General Info

URL

http://www.anyburn.com/anyburn_setup_x64.exe

Full analysis
https://app.any.run/tasks/d19aacdd-aaff-43b5-ab12-2da11cdccfed
Verdict
Malicious activity
Analysis date
11/8/2018, 10:35:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • AnyBurn.exe (PID: 4032)
  • anyburn_setup[1].exe (PID: 2080)
  • anyburn_setup[1].exe (PID: 3136)
  • anyburn_setup_x64[1].exe (PID: 2460)
  • anyburn_setup_x64[1].exe (PID: 2916)
Loads dropped or rewritten executable
  • anyburn_setup_x64[1].exe (PID: 2460)
  • anyburn_setup[1].exe (PID: 2080)
Downloads executable files from the Internet
  • iexplore.exe (PID: 1496)
Creates files in the user directory
  • AnyBurn.exe (PID: 4032)
Creates a software uninstall entry
  • anyburn_setup[1].exe (PID: 2080)
Executable content was dropped or overwritten
  • anyburn_setup_x64[1].exe (PID: 2460)
  • iexplore.exe (PID: 2004)
  • iexplore.exe (PID: 1496)
  • anyburn_setup[1].exe (PID: 2080)
Creates files in the program directory
  • anyburn_setup[1].exe (PID: 2080)
Reads internet explorer settings
  • iexplore.exe (PID: 2140)
  • iexplore.exe (PID: 1496)
Creates files in the user directory
  • iexplore.exe (PID: 2004)
  • iexplore.exe (PID: 2140)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3200)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2140)
  • iexplore.exe (PID: 1496)
Changes internet zones settings
  • iexplore.exe (PID: 2004)
Application launched itself
  • iexplore.exe (PID: 2004)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
52
Monitored processes
9
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start drop and start drop and start drop and start start drop and start iexplore.exe iexplore.exe anyburn_setup_x64[1].exe no specs anyburn_setup_x64[1].exe anyburn_setup[1].exe no specs anyburn_setup[1].exe iexplore.exe anyburn.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2004
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\anyburn_setup_x64[1].exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\rb73mz6y\anyburn_setup[1].exe
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
1496
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2004 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wintrust.dll

PID
2916
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anyburn_setup_x64[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anyburn_setup_x64[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Power Software Ltd
Description
AnyBurn Setup
Version
4.3.0.0
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\anyburn_setup_x64[1].exe
c:\systemroot\system32\ntdll.dll

PID
2460
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anyburn_setup_x64[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anyburn_setup_x64[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
2
Version:
Company
Power Software Ltd
Description
AnyBurn Setup
Version
4.3.0.0
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\anyburn_setup_x64[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsi5910.tmp\system.dll
c:\windows\system32\uxtheme.dll

PID
3136
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\anyburn_setup[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\anyburn_setup[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Power Software Ltd
Description
AnyBurn Setup
Version
4.3.0.0
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\rb73mz6y\anyburn_setup[1].exe
c:\systemroot\system32\ntdll.dll

PID
2080
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\anyburn_setup[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\anyburn_setup[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Power Software Ltd
Description
AnyBurn Setup
Version
4.3.0.0
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\rb73mz6y\anyburn_setup[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\users\admin\appdata\local\temp\nsucef.tmp\system.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\anyburn\uninstall.exe
c:\program files\anyburn\anyburn.exe
c:\users\admin\appdata\local\temp\nsucef.tmp\instopt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\netutils.dll

PID
2140
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2004 CREDAT:6403
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll

PID
4032
CMD
"C:\Program Files\AnyBurn\AnyBurn.exe"
Path
C:\Program Files\AnyBurn\AnyBurn.exe
Indicators
Parent process
anyburn_setup[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
Power Software Ltd
Description
AnyBurn
Version
4, 3, 0, 0
Modules
Image
c:\program files\anyburn\anyburn.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imageres.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mssvp.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\ehstorapi.dll

