General Info

URL

http://www.galvezcustoms.com

Full analysis
https://app.any.run/tasks/b65f41c2-ee3f-48d1-98e7-71605e9706fa
Verdict
Malicious activity
Analysis date
7/11/2019, 19:23:13
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • iexplore.exe (PID: 3092)
Changes internet zones settings
  • iexplore.exe (PID: 3092)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 3352)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3352)
Reads internet explorer settings
  • iexplore.exe (PID: 3352)
Creates files in the user directory
  • iexplore.exe (PID: 3092)
  • iexplore.exe (PID: 3352)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3092
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll

PID
3352
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3092 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\feclient.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
473
Read events
386
Write events
85
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3092
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{9836C5F7-A400-11E9-B506-5254004A04AF}
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004000B00110017001C005B03
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004000B00110017001C005B03
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B00110017001D001F00
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
18
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B00110017001D003F00
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
280
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B00110017001D004801
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
47
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheRepair
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
0E770C5C0D38D501
3092
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://www.galvezcustoms.com/
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
google.com.ng
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
google.com.hk
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
.eu
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
adf.ly
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
google.co.za
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
manage.com
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
chatwork.com
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
uzone.id
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
tomshardware.com
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
roblox.com
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
gutefrage.net
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
paypal.com
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
bbc.com
3092
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
hdzog.com
3352
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712
3352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3352
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheRepair
0
3352
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
65
Unknown types
13

