmF3SWthOWwyTzRoT1YvZEFuUjFiNjQ2d1p5ck1sNGZMN2sxTEtsZkwzV1NsemRURTMxZE1QNFprbmpCaUUrbnlSVVBIbUprSGlnaFljTE5DMklNM1VIM0ZvNjh2cTg1UmhGTVJXZGV6VkU9&b=false VG
text
malicious
3552 iexplore.exe GET 200 2.16.186.106:80 http://i1.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot? unknown
eot
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i4.cdn-image.com/__media__/pics/12471/search-icon.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i1.cdn-image.com/__media__/pics/12471/bodybg.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i3.cdn-image.com/__media__/pics/12471/arrow.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i3.cdn-image.com/__media__/pics/12471/logo.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.106.176:80 http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=10 unknown
binary
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i4.cdn-image.com/__media__/pics/12471/libg.png unknown
image
whitelisted
2920 iexplore.exe GET 404 208.91.196.46:80 http://iyfsearch.com/favicon.ico VG
text
malicious
3552 iexplore.exe GET 200 2.16.186.106:80 http://i3.cdn-image.com/__media__/pics/12471/libgh.png unknown
image
whitelisted
3552 iexplore.exe GET 200 208.91.196.46:80 http://iyfsearch.com/Top_Banks_in_America.cfm?domain=bankfab-ae.com&fp=zxNzNNA%2BDUum%2B1HS2ULNlPY0PwMGug6Sv43up0V8rL6VOvgYEIrdP4%2BIKMElUi%2F0sjmA03pETdMIS8fAJAJpPRr%2B10P53i%2Fs1vNNPkEri9ithC6BteoNDiTLRxcjk%2BXpL8akaBRtsekveeayPq978HEOrM5JKhDq2XDM9dolUoiBsMIa%2BS%2Fy2XbPTcW%2F8pxLrI%2FuvhHwdLVbU658ZJNNoQ%3D%3D&yep=oF3FDOHUHeCAsc3NQIE97tJ7b4sjdYljeo3ZpyCgJlmWu6v8l%2BoUA%2Bl4cnF%2F69zMCPDuKFTg6cWtBZ5O8PdBtyvtBlLH1MioUyW6TE3dudZCOfqitOhlZh10ouhr%2BEspTXpSrHM4EXZkxyISrnKqoquRH1xKVrnUPvl%2BhEf37qUc09bdBQgudqrpKTebp11D2GrTZDC1%2FN7%2Ft9xFaSXSCQOV%2F81tDW%2Bd%2FAeujJnqXxoSCrzNbr%2BIm1DfTI51s%2F8j2YMKzdBSQEc%2FQWfvD%2FLGXQQY5wjMFwntcfLlSdtWr9f%2FA%2FmYvNJtacqvSaQoBgt2Xc2chkQazu5lKLp1chNfeCrpE00NjWrrw%2BUROzo%2F2bUwBK8CqeXC6wQM7d0PCUP1fFQd97%2Bu14mebCJTglDvMUnncpoB%2B56Ihqpvt9uEFKmHWgAzaqxNMGrHLz0glFAdlG9bK4hvttsptJgqAAj1QrVVCrJw1gs4OVGokJPNAT%2Fes8byyYbfpM77s1jwHn0aeGlFO7vVCZFXPMe2IRy1%2BJdmWh5GX8NIrA%2BYMDREmXQrRw2saDhjyBa4h0iFVsdjpI%2FjYhsTqzi4V57msnAZoAkrGEwNYFWO3xSDETH42MuF%2BFheS%2FpwYDi5fA4epLC4&gtnp=0&gtpp=0&maxads=0&kld=1063&yprpnd=sIoiwboPTYU9D3jxZ3uflCsPCFjqaL0Z9u7%2F4v1qGCY%3D&prvtof=32%2F7S82ehcG7r6TaLvEMX4CAK1LhPHIgBQUn6xWXnXM%3D&&gtnp=0&gtpp=0&kt=320&&kbc=9079&ki=172072823&ktd=2199023452160&kld=1063&kp=1&bd=1%23720%231280%231%230%230%230 VG