PID
3200
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
1634
Read events
1490
Write events
141
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2004
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2004
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B9F21A17-E339-11E8-BFAB-5254004AAD11}
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B0004000800090024000C005400
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B0004000800090024000C005400
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B0004000800090024000C002F01
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800090024000C006D01
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
37
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800090024000C00BB01
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
23
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://www.anyburn.com/
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://fb.com/
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
bp.blogspot.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
shoot.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
ign.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
hdzog.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
blog.jp
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
libero.it
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
aliexpress.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
allegro.pl
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
gamefaqs.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
twoo.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
yalla
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
kinogo.club
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
codeonclick.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url17
eksisozluk.com
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
54195F9C4677D401
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E2070B0004000800090026000300C00300000000
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B0004000800090026003B008E02
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
33
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800090026003B000B03
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
70
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800090026003B009803
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
1236
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2004
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B00040008000900270005002A03
1496
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
1496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109
1496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
1496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
1496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
1496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AnyBurn
Install_Dir
C:\Program Files\AnyBurn
2080
anyburn_setup[1].exe
write
HKEY_CURRENT_USER\Software\AnyBurn
Install_Dir
C:\Program Files\AnyBurn
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
DisplayName
AnyBurn
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
DisplayIcon
"C:\Program Files\AnyBurn\AnyBurn.exe"
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
UninstallString
"C:\Program Files\AnyBurn\uninstall.exe"
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
InstallLocation
C:\Program Files\AnyBurn
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
DisplayVersion
4.3
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
VersionMajor
4
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
VersionMinor
3
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
Publisher
Power Software Ltd
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
NoModify
1
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyBurn
NoRepair
1
2080
anyburn_setup[1].exe
write
HKEY_CURRENT_USER\Software\AnyBurn
Language
1033
2080
anyburn_setup[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
4032
AnyBurn.exe
write
HKEY_CURRENT_USER\Software\AnyBurn
Language
1033
4032
AnyBurn.exe
write
HKEY_CURRENT_USER\Software\AnyBurn
CheckUpgrade
17843
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASAPI32
EnableFileTracing
0
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASAPI32
EnableConsoleTracing
0
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASAPI32
FileTracingMask
4294901760
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASAPI32
ConsoleTracingMask
4294901760
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASAPI32
MaxFileSize
1048576
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASAPI32
FileDirectory
%windir%\tracing
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASMANCS
EnableFileTracing
0
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASMANCS
EnableConsoleTracing
0
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASMANCS
FileTracingMask
4294901760
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASMANCS
ConsoleTracingMask
4294901760
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASMANCS
MaxFileSize
1048576
4032
AnyBurn.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AnyBurn_RASMANCS
FileDirectory
%windir%\tracing
4032
AnyBurn.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4032
AnyBurn.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4032
AnyBurn.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4032
AnyBurn.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4032
AnyBurn.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
4032
AnyBurn.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0200000001000000000000000700000006000000030000000500000004000000FFFFFFFF
4032
AnyBurn.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
TV_FolderType
{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}
4032
AnyBurn.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
TV_TopViewID
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
4032
AnyBurn.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
TV_TopViewVersion
0
4032
AnyBurn.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
14
Suspicious files
6
Text files
60
Unknown types
5

