General Info

File name

arti(1).exe

Full analysis
https://app.any.run/tasks/c3ed8204-2a4a-43bd-a2e3-596f74e1a559
Verdict
Malicious activity
Analysis date
5/15/2019, 11:38:06
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

banload

autoit

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
MD5

9aa9d3e853bfbde53577bc17b9c09ba0

SHA1

900f3f73045e1264f1f63a77969c7a24b615feff

SHA256

af7727ff23d92078eae412d228aeb7dca45e776f673383ab5ced9a44b0f92b43

SSDEEP

3072:BzW+DiC9iLo+GnH35GWp1icKAArDZz4N9GhbkrNEkB4naLx:cKwLo7Np0yN90QE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • dTdaPA_39142.exe (PID: 2956)
Application was dropped or rewritten from another process
  • dTdaPA_39142.exe (PID: 2956)
BANLOAD was detected
  • cscript.exe (PID: 324)
Drop AutoIt3 executable file
  • cscript.exe (PID: 324)
Starts CMD.EXE for commands execution
  • cscript.exe (PID: 324)
Creates files in the program directory
  • cscript.exe (PID: 324)
Executable content was dropped or overwritten
  • cscript.exe (PID: 324)
Connects to server without host name
  • cscript.exe (PID: 324)
Executes scripts
  • arti(1).exe (PID: 3060)
Reads settings of System Certificates
  • iexplore.exe (PID: 3832)
Creates files in the user directory
  • iexplore.exe (PID: 3072)
  • iexplore.exe (PID: 3832)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 4032)
  • iexplore.exe (PID: 2392)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3832)
  • iexplore.exe (PID: 4012)
  • iexplore.exe (PID: 2392)
Reads internet explorer settings
  • iexplore.exe (PID: 3832)
  • iexplore.exe (PID: 2392)
Changes internet zones settings
  • iexplore.exe (PID: 3072)
  • iexplore.exe (PID: 4012)
Application launched itself
  • iexplore.exe (PID: 4012)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:07:14 01:42:43+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
44032
InitializedDataSize:
120832
UninitializedDataSize:
null
EntryPoint:
0x6af8
OSVersion:
6.1
ImageVersion:
6.1
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
8.0.7600.16385
ProductVersionNumber:
8.0.7600.16385
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Microsoft Corporation
FileDescription:
Win32 Cabinet Self-Extractor
FileVersion:
8.00.7600.16385 (win7_rtm.090713-1255)
InternalName:
Wextract
LegalCopyright:
© Microsoft Corporation. All rights reserved.
OriginalFileName:
WEXTRACT.EXE
ProductName:
Windows® Internet Explorer
ProductVersion:
8.00.7600.16385
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
13-Jul-2009 23:42:43
Detected languages
English - United States
Spanish - Spain (International sort)
Debug artifacts
wextract.pdb
CompanyName:
Microsoft Corporation
FileDescription:
Archivo autoextractor de archivos CAB de Win32
FileVersion:
8.00.7600.16385 (win7_rtm.090713-1255)
InternalName:
Wextract
LegalCopyright:
© Microsoft Corporation. Reservados todos los derechos.
OriginalFilename:
WEXTRACT.EXE .MUI
ProductName:
Windows® Internet Explorer
ProductVersion:
8.00.7600.16385
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
13-Jul-2009 23:42:43
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000AAE4 0x0000AC00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.54415
.data 0x0000C000 0x0000225C 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.59775
.rsrc 0x0000F000 0x0001D000 0x0001C400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.94881
.reloc 0x0002C000 0x00000D98 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 4.8066
Resources
1

2

3

4

5

6

7

8

9

10

11

12

13

63

76

77

80

83

85

2001

2002

2003

2004

2005

2006

3000

3001

ADMQCMD

CABINET

EXTRACTOPT

FILESIZES

FINISHMSG

LICENSE

PACKINSTSPACE

POSTRUNPROGRAM

REBOOT

RUNPROGRAM

SHOWWINDOW

TITLE

UPROMPT

USRQCMD

Imports
    ADVAPI32.dll

    KERNEL32.dll

    GDI32.dll

    USER32.dll

    msvcrt.dll

    COMCTL32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
47
Monitored processes
9
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start arti(1).exe no specs #BANLOAD cscript.exe iexplore.exe iexplore.exe cmd.exe no specs dtdapa_39142.exe no specs iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3060
CMD
"C:\Users\admin\AppData\Local\Temp\arti(1).exe"
Path
C:\Users\admin\AppData\Local\Temp\arti(1).exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Win32 Cabinet Self-Extractor
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\appdata\local\temp\arti(1).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\cscript.exe