html
malicious
3552 iexplore.exe GET 200 2.16.186.106:80 http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot? unknown
eot
whitelisted
3552 iexplore.exe GET 200 2.16.186.64:80 http://i2.cdn-image.com/__media__/js/min.js?v2.2 unknown
text
whitelisted
3552 iexplore.exe GET 200 2.16.186.64:80 http://i2.cdn-image.com/__media__/pics/12471/bodybg.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i1.cdn-image.com/__media__/pics/12471/logo.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.106:80 http://i4.cdn-image.com/__media__/pics/12471/arrow.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.64:80 http://i2.cdn-image.com/__media__/pics/12471/search-icon.png unknown
image
whitelisted
3552 iexplore.exe GET 200 2.16.186.64:80 http://i2.cdn-image.com/__media__/pics/12471/numbg.png unknown
image
whitelisted
3552 iexplore.exe GET 200 208.91.196.46:80 http://iyfsearch.com/sk-logabpstatus.php?a=c3VjbW40UHBTQTR2RXNMNHJyMXhkaElIVUFrZ1B4NGkyc3FPcExQdGhjVW1La2M1L1RLQXZqWC9jUXRSaHcxeno4TzhibXFYL1ExNWJUQkQ1eHZLTlVGZmRhb0xpMFFaejBtbmpOZFlnRms9&b=false VG
text
malicious
3552 iexplore.exe GET 200 2.16.106.176:80 http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11 unknown
binary
whitelisted
2920 iexplore.exe GET 404 208.91.196.46:80 http://iyfsearch.com/favicon.ico VG
text
malicious
3552 iexplore.exe GET 200 2.16.186.106:80 http://i4.cdn-image.com/__media__/pics/12471/numbgh.png unknown
image
whitelisted
2920 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1032 iexplore.exe GET 302 208.91.196.46:80 http://iyfsearch.com/trf?q=Top+Banks+in+America&&r=https%3A%2F%2Fr.search.yahoo.com%2Fcbclk%2FdWU9MjI2OTg5RDAwRDQyNDRERSZ1dD0xNTU3ODk3NDQ2NTgxJnVvPTcyODQyNzA3OTc3MzAyJmx0PTImcz0yJmVzPVRpOTFFMzBHUFNfUG55Z25NcS4uU3luU2xFN3c5T0psUXpGb3NNSklWU21faWN6UUh1Tm4-%2FRV%3D2%2FRE%3D1557926246%2FRO%3D10%2FRU%3Dhttps%253a%252f%252fwww.bing.com%252faclick%253fld%253de3IzAl5weEqfdFmCdfPMDUVTVUCUy9he4Z7wXf8wxzTe3az9UczLN0rVl7USIXcMsat8tRdFYuIWzxnd7rLU-TTLalLPdM6pbtEthn_tV_38TpoC7pTEHMwzZNwJsQ85V2oU521W1rDW_Ado81auYtVthPARA%2526u%253daHR0cCUzYSUyZiUyZnNzbC5odXJyYS5jb20lMmZUcmFja0l0JTNmdGlkJTNkNTM2MDQzQzUzNlBQQyUyNmRldiUzZGMlMjZ1cmwlM2QlNWIlNWJodHRwcyUyNTNBJTI1MkYlMjUyRmFrdGlvbmVuLmNvbnNvcnNiYW5rLmRlJTI1MkZldiUyNTJGZXZfYmVzdGVfYW5nZWJvdGUlMjUyRiUyNTNGcGFydG5lcklkJTI1M0RTRTElMjUyNmFpZCUyNTNEc2UwMDAwODUlMjUyNmNpZCUyNTNEU0VBLTI2JTVkJTVkJTI2c2VtcHJvX2t3JTNkODc3OTA5ODMwNCUyY21jJTNkJTJjJTI2c2VtcHJvX2FkJTNkMjIxOTI4NzkzMDQlMmNtYyUzZCUyYyUyYzI1NTMwNCUyY2MlMmMlMmNTRUFSQ0glMmNCYW5rJTJjJTI2c2VtcHJvX3N0JTNkJTI2c2VtcHJvX2dlbiUzZCU1YiU1YkNhbXBhaWduSWQlM2ExOTAwNDQxNDAhIUFkR3JvdXBJZCUzYTk3OTg4NTMzOCEhVGFyZ2V0SWQlM2Frd2QtMTAyNzA1NTgwMjclM2Fsb2MtMTc1ISFBZElkJTNhNzI4NDI3MDc5NzczMDIlNWQlNWQ%2526rlid%253dc08f0fbbcc591c8e5a4a53606cbfa937%2FRK%3D2%2FRS%3DA6jrkR1qzR3jcodGmW.79RRvL5I-&o=lyY5GsiFR94oqCrfOHw73KFpROEnf4X8sdCWoc6vyOOSVVBlW%2FhCQTDMWEj9msCazfSmMFxpvwcMZc%2FfZGDi9UcNczckuqaGNIT7GTDmdREdqYO0U7BhiYuDxPlaKzzK2atL9wtQkPTmneSJujMjZofvo2cU%2Fwo%2F9McqHc7%2BiWY1JaToZSyXbNrnWj7c%2FXdrJ3md5PEevPvAXzRfODsoLEPkcEUeJUaHo7tRNMDVAP%2FmhEQ%2FTu8QL6Wv2QSe%2BWwbYG3Fv0jlZUetsNbHgDqlHI94M%2FEmrLo0gkC7Ne6vp8JX4MlFnzRebIxakJ1FbQSsNQYW3vdcpekHbQx13Gnw0%2FDKRYppavB%2FA3ZJv9AfpIYizxUHTKnYnc39BnpTKfKJbaLgM5XCgdguZw9r%2FnJT2mYx%2FoGwYBf37FBTKHcwgbA7rtHAHFw6PFtpMWWeaaO2&c=211730544304642477372787&n=BoVKtLyyjYOXxPxQ5dOmuhQxID%2F%2ByiZkVv7R1cPLBghyRumOjsBwKQUcBCDMkZfn0HhnZnZnLEh%2BohZydFujpHQ%2FhYAJUtmIQp%2Fj9CRZT4d57pZ9%2Bl%2FUO3O5GZDhdZ0y1uiVGsuT4IAtLH4w3zGiO1soqdZZXWOhtPW0LX8VCpNeZQ66Ep4qYemAYJNFFkqNoFuwWKbi09%2B8JPBTiyCPJT4PJvVbALCjzCBZMoEeOuzkWLCji%2BbSMkaDcg1O1FsAWs43tTVL%2FCKpEz0tMf6KNQXH1fHVLhi%2Bmg4G VG
––
––
malicious
1032 iexplore.exe GET 302 62.144.160.15:80 http://ssl.hurra.com/TrackIt?tid=536043C536PPC&dev=c&url=[[https%3A%2F%2Faktionen.consorsbank.de%2Fev%2Fev_beste_angebote%2F%3FpartnerId%3DSE1%26aid%3Dse000085%26cid%3DSEA-26]]&sempro_kw=8779098304,mc=,&sempro_ad=22192879304,mc=,,255304,c,,SEARCH,Bank,&sempro_st=&sempro_gen=[[CampaignId:190044140!!AdGroupId:979885338!!TargetId:kwd-10270558027:loc-175!!AdId:72842707977302]] DE
––
––
unknown
1032 iexplore.exe GET 302 62.144.160.15:80 http://ssl.hurra.com/TrackIt?bd3p=1&tid=536043C536PPC&dev=c&url=[[https%3A%2F%2Faktionen.consorsbank.de%2Fev%2Fev_beste_angebote%2F%3FpartnerId%3DSE1%26aid%3Dse000085%26cid%3DSEA-26]]&sempro_kw=8779098304,mc=,&sempro_ad=22192879304,mc=,,255304,c,,SEARCH,Bank,&sempro_st=&sempro_gen=[[CampaignId:190044140!!AdGroupId:979885338!!TargetId:kwd-10270558027:loc-175!!AdId:72842707977302]] DE