Dropped files

PID
Process
Filename
Type
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\anyburn_setup_x64[1].exe
executable
MD5: 0d2992509abfde7196ed13f47484c8b6
SHA256: 6cd037ce346c1459c01c4ca125a7841db4b2c864f900a4db40cd5e71f38ca477
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\abcmd.exe
executable
MD5: 3d2c5ac9928c810508edbce9cd607888
SHA256: e7f2e6f191ed85eceefe564ae0abde4601c4d04b6f5529a64725937d2df43b72
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\AnyBurn.exe
executable
MD5: 5652d84fe2ea1dbbc709be2876476610
SHA256: 24da7380fc01b1f95a65097622aabd7a23f8a052a12e4898e55b324475bdcfa7
2080
anyburn_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsuCEF.tmp\System.dll
executable
MD5: bf712f32249029466fa86756f5546950
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\anyburn_setup[1].exe
executable
MD5: 86de991a967e97160ed032b8ab9a3780
SHA256: 321d37437c78786d722a3c25bd0a64dda684315e3d9b8aa5db8339ca1296f3c4
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\libFLAC.dll
executable
MD5: ebbc719e881f2311d352ade3b5e48aee
SHA256: aa0603abb74ed604518063a5b7f037d007e63b6349f23c2c00d0985609365293
2460
anyburn_setup_x64[1].exe
C:\Users\admin\AppData\Local\Temp\nsi5910.tmp\System.dll
executable
MD5: bf712f32249029466fa86756f5546950
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\uninstall.exe
executable
MD5: 29570b4ddc76872c71332987455119e1
SHA256: 92eeb4a6a7d76130815528fc3a998aafd961c1224a7c82c1c1e093b77410f422
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anyburn_setup_x64[1].exe
executable
MD5: 0d2992509abfde7196ed13f47484c8b6
SHA256: 6cd037ce346c1459c01c4ca125a7841db4b2c864f900a4db40cd5e71f38ca477
2080
anyburn_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsuCEF.tmp\InstOpt.dll
executable
MD5: a9b4e84b5c71be9aad7cbe44506a6b4e
SHA256: 313648b948243e992f08eec6e567aca26c2131ca6b9d307dd11071470521baf7
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\lame_enc.dll
executable
MD5: 7a1f439156eccb4aeb8ff90e35e750b1
SHA256: f991019a42b5f3fce8e906b7a224597b4b1856c7940eb01b39eb858e250f435a
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\MACDll.dll
executable
MD5: 072a156ea3f8eba9d2e3c5030b0cffd0
SHA256: 806e83bb5acd31473f7abeb3f7b9424d03c4eb4d7e5fc24eb7bf40fbe4ff64ac
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\libvorbis.dll
executable
MD5: 3d74a92b65f7a75a79719fbf6c158a00
SHA256: cd51886c6b5e9dc3faf1b9f095717731c508382e32f22d221e03448755c487a8
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\anyburn_setup[1].exe
executable
MD5: 86de991a967e97160ed032b8ab9a3780
SHA256: 321d37437c78786d722a3c25bd0a64dda684315e3d9b8aa5db8339ca1296f3c4
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\TradChinese.ini
text
MD5: 2afcfb3e7aec4c9acf92e2c4aec535ad
SHA256: 96a99c77a2ef78eb6d75c541b9f05e93e2236460a718cebfd27f19d2ccb58deb
2140
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 1a6c80e1bf9db87f5e953cc69f12f962
SHA256: 1d3965e5fe14621d3cf71e009d850232d89c4e849a6b6bcf7492e783416756da
2140
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2140
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 1319633eee6f6418f7fcf39a9d686758
SHA256: bae5e95f1572fe2c1c4c652e8b6a4596b362a3b5ebd055049798b591ce58f076
3200
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2140
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 3fa1b498b136f760c6d958cd0e4788fb
SHA256: e1de9a964762827fcb4fa1f050b3a0f5027958856edb4ccbb7638e3dc531d3d5
2140
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ga[1].js
text
MD5: e9372f0ebbcf71f851e3d321ef2a8e5a
SHA256: 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2140
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\thank-you-install-anyburn[1].htm
html
MD5: 867600a3a511d104c850e8e3622d6069
SHA256: 0225c5c96edbb4648f09b6e8273a5c7c1c332b4d871d94693932597b60651d62
4032
AnyBurn.exe
C:\Users\admin\AppData\Local\Temp\$AnyBurn$\2BCF.tmp.ico
––
MD5:  ––
SHA256:  ––
2080
anyburn_setup[1].exe
C:\Users\Public\Desktop\AnyBurn.lnk
lnk
MD5: 78f6fe8bf2bc36a15c7361121bb9c86a
SHA256: 656db7bd7dd104999042614ac39993281efb7efeb18ba717ae72d69c4c1c509b
2080
anyburn_setup[1].exe
C:\Users\admin\AppData\Local\Temp\nsuCDF.tmp
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 7bbdaa360c369bc157f5713456fb2de0
SHA256: 75fd6a6c76eac757675d44c53f2faea4d89a8f71ad266386b96514c4d138a355
2080
anyburn_setup[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyBurn\AnyBurn.lnk
lnk
MD5: df78169b975c16c06e5d9b01d57cd316
SHA256: 34e78855f720df9ba9e1f6d2a68e86e1a951cfc11fe3955d67b41d3fe260f677
2080
anyburn_setup[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyBurn\Uninstall AnyBurn.lnk
lnk
MD5: 3bd328281c3fe7cff966da204c039d11
SHA256: 1600feadcb3b92f4e83792fe365cbed799972d50166c868fadbe9f504aa75e02