Dropped files

PID
Process
Filename
Type
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\white-logo[1].png
image
MD5: 3f60dbde55942b9bc746d5138dba89ef
SHA256: 5f8497871e325b44e5f9a259500bb1a7409347069f60f07b1090fd0c3ea3a2c2
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\algo-video[1].css
text
MD5: e79b86988c537b6de9c906baf9c80b21
SHA256: ce3388a2e94a45c1dfe599d99aec030503874327b735a3dd2f79713c68e5a4d5
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\livechat2[1].aspx
text
MD5: 2615f33cca85c87f40fcb742367e48e8
SHA256: 0bb1b3785882b4f5efea2b55b7fd35b7f19f79aa000922ba42153bc53b3ff6f6
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\howitworks[1].jpg
image
MD5: 4cff09cc1ca8130716490af508d7528a
SHA256: 14799da75028a42827c043fcc3979bb1adf01629530285f8eb87aae9235442ca
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\q[1].png
image
MD5: accbd44bbd31d89364099215d0c58bb7
SHA256: 69b7122efe2660262b8ae0f9e3ab1f0c7224ba3b3a4288652a4943ef54781962
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\step2[1].png
image
MD5: 8f75062fc20adbcc7b65159c52eb9e16
SHA256: 457fa02c89d0cdd444f8d9658cf37ee47ad35d9750761ce88635dfaf66c5728f
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\step3[1].png
image
MD5: e7564cfd2d466d461476f022dad376b5
SHA256: ae4aa00bf9e90de7fcf40f9bdbb3c8e7be4f1ffb8c768c328e43ea1f89bcb976
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\step1[1].png
image
MD5: 91263877b6cff8d376276ba245664635
SHA256: ea80e5c890199dde7f738be6dc91b99ef6fe298906b7cb764ff98338889eeb27
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a68d1efb58e7b66373b1b0b12a599b25
SHA256: 5b1425439a8389af7863a5bf7a73cc8a9b0cd4cbe6026d719e9663cdc97f7423
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\testimoniald[1].png
image
MD5: 44325614eef20caea0d44279f67ee783
SHA256: f2650adbe5848ae9dcd8397cee39bcc85cb1cb7c9e8e0d93b8c02e8b380a646b
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\testimonialc[1].png
image
MD5: f76d707d5a4ba15dd3f8bf7961434ff0
SHA256: 2375754fdd621277a8e4cb15e8ed70c51885730ec9caea79c7682e32754dde12
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\testimonialb[1].png
image
MD5: bceba1e0871878dd92adf05650681ea9
SHA256: 63411f2bd8450b474a9fdca2c7e45ca57b003e89202042e26a6f5a87e68764c9
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\mcafee[1].png
image
MD5: fd28ea855b811945fc60e39ff58ce160
SHA256: 84889440b1d26f213285dad200ddbea59b97c62c7b74b7c416b6c420c2cd553c
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\testimoniala[1].png
image
MD5: 154c32a4a86ac47fff67b40adebb77de
SHA256: e1ce196cb154539fc803920417e7b0ee4448cc7556cb289bad692891431795db
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\join3[1].png
image
MD5: 21769a8b4f2897fa6067ada7ce971bc4
SHA256: 65258d6254df7623a2c48f4d174c7b94756d87cbadd6081c61fd38672df8f2cb
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\join1[1].png
image
MD5: 87341d3695ed0e074a2819b40ea37007
SHA256: e7035219a3c2867efeb91da37929db45983a9b72cbca6e1f552eae3678aa6a50
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\js[1].php
text
MD5: dd937d1c961b36a840a1baff4523af7b
SHA256: 3808f2a9a79009cb814f8d860adc53441b4f4cc91581a40bd5db91d17e671011
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\secure-trading[1].png
image
MD5: c795f6fc54767559c4018d8c74b7f2eb
SHA256: ffe1197077cb1181b5661a8ea78fe28c1062ad81f2ebb8074dc885a220fceb88
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\join2[1].png
image
MD5: bff1d966cc85b6d6b20102c5b02a07bb
SHA256: 42110bacd68ed14f4902cdfa70707e2e642807c4476e63bbed81ffe9bccb434e
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\recaptcha__en[1].js
text
MD5: 47bef241573ecce87815d3a09cad5fdb
SHA256: 6545c4d7e7c4fa643fb3dbc74cdb699d9289b83a4882bb8625206974a547c4f8
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\bitgo[1].png
image
MD5: f27ed5020bef246b6728d680daad1ea2
SHA256: 5a5e7bf9024b3136afba904d490c1242c2593ec628fcc1cd7ab6a84d75e59890
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\section1bg[1].jpg
image
MD5: 85d7a475178ca3fdf0105619a9f705c2
SHA256: 2ef5b1dc6d96247e6bf8f538ba9d83b2ccb8f156e3833fdafb468c8c663ed21a
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\gtm[1].js
text
MD5: 1b660fb86e4a67fedd52481aef03323a
SHA256: a934905abd180bd92e19cc2f5b13b8710a49f11a95f0851a5bffa0e78b72bf4a
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\loadingoverlay.min[1].js
text
MD5: f72ab7f001a24b4c9907b475a9365403
SHA256: d759b9155a40ab48e3185790fa338c2e5042c8b768e1544fec61a35815ba25be
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\norton[1].png