––
––
unknown
1032 iexplore.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
1032 iexplore.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt US
der
whitelisted
2920 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1276 iexplore.exe GET 302 208.91.196.46:80 http://iyfsearch.com/trf?q=Top+Banks+in+America&&r=https%3A%2F%2Fr.search.yahoo.com%2Fcbclk%2FdWU9MjI2OTg5RDAwRDQyNDRERSZ1dD0xNTU3ODk3NDQ2NTgxJnVvPTc5NTc3MjQ4MDc0MjEyJmx0PTImcz0yJmVzPXpUdE84elFHUFM4emJEM00wSDk0ajZSdEczTlN3eUU5NWY4VEFFNXBBdFdaSW1VMzI4dTk-%2FRV%3D2%2FRE%3D1557926246%2FRO%3D10%2FRU%3Dhttps%253a%252f%252fwww.bing.com%252faclick%253fld%253de3WbdsBehF9IK62URza377vTVUCUxfHAZQaeE1vsJpTsF7P16BgbsDG9mpiCfYHLyrfDmRil9lHj6Jc1mNw6y3KLYzoCW6ZVQYi0FUu19yT2CsH6GNTEMSexeUy20UuD7fRFjCRjjXSLnIcu8IXBwy6RAqXrI%2526u%253daHR0cHMlM2ElMmYlMmZ3d3cuaW5mby5jb20lMmZzZXJwJTNmcSUzZGJlc3RlJTI1MjBiYW5rJTI1MjBpbiUyNTIwZGV1dHNjaGxhbmQlMjZzZWdtZW50JTNkaW5mby4wNDU0JTI2czFhaWQlM2QxNDQwMDgwOTQlMjZzMWNpZCUzZDM1NzQ3MTc3MiUyNnMxYWdpZCUzZDEyNzMyMzQ4NDkyODgzMDAlMjZzMWtpZCUzZGt3ZC03OTU3NzQzOTk4MDc5NCUzYWxvYy0xNzUlMjZ1dG1fc291cmNlJTNkYWRjZW50ZXIlMjZtc2Nsa2lkJTNkZTBhOTg5Y2M0ZmI4MWY2NjZkMWRkNTE3ZWY1ZWQ4NDk%2526rlid%253de0a989cc4fb81f666d1dd517ef5ed849%2FRK%3D2%2FRS%3DAJbv6Vz5FH2rRORVob9hJhsZt0A-&o=FC0FohXjWNHjQZCHtufRvUkgRjSMOD4eNnSpsC%2BBPkx2%2BdshhPrh653UtpPOkxjOSDXeZoP7j1DnCxdxQJ9enP2TcTxi1OSPcIXnqnc99ZYQjpm1STxnaVe7WVe2logcPzGR7SFjU11rzWCz9ij%2Fc%2BrfTS42ksJ6yefiN5N7wVEDjkWVZQ9HbU12veFvTE2J%2B%2ByCX8Qm6u3hRgd1lZUJEriWuelXzDya1PYabALOUsuED8g835sJrq8x%2BywxbUtP7GCXADoBhzlL93H4yT4RMVXSPu1Ad5s9%2BkQerPwdHCRNEr7yF4kA01pDn3TkjEudLFAuRiTKNCGUTicX68maCCl6jWAtqBAI5EV%2F5zMNsfk113T81k5usnSeYnsipGops9QH8B6Myj97%2Fma56hb05FYdUA3vZnTGPHWtY8LktQs3Qof6TvnbUxGezDQuaCpD&c=211730544304642477371212&n=0elcnbNHcK2kWslLh%2BQJ9k%2FbkY0DiHMkhmusgki3ufja7XadeIckad1pFe%2BuP6eHjWc3QmPB83vveeTpKKTRQsmKGMVaoJLT1o2dOf2jv9p0%2B75BFUuOx8Gx0SAzv%2Fk7r9h%2Bny3XfSpSiZW%2FEBXX2GA0Xc5MkgQwqAH434MnSkskqFDX78aEn9krLFOSvzGQk40ZkvUBochx72%2FWg2vNnyO%2FThAhLaMqdbYj65QT4gU1i2Mx3TzLYjUOGf621WF9%2FRgkL45CDuFbKpB%2BvzhLYY2WPrv9hslVrzLgUGBF%2BAGB5vx8jBqNP2N1KRHN%2BXo49ecEnoXYPqFDFIlBq6HAdv3SuyL72j9Sx%2F4ihJJYO%2FSx74v7JatbdZIRgoz%2BJ4f%2BhL50mHJDB6FlLYpCMfQCNgCI3%2FJMGFV7svhiJ3v5zc1t7l05PzxCKllmMnlfpIO8RfMILoDvsMQreiEnZghEnCmQRkbOOyDSO1lu2FFW78S4wtjAilQIREIH%2FYACEk1wRQE4QNmE%2Fyl6uD%2FFksikib2mnhdP5OyuUyynD4IB2GeXEhrl VG