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B9F21A17-E339-11E8-BFAB-5254004AAD11}.dat
––
MD5:  ––
SHA256:  ––
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Turkish.ini
text
MD5: 5afac859031dcd27224a27f48dd998f7
SHA256: 4fcc55b96257870050783d72e1fbff91626069a021080398b7a8f41e9213b8bd
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Romanian.ini
text
MD5: 4b8d8a390bd752f70c0b7214dff69dbc
SHA256: 02f2bacba9b5690e2f84640f9ddb6a78d754e94e74660138f00afdc9da0b6e75
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Ukrainian.ini
text
MD5: 06c21545e5f270697ce93076ceaeaeb5
SHA256: 28450e2557115a973bf37f2d133695ab9eeba0266179afdd83c9cc858437e624
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Finnish.ini
text
MD5: 235089aea779595334560c9fb73b1141
SHA256: 949d1c5f040ff5717427522bf85a266f4fcec78a5dc11c78e92da0bf103f8ff6
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Korean.ini
text
MD5: 5ebd661678a7a66577fb5e237efe84d8
SHA256: f7595574ee222c64930268084f2de93d53076b4e452f94415834f0ab60803c0f
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Bulgarian.ini
text
MD5: e37647d27dbc4ae7e589b6393eea5b39
SHA256: b779411b0163428e6ecdbb29c37a9da70e7dd5d47a0d3fca05568fe1cc06acd5
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Croatian.ini
text
MD5: 51be490a87182ecb87b6e1ff6db9e615
SHA256: 9e69b7a7d79a61fb10dadf8d9c51117caedb9cc8db21d0c7c5755bb0f2d3ae8b
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Russian.ini
text
MD5: ad5fc1285dc090434a9644e23fbcf3eb
SHA256: f0e22c2f1d716896cf2e30ee8bac27549950ff52c6ec5e310489182b33fe3395
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\English.ini
text
MD5: 0e017596715c34a257a6b8d81c7caffa
SHA256: c4ef4f3818f965ba25d26d7443e194b5428867c9e1adec3a57b821783ae91a47
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\French.ini
text
MD5: 82de675a459b91a4fd54ae7ff85ee0ac
SHA256: b3df46073add1f17af8c569188cae04e935fbb7d19c9d340e7515c7d5cb1f119
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Spanish.ini
text
MD5: 59996c7af5cf8146d1f3aefab6ee9f26
SHA256: 0d69d05ec823e9aadcd1884196f22330f8e366788b693474a0ba50efc6a508d8
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Italian.ini
text
MD5: 192dffc92a6ce03a1460ea113673d983
SHA256: c0a268e36bffdc7d348328708c0709a66569af2c4eb7005d60236b7377de1bbf
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Arabic.ini
text
MD5: 0993496a9d892f713503429bcaf57e9b
SHA256: d9063d80569078192f2de2d0a8cbbeaa0f262bd4629b1b260b7bf91bda07efb7
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Hungarian.ini
text
MD5: c220ae21d8ef1a990dc9bf2c975a2152
SHA256: d3fbc390219f8e3a5aab7a2556f2acc9a05608975b71df4379d2b23b60f9d37d
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Polish.ini
text
MD5: d47541c39416e557a68de9ac3abb2efe
SHA256: 178e9f31844e0f7db62e37f660726ff41d3d83218b12693d8b4cbf1d7795e119
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\Dutch.ini
text
MD5: 4c42ace32c936e94b3099e2e5d777ff6
SHA256: eab8fb8e60c362d92137ce4c5f930678af3cbb7bd05893d2ce2c235fe456f8e2
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\SimpChinese.ini
text
MD5: ba1b62a370b5042068758a8ad083b0df
SHA256: 158db7fd636d0c68e13a10d2aee96e45465f14975bad8a86aeba30ef63d3093d
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\PortugueseBrazil.ini
text
MD5: 1173c8ba87e77b4feccea715b1207c93
SHA256: 4818ae8f443604f4b5a986ac9314d2a2d831c34450d9a3c55dea0cedc72eb141
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Lang\German.ini
text
MD5: c4545715902024d747dfa38e8ac11d19
SHA256: 165f5b56e5dd382b3a2082c3c68ac6a8aeab0532a6bf034fad881a18119d8bfc
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\License.txt
text
MD5: ea40ec498fca487e2d2044cc7880a734
SHA256: edeaef6a635102ad134b4efecf1d7d68e586591b2207c2d5a9be93b29a787132
2004
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFF5F624E353E4DD07.TMP
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MV9IK9C5XCKTSB3YL6RK.temp
––
MD5:  ––
SHA256:  ––
2080
anyburn_setup[1].exe
C:\Program Files\AnyBurn\Readme.txt
text
MD5: e232d56886ec52a25dda81b4affc8e97
SHA256: ad75db14f9e3242077650047afc568b114df9c8300d7da3c254beb5518657ae4
1496
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 62a33d0dd1624a39e8064280a5391c9b
SHA256: d4b66256240a1eb44911b142e8f143dc141628e0b2270911382d5badda6c8f25
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B9F21A18-E339-11E8-BFAB-5254004AAD11}.dat
binary
MD5: 57cc69df3503be865f080c8d77952e53
SHA256: 78122b5192431933165b3fb79353b2f724505b75ac8de6f032e8e82b107ee2fa
2004
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFFAE60BD25B430BA0.TMP
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: 5668de3b4deaa3d9c729932222bda6f7
SHA256: 1cf802e566d77cc3bc3524ba306937455d52ce31ba1b31722728ae059dcbd533
