General Info

URL

http://glwxifzkis.duckdns.org/k.html

Full analysis
https://app.any.run/tasks/0b8e41ac-f966-40d5-a893-0e3ccc4bec54
Verdict
Malicious activity
Analysis date
14/01/2022, 23:14:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 4016)
Reads settings of System Certificates
  • iexplore.exe (PID: 3148)
Application launched itself
  • iexplore.exe (PID: 3148)
Checks supported languages
  • iexplore.exe (PID: 3148)
  • iexplore.exe (PID: 4016)
Changes internet zones settings
  • iexplore.exe (PID: 3148)
Reads the computer name
  • iexplore.exe (PID: 4016)
  • iexplore.exe (PID: 3148)
Reads internet explorer settings
  • iexplore.exe (PID: 4016)
Checks Windows Trust Settings
  • iexplore.exe (PID: 3148)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3148
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "http://glwxifzkis.duckdns.org/k.html"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ieui.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\duser.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\xmllite.dll

PID
4016
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3148 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\apphelp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\propsys.dll
c:\windows\system32\user32.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ieui.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\version.dll
c:\windows\system32\wship6.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\devobj.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\d2d1.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\msasn1.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\sxs.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\d3d11.dll

Registry activity

Total events
8749
Read events
0
Write events
109
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935452
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935452
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{B48963DF-758F-11EC-A20C-12A9866C77DE}
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
96D6FB769C09D801
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0017000E0016008702
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
EAC026779C09D801
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
EAC026779C09D801
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0017000E0016008702
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0017000E0016008702
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0017000E0016008702
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0017000E001900CF0301000000644EA2EF78B0D01189E400C04FC9E26E
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0017000E001A00EB0100000000