––
––
malicious
1276 iexplore.exe GET 200 143.204.98.54:80 http://x.ss2.us/x.cer US
der
whitelisted
2920 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3552 iexplore.exe GET 302 208.91.196.46:80 http://iyfsearch.com/trf?q=Top+Banks+in+America&&r=https%3A%2F%2Fr.search.yahoo.com%2Fcbclk%2FdWU9MjI2OTg5RDAwRDQyNDRERSZ1dD0xNTU3ODk3NDQ2NTgxJnVvPTcyODQyNzA3OTc3MzAyJmx0PTImcz0yJmVzPVRpOTFFMzBHUFNfUG55Z25NcS4uU3luU2xFN3c5T0psUXpGb3NNSklWU21faWN6UUh1Tm4-%2FRV%3D2%2FRE%3D1557926246%2FRO%3D10%2FRU%3Dhttps%253a%252f%252fwww.bing.com%252faclick%253fld%253de3IzAl5weEqfdFmCdfPMDUVTVUCUy9he4Z7wXf8wxzTe3az9UczLN0rVl7USIXcMsat8tRdFYuIWzxnd7rLU-TTLalLPdM6pbtEthn_tV_38TpoC7pTEHMwzZNwJsQ85V2oU521W1rDW_Ado81auYtVthPARA%2526u%253daHR0cCUzYSUyZiUyZnNzbC5odXJyYS5jb20lMmZUcmFja0l0JTNmdGlkJTNkNTM2MDQzQzUzNlBQQyUyNmRldiUzZGMlMjZ1cmwlM2QlNWIlNWJodHRwcyUyNTNBJTI1MkYlMjUyRmFrdGlvbmVuLmNvbnNvcnNiYW5rLmRlJTI1MkZldiUyNTJGZXZfYmVzdGVfYW5nZWJvdGUlMjUyRiUyNTNGcGFydG5lcklkJTI1M0RTRTElMjUyNmFpZCUyNTNEc2UwMDAwODUlMjUyNmNpZCUyNTNEU0VBLTI2JTVkJTVkJTI2c2VtcHJvX2t3JTNkODc3OTA5ODMwNCUyY21jJTNkJTJjJTI2c2VtcHJvX2FkJTNkMjIxOTI4NzkzMDQlMmNtYyUzZCUyYyUyYzI1NTMwNCUyY2MlMmMlMmNTRUFSQ0glMmNCYW5rJTJjJTI2c2VtcHJvX3N0JTNkJTI2c2VtcHJvX2dlbiUzZCU1YiU1YkNhbXBhaWduSWQlM2ExOTAwNDQxNDAhIUFkR3JvdXBJZCUzYTk3OTg4NTMzOCEhVGFyZ2V0SWQlM2Frd2QtMTAyNzA1NTgwMjclM2Fsb2MtMTc1ISFBZElkJTNhNzI4NDI3MDc5NzczMDIlNWQlNWQ%2526rlid%253dc08f0fbbcc591c8e5a4a53606cbfa937%2FRK%3D2%2FRS%3DA6jrkR1qzR3jcodGmW.79RRvL5I-&o=lyY5GsiFR94oqCrfOHw73KFpROEnf4X8sdCWoc6vyOOSVVBlW%2FhCQTDMWEj9msCazfSmMFxpvwcMZc%2FfZGDi9UcNczckuqaGNIT7GTDmdREdqYO0U7BhiYuDxPlaKzzK2atL9wtQkPTmneSJujMjZofvo2cU%2Fwo%2F9McqHc7%2BiWY1JaToZSyXbNrnWj7c%2FXdrJ3md5PEevPvAXzRfODsoLEPkcEUeJUaHo7tRNMDVAP%2FmhEQ%2FTu8QL6Wv2QSe%2BWwbYG3Fv0jlZUetsNbHgDqlHI94M%2FEmrLo0gkC7Ne6vp8JX4MlFnzRebIxakJ1FbQSsNQYW3vdcpekHbQx13Gnw0%2FDKRYppavB%2FA3ZJv9AfpIYizxUHTKnYnc39BnpTKfKJbaLgM5XCgdguZw9r%2FnJT2mYx%2FoGwYBf37FBTKHcwgbA7rtHAHFw6PFtpMWWeaaO2&c=211730544304642477372787&n=BoVKtLyyjYOXxPxQ5dOmuhQxID%2F%2ByiZkVv7R1cPLBghyRumOjsBwKQUcBCDMkZfn0HhnZnZnLEh%2BohZydFujpHQ%2FhYAJUtmIQp%2Fj9CRZT4d57pZ9%2Bl%2FUO3O5GZDhdZ0y1uiVGsuT4IAtLH4w3zGiO1soqdZZXWOhtPW0LX8VCpNeZQ66Ep4qYemAYJNFFkqNoFuwWKbi09%2B8JPBTiyCPJT4PJvVbALCjzCBZMoEeOuzkWLCji%2BbSMkaDcg1O1FsAWs43tTVL%2FCKpEz0tMf6KNQXH1fHVLhi%2Bmg4G VG
