General Info

URL

http://www.alamosystems.com

Full analysis
https://app.any.run/tasks/4be2316d-1d8c-4712-bf3d-9d0e895ae364
Verdict
Malicious activity
Analysis date
7/11/2019, 17:12:25
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2980)
Creates files in the user directory
  • iexplore.exe (PID: 3320)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2980)
Changes internet zones settings
  • iexplore.exe (PID: 2904)
Reads internet explorer settings
  • iexplore.exe (PID: 3320)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3320)
Application launched itself
  • iexplore.exe (PID: 2904)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2904
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3320
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2904 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll

PID
2980
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
439
Read events
368
Write events
69
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2904
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{59CEA1B1-A3EE-11E9-A9B1-5254004A04AF}
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004000B000F000C0035008B00
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004000B000F000C0035008B00
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B000F000C0035007501
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
29
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B000F000C003500B401
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
654
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B000F000C0036004C00
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
96
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307070004000B000F000D0012007F02
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307070004000B000F000D0013003102
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheRepair
0
2904
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
BAA14D2EFB37D501
3320
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
63
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\alamosystems.com
63
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
126
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ssd996.com
63
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3320
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
61
Unknown types
8

Dropped files

PID
Process
Filename
Type
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: a8a1899bf856ba5d09063b63dbb922a7
SHA256: 309a90b486b1f80f403b5e30c9f3361a7fb1cd9a9c085db8f940b49a8b75cec6
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1a8a2616850d7ca6c08c6f191c33a4c3
SHA256: da0ee342516922b69358403e91604226b68a508af7b446690ec081ef865f8a5f
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\part3_03[1].png
image
MD5: a88083428deb9984f56e7ef3c64ce8f7
SHA256: 10676f29db7926eaf9589fbd4557d42bd1cd461170ec1c1767b8bc0dbd3d6088
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\part1_03[1].png
image
MD5: a895e89bd427df18dd4a0c1e208d97b1
SHA256: 2eae1caeb4c5ba601b33f4a00cd8b860e39b5fd9ba22dc19b71c6e84be331b87
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\part2_02[1].png
image
MD5: aabd5667ad69f6ab0154c5ca52f1e895
SHA256: 710413cef08a5cebccbc9440ca7e559885267a528cd3458981cd87a47acc08ce
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\part4_03[1].png
image
MD5: 9d65f2ca7fa4fcb091de8208f8d78115
SHA256: 0fd32d41ae8cf0c3e46f0fc699414ab9d41955643a88b404bb4643888d7a3cf1
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\jquery.multiscroll.min[1].js
text
MD5: 3b34c6e8064aca106ec63d556debddd2
SHA256: 8d8609bdabbf4ce59551cd16ffed66ce52447f95d80d649b970430d529bb7010
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\jquery.easing.min[1].js
text
MD5: e3fae03af9cf30f4ab070a85e3c2f356
SHA256: 26b1eb3c355080c3b7354e21d6fecc80a57135b6f361e18009805d8f554aa7a4
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\part3_01[1].png
image
MD5: 686285e2ba4df005baae2104f4d9ac54
