General Info

URL

http://nextportcampus.com

Full analysis
https://app.any.run/tasks/4cf8be37-f8f4-4ba1-b128-6d4189a96bd9
Verdict
Malicious activity
Analysis date
4/23/2019, 17:23:27
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

phishing

adware

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Application launched itself
  • iexplore.exe (PID: 2796)
Changes internet zones settings
  • iexplore.exe (PID: 2796)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3032)
  • iexplore.exe (PID: 2796)
Reads internet explorer settings
  • iexplore.exe (PID: 3032)
Creates files in the user directory
  • iexplore.exe (PID: 3032)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2796
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3032
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2796 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\t2embed.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\d3dim700.dll

Registry activity

Total events
405
Read events
344
Write events
60
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{C7057981-65DB-11E9-B3B3-5254004A04AF}
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070400020017000F0017002B004E02
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070400020017000F0017002B004E02
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070400020017000F0017002B00DB02
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
20
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070400020017000F0017002B000903
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
81
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070400020017000F0017002B004803
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
54
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019042320190424
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019042320190424
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019042320190424
CachePrefix
:2019042320190424:
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019042320190424
CacheLimit
8192
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019042320190424
CacheOptions
11
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019042320190424
CacheRepair
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
32D8298BE8F9D401
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2796
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3032
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019042320190424
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019042320190424
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019042320190424
CachePrefix
:2019042320190424:
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019042320190424
CacheLimit
8192
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019042320190424
CacheOptions
11
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019042320190424
CacheRepair
0
3032
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
26
Unknown types
8