compressed
malicious
3552 iexplore.exe GET 302 62.144.160.15:80 http://ssl.hurra.com/TrackIt?tid=536043C536PPC&dev=c&url=[[https%3A%2F%2Faktionen.consorsbank.de%2Fev%2Fev_beste_angebote%2F%3FpartnerId%3DSE1%26aid%3Dse000085%26cid%3DSEA-26]]&sempro_kw=8779098304,mc=,&sempro_ad=22192879304,mc=,,255304,c,,SEARCH,Bank,&sempro_st=&sempro_gen=[[CampaignId:190044140!!AdGroupId:979885338!!TargetId:kwd-10270558027:loc-175!!AdId:72842707977302]] DE
––
––
unknown
2920 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2916 iexplore.exe GET 302 208.91.196.46:80 http://iyfsearch.com/trf?q=Top+Banks+in+America&&r=https%3A%2F%2Fr.search.yahoo.com%2Fcbclk%2FdWU9MjI2OTg5RDAwRDQyNDRERSZ1dD0xNTU3ODk3NDQ2NTgxJnVvPTg0MjUwMTY3ODY4OTAzJmx0PTImcz0yJmVzPWtoeHRPQmNHUFMuelpoa1NXb2drT1d6Nl94SXBwYVBTNHV1RXg5cjFzWHQ3SzB4S1VHZy0-%2FRV%3D2%2FRE%3D1557926246%2FRO%3D10%2FRU%3Dhttps%253a%252f%252fwww.bing.com%252faclick%253fld%253de3UNIP2MQlnKzfAFe0_jxezzVUCUws2FwGEqXYogsgUaT9TRpM9neGdVmPhHuPb_e_AJBnzBYzDCKzwDkxUBVzmBPJMLi0MmtFxA_niE8knwg8kvUHTR-Xi4JJYMa8LUBuULSaUK_h0vUzJf3tdnyWIopkHpI%2526u%253daHR0cCUzYSUyZiUyZnd3dy5hc2suY29tJTJmc2xwJTNmJTI2cSUzZHRvcCUyYmJhbmtzJTJiaW4lMmJhbWVyaWNhJTI2c2lkJTNkMzc5ODNiNmQtMWM0MS00ZWNmLWEzNTYtNDM2YzU2YmE4YjczLTAtdXNfbXNlJTI2a3dpZCUzZHRvcCUyNTIwYmFua3MlMjUyMGluJTI1MjBhbWVyaWNhJTI2Y2lkJTNkODQyNTAxNjc4Njg5MDM%2526rlid%253da716627d32da15a6043a3ea6923cf175%2FRK%3D2%2FRS%3DDa0rn5lrF2.RHDYhgqrSj1Zrib0-&o=jl1rOEi3MsFtfQW67oEiKhwjCqZr1D6VaUjd0l2%2BD0wRLhABer%2BObE8LZLcuT5FUZiZ92l3rVK7TmhZnHsvD6kk1i5MgtRASgiVEikTbcDM3ezt7XpjDzrjiBBANAkig6oFAX5uVXgwIx%2B8QwRvTWCV740cFUq0UhSXyc2J0LFaiuCUuwo7HsDMcau5p6eJt18ONPchnEoFNPviXntl7nE6KwIUBUtlYot%2BKBnkv3Hn9q5sceFfVlprxqSxoevS2FB4ojiA7kokLSl3bI9QKPHT4mjRj4HrnDzXXLb1ffkPdrIkm%2BT7A1eHF%2FD8BSY8A050D7YqCg3tuiW0GmgPk6CFz45iNVp54FNEyQPe%2BYBYj0jgIdxxaT2LTweRpBRR5yAKkmNSvMPUjYT%2F2%2BG8QPscvLriYlRl17gRAhtf%2FxQ4%3D&c=211730544304642477373433&n=%2BRPcqqRNTTgVBH%2FhQRJkPG8Dp25b48XHk42flzdnSA8yAfyifSEQMQ%2FGDBZ64%2FfnLdiGp1s5gShwa73Ra%2FDseE0VuqF9pGFCcqAbwzbRh8gvcYzlE04En8KP%2FK5%2F171yp9kZ%2FhGNLkhNaHg4NYHNoqlFWsSiBzpAOWAbV8Gq8IeQ8TXpfg7dfROX98udtVdyEzOlgSH%2Bauf13AiS1YoRM%2FH4ycq9VnpC2vYBIKgr565hG2Vx9MPkCwffJi0tvQuUxel2w%2B%2BbqSVoPq5n%2F7vvtN3moZ8E662FPriJTBLacIUEBCr7f1aypu0cTTKHZPgPQ1OrtBDqeugy1B11yFob1r0gMEgBFzAGs1rtJKWJx7XqR7uZCpexGEYc11PWsQcLKWYqzzxjvv7wq0qSd3TptPF%2BX00jQG0LBk4vVizLq3QGOSCSmC7RCydrm55XTcUEwOUqtXiOwhtXq60AfRpoolN15sTs%2B8IoWPWF4lZOwgSZjAzWnfS7kiKHf%2F5lA0RZumWEsO0iCNcHg26xDMC%2B0w0Ec9yrwSXiEEcoffb5y6cBVM0DSREEjxv8H7YUZDLb1eXjiofK5fVihhH1wLMWExhe%2BVaEY%2BS2yQscdeZdUTGWnm3Ld3bS9RzWKRkn6Mim&kgp=0&bd=1%23720%231280%231%230 VG