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{340BF83D-E33A-11E8-BFAB-5254004AAD11}.dat
binary
MD5: 27abcbff6bc7e951dbbba34047ab2c63
SHA256: 353e099bbaf266063e1b33b1fcdc7b10cf34cd969b3df30940935119f1538f5e
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\anyburn_setup[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2004
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF85EA8336695A81B4.TMP
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\anyburn_setup[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2004
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFCAC6B1E31F0D7193.TMP
––
MD5:  ––
SHA256:  ––
2460
anyburn_setup_x64[1].exe
C:\Users\admin\AppData\Local\Temp\nsi590F.tmp
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{1D9C7753-E33A-11E8-BFAB-5254004AAD11}.dat
binary
MD5: 2af60c58eb541cc0926831aff5b09eb9
SHA256: e1ef3ecdde346b9a928c72e092ddfca22c1d742b76f80e88b405c873a7f71427
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\anyburn_setup_x64[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anyburn_setup_x64[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2004
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF4C201C7FE7AB9741.TMP
––
MD5:  ––
SHA256:  ––
4032
AnyBurn.exe
C:\Users\admin\AppData\Roaming\anyburn\Upgrade\version.ini
ini
MD5: 0c84815bafc343277e4e1a75e0a1d98e
SHA256: 95179da50c21438d34b4c7196800bc21df74924595e10c4acb206432648e6815
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\top3-3[1].jpg
image
MD5: 1f7f4eca2c84075f168c20ffea5daa8e
SHA256: 89f22fbde4ec3fcffdb621b1a342afb4af18abcd697f56529851fc2cb3bcd597
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\sm_dl[1].gif
image
MD5: 7ed3e4a5a7c7b0d182ee589d9f9c5473
SHA256: d8346a50ed0d8c5c9a7ca6d326f7a6023998b95d8c6678759d32e392c1f4182d
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download[1].htm
html
MD5: 11f7b12a38b0df75be759db6199f872b
SHA256: f9ca7e0a753c2c17c168f497208d03b9885766436b9c038383419cf7f6f2455d
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download[1].php
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: 8010c3a5ed8e71696dcece9165300123
SHA256: f103d4eb45a4f596f8244a4712dae5041894aad21650c1a97d1142283416adbc
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: 4682d515347fb86f0432bf36ac0ec376
SHA256: d1e1e67b08c0d3e74a74ad5da7793abd692aafd2925c20a1e7b345e0a263b4cf
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\top3-1[1].jpg
image
MD5: 30b94a946089daf8bae1c6b9fde99c37
SHA256: a9058b0db7ae87f9b279ac864cc893f9587388bef9081cc139275543928e9228
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\top1[1].jpg
image
MD5: d2037ca31c9bd42df40cc62229eee97e
SHA256: 7d1d8dfa1f8419187d88a9a2b6aeeb4d67312907159ec02e1b8bb83b425d681c
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\screenshot[1].jpg
image
MD5: 32cf402fd6a6ffc76f711d3424f75913
SHA256: 6450c3cfaf34a071f77320fb3578eac2b377eca718d4e474d574ffa3c01787ca
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\dl_btn[1].jpg
image
MD5: e7a4c68c81b52c605c6574998c224aa5
SHA256: 854a23580f0213a3ae0485df1c6fbf2e0e85e101beeef1b0f6052ac05b17c7ea
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\top3-2[1].jpg
image
MD5: e346eafe4eb2339272597050d433b0fb
SHA256: 2a546827f00d69d0ccea8bb3b3916c8a427e2cc480872d618b6df7892d3a0e4b
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\About1[1].jpg
image
MD5: 5e34993090ba68cbe51e1370248c757f
SHA256: 2dab9c315d5342d03d5150e015da5c4308e744be061941b19a00703a0e4d1665
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\About4[1].jpg
image
MD5: 4f23e5496c907b51190342b9689da6a5
SHA256: f574b2a490736ac231b7ce006d78f5ebc1c6821677712d2a6a3e8cdb38d9a404
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\top2[1].jpg
image
MD5: 532a2918f353135dbd6b48de9ec6eb22
SHA256: 25abac7b5f066d098fdca1c1e0f0a7941a0c445190e4bf559b7341cb06a231f6
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\logo[1].jpg
image
MD5: 43e6de2a68fa57b220b227fa6f65a5d8
SHA256: 614a73e57e01464b41ef149768d0775fdece546dddd2763283ecf0bfbe3b20eb
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\anyburn_com[1].htm
html
MD5: 81a066c9dff200fd457f2d8af2b58402
SHA256: 491fb45ea30c07394bc01f1ecc35ade5be3c1a95c9b071505ecf59d27f651239
2004
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 9e2d30774bbd856f8bdbaf6c1c93896c
SHA256: 116ed15dba65bf345f7d2ace29dc5772d80fa0235f08f8132f6b818f342c424f
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
1496
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2004
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2004
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2004
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF60bfa3.TMP
binary
MD5: 7bbdaa360c369bc157f5713456fb2de0
SHA256: 75fd6a6c76eac757675d44c53f2faea4d89a8f71ad266386b96514c4d138a355

