General Info

URL

http://www.theturtletotsacademy.com/

Full analysis
https://app.any.run/tasks/bfd46385-6712-4981-88f2-649733290221
Verdict
Malicious activity
Analysis date
7/11/2019, 20:46:18
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Changes internet zones settings
  • iexplore.exe (PID: 2916)
Reads internet explorer settings
  • iexplore.exe (PID: 3292)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3292)
Creates files in the user directory
  • iexplore.exe (PID: 3292)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2916
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3292
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2916 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

Registry activity

Total events
406
Read events
345
Write events
59
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2916
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{344528C5-A40C-11E9-B506-5254004A04AF}
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004000B0012002E0022000F03
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004000B0012002E0022000F03
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B0012002E002200BB03
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B0012002E002200DA03
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
292
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B0012002E0023000B01
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
84
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheRepair
0
2916
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
44F8DE021938D501
3292
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712
3292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
63
Unknown types
10

Dropped files

PID
Process
Filename
Type
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\maegan-e1480956783871[1].jpg
image
MD5: d81b7fe721409eda4ae7a279d612ed5b
SHA256: ed216fc8bd6a80d8569c9e5cda0e540c606c10fbd3068bd6bd926d67af109d5b
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\pluginscripts[1].js
text
MD5: 7d9beafa4929e8f858c6025fbe4a1d2f
SHA256: 1d80b2b1e051cb699398a6f9a02b30d6ae5d358b12024e5a50053c991503ce50
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\Tonipic-250x250[1].jpg
image
MD5: a0871468416c3659e2ec2afcacaa2172
SHA256: 5f2ba2ff5c5463cebd26a65412ca96e092280f8ec7ca6e293146529ea63c9c9a
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\dompic-1-250x250[1].jpg
image
MD5: 3e76520d440e2c45c037a8c4ab0c45ef
SHA256: fd08d9c802391dccc9e36d737db5b2ef0897b01ed89ab97e34dfe5c90d52b0ab
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\Laurenpic-250x250[1].jpg
image
MD5: ae270f771b3783d5a28a608c8e55f03e
SHA256: 7ffd87a11ad179a4d5f5be3df0cc97363f5276879f7cdd8a8be302246cfc3b6f
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\Kendalpic-250x250[1].jpg
image
MD5: 1f43b61cff6d001be02c89c2cbf3a974
SHA256: f7209f2f7753d9912a374434b56a36f51986ea03a9fb6f7c9a76abb92c19b702
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\jolenepic-250x250[1].jpg
image
MD5: bc9a052b7cab24190a1257626297e114
SHA256: 22e04a1bc6ff249482b70d3c44a2fd5cd86bca3bf6482e7dbd5d8a446b28a543
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\Rachelpic-250x250[1].jpg
image
MD5: 03030a4296c8bb053e3eb7b71fa9638e
SHA256: bb8293bc36c3a75fe1d68aae1ee3dc1de5e30d71da896d7f439860b7d4be9fb7
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\about-our-teachers[1].txt
––
MD5:  ––
SHA256:  ––
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\about-our-teachers[1].htm
html
MD5: 783a2af2e74551b004e506792d3a0e15
SHA256: 805dff8e6bd847ac630a8ae4279affa8c84820094eecafb6059f369b085ca0d1
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: 46e24e0b3f7093cf271a3a59447f6970
SHA256: f18713ac76f17ce3bdc7974cf18b96db884455d97b72127896e03192d997ce3e
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: 323acb495e4718bc62ef064c43df4cd4
SHA256: 288c9cc913ba9c7fd664e85ab9706abbc5c2da8281d34aff9d8600b38ce9f620
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\bg_direction_nav[1].png
image
MD5: f595730bbfc9b24daa4c834f8c8660b9
SHA256: a36616dc61a9c5d4f034e1758a86a34d630f9a63cfd91c1ac49c01f121e323a5
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\more-icon[1].png
image
MD5: c9f839f9de95d366b78297d679acf6cd
SHA256: 2c20b17ce8caf906782204304a2fbf18ed1e6f96dff26da9f106e800bd11534f
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\flexslider-icon[1].eot
eot
MD5: 9c9cb7a6055043933ba68854f521af45
SHA256: 427c549989d40688b2f96bf38cd63568b61c412fe0a60bdb642da5fa7af51954