––
––
malicious
2916 iexplore.exe GET 301 151.101.2.114:80 http://www.ask.com/slp?&q=top+banks+in+america&sid=37983b6d-1c41-4ecf-a356-436c56ba8b73-0-us_mse&kwid=top%20banks%20in%20america&cid=84250167868903 US
––
––
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3552 iexplore.exe 54.72.9.51:80 Amazon.com, Inc. IE malicious
3552 iexplore.exe 185.53.179.29:80 Team Internet AG DE malicious
2920 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2920 iexplore.exe 54.72.9.51:80 Amazon.com, Inc. IE malicious
3552 iexplore.exe 208.91.196.46:80 Confluence Networks Inc VG suspicious
3552 iexplore.exe 2.16.186.106:80 Akamai International B.V. –– whitelisted
–– –– 2.16.186.106:80 Akamai International B.V. –– whitelisted
3552 iexplore.exe 2.16.106.176:80 Akamai International B.V. –– unknown
2920 iexplore.exe 208.91.196.46:80 Confluence Networks Inc VG suspicious
–– –– 2.16.186.64:80 Akamai International B.V. –– whitelisted
1032 iexplore.exe 208.91.196.46:80 Confluence Networks Inc VG suspicious
1032 iexplore.exe 212.82.100.137:443 Yahoo! UK Services Limited CH shared
1032 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
1032 iexplore.exe 62.144.160.15:80 ecotel communication ag DE unknown
1032 iexplore.exe 195.81.83.32:443 Interoute Communications Limited GB unknown
1032 iexplore.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
–– –– 195.81.83.32:443 Interoute Communications Limited GB unknown
1032 iexplore.exe 194.150.80.87:443 Cortal Consors S.A. DE unknown
1032 iexplore.exe 185.34.188.179:443 Adobe Systems Inc. NL unknown
1032 iexplore.exe 95.131.143.205:443 OXALIDE FR unknown
–– –– 185.34.188.179:443 Adobe Systems Inc. NL unknown
2920 iexplore.exe 195.81.83.32:443 Interoute Communications Limited GB unknown
1276 iexplore.exe 208.91.196.46:80 Confluence Networks Inc VG suspicious
1276 iexplore.exe 212.82.100.137:443 Yahoo! UK Services Limited CH shared
1276 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
