General Info

URL

http://www.niudgeds.ga

Full analysis
https://app.any.run/tasks/acf2ab51-4dd5-4baa-afff-6f9a647b9c17
Verdict
Malicious activity
Analysis date
3/14/2019, 15:16:49
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads internet explorer settings
  • iexplore.exe (PID: 4036)
Changes internet zones settings
  • iexplore.exe (PID: 3520)
Creates files in the user directory
  • iexplore.exe (PID: 3520)
  • iexplore.exe (PID: 4036)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3956)
Application launched itself
  • iexplore.exe (PID: 3520)
Reads settings of System Certificates
  • iexplore.exe (PID: 4036)
Reads Internet Cache Settings
  • iexplore.exe (PID: 4036)
  • iexplore.exe (PID: 3520)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 4036)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
34
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3520
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.niudgeds.ga
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wer.dll
c:\windows\system32\mssprxy.dll

PID
4036
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3520 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\t2embed.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll

PID
3956
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
599
Read events
500
Write events
96
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
3520
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3520
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{D6A07A81-4663-11E9-BEEC-5254004A04AF}
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E000E00110004006600
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E000E00110004006600
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E000E00110004004101
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E000E00110004007001
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
31
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E000E0011000400AE01
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307030004000E000E0011001A00CE01
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E000E0011002A00B203
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E000E0011002A00B203
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
24
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E000E0011002A00B203
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
22
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
3520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
0E332DB170DAD401
4036
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\ErrorReporting
LastShipAssertTime
3EB890A770DAD401
4036
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
18
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\niudgeds.ga
18
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
0
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\niudgeds.ga
0
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
4036
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheRepair
0