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\11703359_845038198937100_5736099786794859417_n[1].jpg
image
MD5: 0d4b4d08a5f407ff8d32dabd5b7c56b8
SHA256: 8418a08ba3e96e705a3649404ee9f3536be03b2b03a2d7075a5927d2d4ba5010
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\22091_841604635947123_4323041609624589659_n[1].jpg
image
MD5: d42957da71052d11a5091b75f6bc57c9
SHA256: 0346d34cbbfac333e3f84ae5720fca6db40b641941b84c6b6a391da3c74ec7b3
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\VPK-jump-pic-1000x300[1].jpg
image
MD5: 6cca007e0307191c4663c8014a531c85
SHA256: 037209d2a78cf3ef5f190cbbb581b85758007d15499539fed6c3b9fd9cca84d4
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\resized-turtle-tots_3784734575903899286_n-700x210[1].jpg
image
MD5: 010109940b9179a413c1c6287af7d7c0
SHA256: 4045bc4143b95b880e53d28bb0518ed935af5c9102c79ff4689a26cd50703f97
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\1378756_801055776668676_4250123160310155239_n[1].jpg
image
MD5: df14d0fa9918a00d0dd0d0f90c92dd54
SHA256: c65a4753eef8b0489dbe546768d41587c4918fc4e17fcee8683c4fa2702967be
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\fontawesome-webfont[1].eot
eot
MD5: 674f50d287a8c48dc19ba404d20fe713
SHA256: 7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\wp-embed.min[1].js
text
MD5: 2dce40d16f9ff6332d3cbb7ae488a2b9
SHA256: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\jquery.flexslider.manualDirectionControls[1].js
text
MD5: 48ecabc09d5ad6cc10f05edc1bd26c30
SHA256: 41055fd118000b101e50efcd25313e75e238bc2fcb9eb3ab8432db4972540249
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\jquery.flexslider-min[1].js
text
MD5: 9ec3c315b67f434aabc4da58eabc6c3a
SHA256: 0c853c2cc205bafe5d893017b6a03a2acf0f04a11b85f80605514cf0ae540fe6
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\scripts[1].js
text
MD5: 1534f06aa2b1b721a45372f8238e2461
SHA256: b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\public[1].css
text
MD5: ee8b73a6e95b8dc9a353a175e7284e1f
SHA256: ef0413a4230d37e77455ba46f3fdf5fda5b3bb0090a62f2f792e2bba03e30e82
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\flexslider[1].css
text
MD5: 7a85173f979a585e975c5597389a9265
SHA256: 195182403b2e9d2a0779903fdd87cf7b9047f6a8253d9d12f12e991e2714ca36
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\vantage-icons[1].eot
eot
MD5: e467bab9bab1cc88550aa48b3837d1b2
SHA256: ff07e31f33397a7733eee4a099bca2d512d7af629025e168dd8f8745583aa15d
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\dashicons[1].eot
eot
MD5: 30e410c715c6215fa7faa1c979b6480c
SHA256: a55660c37af5bbcc8c6c485c032e3d74d876946607e6c20148e3d3d5f37043b8
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\html5.min[1].js
html
MD5: 94a0856041c159a66cad45f6df5b1d2b
SHA256: 94e002572300daf9a4a744865f86a9f81e3e568a3b2f51f796876007d5f80ed9
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\wp-emoji-release.min[1].js
text
MD5: c17b309d8ab4b4e9653876d3c35c397d
SHA256: c533b791a8eef65604f15d20433506e1614c693eeba9df749e8a7677e43b466c
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\selectivizr.min[1].js
text
MD5: d75bba92cb0a291f12262ca84e30ddad
SHA256: a5f7c2901cdcd127cc97671aa0be5e6d494c50b69c296848e93d93b54ae29235
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\jquery.fitvids.min[1].js
html
MD5: 474afbb16c9fe7bb6945c0ee7bf05c52
SHA256: c0da056910229efad3d6ff2180c72f7afd6d33c035c78eef9fac2d0dca0348dd
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\jquery.theme-main.min[1].js
text
MD5: 060bfd3f2596f3fbd7458cfb0b0af23f
SHA256: abfae63988482f6ea2277d12b26d48d3036d8b0597af2434ab087d6c3562c127
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\colorpicker[1].js
text
MD5: 418cbf9fae45e17592f02dc4f9b5f3f8
SHA256: 5c24bf4ae2b5b9d148401c93e29cbd3dff1bb0cd0747cc7316c07797d73baf55
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\jquery.touchSwipe.min[1].js
text
MD5: 6f0525ebcd4923e5cc3cefe08c2dee3c
SHA256: 8e3e93a4276ae2f64c11ebef48eed032ebc27bf21de4afc423679620a4f2e3bf
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\staffer-scripts[1].js
html
MD5: eae624afdd622a431b04613e90765801
SHA256: e971fb0639edc8d6a07a152996cc461e2d6cb3ff31c687e6a157adcb6cf3903b
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\jquery.flexslider.min[1].js
text
MD5: a761f7d293f21d8c80dc3452fc33cbcf
SHA256: 861633984052b34bcd62b9129716bbf86e928599eb753066a6561bd09e2e6425
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon-turtle[1].jpg
––
MD5:  ––
SHA256:  ––