Dropped files

PID
Process
Filename
Type
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\nr-918.min[1].js
text
MD5: 07fddb3720b5e77e10d486281e40571d
SHA256: 2355e9f9cae03e9fa671d57f378245f488918d30286d4e70633c6e6d828db44f
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K6O1XWKK\js_preloader[1].gif
image
MD5: 90c93102a88c2ab94bff1575b7a6e86e
SHA256: 5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
2796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\index[1].htm
html
MD5: f511014672b2212e3fd47de62449295e
SHA256: b0aa036e48e3f5075ae3bf6b5f998f31ec7fc6db121a13b7d3532ffb87980bd0
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\USCBEJR7\animation.a261d068161601b4b2ca6140be992a0f[1].gif
image
MD5: 0eca49294d1a8bfc371dbcddeb017aca
SHA256: 68b233777e095bc3bb290908b96de6e2e4bcc7827a216c6891ea9b2ed235c250
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5RHM609A\slide2.aab7efc1bdab6783aea83c1ce59c91a5[1].jpg
image
MD5: 87ea44906b71bc8b6f446e5603db9525
SHA256: 4aa97ba5602a8b14f7dbdda41be6ad2781c8be6b2df99b075aac2c357e7f7e8b
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5RHM609A\landing[1].js
text
MD5: 6f097f34f0d7d31372d8d10efb8b5bc5
SHA256: 45a2c3718857a6d88bbea4677e8b3d15a36f09c2f9cffa89b38cc8cfd76178e8
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\USCBEJR7\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 4be1a572fca40bcb2202504cb17aed91
SHA256: 64d06eeb18abad7d4ef1b1ef7409cf108bd4774c50a64e2c7b49ffb708ff24f4
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: ba6436597a64780e90bb8b89985c0e31
SHA256: 6e392f061e22bf8c51cb4441ed6b2462f5a3bd491362c33e631b3b2a8d547228
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\vegas.5623475bda32ac343029e0d882d1d397[1].js
text
MD5: 1a419deb38ff5a22cb817101bbf1adce
SHA256: d20665d11b6b7b0df9119eb8100bc0623c52f1e719b7673b6c740a99d989bdfd
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5RHM609A\showhide.62b0f2bb8468bc53414e2e3ae92b0743[1].js
text
MD5: 953da630bbc1eb86d1c1417db7bef507
SHA256: 6cec7f256ce341c4f5b50b85eb66edd7cc07c021ff914f86b2aa5e19734503e9
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\USCBEJR7\css[1].txt
text
MD5: 9d884a8d52acac785d18e4adc5fb42a9
SHA256: f05b8631b23eb9eba46207a49e22c97e4226aa66d0dd0248d127a9aa22531fb1
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K6O1XWKK\jquery.511415bab15c163826219460ee372245[1].js
text
MD5: 5790ead7ad3ba27397aedfa3d263b867
SHA256: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K6O1XWKK\vegas.ed09626c683ddb4f8ade5947a5dae2f2[1].css
text
MD5: acf6f43850c8717bd72a70d14e7f6748
SHA256: 0682003b4b526413ef33882528cbb0cf007a86d28c67655358b75babbdc916bf
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\main.ee7a97499913c9d6b2c0ad433f1a0ce7[1].css
text
MD5: 001a973a9c9686a3626308bbc92315fc
SHA256: 06a99fa3a27342a3621f346ad41f961604c3bc2f3d0a6c1ebee2cf9205fa5f25
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5RHM609A\index[1].htm
html
MD5: f511014672b2212e3fd47de62449295e
SHA256: b0aa036e48e3f5075ae3bf6b5f998f31ec7fc6db121a13b7d3532ffb87980bd0
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 2d168e692ce57a779c43803400b12920
SHA256: 39e2f0a83c00374de114ec094cd5050c98ce272b5628491770adedf94641876b
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019042320190424\index.dat
dat
MD5: 4776e25e09dfbf6de93594b130e8bf16
SHA256: 6b176d9b005da5a1982273b523986e1373f1452ca15678e87196294cdbb5a9d5
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019042320190424\index.dat
dat
MD5: ccc3b40ee46e1217bcb308c17a9f5ac5
SHA256: 592e7d5767534ec70844e3a06285d81ba6efc3d3925b2460d56c47e41fab16f7
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: b158e1dedfa4a41ffb47b6b56aded23b
SHA256: e0a5a07d2e03db449788aa9d9055dccb6ba45e67c8942158a49749e00da0b8bd
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\jquery-1.4.2.min[1].js
text
MD5: 0d658c3f0a7efaa05a6fcee9758231b3
SHA256: e186f74c971a978c1daf20bb51a1b71bcb075d8d09d678ee1d12665c136b1487
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\ww1_nextportcampus_com[1].htm
html