Files activity

Executable files
0
Suspicious files
1
Text files
70
Unknown types
11

Dropped files

PID
Process
Filename
Type
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\asefutura-extraboldcaps-web[1].eot
eot
MD5: cb9a5033434ae8bb78588040d2404238
SHA256: 7db4e9d524646df13387c14a0789bf0cf12529f8f7b52d60c97364a3d143e8ab
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\_sprite[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\0c287c4500fed989fcc63e743[1].js
text
MD5: 104d46a3208b40e8ded389332f5a78a3
SHA256: f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\new_message_us[1]
text
MD5: b2c01eaffa5fdb89479806c9480e113e
SHA256: 587f11e8ca5817c7138ddbf5a602258b84d40ff6fed000e5e4279e53c0779b0e
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon-32x32_239e4ffb-beaa-420d-8b26-bf979bb3da92_32x32[1].png
––
MD5:  ––
SHA256:  ––
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: 38965465794a07ceecf59395ae413b81
SHA256: 15593666142db610a7a8efb340f4ebde77bf764a261e03d6bc123a78f309b695
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: 1eb537ac2b9344b00b239ee5a18179d4
SHA256: e97662b856406934561cd0fb1ee74701743aa2329633a251bcddb4762c247235
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\main[1].js
text
MD5: aa715f618ceee8276c623456d4472cd8
SHA256: 3aaba20bce6b0861879753e960115080224b221c6373d808545401a2aaa7ada7
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\plugins[1].js
text
MD5: 69e398e002d53e738296716cbd128763
SHA256: 88fcd9e354d5deecf069bbbb2fa2eeddd52afc7d078346637f7908d1a87828c0
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\option_selection-ea4f4a242e299f2227b2b8038152223f741e90780c0c766883939e8902542bda[1].js
text
MD5: 8ba7fca83a5bae1493848279223f43f0
SHA256: ea4f4a242e299f2227b2b8038152223f741e90780c0c766883939e8902542bda
4036
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T9ZVEYRD\www.niudgeds[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ajax-cart[1].js
text
MD5: 2a699ad8582699b4319875a7883ef4af
SHA256: c22af1eeef7c44b9003fb07e7c600f7b6ced3a0ea9063395215f98e10519ab8a
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\3-70-820-0003_zoom_820x[1].jpg
image
MD5: 4dbd3ec1ba56e186b2534f2f9c913cc3
SHA256: a4fae35c3757ed43379e086e38f24c09a949c919bbb7049415e2326257670169
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\express_buttons-2f103d21fd37fd00320f4bbe8bcdf3f6c89f91c66b23a18ea95d4c2cf42873df[1].js
text
MD5: 1e128a7e4b8667971025ee0f967b2e05
SHA256: 2f103d21fd37fd00320f4bbe8bcdf3f6c89f91c66b23a18ea95d4c2cf42873df
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 31dabeb09d36cb4b5e53cd6a0a45232e
SHA256: 5ec1439e67f415738244e608d77cf61598bac1d44bf3dff461e959d7300c614e
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\features-35fa919124302b0d097cdba90a4cba671b688a3c3c61403c926ff7818bbb918f[1].js
text
MD5: 5ce872a55ecd536f434a7e2a464ff7e4
SHA256: 35fa919124302b0d097cdba90a4cba671b688a3c3c61403c926ff7818bbb918f
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ga_urchin_forms-68ca1924c495cfc55dac65f4853e0c9a395387ffedc8fe58e0f2e677f95d7f23[1].js
text
MD5: b0c3a8dfe4cc02475aaf2d4be363dad4
SHA256: 68ca1924c495cfc55dac65f4853e0c9a395387ffedc8fe58e0f2e677f95d7f23
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\logo_585e9b76-36c6-4aa3-9bb4-6d79f59f5bf8_227x[1].png
image
MD5: 438cc38923872f3a5a18ace610b94670
SHA256: c44ee7ae85b4ed74e4a7518ebf67daf1e16f6031e4d4ef513880e49d83579c76
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\shop_events_listener-f2c5800305098f0ebebdfa7d980c9abf56514c46d5305e97a7c476f7c9116163[1].js
text
MD5: 316bf6f6babeb765dac2b95ead4d2eaa
SHA256: f2c5800305098f0ebebdfa7d980c9abf56514c46d5305e97a7c476f7c9116163
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
4036
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: ffce298ad951539fc912666cf4042691
SHA256: c192851a487e259a80fc2579b7421ff604a6204c233ad3f23348cb91d20a40eb
4036
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 095dc882d4af6c1b98bf8b000ea3c553
SHA256: d354059c6c3f85ad9c44a1c9ce736bd533cf054a525a18d439f56d1cee4d0ab1
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\plugins-top[1].js