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000E41CCE5E17D814FA7A329323A0825046E984DF0C01B08DC7E07A085CB3361C3F2CAEDBA03F44124E068E65BCC58CBD0FC0FC01009C688EE4DDF05D6CB2F4BEF51614AE7E0931FBA2A066C529762376EA57D914E03AF28F6CDBF3CAF4C20B9421926F3028EC3F939716DCC8F781E2D5E7403B7B5933ED94B689A308EAD01B5A043DE0E8899A0E646AA90EE371DF6A4B2A3C4223F699F8ED45EF20D0474DC42A180A85A5E89A3EE819121EDA23675C9B62E80D51A961B54D3EF98A6EB618A6D31E9F7F0DCF03709DA7AF2A252BB55617DE9CBE149DFAC250E7DF01F006496148B114EE0C4A3D42065E6455355649FAF2241474155B99C1D03DF5A51E7A45952A6A0AF3FE743E553F2CD9BACC15EAE63D28454F2A403A51E6968F96B3D933E2209B1FACB7540749DF10377EFD3D94BB9B03896E153E8811864F8FF4855E77E82093DC3A5F08C2BECA93A3BEE693241A5848D5F3D7F4E9A38D9597DFCC6CD046357590BDB83FA1546351239C6C32A6A1E3DCFDFDEA122EA6F43382772F18BC9E8D9E3056710ECAABEB93B73662B713F2506A29AC420CBCB9787666DD6081D58FDF9EAA23D601706438FF0EAE4845F8AB455E7820701EAE7EB51E632F76F99FB9FBBABB45BF920F1DB34B87222754916D0375A578C7A248944666718EB8FDE4BCDC0672DD8FDF0A77B70E11B4F95115D9FFDCDBD6D7B7869AF60D691AEB001638CD0B0D0936B9F9128E969B82E010AE8D27DE1C594130AD322F836DF3AAFE10CD0BFDE5EA60FFEC8E5DD5B6AE100B172BDC20532113DB66FBB9121B39B2EB451B4280F4A0EC4CE78BB5587A571872E9511175D74D3317AC941829450CDDE54FC24902524CB8F321AA1F59F99C640F2EA11036A5FFA3B6F19F6FA7528CD7436462679EFF0C174D5289B8D06C9FD2F101B9FB36ED56E03546BB70423FD975698E9AD495AF01685116C940A68B7EFBF3BE3ADE3E02724B3CA0879DF826138E70C30C70545B4CF285CA0A8AE7675B27076DC5931B2873DD745DA54295315AC9A4985778086D0B183AAFECD616B6541D58A1F8F83E947815B053B4873D75CE00C7C21B02C8D35F6C15B50FDA80508BA03D2775E5E9C7A3A959E4533A19078F8C29EFF8FA4A846806F08E1320AABD1E6FF714DA31EF0213EE3B1B24AD000FBD3098E88E9F294947ED03549938C92D2F574090C8270115E8B1937EC6B5420078FB0E057DF3BD131AD264693FE35099DCA6B00CE04F8E4942677990D815744AE019437365C17FA702C1CF22A67F896F4723ECA9C0E830C840FB8E6BFCC954F615FAFE4DE682022320F4C7E86E4B3D918E9EA1730AD5ADFE04B5073DD1F5BFE53749440AA06B793192B4FFB537E37206D3F45E085C0B8223AD0DFFDEF6DCAFE066C44A653371CBF9791F1982A18C348B34DE2D92574303435BB0192A0D5651B7C2F744903ED63D96F5FBB07F4D1A7111D3A4076F9C710BA72D8C7846B54823EB6BB8F89363FFA87F2710B819D93BDF65CF8913E4C952398145B503B38D3D2DAA81C62BC5410A3D002DB32617E605FCA147E0B76E8013BE0FC264F739373F3DDC248ED4837823DDD32817F2A014CD15735D6E7AF35F97BD28C415CE7252BA3EC174112CF0A84F007639425EDF03A063FB2F1EB08407113A756BF372D87D5E99A1913E7F34715C2B617E2595BA53523454DF13013919CE94BFD656C5755A5FA6859B83D828734CF6DD18ED9949A52523FA8BEEB49F33659AFB27F26EAE874031E3B2157D4D4EBEA4DC278A7C2F97A0684255F6D351F7D9234F7DAD07C2A67C0BB3F6022F57A2D6484ACCFBF379CA962FD15B6419A603D2445BF8A589275600AD83871B4A6D0FD37C5325F1270ADEBF0334BF55B3CCF83B0783B733179236BCEA898545AB51358BA7C653EDEDD4738048E89FB6D2387702BDD3DCF60DEFE80EB4891049678CB363D69B76FA3DAE2960C8331DE40CE71E45DEE186646A340B62E99E48B855BD2B2F1D3FAF7A0092A07F48B3579D88518F757421D5247F9F3E8B3A7F4ED268CF3C6794FB1C0F2A7A79433A016F5805E568631C6BE9EDF8F6238A1F78402DD5D286C8D9B1DE3E2B2052A3719A8309A3DF4AED94BDE1432F4F5920D47D3FC10AC5A96A2A7516CFA707CC15F14BB5E08B08D68DD99ADFF3CE867F896E6E6B617D1A45A0062CE2E886FE87ACC39623F95BB4AA2ED72E028AC8D937FE011FE4273C18FA966BF863604EEC232CE7F6EFA0670C6859A3756A709B032027CD3CCAD75DC968D096B7B90CD0BB4096467D38AACBEBAEB54FA4369FE2BFD9C0825B3DE233712F185D4C055A264B7FA1C6E21DB34A5D1E0248AF885441E2047F97765DC65562EFC713C9657AFE547E1D5D71C0700006561B3FFC7F818F624068A5364AC57A8F47AB02A9FA98367FDE243EDE3F5FDFBDF71DAE223B7166A12CC7DF1924D31F97D9F36F7DE547CDE23FBE1472BC33052EA211E3CADCB3EC136ABD94260BF401F744BD3073447A17C041254EDB55EDD8C2F50D9E8F81BB024C998ABF2E1F5964D6284CD5C9388351B1846E74522CC1F96792C343874C2DB287582DAC0C803B2DD425315BD1E1AF7CCFA82A98FE5F8F0347179C951C5CE4F31D4913A71F4EC4C9E2DB2D77096051874B4EB0CC20108D1CAC25C6065FD1ACC3660B22C401A93DE80CEA0E6819D3B4CC341459B1B55D9B562D5DC3956CCBDE87B53DBAAB16B1440273F26861AB5B0EE0039BC30A3F68B1DFDD5D8F3DB36988C00481BB82F68635B25C93E37C781935AB9F83010000000E000000385835324E41646D516B412533640200000000000000
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000DAC7B7F1E8397C4082C8F6E74AF66B75000000000200000000001066000000010000200000004B5EC5999FF8EBBA6B06A75DB771B240DABAC28F7FB913E94354DAFEBDA9622D000000000E800000000200002000000049EF6E79E4B764666D9A8B4DB22DA54ED0B5B9854755E9298595E6B0B57257C6500000005C9C06B25C7902F344BF7C5ACB072000871B553FAEF8BE59F19BCD6CF68C02FA7215781E5D375992A05AE8F1591FEFA6E6482A20222A49221FAFBF1E0558956E76517EC98793927C40E5E005B133C2E540000000043F890E755ECF0AFA288078EEDC7F4292EB5C19D82B98D6BB6369DD9AFFB834C0E7C766FC781C5A4257758647BE810D8C89F087F2C7AA20E15D39DF7DAF749B
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000DAC7B7F1E8397C4082C8F6E74AF66B7500000000020000000000106600000001000020000000363DCD921B250D99B546246159DAB66C9C8D2146AA3097D19A7828FD2E6E8C1C000000000E8000000002000020000000A87AD5548FC1F824E46377363005AC00FCDA774993B4C99C1DCB8F065E80C56C1000000005D7DC9C51C5B5F33C24FF70CC89D7E640000000D4A27A1C0DEE073B60B95FEC6FE5FEEEE378AA4A9CAAE85988F138D91E885235F0ACB8685B0E2C1B5DF3B717D2D1E1A48A56CC1EB9527308CF8E96B0478C10C4
3148
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C08000081550A6140E2409C07F83C0E537F59EF947E01810EB7805EF589243AF09D9086E9BDF309084982EAABE31CDFF85FDD8528072BEC29BCE0B3AC990A14470DFB913C8F50B2BE7422E112805251BA298AB704C94719F51665D24BAB59F7CD7964A1D5693EFEF78578A6A76D71BEBB00FA1C3F646651AFE5FAB8495D73596A0317014FEDFCFE059B992ACD4CACE6AE042FAA7078A90D544A53E33850F404DBC99D90D5B9745C4DD6E0A53DBCA1928155D4CE6EA5D4B01F63DA291E24E78325EDFD80AE6E4619C0558F52C05CAD44AF1390593C8B9CC7995150EB90798E99F88D12E46DAD4BDE8A3AA18AB6CED0FBC25E6534ABC9E7E5B934018AFBEFADCE60CB2D13F9149ED9B2A41D2670B10F06875637E8BC0180072B2D793AF2268D089EC5BDD94145622D3CB3CD32D1A44