MD5: 721c53b44c9673c124109ef147f038e7
SHA256: 616fa906209818af01eecf0290a1860a4bf83366af9c96a1ee0a5535cdf67ec3
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\ww1_nextportcampus_com[1].txt
––
MD5:  ––
SHA256:  ––
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 78c6a5b727706f9d4312239f402bab53
SHA256: 29b3e0416cf2075a9e5ec7a9544e11ea156bdb6d101a078943a5786686be680b
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 71dd04a7bec2c5585b2747c78e6087fe
SHA256: 03b3cb7593f95c12485b6c2740ed831bcf83cf990cc42030e4d49e32500fbe74
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0a2e8ae1fe06caf75bccf5423f6e5ca4
SHA256: eedfb1a057c08b52f7552a30e92685619ef367f66c19285ece61e75edd4a5f40
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 2374aee54186b9544daf85ae17712737
SHA256: f44f35c3fdc28b95ca6c77a5a8a30b0f8366ec9b1d9be6955bf121fc4a579336
2796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2796
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1289846da716475a72a87c79cf988fc4
SHA256: 5d019a200a024699389c887d568f8fc4e6f554b3b381d2b75a31286ab25082c3
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5RHM609A\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\USCBEJR7\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9XB6Y7N\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2796
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K6O1XWKK\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
23
TCP/UDP connections
13
DNS requests
10
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2796 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3032 iexplore.exe GET 302 103.224.182.246:80 http://nextportcampus.com/ AU
––
––
malicious
3032 iexplore.exe GET 200 91.195.240.126:80 http://ww1.nextportcampus.com/ DE
html
malicious
3032 iexplore.exe GET 200 205.234.175.175:80 http://img.sedoparking.com/js/jquery-1.4.2.min.js US
text
whitelisted
3032 iexplore.exe GET 200 205.234.175.175:80 http://img.sedoparking.com/images/js_preloader.gif US
image
whitelisted
3032 iexplore.exe GET 200 91.195.240.126:80 http://ww1.nextportcampus.com/search/tsc.php?200=MTg1MTI0NTA3&21=MTg1LjIxNy4xMTkuMTM=&681=MTU1NjAzMzAyNTg4MjliYWExOTUwNzQ1ZGUwNjAyOWFiNDczN2NmZjAy&crc=429271d71647daad9b7d9525fad72f7ee1ba77b1&cv=1 DE
compressed
malicious
3032 iexplore.exe GET 302 91.195.240.126:80 http://ww1.nextportcampus.com/search/redirect.php?f=http%3A%2F%2Fusa.raginhard-sva.com%2Fzcvisitor%2Fc8b55140-65db-11e9-90c8-0ae14096d266%3Fcampaignid%3D404772c0-d3e3-11e6-ad1d-0e0b03568723&v=NGIyZTcyZTA5YzMyOWEwYWE1ZDZjOGU1YjVmNDVjNzcJMQl3dzEubmV4dHBvcnRjYW1wdXMuY29tNWNiZjJlMDBlMDI3NDQuODU2MDM4MzkJd3cxLm5leHRwb3J0Y2FtcHVzLmNvbTVjYmYyZTAwZTAyOWYyLjQ0ODExOTQzCTE1NTYwMzMwMjUJYWRfMzFfMA==&l=NglBRFMJNzcxNjAzYjU4MDU3OTIxNjJmYTU3OGZjNWFkMzcyOTUJMAkxMwkJMzEJMQkxCTAJZmUxYTFkNTc1MTUwZDAzOTQwMWY4Yjk2NDAwZDkzMTIJCTE4NTEyNDUwNwljCTAJCW5leHRwb3J0Y2FtcHVzCTExMDEJMzEJNQk1OQkxNTU2MDMzMDI1CTAuMDAyNTIJTgkwCTAJMAkJCQkJCXd3MS5uZXh0cG9ydGNhbXB1cy5jb201Y2JmMmUwMGUwMjc0NC44NTYwMzgzOQkwCQkxCTgzMAkxMjA1CTgwODMyODY2CQkxODUuMjE3LjExOS4xMw%3D%3D DE
compressed
malicious
3032 iexplore.exe GET 302 91.195.240.126:80 http://ww1.nextportcampus.com/search/tcerider.php?f=http%3A%2F%2Fusa.raginhard-sva.com%2Fzcvisitor%2Fc8b55140-65db-11e9-90c8-0ae14096d266%3Fcampaignid%3D404772c0-d3e3-11e6-ad1d-0e0b03568723&v=NGIyZTcyZTA5YzMyOWEwYWE1ZDZjOGU1YjVmNDVjNzcJMQl3dzEubmV4dHBvcnRjYW1wdXMuY29tNWNiZjJlMDBlMDI3NDQuODU2MDM4MzkJd3cxLm5leHRwb3J0Y2FtcHVzLmNvbTVjYmYyZTAwZTAyOWYyLjQ0ODExOTQzCTE1NTYwMzMwMjUJYWRfMzFfMA==&l=NglBRFMJNzcxNjAzYjU4MDU3OTIxNjJmYTU3OGZjNWFkMzcyOTUJMAkxMwkJMzEJMQkxCTAJZmUxYTFkNTc1MTUwZDAzOTQwMWY4Yjk2NDAwZDkzMTIJCTE4NTEyNDUwNwljCTAJCW5leHRwb3J0Y2FtcHVzCTExMDEJMzEJNQk1OQkxNTU2MDMzMDI1CTAuMDAyNTIJTgkwCTAJMAkJCQkJCXd3MS5uZXh0cG9ydGNhbXB1cy5jb201Y2JmMmUwMGUwMjc0NC44NTYwMzgzOQkwCQkxCTgzMAkxMjA1CTgwODMyODY2CQkxODUuMjE3LjExOS4xMw%3D%3D DE
html
malicious
3032 iexplore.exe GET 302 34.195.36.24:80 http://usa.raginhard-sva.com/zcvisitor/c8b55140-65db-11e9-90c8-0ae14096d266?campaignid=404772c0-d3e3-11e6-ad1d-0e0b03568723 US
––
––
malicious