html
MD5: bc5fab8ebb3f5c9b99959360a92e5348
SHA256: 56504823f22d5cd3b49535e6aca91010eeaf333923ab620270432924e9c5c330
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sb-icons[1].eot
eot
MD5: c6440b6f153d26c5388b214e17f5bae4
SHA256: 9c188fae8268fe8ee6e6d2041346b5eb8969e73b700e07e5b72329904b9d53f6
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt
text
MD5: f0a03ff41bf8f32e26b5e81a60661ecd
SHA256: 5d2a56138d4cd87ad969e146d2c7a46ef423c1efd4fbf12908c0720089fd154c
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery.min[1].js
text
MD5: 4f252523d4af0b478c810c2547a63e19
SHA256: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\css[2].txt
text
MD5: f0a03ff41bf8f32e26b5e81a60661ecd
SHA256: 5d2a56138d4cd87ad969e146d2c7a46ef423c1efd4fbf12908c0720089fd154c
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\css[1].txt
text
MD5: f0a03ff41bf8f32e26b5e81a60661ecd
SHA256: 5d2a56138d4cd87ad969e146d2c7a46ef423c1efd4fbf12908c0720089fd154c
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main.scss[1].css
text
MD5: de1f04d1819841acb5eddbe1429820b0
SHA256: 022439c061311d667aff97925abc7f9b9fdda571fd9ff9b2200c4d98b74817d6
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\pop_up[1].htm
html
MD5: 81b9f90e90ef1c785deda8e33af19bb5
SHA256: 55ff45c13da37e498a94dc6d9f8fefb25afc2374c85906f618c754604198c6a1
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3520
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\menu_bg[1].png
image
MD5: 51e57a6a4cf0ea9df3d9ebd58c5fb57c
SHA256: 4c3c2725ab63a8260797497d90010a27652d38257f5f4155d52d8eb9d30cfd39
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\asefutura-bold-web[1].eot
eot
MD5: fdb05685e63fa01baa917116ff71487b
SHA256: a4c7de9cb7d1e782bbf5051b2986e1f13c4fa151f0bc880cb49885f2940ce453
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\arrow_small_left[1].png
image
MD5: bd8ba78eb472eac8872b9ba83f5fb109
SHA256: e130e05fab93087c9357ac12affd87a790daaab21cf54c1745e78ecd5b6b44c8
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\header_bg[1].png
image
MD5: db1ea81924be5935b4231cc769d2f518
SHA256: 99d8679dbfef746c4e5a92bd04d2cddbf3ffd5acfbb2c1ca515bb93ff48d8bf4
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\arrow_nd[1].png
image
MD5: 365bfe29a190ceba645d3e007a31fde0
SHA256: 6876adc4440562458d5a9c57269c2959e522f15008a45ae3586889b29359ae97
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\arrow_nc[1].png
image
MD5: 0e280fffe7d8c4fc5f2a41d0b3786f6e
SHA256: 0463e0bcc1fac16ded7d388463f2208ffc868f0ca332f2be419ff974fd549865
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\popup_bg_bottom-footer-2[1].png
image
MD5: 8acb02dfebe85366abd02972fc78c180
SHA256: 84c34cd00d2a52e149f89d67b95110544586e19f7d5f853c11da702a9371fc12
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\arrow_dn[1].png
image
MD5: a0882d66b405fe5c325a46a5a14a4809
SHA256: 09d817c8acf0e1e327b7f2cc5f6b31a1fee10a2eb5927769a87218ba44265a56
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\arrow_up[1].png
image
MD5: e6542be3ad0237019dc91adabbc15fc0
SHA256: 45745cce0b533adc56dce895e195e7c90dc6a3a24ba8233df811ca0da37a746e
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\popup_bg_top-header-2[1].png
image
MD5: 681761ff4f049d11ac61f36e7becdae5
SHA256: 4e3fe7eeb5f55d73d6c981aa98dd2783739d88e5c44c4624fb0d80c674d6faef
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\arrow_home_blue[1].png
image
MD5: 94aee60e6d6b0d35c02a701323d1827a
SHA256: 8993854a885ab66d948eaa0e6a335e4b4d463c4620d7000e76b3e7765fbff437
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bg_bottom-footer[1].png
image
MD5: f8ddcba565a4ab42b193f2d9aca25d8e
SHA256: 23240e00b525468469ca424c5f1f1bd912baa84c27603cfd71359bb469be64bb
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\footer-logo-hermes-en[1].png
image
MD5: a4410cc876881ecae6f232494d0ed66b
SHA256: 7480343499cd41c449a8188e0ac0ad86ca75cec8342a34a9d1d774735b9913ac
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\arrow_go[1].png
image
MD5: 03611f812c8eb2b77160ebf78735a9de
SHA256: d640ec51862ee313150bf581354a49a1163cc0103ba5d9e3a08c2ba05327a1e7