PID
324
CMD
c:\windows\system32\cscript.exe "IGNITION.vbs"
Path
c:\windows\system32\cscript.exe
Indicators
Parent process
arti(1).exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Console Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\cscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\program files\common files\system\ado\msado15.dll
c:\windows\system32\msdart.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dui70.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll

PID
4012
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
2392
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4012 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll

PID
2364
CMD
"C:\Windows\system32\cmd.exe" /c start C:\ProgramData\TiZ_107\dTdaPA_39142.exe C:\ProgramData\TiZ_107\etuynyZ_814347 C:\ProgramData\TiZ_107\fmTnFdgO_3267264
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cscript.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\programdata\tiz_107\dtdapa_39142.exe

PID
2956
CMD
C:\ProgramData\TiZ_107\dTdaPA_39142.exe C:\ProgramData\TiZ_107\etuynyZ_814347 C:\ProgramData\TiZ_107\fmTnFdgO_3267264
Path
C:\ProgramData\TiZ_107\dTdaPA_39142.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AutoIt Team
Description
AutoIt v3 Script
Version
3, 3, 14, 2
Modules
Image
c:\programdata\tiz_107\dtdapa_39142.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\programdata\tiz_107\fmtnfdgo_3267264.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wtsapi32.dll

PID
3072
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mssprxy.dll

PID
3832
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3072 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\credssp.dll
c:\windows\system32\feclient.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
4032
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
986
Read events
823
Write events
161
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASAPI32
EnableFileTracing
0
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASAPI32
EnableConsoleTracing
0
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASAPI32
FileTracingMask
4294901760
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASAPI32
ConsoleTracingMask
4294901760
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASAPI32
MaxFileSize
1048576
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASAPI32
FileDirectory
%windir%\tracing
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASMANCS
EnableFileTracing
0
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASMANCS
EnableConsoleTracing
0
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASMANCS
FileTracingMask
4294901760
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASMANCS
ConsoleTracingMask
4294901760
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASMANCS
MaxFileSize
1048576
324
cscript.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cscript_RASMANCS
FileDirectory
%windir%\tracing
324
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
324
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006F000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
324
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
324
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
324
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F00090026003800380000000000
4012
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041120190412
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{3494ED95-76F5-11E9-B3B3-5254004A04AF}
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F000900260022002C02
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F000900260022002C02
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F00090026002200A902
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
19
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F00090026002200C802
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
90
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000900260022002603
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
48
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
CAF69FF7010BD501
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
4012
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2392
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CachePrefix
:2019051520190516:
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheLimit
8192
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheOptions
11
2392
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019051520190516
CacheRepair
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000070000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{922DFEC9-76F5-11E9-B3B3-5254004A04AF}
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F00090029000B003C02
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F00090029000B003C02
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F00090029000B00C802
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
17
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F00090029000B00E702
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
76
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F00090029000B000703
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
39
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://www.colmena.cl/
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
pikabu.ru
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
corriere.it
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
andhrajyothy.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
aol.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
epochtimes.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
nicovideo.jp
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
mozilla.org
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
intuit.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
vjav.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
enet.com.cn
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
go.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
google.com.ly
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307050003000F00090029001F001602
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307050003000F000900290022000103
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
A220C562020BD501
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://www.bbva.cl/
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://www.colmena.cl/
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
pikabu.ru
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
corriere.it
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
andhrajyothy.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
aol.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
epochtimes.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
nicovideo.jp
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
mozilla.org
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
intuit.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
vjav.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
enet.com.cn
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
go.com
3072
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
google.com.ly
3832
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
2
Suspicious files
2
Text files
107
Unknown types
38