image
MD5: f09134a25691a53add6186a1ca3faa2f
SHA256: 1990f2515957f87343bd3044ddbdb7aa8c5043bdc2697c089c617aa520a7450b
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\validate[1].js
text
MD5: 0a401907505fbb18efc14d2a125c78f1
SHA256: 1386eafb3f8d1a3fe16da5b7f40a9af26004b074d60fdc93f2295f7bce18e8d7
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\bitcoin-formula_com[1].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\logo[1].png
image
MD5: b48a428a349b30d0d8f87f35f30ad887
SHA256: cd5d43c2e39a5a7945b65cf87fb2cd49dce6f26f67965d4ef940cd82a837a037
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 4be1a572fca40bcb2202504cb17aed91
SHA256: 64d06eeb18abad7d4ef1b1ef7409cf108bd4774c50a64e2c7b49ffb708ff24f4
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\toastr.min[1].js
text
MD5: b36f28de584845317de40a7219c82b1c
SHA256: ddb96c25de07962ffbc0243e6e68177ce74aee9fd950cb4f5d8d3c8e6c524a09
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\fontawesome-webfont[1].eot
eot
MD5: 674f50d287a8c48dc19ba404d20fe713
SHA256: 7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\S6uyw4BMUTPHjx4wWg[1].eot
eot
MD5: 056a373d808ada4f12a2d6538e88823c
SHA256: 65e57bfb4cd584ed7b4cadc22dae93e84e073dc11ce81529a67250032b2f22b1
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\font-awesome-css.min[1].css
text
MD5: 36082410df2ef7f83932219089dc1443
SHA256: 5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYQ[1].eot
eot
MD5: 785c4b7cdc5fe8d969e8d3d386714db6
SHA256: b2d945463619c09e164bdf9fd7b8b564c3e8b43f5a0c83b54b28dd4616e1739d
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\glyphicons-halflings-regular[1].eot
eot
MD5: f4769f9bdb7466be65088239c12046d1
SHA256: 13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\css[1].txt
text
MD5: f6156b36abfe8b601768b29c6c7cc201
SHA256: 64ec561b2078fe566d7c2b6402b34569ef95f5c203feaaba68b10cf8c30b7409
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\uinames[1].css
text
MD5: b7208a6eea5a9b1ec373530c5beb3df6
SHA256: e95dc47e67467edac38948783ae4d89182ca5c90ff4cf3584165122b98596c7f
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\jquery.min[1].js
text
MD5: 895323ed2f7258af4fae2c738c8aea49
SHA256: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\main[1].js
text
MD5: a80b8c7d39f74aab6d8eaf8f2b6d0f72
SHA256: bbc04db1c19484e5977e1fa43d58c5857c6b4d5349758d03d16498bebd9f55d3
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\en[1].js
text
MD5: 0021ae144ca41a2a0b5d9a918879bd25
SHA256: f439d861946c4b94ecb6033c0d9b7867f0dafee260be776251bba84c7d4e3d5f
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\analytics[1].js
text
MD5: a403e5202fa0f1639d90357a1015cc80
SHA256: 0c1c1bc7b925f666835f266f9b655fcd9e080abf7ffe0ae6dfde67b45f01a748
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\members[1].js
text
MD5: 22f21509f00f9052e60bcd8f4e37dd26
SHA256: 69bd8a1e673107d0243f66fa1ebd054d92a6f3482d3d00b6b72cbc8e028c79cc
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\bootstrap.min[1].css
text
MD5: ec3bb52a00e176a7181d454dffaea219
SHA256: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\main[1].css
text
MD5: 854a4b0be1e2f21a29cd223cfb74816c
SHA256: 6f00a5c0430527d8d9a9e0d3e2f4c3742e6c0adfb7c1a4920126eb3fca09bdab
3092
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: cbc1de5ee1b49dbdabd532aeb06e21b0
SHA256: 13ab19cd0ddea5cba7ef61d72ec07b053d757f2d53d942fbf658860e30ca09dc
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: ed64e8a4093dc39ea94772b6a6c3c9b3
SHA256: 688ad89bcdb93ca6a0135215cfc6beba1669a1d1dab00d2218433e5ebe741c8c
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\build.min[1].css
text
MD5: 15cb1ed18e0528646e97001733481bf7
SHA256: 79f6698d4aa4a0b4918a424b3ce04d06bbf744af88ef3a53271c35cbfe29a75f
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\intlTelInput[1].css
text
MD5: 54ef708e2e5251df3f41949e8bfff97e
SHA256: 2b720fbbc6b4e54e8b4b11a01f335ce9ca8efd88222bac43131458d49f16d69c
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\c98940a8d5[1].css
text
MD5: 95f740f04be0bab36e6af3e0b8a17bcf
SHA256: b8ca22a10ac85a5cf5693ffb36e266eecefd95a70f3b5f7c5f055fe42a48bfa9
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\toastr.min[1].css
text
MD5: bc96861d9899e4e68fb2e59c363d8c60
SHA256: 10d159adb573ca535b8275f1d27dc8d60fffd9678ee3b5f1a0f7b4be4a77342f
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\api[1].js
text
MD5: be03a05647aecaf226b226b2854aba49
SHA256: 59aa89883d64a9a5bd0cd7e7c98a5f3ee825ce3431725bba7e504a395da2781e