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\main[3].htm
html
MD5: 4555f5075bc04850c351f1ea87e25281
SHA256: 9e1e17d4724f7a63c190a0c96b1ddd6cb33d85e7cab5ddf14b930aea5872a19d
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\input_shadow[1].png
image
MD5: a9f287515edca95cfbd096ee6536788b
SHA256: 576a337196cddc59f9865d93f470ea377c1770390402b08c788f497f71192449
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\hermes_water[1].png
image
MD5: 835affcfdc771fce75caca96d95cf751
SHA256: 16bd1ceee11d320b007db7a26b2de58a88b1715b07b6f4c6c6879e62ac783299
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: c7f99315fd9affccadebd82f969d8b17
SHA256: f12eaf295e4804391a5bac5645153bf8e959ee4c4aa411db91c16ba44d8624a4
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bg_midle-repeat-y[1].png
image
MD5: 39bb751e080cd70c61252833bd10b08a
SHA256: a7eb8bf4c89de23f4ac10dc940bbca2989bf6673beac73702e7867c8256bf443
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bg_top-header[1].png
image
MD5: 0a0b4530556e829f74e0bffd31987e10
SHA256: 8c2a8d86ef15c1f503e5ab8b0b686dedf59a933ff58be695339964232b7b8d49
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_12df8271b62395a348f102b12959f9768e2baf9_0ddb3b5f\Report.wer
binary
MD5: 3f1bb94ab611462648bdbc969aaa5c27
SHA256: a9162693d23583e06c85c5781f351307ee63787ac2450506f3065774d886b43e
3520
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 1f54060330eeecc8e384f29e12270b77
SHA256: 794fa5c2816087c409f05e99a2e66a201fc6fc0e8c1947f67810cba0b9e6551c
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\main[2].htm
html
MD5: 062ef0140faaae74745cf405cf12f7a5
SHA256: e384549cbcc57bde13a8889db8a0078ae533f95b5dcdb08d5739f69aa4179d82
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main[1].htm
html
MD5: c89b02a026afc734c747756c6f304bfd
SHA256: 420e13033e510840984e293c0c10b192f326641920db971316b7d5cafabdc8f5
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main[3].htm
html
MD5: 5d01c4fb797514ddbe611727425c2773
SHA256: 16d8aa1f8b9ff4ce474337d97254d8f3a4536a25a897465d7191e58d1b5acd1a
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\pdf[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main[2].htm
html
MD5: 95a95db0f2be0b666acfcbc2df4344bc
SHA256: 2738b8af9f547610ecf88d85bc0ed3ce60a49989bae83b720155e9f5830123d9
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\cb5bcddf-8536-4266-87c4-9d0c9874e99f[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\email-decode.min[1].js
html
MD5: 9e8f56e8e1806253ba01a95cfc3d392c
SHA256: 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\a0251f0a-ec88-4b20-b66c-0d08cf292e41[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\12a0fea8-fc3c-4897-9710-58083c0e4b05[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\86d8d656-25ad-468d-9367-487aac6a9298[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\4aba0f88-62c6-497c-a9a1-b5ea63ac3a68[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\e1ade495-c63d-4637-9320-8ed0f4a12ccc[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\284b5a3f-bcaa-4626-a3c1-ad944d6dc0bf[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\9e46f618-d890-4a78-97be-2d6ebfb9ace1[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\73a1a9f1-30a7-4daf-afdf-2051e4fbec7a[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\icon[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\history[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\search[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\print[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\el_GR[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\rologaki[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: c1065dc439c4496914d8717037e57195
SHA256: b688b9f9823029a74f218f850df8e34978a96f6065284c5df91068d964ec3ef1
4036
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\en_US[1].htm
––
MD5:  ––
SHA256:  ––
3956
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\close[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\add_user[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\help[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\spacer[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\openid[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\company_logo[1].htm