BE52D1CFFFACAD2738CA25A2B1C76BF9536019D7A77F2DE46EC7D8755F6F549A63D7CCE7D13C6DCAFB7BADC40A92E589D0C81717371F180D9AB963FC745403F7EDB248D8BF4BEBFEECE59D492715C92E3CB3263DA3256CC1DA08DFD3B27D42507C37C796D46341BEEB822607027BA0D0F1DCF919D7CF860DD4A2AE04CC7C99DA95667B2FE2A1C900939ACA133FBBF6976FE861D22A631DE2ABA30084EBF334604852A5858AA45BE0BB5F4B7984AE746FFB90E26BBAC99E4D8568C94E3A6ABBFE30E1D8B0FEA4C45248855C33E996D45EDF2F8CB791A2F14C342AFA6F4F9ACAA95D7496B213579C544EEE5E30DE04704DDBD212E8AA81C0CAA47FA5D394D16A6AE4931182FD59CDD0D77AF38FD2A0B2484CDD46D24D1A26D215676D9C2D3B252B2C621B23BBA912F790F6FE3AD7EE64500AD49AA9D1258D84D937D3ABD305D50F12B33595BF4BA5A05933802131EC7079B08CD032517C4EB5AF68D9F1C9E5B3F9262332D61FAC1FE58FAD9B67C11A50AE908499A92A16C488079CF2AC061BFBE4706194EACC3F8BBF4089E1F080288EE67BDA38D6651168D9AD704FA4E8E556F13130FDC9BB1F1316F9A5B5EA46B6F540C9827FEDE2DB15B1BD9052FB21B72F198AA48F7FB460800FF740891DF1320DA75F89E0BD80C2853F13468E9374ABEE318E63CBF7DAD07C895B1F9D998D8322186C00DD6DFBE9B1344FBB847575656E7A7B7C75436140D2909B40357B6CE3FC946088E7DC911653D619AAA6B717D3C9C3ADFFDD69CD30BC39FAC3D291CAAA072E8CF0D22CA9F146F89652B745F53DAA114EAF16571693236FAB4A1707C7F9CBCA8CE97E3CB70824A00BA748211651198D448E921E03BD321796F964C8FC92A48334D3BE20F6B1D6F0EAA98B43E306E20D56DD72AB437A926F1436ADEC5CF6DB4400F3B3ED293F47CB43BE22C876381D8C902DAA09C36F8E487233144F04757A16D4C9E16F21DB913F8371009E8762F624E2B88A3B33782FB96DFCB9F165AA1AFC1BE7F8CE44DE6D2D088236BF88C6E5DB2D4C9536966F40B1F0F6710DAEB887E2CB9A3BEA0259A5A6A296972ABA9C868941A96D09AF40FB48D863FB59138F9AE1F5554CE93EA6C4CC1A0953DEB370025CABAAB3A8EC50696455ED6AFD0C47FE060ABE8DAA771EB46C114A5EE3CD9BE32BE9280B1EAE17F516E87AC1EAE9312B2D01D7304464111EA81E573A4349003315238B2553CC14185D9F41E2304B978C511B3C96A1582A7D6F1DD417F6C302CC173978146296570D2E24F1FDC86321EB93983252E6EC0CEAB41EFCD9E6824808196A68BA4DB3F66D8DD3FE06A1016D52E572DBD6EAC787F0AF883CA233383A613922AB78FB6EBBE36033F9DED230DACC43365144CA87EB9913F59C62D9B7411160D86C72750B6908E290410860C21A51B588EAEE69D2714E243F20DDC5EE4DB29329E168D73F61D7F4675E4530CD96BD4E2645C5E0C4FBE9B769367505087BDEE46CC63DFA136C2A93D30B77585A52A8D00B79DD29623985D6ED1BBA8DA2F040401E02F3EDC2CFEAC86A07D0D8A9C0CE765342264A6CB13C980B0D3068372C50ABC3468CA2581482806A821397A87C482EE419F328BD1AA7DA8542A89C69CF3A2C7CE64A3006A0FBDBFD1911AFB3CFAFE67E9D25EC468631B053B4051EAF30E6BFE926FE90712750BEF1AE1D02650B5FA0ED26607EC78ED41180DC27D0A4EF404758542BCACD003B20A48557CA90C681AAA4BF54CDC826C9109FEB12F49F7EE0F0B1E143CF833665278CEFC3C25C246F903677B4FEB4F10A985B7F38644E24E2BB5AC3089C1D6958A2E44A931EB6032398A24DB2EB370BC2ADCDA22A2AA2FB6F79AC677C3DD0C89FC8E6F7A7C5566F27AA1AA490B639044B5B00C75A35102031558CE3B0ADB57B947F5D6613BB31AC65CC3918C04B291C0E89395B7A879A247240481327EA5B1930B49E7CB8FC71CBF7F4D3F573B40846165539195D3DAF2A2C3149F583