Dropped files

PID
Process
Filename
Type
324
cscript.exe
C:\ProgramData\TiZ_107\dTdaPA_39142.exe
executable
MD5: b06e67f9767e5023892d9698703ad098
SHA256: 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb
324
cscript.exe
C:\ProgramData\TiZ_107\fmTnFdgO_3267264.dll
executable
MD5: 1bb6db366f5e5a24accaf34a38ca3be7
SHA256: 55dff0e0f26b1b4cbc99d16892084cde560ea590ddf107dab5145b6cf50d9606
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\default+es[1].css
text
MD5: 037b53a0640623703333a0a976484777
SHA256: a295bcfa91664e0dfac547516febc524302c24be2ddb9cf90ceda80b1e8f19aa
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
3072
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: 1d089af59f1cf47a4b7770da80386a06
SHA256: a053872a3caefe85165dbf22e88247db01dfb4849da17cf954611044fd8d7b7d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\ajax-loader[1].gif
image
MD5: c5cd7f5300576ab4c88202b42f6ded62
SHA256: e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\ico-triangle[1].svg
image
MD5: 6680dcdf76432c174e5c0092f2f06c4f
SHA256: b109bde35f6e5c1c5545d65a2ff3497a1c29e9170428ab603917da4d9cac59c2
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\wp-emoji-release.min[1].js
text
MD5: af2f44df3198cfda9fd515873696ad00
SHA256: dba6b80aceb1267fd1ed564e08a983730d272813e9b3aff85dc365c65333dd66
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\wp-embed.min[1].js
text
MD5: 5a03f97cc479b9f5d7efdaccec31bc17
SHA256: dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\media-audiovideo.min[1].js
text
MD5: f093100d539f03b5d1d31f1e74029b44
SHA256: 1a8cb2c729245d04a5efc2e19d89e0081f9578ea6f6033c5b8750da22136a0e3
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\media-editor.min[1].js
text
MD5: 79cf51bae2593b7ac27b73789e43646d
SHA256: 92f9298b1be8c1f1a67bdd7da6ce3d0b2cd79dbb5539b823050e07f16a33e777
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\media-views.min[1].js
text
MD5: ee966b410333d2346a3c39416a7fc3c4
SHA256: fd08f9602eff38f5c65301a84afb5a314b872d91c5f202a410c2a5f9f13db1a9
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\wp-mediaelement.min[1].js
text
MD5: 7f5a63461a4870dcff29bcf63b6c9910
SHA256: d19a2e98b2e5983e58ff6e5e86f38d5f2580643adcadcae45e98462bb10c12c2
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\mediaelement-and-player.min[1].js
html
MD5: 8970e6e672a1d312c8d8ef471ffb7d5f
SHA256: 8b3c48ab6cfd3833e80cd18e8eee56e5d8fcbcaf48c48d00dc6969278c269ed7
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\sortable.min[1].js
html
MD5: 2896e90cc17e9abc160ed96bb86b07e3
SHA256: 9023e3275b6d897b202ddb9848872a661fea055c96c2973a02e1cf5e39f04afd
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\mouse.min[1].js
text
MD5: 82835a8960ddd73020389dbfa45c39a0
SHA256: 88b0379349a4dda6ebcc43c5bd12084d230c6105a6fd3c2f651c4e771b3eabef
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\widget.min[1].js
text
MD5: 8cf7f36bbd79bc0664b6113f7a7837fe
SHA256: 38a448e9e03a9f64e7611b19af4bb8ec97fde2c708dc57ebbc7701be7ae3af08
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\core.min[1].js
text
MD5: 9ce4e157448487d4efe0ca538f656a71
SHA256: 936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\wp-plupload.min[1].js
text
MD5: 7c74a0f866c5dfd1dc9a45474651f6ef
SHA256: 715375661b530b0ab1237deae4c7aac37f90420bab6a99567d21deb4ef7e2061
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\media-models.min[1].js
text
MD5: eed9813bad592d4287be0eb0ebb68497
SHA256: 5982fa44cd2130e820f7c62a76fa3fa4a068ffbdd36045d25714ced53e9ba282
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BANNER-1920x360[1].jpg