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stocks-selection[1].htm
html
MD5: f45b2f6745e0242eedaade78edb4d40b
SHA256: 485574a14e749d71489369ca79d02ff42d3250c09d4a78980536ce3a23ee2208
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery[1].htm
html
MD5: 93b5c1ab9cb85e227b40f822fe51aec7
SHA256: 355d9035907da5ce3521d823df69b0eec95682ef31db11e1186e92116b3eee0f
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\horz_scroll[1].htm
html
MD5: e40f0375c6e4da82d0d74dadd5e50a5f
SHA256: 56aa736c5aa69f95645c9046e4e37bb3111b9bc483f55c68b91c25515f9e5fd7
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main[1].css
text
MD5: 0d9b984790f22ef279623f089fbdda21
SHA256: e52d492e6a0d2ac8b82283604ae9522faae79489d6a8e8e1b56da7c77d6adfd1
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\main[2].htm
html
MD5: 60d535890f4c0d3f764573c6c06e66b8
SHA256: 7a5f2dafd33d98b92e58c74afa94a83563fba2628d9546c6ff1c4fcc7920a25f
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\main[1].htm
html
MD5: d0990f7f5f7b3d72439e456aa8a9b2e6
SHA256: 9a0ee11a2588ad792b6798a38962947be6abb055c4baea0f6c2c0d756c37d38e
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\barebone[1].htm
html
MD5: e9317f4ad91c58d39be5a94c0024d96b
SHA256: ebd5177b2d5e5ee867f06c17e6b8fa4ea082ccdc3ed8a7a676562cfa1e6ce366
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\webcomponents-lite[1].htm
html
MD5: 42ec0ef5b5a48f423577e3ed321f70fc
SHA256: 7d334aed06c0281c561c64422c51b203b8056668096425327a92b9390078ad6e
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jssor.slider.min[1].htm
html
MD5: c9b73b501749bf38d4dd9c9b6c3c49af
SHA256: 5001cb8a60727d91816d6fda6dd1524662854d7040d25fa84148e4c8d88b6b01
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\spin[1].htm
html
MD5: 5aea241d08631db0d99a271d5b1536a1
SHA256: ff2878847387e79cc020d02d814571a7efe6f0d782257aa092f018e8607c3c3d
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\init[1].htm
html
MD5: adb181580136defb630798d1ec48f123
SHA256: c58ac9d95789e1fb1cd0cb58d5cea21731370b3f152eb42f5a14838c8521e2d9
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\top-links[1].htm
html
MD5: 089523874229b5554b77c0ab53ae6eb4
SHA256: 559c6c03afcd0433927e09f69cdfa76f74f8413009efca02f2ee3810374fecbf
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\main[1].htm
html
MD5: 4555f5075bc04850c351f1ea87e25281
SHA256: 9e1e17d4724f7a63c190a0c96b1ddd6cb33d85e7cab5ddf14b930aea5872a19d
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index-balloon[1].htm
html
MD5: b727e495f912a438e4792d67cb7cf7c0
SHA256: bd8d1d47a4a3ee472afaf417b40c4759fcef54fda4451a7e3eccfa1e808be07f
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery.tooltip[1].htm
html
MD5: 5db7f8bc802105d1ac088529f2f2f9c4
SHA256: c1c68481693f3ce8e737ecec887226e75e878316cacef7b60680990f641018d6
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\companies-tiles[1].htm
html
MD5: 03d43eb4358c5f2ad28f226b642c16b9
SHA256: 6ada6344cb2a88a7fd0cf75630f88a24477c4f7ddca056ba9d7d0b33fa69b845
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\flexcroll[1].htm
htm
MD5: 9e1a16c9080165e4122989c9875c9a76
SHA256: f4875c5fe6282b0f39ab84caecd5bd9933de93f60586b3510dd120d8c784af02
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\accordion[1].htm
html
MD5: b480b4999034e1e2e3a03ce3715717ad
SHA256: 8b781ff434317653732370da023a65ea0ee078122b8be8f95e13b9c1c54347db
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stocks-tiles[1].htm
html
MD5: b480b4999034e1e2e3a03ce3715717ad
SHA256: 8b781ff434317653732370da023a65ea0ee078122b8be8f95e13b9c1c54347db
4036
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\niudgeds_ga[1].htm
html
MD5: bab879855931a5bcca92757618e8855d
SHA256: 67a4dc92a10672c0faa5787ef0fc9d13cef092c2aeb41d2de5a1568133e23244
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
4036
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 3eb81029cc60a72c616828939ea1346a
SHA256: 7ee16bd48a31f3748348c5a0f4374bc3a11780ad0e79f01357759064892182dc