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
33
TCP/UDP connections
21
DNS requests
3
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2004 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/ US
––
––
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/ US
html
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/logo.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/About4.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/About1.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/screenshot.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/top2.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/top3-2.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/dl_btn.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/top1.jpg US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/top3-1.jpg US
image
suspicious
2004 iexplore.exe GET 404 66.39.125.90:80 http://www.anyburn.com/favicon.ico US
html
suspicious
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/download.htm US
––
––
suspicious
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/download.htm US
––
––
suspicious
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/download.htm US
––
––
suspicious
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/download.htm US
––
––
suspicious
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/download.htm US
––
––
suspicious
1496 iexplore.exe GET 301 66.39.125.90:80 http://www.anyburn.com/download.htm US
html
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/download.php US
html
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/sm_dl.gif US
image
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/images/top3-3.jpg US
image
suspicious
2004 iexplore.exe GET 404 66.39.125.90:80 http://www.anyburn.com/favicon.ico US
html
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/anyburn_setup_x64.exe US
executable
suspicious
1496 iexplore.exe GET –– 66.39.125.90:80 http://www.anyburn.com/anyburn_setup.exe US
––
––
suspicious
1496 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/anyburn_setup.exe US
executable
suspicious
2140 iexplore.exe GET 200 66.39.125.90:80 http://www.anyburn.com/thank-you-install-anyburn.htm US
html
suspicious
2140 iexplore.exe GET 304 66.39.125.90:80 http://www.anyburn.com/images/logo.jpg US
––
––
suspicious
4032 AnyBurn.exe GET 200 66.39.125.90:80 http://www.anyburn.com/version.ini US
ini
suspicious
2140 iexplore.exe GET 304 66.39.125.90:80 http://www.anyburn.com/images/top1.jpg US
––
––
suspicious
2140 iexplore.exe GET 200 216.58.215.238:80 http://www.google-analytics.com/ga.js US
text
whitelisted
2140 iexplore.exe GET 304 66.39.125.90:80 http://www.anyburn.com/images/top3-1.jpg US
––
––
suspicious
2140 iexplore.exe GET 200 216.58.215.238:80 http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1938251905&utmhn=www.anyburn.com&utmcs=windows-1252&utmsr=1280x720&utmvp=1260x560&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=26.0%20r0&utmdt=Thank%20you%20for%20installing%20AnyBurn!&utmhid=478831918&utmr=-&utmp=%2Fthank-you-install-anyburn.htm&utmht=1541669946763&utmac=UA-53243361-1&utmcc=__utma%3D163866095.1488897745.1541669946.1541669946.1541669946.1%3B%2B__utmz%3D163866095.1541669946.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=132141060&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2004 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
1496 iexplore.exe 66.39.125.90:80 pair Networks US suspicious
2004 iexplore.exe 66.39.125.90:80 pair Networks US suspicious
2140 iexplore.exe 66.39.125.90:80 pair Networks US suspicious
4032 AnyBurn.exe 66.39.125.90:80 pair Networks US suspicious
2140 iexplore.exe 216.58.215.238:80 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.anyburn.com 66.39.125.90
suspicious
www.google-analytics.com 216.58.215.238
whitelisted

Threats

PID Process Class Message
1496 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
1496 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.