SHA256: 3da9ca31f4aed54739386aecedc39906ac3403d6a43ad5176b6ca310701b854a
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\dq-wx[1].jpg
image
MD5: f83f8748e0790aaa32fff32048741a58
SHA256: 3482921b04f825222905851a79cd5e09da6fba5bf931a3a7bb8709c555ef55a0
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\consult_icon[1].gif
image
MD5: f44ca56300b7ca167953647075be9749
SHA256: f4b7330dc57b33b67802aa3d4e8a6267c3c9dd492192a21b5e66cdbc39db16a5
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\part1_01[1].png
image
MD5: 2c5e039868e052c92ae666e3e010884c
SHA256: 3349f9b7ed7a49f5659f9ce84fdb0aa5b0ea98de0db75ac830612d15c6c7b3c7
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\mpart4[1].png
image
MD5: fea401bf81feadd2263e18606cdf329e
SHA256: 51a5195fa13f238e300aea66246002e561a42eedf81cc81b5560d8303134a288
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\p3-img[1].png
image
MD5: 3ce60cf66e416cfa5794effdb79c0e5b
SHA256: 8e1d802ea6cd4b3be5adb13b524bb6607dbffa8ce47638ea946549e0c8f63691
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\part4_01[1].png
image
MD5: 145c7d8dbd8fd2723747a180c0f1cecb
SHA256: 31d4efa0fd67f43f0e3da2bc067ddcfa85cb057be547ee46214b8fe485ca74ad
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\part2_01[1].png
image
MD5: d12cae5abb752a2f559981dc4c2e6919
SHA256: e0ff42f69673a0f0dc812d9f7bc8e072247a8894ab9dd5c7caf2cf5fd01b224e
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\push[1].js
text
MD5: 1bb5a3267c9865ad4abe8d937734b62b
SHA256: 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
3320
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 3c05a5d5ec337915a44f014086cfd412
SHA256: 17e4c40331c8e18e236ded8220399356c4d94af688f6ad86fd446d609ff2a802
3320
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TCKIDC15\www.ssd996[1].xml
text
MD5: 3e5282da20db7f45306381aaf7a60a1b
SHA256: 6d5451796fd67c5938297de6713e3292f68a84bc5797e543daa655c9c6aede69
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\p4-img[1].png
image
MD5: 909d004b35c86c8faf949d2ec565e1f8
SHA256: 85c244ed9b8559f008b1bd3826dce25630f0b67d81504c8529b7e4a635be8f8c
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\jquery-1.8.3.min[1].js
text
MD5: 1723ef479a4bf63ebbaad5f8280a7872
SHA256: f01013d714fce7b43d5d692c715b4ab741eff6e1e4f00456cb04b90e8a3de8eb
2980
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\hm[1].js
text
MD5: 55edd0aeec1879344e6b078889817044
SHA256: e98f1f4c40caa203d7352461c1fadaae81fdd7618567e22dd1fe482b2a3e5b03
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\pp3[1].png
image
MD5: 1d7c463e8737870bbffc4b782c20dc09
SHA256: fed967bbb3bf094d61bc54830fddcb68a7389f722d96ef83ace8a7a366bce772
3320
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EMHJXZB\www.alamosystems[1].xml
text
MD5: de0d8de9d2a525b137b4d1bc88a1f60e
SHA256: 12f73356bcf82746720610aa70000f2738df9fd2ad307af32f8b4030ef09d817
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\pp1[1].png
image
MD5: 8c54cd5a652c24ddac20eb83e2d04137
SHA256: a848b1f80cae295c301219e5ecf3b9a9ac849a9a4a39f64c85ee19befd71a7a4
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\a1[1].png
image
MD5: 865d411830ea0e839c4003dc4f44e335
SHA256: 2ace311a9df2867389cb7f9fe114d5858f48a0705222389ef2ae7f5c0e882844
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\pp2[1].png
image
MD5: 5ae2356a24a016252ad74e36214a08dc
SHA256: 7b4204bddd3c16fa983c1bae921107826b8511bcd0c8002baa69550ef18143f5
3320
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 696ce17fc8e30fed1617f90b4c47559a
SHA256: 948e7af36c38518165d955d115550f2a6d819c211467eb72933d00be67e36aba
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\t[1].png
image
MD5: 969ad2e6fbd99f55c1309c4dc15680aa
SHA256: eabb4985156bdfaf2d68a4dd45f6ff639a86b4dfeacfa92acffc3c91c7383a34
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\logo[1].png
image
MD5: b158eb39e1f7c1f89032053704d34f2f
SHA256: 2d6a4d2edf22eff8a7bc8700b3c816a5cd1aed50bcb5f0350d49fe385118b108
3320
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 44cf28badb231cdbe7722b7943e50ce6