3032 iexplore.exe GET 302 178.79.147.193:80 http://whatsyourflower.com/dailytrack/base.php?c=492&key=91ebc0ab6f36f57dff56e0d57685bd2a&target=delta-lex-NjkKpUJ3&source=porraceous-llama&keyword=nextportcampus+shopping%2Cnextportcampus%2Cnextportcampus.com&os=Windows&browser=IE&cid=zrc8b5514065db11e990c80ae14096d26687eaafe1b38a428fb2ec37caaa3490c703776713f8f0d55cda GB
––
––
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/index.html?target=delta-lex-NjkKpUJ3&source=porraceous-llama&keyword=nextportcampus+shopping%2Cnextportcampus%2Cnextportcampus.com&os=Windows&browser=IE&cid=zrc8b5514065db11e990c80ae14096d26687eaafe1b38a428fb2ec37caaa3490c703776713f8f0d55cda GB
html
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/css/main.ee7a97499913c9d6b2c0ad433f1a0ce7.css GB
text
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/css/vegas.ed09626c683ddb4f8ade5947a5dae2f2.css GB
text
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/js/jquery.511415bab15c163826219460ee372245.js GB
text
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/js/showhide.62b0f2bb8468bc53414e2e3ae92b0743.js GB
text
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/js/vegas.5623475bda32ac343029e0d882d1d397.js GB
text
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/images/animation.a261d068161601b4b2ca6140be992a0f.gif GB
image
whitelisted
3032 iexplore.exe GET 404 178.79.147.193:80 http://whatsyourflower.com/www.googletagmanager.com/gtm5445.html?id=GTM-TMR4NP GB
html
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/dailytrack/landing.js GB
text
whitelisted
3032 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/sex1/adu_fr_16_11_temp_10_sub_1_2_sli_all_amateur_toon_yellow_jm/images/slide2.aab7efc1bdab6783aea83c1ce59c91a5.jpg GB
image
whitelisted
2796 iexplore.exe GET 200 178.79.147.193:80 http://whatsyourflower.com/France.Cartoon1/index.html?target=delta-lex-NjkKpUJ3&source=porraceous-llama&keyword=nextportcampus+shopping%2Cnextportcampus%2Cnextportcampus.com&os=Windows&browser=IE&cid=zrc8b5514065db11e990c80ae14096d26687eaafe1b38a428fb2ec37caaa3490c703776713f8f0d55cda GB
html
whitelisted
3032 iexplore.exe GET 200 151.101.2.110:80 http://js-agent.newrelic.com/nr-918.min.js US
text
whitelisted
3032 iexplore.exe GET 403 162.247.242.18:80 http://bam.nr-data.net/1/bcc61c6f3d?a=16939322&v=918.2e0ff1d&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&rst=537&ap=4&fe=475&dc=459&f=%5B%5D&jsonp=NREUM.setToken US
––
––
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2796 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3032 iexplore.exe 103.224.182.246:80 Trellian Pty. Limited AU malicious
3032 iexplore.exe 91.195.240.126:80 SEDO GmbH DE malicious
3032 iexplore.exe 205.234.175.175:80 CacheNetworks, Inc. US suspicious
3032 iexplore.exe 34.195.36.24:80 Amazon.com, Inc. US malicious
3032 iexplore.exe 178.79.147.193:80 Linode, LLC GB suspicious
3032 iexplore.exe 172.217.21.202:443 Google Inc. US whitelisted
3032 iexplore.exe 172.217.22.67:443 Google Inc. US whitelisted
2796 iexplore.exe 178.79.147.193:80 Linode, LLC GB suspicious
3032 iexplore.exe 151.101.2.110:80 Fastly US suspicious
3032 iexplore.exe 162.247.242.18:80 New Relic US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
nextportcampus.com 103.224.182.246
malicious
ww1.nextportcampus.com 91.195.240.126
malicious
img.sedoparking.com 205.234.175.175
whitelisted
usa.raginhard-sva.com 34.195.36.24
3.92.103.120
35.175.21.193
23.20.57.65
35.171.104.39
34.194.204.58
35.172.143.48
52.22.6.59
malicious
whatsyourflower.com 178.79.147.193
whitelisted
fonts.googleapis.com 172.217.21.202
whitelisted
fonts.gstatic.com 172.217.22.67
whitelisted
js-agent.newrelic.com 151.101.2.110
151.101.66.110
151.101.130.110
151.101.194.110
whitelisted
bam.nr-data.net 162.247.242.18
162.247.242.19
162.247.242.21
162.247.242.20
whitelisted

Threats

PID Process Class Message
3032 iexplore.exe A Network Trojan was detected ET INFO Possible Phish - Mirrored Website Comment Observed
3032 iexplore.exe Misc activity ADWARE [PTsecurity] Win32/Zemot (RBN ZeroPark 0-Click)

Debug output strings

No debug info.