image
MD5: a19300a9a898550e81be4577f2981682
SHA256: e26dbd054a725bbd88135a2e89420668f26bd76385d330d0c40a48d5f5cdc567
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\backbone.min[1].js
text
MD5: 9263ddbe52f85e7be13301ac26889c8e
SHA256: 3616edd841ffb4c1937a207c787d0d8048e93b4c34a339bed9b9d4f0a1e226a3
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\wp-backbone.min[1].js
text
MD5: b978d3c20a25ca1d36c1688c298c8239
SHA256: 80f876964fe482dada20247c9a22b84b0c92fad2d046c144f1f2996f3724e5fd
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\wp-util.min[1].js
text
MD5: 83118aa939b5832dd4e1cad8b186012c
SHA256: 080cf3de5031b9caac353875e8969fd80a548c9f39fdf4627a8c65abddad8b04
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\adriatico-1920x360[1].jpg
image
MD5: 02465c054281c6e862fd75302de7668a
SHA256: 48f8eea94337a008c9a6aca27879de5478a251df9a0ad66cedefca991ac54cc2
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\beneficio-adicional-dental[1].jpg
image
MD5: 4b95d851ba616ca4b211e1bb635741e1
SHA256: 2ddb6b8eaa38371cb31bf71b2fcc986a9afdef7270206c8106522ad161e5ab7d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\underscore.min[1].js
text
MD5: 6a3a434a1360cc744341e97de9177bc6
SHA256: 4f5b2528815d8b1cd9b68b1a4bb1fe689696f8dcbc2c4a5104343b886ee68828
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\shortcode.min[1].js
text
MD5: b342d56a90b09adfad6d95a4717c0b24
SHA256: 12e7950593cc15ef1e99e82e17867aad3ca2c999edc944053226ffb7d800f683
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\SIS[1].jpg
image
MD5: 873c2383835a306a1bc9319a6ee1c550
SHA256: 590ae0135ba866131fcf55405284f825ce2635388e5b351a6eb76a86b534de3e
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\1366x600-1[1].jpg
image
MD5: de7e7eb39b2ab11292540018da58421e
SHA256: 50e03d27077f0697910e800e8eaf175ad2932c268190684e29f436a34f41cd96
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\Logo-CS[1].png
image
MD5: 8626718e84268107a2b778c542b8ebee
SHA256: efdf8222cd3fcf7db9b3a034974d364dc8e718d21012a5abced281e90a4d51e5
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\search[1].svg
image
MD5: b77ae8e7dadebc8cf7256e658f0cc79a
SHA256: e29e106999c8c42821188fc4172cc56f86653ef3aa9d6488d3956acc7ccee8b7
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\Logo-Medicien[1].png
image
MD5: ab94932bad7015285e19087c830e2703
SHA256: 8fe18befc49069e2a0f861b4b6c22f1dd67f7fa647ecf48b48361f6177e032f1
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\jose6[1].jpg
image
MD5: 16983074238e69901954c1012314cd7f
SHA256: c081752897f6f5e0740d7c8a2fa665ec230b66e62e55d97c77e435bc411a351d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 10e1d6913bb5c27d6bc9121801cf3a0f
SHA256: 75f0359c155fc3bfa383cd8057878c35f920732310f982bd6bfe43023d52796d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\Revista[1].jpg
image
MD5: 9e40f83a8e34713029b47bdcb408277e
SHA256: c89c986e331b4f8f2c2ebea1f61fdbfc4a854c5ba6700b50fb909d2af8f44f39
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\340x240_Niña_Mama_computador[1].jpg
image
MD5: 494b844baff437be6a412d60fd0dedcc
SHA256: e87c58d2e4e8a0573ee380fe6ca7768c8029a2f3b552923d543a05401f2848cb
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\clinica-lascondes[1].png
image
MD5: db0e48fc31f41a7826257ae3de64d853
SHA256: 746c8d04227e9f35dc57cdced4bb55eaa135369fcea68462a0a0750ea497ecfd
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\Logos-Clinicas-01[1].png
image
MD5: 509fac679ecce9be7b148128532a8b3c
SHA256: 9c96b5d7ae2ecf237d78f4b4fb3ad2afa6e6f8887c8c8d794cac39280911c149