SHA256: c283ed863cd8089309a622a099ad87e4c7ff13833be9349478465d75eca50222
3320
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 84580fd0538946041493430799a3b567
SHA256: d6766ce147090a1eb865e6297986624bae8025cc1c66b7b6de1fce77b840ddfd
3320
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EMHJXZB\www.alamosystems[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\hm[1].js
text
MD5: 07b17fd8d2fd0d5a7365d2a3299152f9
SHA256: ed149e5aa7fe74b66f9952352ca08349c6ee69bbe16292ba6507e236e9fd25e4
2904
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: cca51bdb4498982b95be246a0ce94224
SHA256: 561099ce31b18a7f2fc45363ac4ccc15f31fdf10ccfb16b8ac89eb22e895f751
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\15584294838966[1].png
image
MD5: 31e5c80a077c4c8b445338acdb61d322
SHA256: a617120ab822b0f37bd05feaba3e572a02d907b3c903576aa908318f2dc95b10
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\arrow[1].gif
image
MD5: 90307d275b804780fa1cf17bbf545430
SHA256: f1f131ef65ad0315e6477ff6e1c468be56cc7dd937ef7d4252af31d1b2a11116
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\p01[1].png
image
MD5: c6830aa0dbd27998928c55e42520416b
SHA256: 21d0389e4118ca2cfcefa509644eb31f9a8b9d76eaa476a729ecc0a085da9795
3320
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: ec653f20af9e8b74946c0cb15a741400
SHA256: d65802651e1f40dbf67a5ca3ac7ef0606a2a03512c00cf77fcb99c0e9024bbfe
3320
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 2669ade5c528b802d3ea07c802bdb3e3
SHA256: 68d49183f73f627c0e860e9e4be93b0f597a5b14df62d8fa43a63cc9dce84419
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\bg1[1].jpg
image
MD5: e9af43e45fab13476fffdc55f6ce460d
SHA256: c82b3f003c04f043f5a49bd6dab01e1202479858a61e0df020dac91ec95708f0
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\15583554967007[1].png
image
MD5: c9621d597e68af9b2146e9201619b6b8
SHA256: 56a07af7a5b892668346032e7251ac8a39259f8e95db6a2e3d505987b58e3235
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\15583554904200[1].png
image
MD5: 8fb6ba51908b70e059fefa97a9b00770
SHA256: 1fa996dadc49234a790dc5f93932d6ed27540bd2087e7911455464d355bb60da
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\15583544947847[1].png
image
MD5: b3cc984e76f54e3694479f2a80db3bc8
SHA256: 0569d840bfd0451f8c8642bba23540aab9e4a2392de41a165c1888f98ef76fac
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\15583554821151[1].png
image
MD5: 871b8cc77f52343fa5d324e2f3071cfe
SHA256: dd8a7bc02366db7e256d7f9282a945039ded1b1fdd2b2723c40db0df5005b482
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\ewm_bg[1].png
image
MD5: 7d4ec756456a066425ea75be96aeee61
SHA256: b69797f242d4d8174cbba63ad96189800e99c1a73a128148d2d88be9a7fdcea0
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\ab77b6ea7f3fbf79[1].js
text
MD5: 5dd27f8f2b042194c3cdabd62fd80110
SHA256: 928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 0a21c4b9bea605f63eec7867c56cd2c6
SHA256: 0b30d41477866015cb5f4a613589ca9e32c7191bf81bc3f24e0e81e49fb512de
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\jquery-1.12.4.min[1].js
text
MD5: 4f252523d4af0b478c810c2547a63e19
SHA256: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\11.0.1[1].js
html
MD5: a33510b861ff37145779f52fcdbbbd1d
SHA256: 63ba4f4194f92ac35e4090573d779d4f6cd08c8c45d30ad8b7c01d6d590f5aed
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\f[1].txt
text
MD5: 8dbda534e99cd2ad7fb66f441d11108d
SHA256: dc619c438344249068dc9f5524310680bb71a769464e0ec66ed4e0f3139db25e
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\index_pc[1].css
text
MD5: 10cc49c3b600ff0b0fc362790230b362
SHA256: 1fdb77039ed0cd27c6d4a3feebaf2b6ff47f288a84b8430f75cde7566b3af630
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\ssd996_com[1].htm
html
MD5: 13ec4b8465a7594f3deb69b46e312bf7
SHA256: 0797be7e8f60516a84dc82fc671ff00b2cd9efaffe2c5b0319cb57928e3cfe3a
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\node.h[1].js
html
MD5: 4b305a9b2fc481354c1ac4c5c1c2e97b