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\bitcoin-formula_com[1].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\bitcoin-formula_com[1].htm
html
MD5: 1298e63d25fe0847392e13aa53ae8da0
SHA256: 91711e3309dd43ba34b4fc226a23167cfb6a578c5263113f46fbb3347888c7f2
3352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: dda54e5d52f13a2e236938c2470fb345
SHA256: 523972763faf7611fff89ffe87bf2d0034ad42e44af53ef217b25c613c209fb6
3352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\zcredirect[1].htm
html
MD5: a65eb30e646ac9aba231bab98c0d5308
SHA256: 2c544e982460ad65322b001e641b8437bd092bf00a7b5ff5fb5681683df0e132
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\zcredirect[1].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\d5d67df8-a400-11e9-b5e6-0aa5f9f2fee6[1].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\d5d67df8-a400-11e9-b5e6-0aa5f9f2fee6[1].htm
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\galvezcustoms_com[1].htm
html
MD5: 747d728e7174b50871f9d39be6e5d408
SHA256: 6c63b928ebb69087f48661af17c04a62efcf8b9a0949984441d0552b66610f87
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\galvezcustoms_com[1].txt
––
MD5:  ––
SHA256:  ––
3092
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 14171d8b5afdc0bf476c58a6d0b2ef60
SHA256: 0e372dd51dbbd444db85fb9b4485a92f58869d40066c4b33e03a2a01a7e7f43e
3092
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
image
MD5: f3418a443e7d841097c714d69ec4bcb8
SHA256: 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\rs=ACT90oE3QqXpdJfgkx3EGuud5-s5TeJJ5g[1]
text
MD5: e12ac9bfbf5b4b92f6f1266d1a9815d7
SHA256: f5b0479c794fea8199e2f8a75b03997dfedb9ed3a64b3598f2410be31af1e1c6
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\nav_logo229[1].png
image
MD5: 1b12cab0347f8728af450fe2457e79c3
SHA256: ca858453ce21cabdf9911c6fa3291aa630df344244bc183a4d5ae9972e59f675
3352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 20b630ceca49dd876798526f1f3f6930
SHA256: 87d3e5190d56c28336e9534ae1553d43bc0af0769db7eb26a493b9c1549ca7c3
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\googlelogo_white_background_color_272x92dp[1].png
image
MD5: b593548ac0f25135c059a0aae302ab4d
SHA256: 44fc041cb8145b4ef97007f85bdb9abdb9a50d744e258b0c4bb01f1d196bf105
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: fe117fac437f4d18772586ac318428dd
SHA256: 420476a7ad0becedf4012310c4d2c3e16a963fe177bd01af3ee02ba7cec07607
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\google_com[1].htm
html
MD5: cd22ad22d303ef0936c10ed316b2269c
SHA256: c1f2dc1494b9713215b6f18feabaec5990f36028769192ae326cc630fca194fe
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\google_com[1].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 601ac0dc513c4f48a0bb9a19210e5f77
SHA256: a5ac58a8551faa5b4bd98abae345dbcee9b0fec95be070a227042f41899dcf0b
3352
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 4199c0404a717969de5c28c7d19eb09f
SHA256: 537a750a95659b3a1d13e5dd28947fd9b1da919044ce15c8a6afbc9da25f679e
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\zcredirect[1].htm
html
MD5: 3ffaa04314f18dc116f56c5290c79506
SHA256: 7cea82727b98603b55e4f2941164a285b5af5ff23f72f35b78c8532d5040c57a
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\zcredirect[1].txt
––
MD5:  ––
SHA256:  ––
3092
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: 0ce9ead61ec1fc1202a0debe1e565499
SHA256: d874c2999c7a2b8c59e6f25f6408ef258fbefb633f5701e277bc85a904596930
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: b2328d14d593ce00db9104542c09095d
SHA256: 1d33ff658313830f3d70cb2d4e6f482fd3d7b84525de37e56649cccc5f94ab3f
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 1de91ac4b0864205d054975ed2d6904b
SHA256: 410c18e76b4639829ab930478e2f6d6fda4593889978060e3d4c795d80260bba
3092
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3092
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3092
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PZ3P1LG\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0499d8a0582a7cebe742cf845e5da196
SHA256: dd424e5f1960120cec5f1d8a196db23051998f9320deebc93823f846e79dc52e
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GBTFIOT9\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFS5E7SG\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5UWK0KKQ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3092
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3352
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
10
TCP/UDP connections
39
DNS requests
18