1276 iexplore.exe 63.33.80.171:443 MCI Communications Services, Inc. d/b/a Verizon Business US unknown
1276 iexplore.exe 172.217.16.196:443 Google Inc. US whitelisted
1276 iexplore.exe 52.209.97.203:443 Amazon.com, Inc. IE unknown
1276 iexplore.exe 143.204.98.54:80 US unknown
2920 iexplore.exe 63.33.80.171:443 MCI Communications Services, Inc. d/b/a Verizon Business US unknown
3552 iexplore.exe 212.82.100.137:443 Yahoo! UK Services Limited CH shared
3552 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3552 iexplore.exe 62.144.160.15:80 ecotel communication ag DE unknown
3552 iexplore.exe 195.81.83.32:443 Interoute Communications Limited GB unknown
3552 iexplore.exe 194.150.80.87:443 Cortal Consors S.A. DE unknown
3552 iexplore.exe 185.34.188.179:443 Adobe Systems Inc. NL unknown
2916 iexplore.exe 208.91.196.46:80 Confluence Networks Inc VG suspicious
2916 iexplore.exe 212.82.100.137:443 Yahoo! UK Services Limited CH shared
2916 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2916 iexplore.exe 151.101.2.114:80 Fastly US unknown
2916 iexplore.exe 151.101.2.114:443 Fastly US unknown

DNS requests

Domain IP Reputation
www.bankfab-ae.com 54.72.9.51
unknown
parkingcrew.net 185.53.179.29
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
iyfsearch.com 208.91.196.46
malicious
i1.cdn-image.com 2.16.186.106
2.16.186.64
whitelisted
i4.cdn-image.com 2.16.186.106
2.16.186.64
whitelisted
pxlgnpgecom-a.akamaihd.net 2.16.106.176
2.16.106.219
whitelisted
i3.cdn-image.com 2.16.186.106
2.16.186.64
whitelisted
i2.cdn-image.com 2.16.186.64
2.16.186.106
whitelisted
r.search.yahoo.com 212.82.100.137
whitelisted
ssl.hurra.com 62.144.160.15
unknown
aktionen.consorsbank.de 195.81.83.32
unknown
www.download.windowsupdate.com 93.184.221.240
whitelisted
www.consorsbank.de 194.150.80.87
unknown
om-ssl.consorsbank.de 185.34.188.179
unknown
engage.commander1.com 95.131.143.205
unknown
www.info.com 63.33.80.171
52.17.173.115
34.241.67.236
unknown
www.google.com 172.217.16.196
whitelisted
soflopxl.com 52.209.97.203
34.241.188.141
52.210.170.99
unknown
x.ss2.us 143.204.98.54
143.204.98.221
143.204.98.76
143.204.98.159
whitelisted
www.ask.com 151.101.2.114
151.101.66.114
151.101.130.114
151.101.194.114
whitelisted

Threats

PID Process Class Message
3552 iexplore.exe Misc activity ADWARE [PTsecurity] InstantAccess

Debug output strings

No debug info.