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\sortable.min[1].js
html
MD5: 2896e90cc17e9abc160ed96bb86b07e3
SHA256: 9023e3275b6d897b202ddb9848872a661fea055c96c2973a02e1cf5e39f04afd
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\draggable.min[1].js
text
MD5: 443c277789baf69c490019d59c1b36ed
SHA256: df7667a0380d57f508016bbe78d085ab7f7bc782b128df6d46e815162ea6e82b
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: eef0ab1e5ac41a5341623a8a9d5406fd
SHA256: c76b1bc432999f08de26cee9754620b03b365022ca62a18c176eb567c26cd81f
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\slider.min[1].js
text
MD5: 9408efe2ce5a6b4364f34cbda02f814b
SHA256: 08e0d913aadaef201fd3200ca49fa991a2d8d02b3d9a54621123d71837bbc73f
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\mouse.min[1].js
text
MD5: 82835a8960ddd73020389dbfa45c39a0
SHA256: 88b0379349a4dda6ebcc43c5bd12084d230c6105a6fd3c2f651c4e771b3eabef
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\dashicons.min[1].css
text
MD5: 800e28274109388380449140e310f8bb
SHA256: b81e56d299eb9260c65af214751e6dab1e591f1b979ec154ccfdf7c53d7581e5
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\widget.min[1].js
text
MD5: 8cf7f36bbd79bc0664b6113f7a7837fe
SHA256: 38a448e9e03a9f64e7611b19af4bb8ec97fde2c708dc57ebbc7701be7ae3af08
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\jquery[1].js
text
MD5: bb33093a8d4f68199c4ab6702f3976e4
SHA256: fa055f2f7c5b735dbbb71954f434aed79925bc00ff2ffbc3ecfc4a790689a723
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\jquery-migrate.min[1].js
text
MD5: 7121994eec5320fbe6586463bf9651c2
SHA256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\core.min[1].js
text
MD5: 9ce4e157448487d4efe0ca538f656a71
SHA256: 936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\jquery.fcarousel.min[1].js
text
MD5: c30a872681be60e7e82af36fa230b8b5
SHA256: 8f948e8b8bb29d1717b3f16b4026285d25cb1b7639f59df869683e735fc57936
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\style.min[1].css
text
MD5: 7a63f6bcae054a13315b6bf1d32dbcd4
SHA256: a72261a5191d1485620242b7d3b735501757aef23dedc6d27c84919af838e756
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\testimonials[1].css
text
MD5: ce7da6c0e8f08baf265337b4fdbb1256
SHA256: 38c933ddfafd74ce20e9ff2b569b85382e9aed5f40c9ff6ff8d4b71e7ec0956b
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\staffer-styles[1].css
text
MD5: 2dd7540f04276aad0b87916e04bd0301
SHA256: 5a20d22a2672db56689edf5d2e2d433c3c05e5a4f9edd8d5b27d5d05c8327be3
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\style[1].css
html
MD5: fb4a6618bc3f7408959c040fa9054118
SHA256: 1100edcb050095a9da7af9db83607cd72f5a4affb666a8d47b3fc4abbc69d769
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\social-media-widget[1].css
text
MD5: 37bdde98e7a2c4db207b219a06746757
SHA256: cabc4085b6ca976815ea7b308f5a9af60e2e4817c42f9c1d680222fcd566cad5
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\font-awesome[1].css
text
MD5: c495654869785bc3df60216616814ad1
SHA256: 36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\jquery.fontPlugin[1].js
html
MD5: 084132766e05387af1e9f99f89b33b5d
SHA256: 1798fec66ef582c474d39b23f98b1246c7fae85bc0e12c7193ee337d29de3704
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\colorpicker[1].css
text
MD5: 7737c9ca5036f81500d912b607a98c6c
SHA256: b7d1d2b7ff7d67652269dc1d5613e4e8ffa31bce3d58c4ec0e328a17a19a9c99
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\flexslider[1].css
text
MD5: e5352c5d5e5a8890bbc5d8798421f933
SHA256: 8e9b3fc44b0559daf7a04f468c2830cf11b772e4d7c7860ff4398dc52e1d3637
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\styles[1].css
text
MD5: 5ad1cfa3f5175f627385651790ed0bbd
SHA256: 3ad2fcb328295f1199d593adaba909f3eea790f695554ac3c1da7aa009fc0e0d
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\jquery-ui-1.8.14.custom[1].css
text
MD5: 9d845dffa3844ff066d7a22996277bcb
SHA256: f7b62d4b82180330aa3d330d19a624edb3fa843c50e627df72a73cd6ecb40640
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\front-legacy[1].css
text
MD5: 1ef5170d77b4f442ddfa6ad18ed30249
SHA256: 3602cfcd14b0997a98a89c11148896e609fd4b0dfa3155d37008e4f146d7a0be
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\fontsforwebstyle[1].css
text
MD5: 4455daa3d7ae5504c6957aacebda208b
SHA256: 43f62cbead9a01315ac1099d8683757c619b1f1a11faeb5163a8355a434ff184
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\theturtletotsacademy_com[1].txt
––
MD5:  ––
SHA256:  ––
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 0ea6dbb859253eb3ca33d9c1b191d335