F46A5F2E8F2AFA498503D96838F4FAECE0D5F0CCAD1A803433D3610942399036D8834EB7EF62251777CAD400944123ADFB897A2B8A6665D18662368364C5511282F95046D46F0124A4A792AAF3510B18CE67B35D0181126724F488C4800003790F1B41C55CAE98A3276562416DBAB78F79A66CAB0091B9D7035BF5A6C12F282C5DA933DD630F90C50CCBEA5DE83C5B33EF5C174FA8820E33489357241299EE7E7A96D4B905EAB15C2A75DB7A77D7D0F832BD0184C677814DD403DD8660B97FE162EB16223C23DC0A930CD8611ECF584E466569247D34D468BD8F13F7D3CA1F47249C9902EDF4E8A2512A163BD5D333B835403398C6454875D59EE6E253CD4FE1B67B4B853B50D5A57C7C45C49A206757F5EB7B1B9F901B0751290B3FD5FCEDE318F6DB5315E045B5DAE250056BE04A0F7B78F707062610AF25C8F28A735F6D4D4EF2783688B6BD3582FB2A0844393610DF5CBE84F796C2BF4AEDB3CC20DCFD3249D4FFE98751440698AA58373C101ADDF0B78DCF7FCFD2E9B36D8CAED3259A541476C1C612ADA29AEA723A4C3EAB6478F58F436098E4EB106C5DD36CA0285EC4B2DC00663EAAEF8487F253A15A065DD3B233FD8232605FD579C0C9EF717B7B762BCC7303E4D2BBF5737B541077C5F4405E51A52E7EAD15DAD6A76C0167058B4A6C17D479284BB57FC9E7D2A3ACBE5010000000E000000385835324E41646D516B412533640200000000000000
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000DAC7B7F1E8397C4082C8F6E74AF66B7500000000020000000000106600000001000020000000D659ADD3BB2D5DC4115A98FBED2B608B99986C0B5E6FF9BE06D0EE0D3E4A0F0A000000000E8000000002000020000000638691B90DA921E304B2E81DC327488BF5B474E6B0147897459233B4B1092EEB1000000021C2C72FC5BCD8EE58CA93E095C09BA140000000A625C9D1AE4B7B6B64FC9AE515026F7399B9EECB211FB37B13806C32C7FB6BFAE19C655C73A25340CFFFB27B381F172BB81581DECF3CB6247EBF97F528660000
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000DAC7B7F1E8397C4082C8F6E74AF66B7500000000020000000000106600000001000020000000092019C259F5AF33557D40B8817655CDA9A358F602393D7E1DEAB2533B33261B000000000E8000000002000020000000990FA9ABFB0794A117F476F5F847104EFBCD54CDFAF5AE306F0FFC5CEA256003500000005D25D2869C3630C391188E1D3D98243BA81BD81189CBD668E0AB35A56AE026133C78713C3D5B4D6194D426822951BC35B95390FDABB26F8B10DDAF7B2D3524BEBB5ACBA052AC7EC689B63759012A5F2A400000008DA371B3084E0E9CD19024AE33985A93A13E2DE6549DE838D670BCDE731FC329F9ED93A52007BFADAC862929779C3E1A7E47E83D87EFAA7FAEEB3754841AB78C
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0017000E002500A003
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0017000E002500A003
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0017000E002500A003
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0017000E002500A003
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935502
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935452
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
3148
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935452
4016
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
4016
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
4016
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:

Files activity

Executable files
0
Suspicious files
5
Text files
18
Unknown types
2

Dropped files

PID
Process
Filename
Type
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
der
MD5: ace427d9e2e5197da2f600c887dcfcb1
SHA256: 9d985ec5e3675b2c7ded4535f7de2cbe39934d67046e25c3d0466220fafe9651
3148
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
3148
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver78B9.tmp
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 9b5f92be6ade11b18823944f77c5222a
SHA256: dd8eb82db6f34f7c873c74c61a4816665ceb50781b15f8be08f55bb40dc933ba
3148
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3148
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
der
MD5: ac68acf50745357d4ea92b214d9e7132
SHA256: ae3f7fde380d2d90571a61378e52b1bc284b4c4c6a1e099f6f022395ebed6154
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
binary
MD5: 395177839fb0e34203c1df831743b32c
SHA256: 47cef874c377490f3a5ff3e7c4597b1a86d430e8ad97170a28cd0d708ca0970d
3148
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
xml
MD5: cbd0581678fa40f0edcbc7c59e0cad10
SHA256: 159bd4343f344a08f6af3b716b6fa679859c1bd1d7030d26ff5ef0255b86e1d9
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\addr-icon[1].png
image
MD5: 84c1f2d26ae892c556c81159400139e4
SHA256: 98cde2989ecaeaed156594bbb66708eb4d86f776442b5d0c5a086f0b6a0464ce
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\au_id[1].png
image
MD5: d1af72f0b2d426388f6e356cf1c5d1c1
SHA256: cdd7c2e336f17f7637fd20d04c6e6a449bda30720b7fc76a5b3b165086a19c9f
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\mobile-icon[1].png
image
MD5: fa62bd2b3690921f3017ac17ba6845ec
SHA256: d614ea7052bfe738d43bf2619d1ab5f32e066288bb117e58a7b83bd44c5377f1
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\red-icon[1].png
image
MD5: 823825f22c8e441ac3b199a5798fffa3
SHA256: 40f98500d3e6fe501e29cdedbd392a7daea1a1dcd3dec1782a396e9a978dabd8
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\lock-icon[1].png
image
MD5: dc94e905218ff89d230eb163e6217278
SHA256: 641bb741dc93200aef4cc21950d57c566b15e37d01f03f383bb9c7c319b22998
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
3148
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
binary
MD5: 8da99ebbf9ba7db50b342b096ff3835d
SHA256: e66b9bd6aed169f38814317c652a009ea4bfdd1375c3c61aeef9753fa2b7e0ad
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\earth-icon[1].png
image
MD5: 949e3f3d4d81431b3972a3149b5ff9db
SHA256: 75f7f4784200e8eb3756392fe5faef833260158bfb00e9dea13cf53d20088f95
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\people-icon[1].png
image
MD5: 6948effe15e11d2805458196bc520a7e
SHA256: e77d9bb09449755e37a67dceefcdc9f7b134f556b8a706bc1396fe06bbc1fa94
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery-3.4.1.min[1].js
text
MD5: 220afd743d9e9643852e31a135a9f3ae
SHA256: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\clean-icon[1].png
image
MD5: e284187d3162dfa45dc682f0f11beeea
SHA256: 9f79ef84df71abc486696450887ef8b300367c91ca555f8571fd88a683a81446
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\script[1].js
text
MD5: 1e3e21cd57a34282f6927e944326f888
SHA256: 138c838d58437d609b9c9b14c3a9d9038f135064700ad214f375bb0ead6ab559
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main[1].css
text
MD5: 49b652a5714ce984e932e494f545c25c
SHA256: 75f24cf55b411bc47bd575397a225133d6eb7663fa7b01f5cbdc4979c823e7ba
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\k[1].htm
html
MD5: 5dc5a9512572472522310ccaa638b361
SHA256: 686babe6abc5668f50055559d1d9d25d66809ea75de20feaa1ab55ec9253bf75
4016
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\base[1].css
text
MD5: 035bd9f3bd390b91e1450d557198547a
SHA256: 07101499b69a3cd92468bd78d3469c26ea655cda1ca31c72bab07cbac524bfa6

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
17
TCP/UDP connections
20
DNS requests
15
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/k.html CH
html
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/css/base.css CH
text
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/css/main.css CH
text
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/js/jquery-3.4.1.min.js CH
text
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/js/script.js CH
text
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/au_id.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/red-icon.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/clean-icon.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/lock-icon.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/mobile-icon.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/addr-icon.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/people-icon.png CH
image
malicious
4016 iexplore.exe GET 200 179.43.149.56:80 http://glwxifzkis.duckdns.org/images/earth-icon.png CH
image
malicious
3148 iexplore.exe GET 200 2.16.106.171:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aca855439deafb4e unknown
compressed
whitelisted
3148 iexplore.exe GET 200 2.16.106.186:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?88cf28cfdfb622dc unknown
compressed
whitelisted
3148 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D US
der
shared
3148 iexplore.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4016 iexplore.exe 179.43.149.56:80 Private Layer INC CH malicious
4016 iexplore.exe 120.52.95.243:443 China Unicom IP network CN malicious
3148 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3148 iexplore.exe 2.16.106.186:80 Akamai International B.V. –– whitelisted
3148 iexplore.exe 2.16.106.171:80 Akamai International B.V. –– whitelisted
3148 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3148 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
glwxifzkis.duckdns.org 179.43.149.56
malicious
js.users.51.la 120.52.95.243
120.52.95.242
218.12.76.151
218.12.76.150
whitelisted
api.bing.com 13.107.13.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
ctldl.windowsupdate.com 2.16.106.171
2.16.106.186
whitelisted
ocsp.digicert.com 93.184.220.29
shared
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted

Threats

PID Process Class Message
–– –– Misc activity ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Debug output strings

No debug info.