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
93
TCP/UDP connections
58
DNS requests
10
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/ US
html
suspicious
3520 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/flexcroll.js US
htm
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/stocks-tiles.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/accordion.js US
html
suspicious
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/css/main.css?browserId=other&themeId=Helex_WAR_Helextheme&minifierType=css&languageId=en_US&b=6130&t=1532184191000 GR
text
unknown
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/companies-tiles.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/jquery.tooltip.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/index-balloon.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/top-links.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/main.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/init.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/spin.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/jssor.slider.min.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/webcomponents-lite.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/html/css/main.css?browserId=other&themeId=Helex_WAR_Helextheme&minifierType=css&languageId=en_US&b=6130&t=1374217722000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/html/portlet/asset_publisher/css/main.css?browserId=other&themeId=Helex_WAR_Helextheme&minifierType=css&languageId=en_US&b=6130&t=1532183577000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/html/js/barebone.jsp?browserId=other&themeId=Helex_WAR_Helextheme&colorSchemeId=01&minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US&b=6130&t=1532184259000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/jquery.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/stocks-selection.js US
html
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/image/company_logo?img_id=41211&t=1531731891722 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/portlet/close.png US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/spacer.png US
––
––
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/common/add_user.png US
html
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/common/help.png US
––
––
suspicious
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/css/asefutura-bold-web.eot? GR
eot
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/css/asefutura-extraboldcaps-web.eot? GR
eot
unknown
4036 iexplore.exe GET 200 172.217.16.142:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/bg_top-header.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/portlet/header_bg.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/menu_bg.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_small_left.png GR
image
unknown
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/language/en_US.png US
html
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/language/el_GR.png US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/common/print.png US
––
––
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/theme-custom/rologaki.png US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/common/search.png US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/common/history.png US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-Service-portlet/icon.png US
html
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/1831046/Inbroker+%28208x146%29%20%28el%29/9e46f618-d890-4a78-97be-2d6ebfb9ace1?t=1424264193888 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/2364308/Statistical+%28208x146%29%20%28en%29.jpg/284b5a3f-bcaa-4626-a3c1-ad944d6dc0bf?t=1424868731641 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/1831044/Education+%28208x146%29%20%28en%29/73a1a9f1-30a7-4daf-afdf-2051e4fbec7a?t=1424267719479 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/2035706/Banner+GreekFood+208X146.jpg/e1ade495-c63d-4637-9320-8ed0f4a12ccc?t=1389968376076 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/1827532/AXIAlei+%28208x146%29%20%28en%29/86d8d656-25ad-468d-9367-487aac6a9298?t=1424265784221 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/1831038/AXIAline+%28208x146%29%20%28en%29.jpg/4aba0f88-62c6-497c-a9a1-b5ea63ac3a68?t=1424265865925 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/1831040/AXIAsms+%28208x146%29%20%28en%29.jpg/12a0fea8-fc3c-4897-9710-58083c0e4b05?t=1424265937855 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/1831042/AXIAweb+%28208x146%29%20%28en%29.jpg/a0251f0a-ec88-4b20-b66c-0d08cf292e41?t=1424266015129 US
––
––
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/documents/10180/2035704/Banner+Square+ESED+Simple+BIG+-+ENG.jpg/cb5bcddf-8536-4266-87c4-9d0c9874e99f?t=1457625858460 US
––
––
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/html/portlet/login/css/main.css?browserId=other&themeId=Helex_WAR_Helextheme&minifierType=css&languageId=en_US&b=6130&t=1532183577000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/file_system/small/pdf.png US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-Service-portlet/css/main.css?browserId=other&themeId=Helex_WAR_Helextheme&minifierType=css&languageId=en_US&b=6130&t=1532184182000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/html/portlet/search/css/main.css?browserId=other&themeId=Helex_WAR_Helextheme&minifierType=css&languageId=en_US&b=6130&t=1532183577000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-Service-portlet/js/main.js?browserId=other&minifierType=js&languageId=en_US&b=6130&t=1532184182000 US
html
suspicious
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/js/main.js?browserId=other&minifierType=js&languageId=en_US&b=6130&t=1532184191000 US
html
suspicious