SHA256: 0206f218bf0f7ee59b11677d6f4620e10f2dd58c88599e6438246028c551cdc3
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\theturtletotsacademy_com[1].htm
html
MD5: 39f37631de3c65716326722c4948b4a9
SHA256: fe4a1ffe80b79ca3f4b578ec15c0542171431d249ac43750d8ed8fb99d277334
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2916
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRHR6AEH\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62NLRYNT\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7GM3CXGZ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: f7452888812a50d1c87a8199c6717bc1
SHA256: 19993a9701be7186df9c071c4909740a7fee19329f8c32f39df81b175d053d2a
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4QNSGGTW\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2916
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
73
TCP/UDP connections
15
DNS requests
2
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2916 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/ US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/css/fontsforwebstyle.css?pver=7.5.1&ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/css/start/jquery-ui-1.8.14.custom.css?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/js/jquery.fontPlugin.js?pver=7.5.1&ver=5.1.1 US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/siteorigin-panels/css/front-legacy.css?ver=2.10.5 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/css/dashicons.min.css?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/testimonials/css/flexslider.css?ver=3.0 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/css/colorpicker.css?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/style.css?ver=1.10.1 US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/fontawesome/css/font-awesome.css?ver=4.6.2 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/css/social-media-widget.css?ver=1.10.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/staffer/public/css/staffer-styles.css?ver=2.1.0 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/testimonials/css/testimonials.css?ver=3.0 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/jquery.js?ver=1.12.4 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/js/jquery.fcarousel.min.js?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.11.4 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/js/colorpicker.js?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4 US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/js/pluginscripts.js?pver=7.5.1&ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/staffer/public/js/staffer-scripts.js?ver=2.1.0 US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/js/jquery.flexslider.min.js?ver=2.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/js/jquery.touchSwipe.min.js?ver=1.6.6 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/js/jquery.theme-main.min.js?ver=1.10.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/js/jquery.fitvids.min.js?ver=1.0 US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/js/html5.min.js?ver=3.7.3 US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/js/selectivizr.min.js?ver=1.0.2 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/fonts/dashicons.eot US
eot
malicious
3292 iexplore.exe GET 404 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/testimonials/css/fonts/flexslider-icon.eot? US
html
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/icons/vantage-icons.eot? US
eot
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/fontawesome/fonts/fontawesome-webfont.eot? US
eot
malicious
3292 iexplore.exe GET 301 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.woff)%20format(%22woff%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.eot)%20format(%22eot%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.ttf)%20format(%22truetype%22 US
compressed
malicious
3292 iexplore.exe GET 301 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.woff)%20format(%22woff%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.eot)%20format(%22eot%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.ttf)%20format(%22truetype%22 US
compressed
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/flexslider.css?ver=3.12.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/ml-slider/assets/metaslider/public.css?ver=3.12.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/testimonials/js/jquery.flexslider-min.js?ver=20131205 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/testimonials/js/jquery.flexslider.manualDirectionControls.js?ver=20131205 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-includes/js/wp-embed.min.js?ver=5.1.1 US