SHA256: 5284a7abe0d117eaca4824c45751487b7cf54175bc35057950c47be49d5fe017
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\jquery.multiscroll[1].css
text
MD5: edb681ca8dda270ed553a1ce21ac7a15
SHA256: bff61c72ef6e688e94ca50a1c997a20f864d1b42eab575a86d10f76a15fc8fdd
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\index[1].css
text
MD5: 55316f67be709cfc0d9dbda10854b7e7
SHA256: 4795c59ba44a38e031a8b7d9884bc24cb18efadd2a359489afeb9c79f758a684
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\alamosystems_com[1].htm
html
MD5: e6ac1f44eea270306077b5af1ef9cb27
SHA256: 18f308d078beb3bea5b43d63a587713b4e8b480e16e8e208d9b9fa9dd385a681
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 751e1e0de62bd5d7278e91e7099d586d
SHA256: 018d2b8c4c968f7ecd323dd878012546692cb009a56f72e28d01bbc26ffc381a
2904
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2904
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2904
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: ec5856525aa689bac7e0084fcdfca95c
SHA256: 4302665cc8e14ea70c4e604c9d2371223fc22aaf1c258e957f8ea592da8e008f
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2904
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3320
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
48
TCP/UDP connections
30
DNS requests
11
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2904 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/ US
html
unknown
3320 iexplore.exe GET –– 144.168.119.139:80 http://www.alamosystems.com/koolchadjs/js/jquery.easing.min.js US
––
––
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolcss/css/index.css US
text
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolcss/css/jquery.multiscroll.css US
text
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/js/node.h.js US
html
unknown
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/ DE
html
malicious
3320 iexplore.exe GET 200 104.192.110.245:80 http://js.passport.qihucdn.com/11.0.1.js?8113138f123429f4e46184e7146e43d9 US
html
suspicious
3320 iexplore.exe GET –– 185.59.220.19:80 http://www.ssd996.com/home/css/index_pc.css DE
––
––
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/home/js/jquery-1.12.4.min.js DE
text
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/home/css/index_pc.css DE
text
malicious
3320 iexplore.exe GET 200 111.206.37.189:80 http://push.zhanzhang.baidu.com/push.js CN
text
whitelisted
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/home/imgs/bg1.jpg DE
image
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/home/imgs/ewm_bg.png DE
image
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/uploads/15583544947847.png DE
image
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/uploads/15583554967007.png DE
image
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/uploads/15583554821151.png DE
image
malicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/uploads/15583554904200.png DE
image
malicious
3320 iexplore.exe GET 200 13.224.68.36:80 http://s6.qhres.com/static/ab77b6ea7f3fbf79.js US
text
whitelisted
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/logo.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/p01.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/pp2.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/pp1.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/a1.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/t.png US
image
unknown