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3092 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3352 iexplore.exe GET 302 89.35.39.65:80 http://www.galvezcustoms.com/ RO
text
malicious
3352 iexplore.exe GET 200 52.22.6.59:80 http://usd.odysseus-nua.com/zcvisitor/99e02671-a400-11e9-8b7f-12f8115ae5c6?campaignid=b7764eb5-8de2-11e9-8a1b-12077332b422 US
html
malicious
3352 iexplore.exe GET 200 52.22.6.59:80 http://usd.odysseus-nua.com/zcredirect?visitid=99e02671-a400-11e9-8b7f-12f8115ae5c6&type=js&browserWidth=1276&browserHeight=560&iframeDetected=false US
html
malicious
3092 iexplore.exe GET 404 52.22.6.59:80 http://usd.odysseus-nua.com/favicon.ico US
html
malicious
3352 iexplore.exe GET 200 89.35.39.65:80 http://www.galvezcustoms.com/ RO
html
malicious
3352 iexplore.exe GET 302 89.35.39.65:80 http://www.galvezcustoms.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTU2Mjg3MzExMCwiaWF0IjoxNTYyODY1OTEwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIybW82a2d1cXZuM2Iwam5ia2cwNmZuNDkiLCJuYmYiOjE1NjI4NjU5MTB9.PwoxPoRAgys2-r9x_UCWiFK9dlIHcFhFPKY_RwoULcc&ts=1562865910367206&uuid=99aac7fa-a400-11e9-8c5e-8d56c707bef7 RO
text
malicious
3352 iexplore.exe GET 200 34.194.204.58:80 http://usa.odysseus-nua.com/zcvisitor/d5d67df8-a400-11e9-b5e6-0aa5f9f2fee6?campaignid=1cf07970-5c58-11e9-b347-0a157bfa6bfc US
html
malicious
3352 iexplore.exe GET 200 34.194.204.58:80 http://usa.odysseus-nua.com/zcredirect?visitid=d5d67df8-a400-11e9-b5e6-0aa5f9f2fee6&type=js&browserWidth=1276&browserHeight=560&iframeDetected=false US
html
malicious
3092 iexplore.exe GET 404 34.194.204.58:80 http://usa.odysseus-nua.com/favicon.ico US
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3092 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3352 iexplore.exe 89.35.39.65:80 Parfumuri Femei.com SRL RO malicious
3352 iexplore.exe 52.22.6.59:80 Amazon.com, Inc. US malicious
3092 iexplore.exe 52.22.6.59:80 Amazon.com, Inc. US malicious
3352 iexplore.exe 138.68.103.129:443 Digital Ocean, Inc. DE unknown
3352 iexplore.exe 172.217.16.206:443 Google Inc. US whitelisted
3352 iexplore.exe 172.217.18.164:443 Google Inc. US whitelisted
3092 iexplore.exe 172.217.18.164:443 Google Inc. US whitelisted
3352 iexplore.exe 89.35.39.65:443 Parfumuri Femei.com SRL RO malicious
3352 iexplore.exe 34.194.204.58:80 Amazon.com, Inc. US malicious
3092 iexplore.exe 34.194.204.58:80 Amazon.com, Inc. US malicious
3352 iexplore.exe 188.214.132.74:443 UAB Cherry Servers LT suspicious
3352 iexplore.exe 104.28.20.247:443 Cloudflare Inc US unknown
3352 iexplore.exe 104.19.197.151:443 Cloudflare Inc US shared
3352 iexplore.exe 74.86.208.240:443 SoftLayer Technologies Inc. US unknown
3352 iexplore.exe 172.217.16.138:443 Google Inc. US whitelisted
3352 iexplore.exe 216.58.207.67:443 Google Inc. US whitelisted
3352 iexplore.exe 23.111.9.35:443 netDNA US unknown
3352 iexplore.exe 172.217.16.168:443 Google Inc. US whitelisted
3352 iexplore.exe 74.86.208.243:443 SoftLayer Technologies Inc. US unknown
3352 iexplore.exe 172.217.22.99:443 Google Inc. US whitelisted
3352 iexplore.exe 104.16.86.20:443 Cloudflare Inc US shared
3352 iexplore.exe 104.27.177.85:443 Cloudflare Inc US unknown
3092 iexplore.exe 104.28.20.247:443 Cloudflare Inc US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.galvezcustoms.com 89.35.39.65
malicious
usd.odysseus-nua.com 52.22.6.59
35.175.21.193
35.172.143.48
54.236.74.179
54.88.43.23
35.171.104.39
54.84.166.74
54.164.219.68
malicious
cryptrk.com 138.68.103.129
unknown
www.google.com 172.217.18.164
whitelisted
usa.odysseus-nua.com 34.194.204.58
35.172.143.48
35.171.104.39
54.236.74.179
35.175.21.193
52.22.6.59
54.164.219.68
34.195.36.24
malicious
trafficadmarket.com 188.214.132.74
malicious
bitcoin-formula.com 104.28.20.247
104.28.21.247
unknown
cdnjs.cloudflare.com 104.19.197.151
104.19.198.151
104.19.195.151
104.19.196.151
104.19.199.151
whitelisted
mylivechat.com 74.86.208.240
whitelisted
fonts.googleapis.com 172.217.16.138
whitelisted
fonts.gstatic.com 216.58.207.67
whitelisted
use.fontawesome.com 23.111.9.35
whitelisted
www.googletagmanager.com 172.217.16.168
whitelisted
s3.mylivechat.com 74.86.208.243
unknown
www.gstatic.com 172.217.22.99
whitelisted
geoip.ipdescription.com 104.27.177.85
104.27.176.85
unknown
cdn.jsdelivr.net 104.16.86.20
104.16.87.20
104.16.85.20
104.16.89.20
104.16.88.20
whitelisted

Threats

PID Process Class Message
3352 iexplore.exe Misc activity ADWARE [PTsecurity] Redirecting.Zemot (RBN ZeroPark 0-Click)
3352 iexplore.exe Misc activity ADWARE [PTsecurity] Redirecting.Zemot (RBN ZeroPark 0-Click)

Debug output strings

No debug info.