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\Logos-Clinicas-07[1].png
image
MD5: d2f042ec056592c212323fe45f0bc6d0
SHA256: 0cb7e88d7cda33ef200fc7de13ac239e771b9d9804e312912b65900ccce7c8f9
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\clinica-uc-christus[1].png
image
MD5: 74ffe1febb3bab05eb42d3941daa5553
SHA256: f85cd3a7b63b849ecc7b49ebe06f2b3656ab1eb42bd95eee49bfee35f0f29170
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\Logos-Clinicas-02[1].png
image
MD5: 27c482153f5ceb3196be30592bee8faa
SHA256: eb21451d311d72aab4b1f455cb8da9e58b4a019ca9c3256d570c42ba138f9547
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\img-landing-mobike[1].jpg
image
MD5: bc6b11654ba4a32b1ba7e72f84f234a7
SHA256: 6e158258b202adbefc3fec9317dce102b70a1669724c113fb471bea09ce5b6aa
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\logo-mobike-lt[1].png
image
MD5: 33bd56d346df026260bafa134a5fb01c
SHA256: 0808508dc89a9a34b22b53fe266e2ab239cddeb80b16d4286c362f2a02eda6df
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\icon-Latam[1].png
image
MD5: e3cca481fc36e3757f5d7e69065d750b
SHA256: 82d22a955867e6c2db62ca1a8f6f3e901b43375d3cb096e500945ef6d9ad257f
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\banner_alco-05[1].jpg
image
MD5: 2395cb94cc7b1abf856520b1287705b4
SHA256: 98196608ccd7cb109b167c1d6d7a5123944396eb4a3a9b60435e570176769a7e
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\Alianza_LATAM[1].jpg
image
MD5: 99e858726fa4a0092196bdbdaba0582c
SHA256: 684f7a292e6f49adb91dec836f6f2290ca4558c85e8e1505d1b0d5a64af34137
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\Salcobrand[1].jpg
image
MD5: ae9d6f266f994e28c23df6107adae39f
SHA256: 66c1bb97e53380e47c44c1fbe9ec2fe2fc637136c614f6dfe1f1fac9d44f91d9
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\Salcobrand-alianza[1].png
image
MD5: a566c8d1d057208af0593ad87c26b79a
SHA256: a6c965cbfe6c93489c5731d464067ccf5d9a371e06c6a79efef97fa619c00708
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\logo-C[1].png
image
MD5: 8876930d33462bb5cb8dcf7bc02b76c3
SHA256: d259d39d1cc1b60836f0ad07a6b7f198b3efeb4dd418bf20cc2f972689910575
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\dashicons[1].eot
eot
MD5: 30e410c715c6215fa7faa1c979b6480c
SHA256: a55660c37af5bbcc8c6c485c032e3d74d876946607e6c20148e3d3d5f37043b8
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-MediumItalic_1[1].eot
eot
MD5: 2d1e784d78843f2dbf8597096504d351
SHA256: 1a8863599434805e025a6131b2675494ac8b2330ed2cd76aef4b4813391d5930
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-LightItalic[1].eot
eot
MD5: b63ec7d650247c8f512fa7058506462a
SHA256: 5d3b36c07f2a96fbde4b3efca14f914c26729df8df9546b7c2050b2cd0c7f7bc
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-Medium_1[1].eot
eot
MD5: 6da0a3de8b775f9ffe2fbf9cdcf85aa8
SHA256: 1e6e6fa614d3d6b871becf0aecca8f4ecca193e10eedc2b2e2fc0e8db66383af
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\f[2].txt
text
MD5: 556dcc9cb513d5686dca5b0568598615
SHA256: 12c7e7fbf433085818303276e4be7ce85b01727f2c7e4502a1dcd3c194402b1f
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 74938ff39aee64a69b4b8f0fdc4704bc
SHA256: 112425788ab8b33a9385a9ffaac3115f8107d1127e92155727fe20bcad249284
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-HeavyItalic_1[1].eot
eot
MD5: db02bc7fff1f2c43ff605b65e411496e
SHA256: 9f15bbc74d72da8cf69bca0cf70fdded6289225ddd7519ae370e454e5e756d70
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-Heavy_1[1].eot
eot
MD5: 6e9bcaf4259f6487f19f0ae05d7f0109