text
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/06/resized-turtle-tots_3784734575903899286_n-700x210.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/10/VPK-jump-pic-1000x300.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/06/1378756_801055776668676_4250123160310155239_n.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/themes/vantage/images/sprites/more-icon.png US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/06/22091_841604635947123_4323041609624589659_n.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/06/11703359_845038198937100_5736099786794859417_n.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/fonts/flexslider-icon.eot? US
eot
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/bg_direction_nav.png US
image
malicious
3292 iexplore.exe GET –– 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.woff)%20format(%22woff%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.eot)%20format(%22eot%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.ttf)%20format(%22truetype US
––
––
malicious
3292 iexplore.exe GET 404 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.woff)%20format(%22woff%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.eot)%20format(%22eot%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.ttf)%20format(%22truetype US
html
malicious
3292 iexplore.exe GET 404 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.woff)%20format(%22woff%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.eot)%20format(%22eot%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.ttf)%20format(%22truetype US
html
malicious
2916 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/06/favicon-turtle.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/about-our-teachers US
html
malicious
3292 iexplore.exe GET 404 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/testimonials/css/fonts/flexslider-icon.eot? US
html
malicious
3292 iexplore.exe GET 301 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.woff)%20format(%22woff%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.eot)%20format(%22eot%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.ttf)%20format(%22truetype%22 US
––
––
malicious
3292 iexplore.exe GET 301 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.woff)%20format(%22woff%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.eot)%20format(%22eot%22),%20url(http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.ttf)%20format(%22truetype%22 US
––
––
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2018/11/Tonipic-250x250.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2018/09/Kendalpic-250x250.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2018/09/Rachelpic-250x250.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2018/09/jolenepic-250x250.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2018/09/Laurenpic-250x250.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2018/09/dompic-1-250x250.jpg US
image
malicious
3292 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2016/12/maegan-e1480956783871.jpg US
image
malicious
3292 iexplore.exe GET 404 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.woff)%20format(%22woff%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.eot)%20format(%22eot%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/CATHSGBR.ttf)%20format(%22truetype US
html
malicious
3292 iexplore.exe GET 404 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.woff)%20format(%22woff%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.eot)%20format(%22eot%22),%20url(http:/www.theturtletotsacademy.com/wp-content/plugins/font/font_files/Wbxkomik.ttf)%20format(%22truetype US
html
malicious
2916 iexplore.exe GET 200 162.241.230.102:80 http://www.theturtletotsacademy.com/wp-content/uploads/2015/06/favicon-turtle.jpg US
image
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2916 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3292 iexplore.exe 162.241.230.102:80 CyrusOne LLC US malicious
2916 iexplore.exe 162.241.230.102:80 CyrusOne LLC US malicious

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.theturtletotsacademy.com 162.241.230.102
malicious

Threats

PID Process Class Message
3292 iexplore.exe A Network Trojan was detected ET MALWARE LNKR landing page (possible compromised site) M1

Debug output strings

No debug info.