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/bg_midle-repeat-y.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/forms/input_shadow.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/hermes_water.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_go.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/bg_bottom-footer.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/footer-logo-hermes-en.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/popup_bg_top-header-2.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_home_blue.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/popup_bg_bottom-footer-2.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_up.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_dn.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_nc.png GR
image
unknown
4036 iexplore.exe GET 200 193.242.245.70:80 http://www.helex.gr/Helex-theme/images/theme-custom/arrow_nd.png GR
image
unknown
3520 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
4036 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/web/guest/permalink/-/asset_publisher/contentdispl/content/announcement-1344-2016-no-english-translation-available-/pop_up?_101_INSTANCE_contentdispl_viewMode=print US
html
suspicious
4036 iexplore.exe GET 200 216.58.205.234:80 http://fonts.googleapis.com/css?family=Roboto:400,700 US
text
whitelisted
4036 iexplore.exe GET 200 216.58.206.10:80 http://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js US
text
whitelisted
4036 iexplore.exe GET 200 216.58.205.234:80 http://fonts.googleapis.com/css?family=Roboto:400 US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/main.scss.css?4618566115392463930 US
text
whitelisted
4036 iexplore.exe GET 200 216.58.205.234:80 http://fonts.googleapis.com/css?family=Roboto:400,700 US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/sb-icons.eot?1462380290835614051 US
eot
whitelisted
4036 iexplore.exe GET 400 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/kyrosdeco-fonts.eot?%23iefix&1462380290835614051)%20format("embedded-opentype"),%20url(//cdn.shopify.com/s/files/1/1586/6837/t/6/assets/kyrosdeco-fonts.woff?1462380290835614051)%20format("woff"),%20url(//cdn.shopify.com/s/files/1/1586/6837/t/6/assets/kyrosdeco-fonts.ttf?1462380290835614051)%20format("truetype"),%20url(//cdn.shopify.com/s/files/1/1586/6837/t/6/assets/kyrosdeco-fonts.svg%23kyrosdeco-fonts?1462380290835614051)%20format("svg" US
––
––
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/plugins-top.js?4618566115392463930 US
html
whitelisted
4036 iexplore.exe GET 200 172.217.21.195:80 http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxO.eot US
eot
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/assets/shop_events_listener-f2c5800305098f0ebebdfa7d980c9abf56514c46d5305e97a7c476f7c9116163.js US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/assets/themes_support/ga_urchin_forms-68ca1924c495cfc55dac65f4853e0c9a395387ffedc8fe58e0f2e677f95d7f23.js US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/assets/storefront/express_buttons-2f103d21fd37fd00320f4bbe8bcdf3f6c89f91c66b23a18ea95d4c2cf42873df.js US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/assets/storefront/features-35fa919124302b0d097cdba90a4cba671b688a3c3c61403c926ff7818bbb918f.js US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/files/logo_585e9b76-36c6-4aa3-9bb4-6d79f59f5bf8_227x.png?v=1517023883 US
image
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/products/3-70-820-0003_zoom_820x.jpg?v=1517407366 US
image
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/ajax-cart.js?4618566115392463930 US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/assets/themes_support/option_selection-ea4f4a242e299f2227b2b8038152223f741e90780c0c766883939e8902542bda.js US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/plugins.js?4618566115392463930 US
text
whitelisted
4036 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/t/6/assets/main.js?4618566115392463930 US
text
whitelisted
3520 iexplore.exe GET 200 151.101.0.104:80 http://cdn.shopify.com/s/files/1/1586/6837/files/favicon-32x32_239e4ffb-beaa-420d-8b26-bf979bb3da92_32x32.png?v=1517024002 US
image
whitelisted
4036 iexplore.exe GET 200 104.24.123.227:80 http://www.niudgeds.ga/html/icons/_sprite.png US
html
suspicious
3520 iexplore.exe GET 200 104.24.122.227:80 http://www.niudgeds.ga/Helex-theme/images/favicon.ico US
html
suspicious
4036 iexplore.exe GET –– 104.24.122.227:80 http://www.niudgeds.ga/web/guest/home US
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4036 iexplore.exe 104.24.122.227:80 Cloudflare Inc US shared
3520 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
4036 iexplore.exe 193.242.245.70:80 Hellenic Exchanges S.A. Holding, Clearing, Settlement & Registration GR unknown
4036 iexplore.exe 172.217.16.142:80 Google Inc. US whitelisted
4036 iexplore.exe 216.58.206.10:80 Google Inc. US whitelisted
4036 iexplore.exe 216.58.205.234:80 Google Inc. US whitelisted
4036 iexplore.exe 151.101.0.104:80 Fastly US unknown
4036 iexplore.exe 172.217.21.195:80 Google Inc. US whitelisted
4036 iexplore.exe 151.101.0.104:443 Fastly US unknown
4036 iexplore.exe 35.186.251.138:443 Google Inc. US whitelisted
4036 iexplore.exe 104.111.219.40:443 Akamai International B.V. NL whitelisted
3520 iexplore.exe 151.101.0.104:80 Fastly US unknown
4036 iexplore.exe 104.24.123.227:80 Cloudflare Inc US shared
3520 iexplore.exe 104.24.122.227:80 Cloudflare Inc US shared

DNS requests

Domain IP Reputation
www.niudgeds.ga 104.24.122.227
104.24.123.227
suspicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.helex.gr 193.242.245.70
unknown
www.google-analytics.com 172.217.16.142
whitelisted
fonts.googleapis.com 216.58.205.234
whitelisted
ajax.googleapis.com 216.58.206.10
216.58.207.42
216.58.208.42
172.217.16.138
172.217.22.74
172.217.22.106
216.58.210.10
172.217.16.202
172.217.18.106
172.217.23.170
216.58.205.234
172.217.21.234
172.217.22.10
172.217.18.10
172.217.18.170
whitelisted
cdn.shopify.com 151.101.0.104
151.101.64.104
151.101.128.104
151.101.192.104
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted
chimpstatic.com 104.111.219.40
whitelisted
cdn.shopifycloud.com 35.186.251.138
unknown

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET INFO DNS Query for Suspicious .ga Domain
4036 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions

Debug output strings

No debug info.