3320 iexplore.exe GET 200 183.131.207.66:80 http://ia.51.la/go1?id=20097677&rt=1562857997873&rl=1280*720&lang=en-us&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=32&ds=%25E1%2583%25A6%25E6%2580%25A7%25E6%2584%259F%25E7%25BE%258E%25E8%2585%25BF-%25E5%25BC%25BA%25E5%25A5%25B8%25E5%25A5%25B3%25E4%25BA%25BA%257C%25E7%25BE%258E%25E5%25A5%25B3%25E4%25BA%25BA%25E4%25BD%2593%252C%25E9%25AB%2598%25E6%25B8%2585%25E7%2584%25A1%25E7%25A2%25BC%25E8%25A6%2596%25E9%25A0%25BB%25E7%259B%25B4%25E6%258E%25A5%25E7%259C%258B%252C%25E5%25A5%25B3%25E5%25AD%2590%25E6%2589%2593%25E5%25B1%2581&ing=1&ekc=&sid=1562857997873&tt=%25E1%2583%25A6%25E6%2580%25A7%25E6%2584%259F%25E7%25BE%258E%25E8%2585%25BF-%25E5%25BC%25BA%25E5%25A5%25B8%25E5%25A5%25B3%25E4%25BA%25BA%257C%25E7%25BE%258E%25E5%25A5%25B3%25E4%25BA%25BA%25E4%25BD%2593&kw=%25E6%2580%25A7%25E6%2584%259F%25E7%25BE%258E%25E8%2585%25BF%252C%25E4%25BA%2594%25E7%25A0%2581%25E5%259C%25A8%25E7%25BA%25BF%25E4%25B8%258B%25E8%25BD%25BD%252C%25E5%25BC%25BA%25E5%25A5%25B8%25E5%25A5%25B3%25E4%25BA%25BA%252C%25E7%25BE%258E%25E5%25A5%25B3%25E4%25BA%25BA%25E4%25BD%2593&cu=http%253A%252F%252Fwww.alamosystems.com%252F&pu= CN
––
––
suspicious
3320 iexplore.exe GET 200 185.59.220.19:80 http://www.ssd996.com/uploads/15584294838966.png DE
image
malicious
3320 iexplore.exe GET 200 171.8.167.89:80 http://s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.alamosystems.com%2F&sid=8113138f123429f4e46184e7146e43d9&token=8/1m1o3c1.3s8mfe1t2s3y4s2o9mfa4l CN
––
––
whitelisted
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/arrow.gif US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/p3-img.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/p4-img.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/pp3.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolchadjs/js/jquery-1.8.3.min.js US
text
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part1_01.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/mpart4.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part2_01.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part3_01.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part4_01.png US
image
unknown
3320 iexplore.exe GET 200 111.206.37.189:80 http://api.share.baidu.com/s.gif?l=http://www.alamosystems.com/ CN
––
––
whitelisted
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part1_03.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part2_02.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part3_03.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/part4_03.png US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/consult_icon.gif US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolimages/images/dq-wx.jpg US
image
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolchadjs/js/jquery.easing.min.js US
text
unknown
3320 iexplore.exe GET 200 144.168.119.139:80 http://www.alamosystems.com/koolchadjs/js/jquery.multiscroll.min.js US
text
unknown
2904 iexplore.exe GET 404 144.168.119.139:80 http://www.alamosystems.com/favicon.ico US
html
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2904 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3320 iexplore.exe 144.168.119.139:80 eSited Solutions US unknown
3320 iexplore.exe 185.59.220.19:80 Datacamp Limited DE malicious
–– –– 104.192.110.245:80 Beijing Qihu Technology Company Limited US suspicious
3320 iexplore.exe 103.235.46.191:443 Beijing Baidu Netcom Science and Technology Co., Ltd. HK unknown
3320 iexplore.exe 220.242.139.165:443 CN unknown
3320 iexplore.exe 111.206.37.189:80 China Unicom Beijing Province Network CN malicious
3320 iexplore.exe 13.224.68.36:80 US unknown
3320 iexplore.exe 183.131.207.66:80 DaLi CN suspicious
3320 iexplore.exe 171.8.167.89:80 No.31,Jin-rong Street CN unknown
2904 iexplore.exe 144.168.119.139:80 eSited Solutions US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.alamosystems.com 144.168.119.139
unknown
www.ssd996.com 185.59.220.19
unknown
hm.baidu.com 103.235.46.191
whitelisted
js.passport.qihucdn.com 104.192.110.245
suspicious
push.zhanzhang.baidu.com 111.206.37.189
61.135.185.248
whitelisted
js.users.51.la 220.242.139.165
163.171.128.16
220.242.140.187
220.242.182.12
malicious
s6.qhres.com 13.224.68.36
13.224.68.177
13.224.68.43
13.224.68.168
whitelisted
ia.51.la 183.131.207.66
suspicious
s.360.cn 171.8.167.89
180.163.251.231
180.163.251.230
171.8.167.90
101.226.161.227
180.97.63.237
171.13.14.66
whitelisted
api.share.baidu.com 111.206.37.189
61.135.185.248
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.