SHA256: d987da01f89eac3843b8a084b466ee5ae4877dbeeb80a2b8f9a4024b5a368f45
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-Italic_1[1].eot
eot
MD5: b3459cfd2120b3bea0a638e1e2f1717d
SHA256: 95913a81e53a457b7fdd5ee58ab28b184c30561938fea1d5a28db7dca5ad650c
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 75c5908b6ceb85c00a9fb9104d068795
SHA256: 324b1101a27aeca4fadbfc90115deec6f5ed9bae19f930a07845f536100769e7
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 634664bc128ea7376de2f452b4542439
SHA256: a9ab6bcea26f3cc6dfe68f0a5b4b97a905cf8f026b6dd22c8961413410ba6cde
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\BlissPro-ExtraBoldItalic_1[1].eot
eot
MD5: 0bd56408a79915f817086fc12672393a
SHA256: 9195dedbe9f5a1602f5eafe7a7026224c3722ac2ada4cdabfd65c0432d389e95
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\BlissPro-ExtraBold_1[1].eot
eot
MD5: c2caa664b970ad6f5f0c002667774c96
SHA256: 00ce5c6803630ef73bf46ae6272b546dc1ee510f6b4a89b80fe2ea4a421b14af
4032
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\BlissPro-ExtraLightItalic[1].eot
eot
MD5: 7cad8921ee10a16b3f210b2aa727f95e
SHA256: 289072c68337855455566e5d2509af1b10f34a94ecd42849af6a91fc35628f51
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro[1].eot
eot
MD5: c336848de1431b96692e0e9b31bd1b9a
SHA256: b7e64be3b582ef33e5f1401d29d3d55077cad94c7cb390f81e5f45da29694a1d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-ExtraLight[1].eot
eot
MD5: 948f46a1d3fefa06ed8b05e9ac5c7cc8
SHA256: 8275dd444c39b01150d66845aa896652802d3cacd6c5f888b0b38f10d23ee8fa
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-BoldItalic[1].eot
eot
MD5: ebe07a112d96f75480680314b91cc19a
SHA256: 354afa83812771584da965073cd75046b8ee7b2fec5527e55cf93d4c1448be26
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BlissPro-Bold[1].eot
eot
MD5: d214aa2cd11deba17cd0dcf060fe348d
SHA256: a6cb1f4857c1a55c6c3cffb4940cdeb8359877b420cafeed2ea61999ef9afcf5
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BlissPro-ExtraLight_1[1].eot
eot
MD5: cf954305b3b43faaa99c3a1be1c7b499
SHA256: 1649d3ebebe69692c36b7a35bdf2ba47c5cccaa443facf4165d4e86118e68dad
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BlissPro-Regular[1].eot
eot
MD5: e400df4a23f8febe125701e032423cd4
SHA256: d55edffea88df001880f9df431a9bea822f777ccd97e8965b928cb8620152eb7
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: d0be259125923e40cdbebf1020d1a579
SHA256: 8131e6b867607781aa8b5d53ec431059b3e89f44a44a3f2fb7c06374fc2ed30a
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\default[1].css
text
MD5: f1bfd0ebc79cf3933227239a2a52b68c
SHA256: 8c5519ff6e93dfefc21c8b9c586ceef2060b2161e6be946d5b704341456ef053
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\cse_element__es[1].js
text
MD5: 8d58fc4779358755440a3163ca3d5802
SHA256: 1b178de13c00831b9fd9299027bea11a11ea185f395394babaedd6291e3e5650
3060
arti(1).exe
C:\Users\admin\AppData\Local\Temp\IXP000.TMP\IGNITION.vbs
text
MD5: ee871d009c86c742632692a33db76801
SHA256: c5b787882e5721749bf386442e33008fbee117e612e6c200094e3e818eabc7b4
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-ExtraLightItalic_1[1].eot
eot
MD5: 7d1f3882864874225bfbceea4da5b50d
SHA256: f9cfbbb6d99201e91dfc2dcf9984e045b2faef09034ca54332a3e965ffc6b084
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-MediumItalic[1].eot
eot
MD5: f3f778b39e1743621c57b8e17798718b
SHA256: ba6071db53fd9a1b2d0497262484af70808bc403d2b4e59bae88c1b0e220a323
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-BoldItalic_1[1].eot
eot
MD5: 5a0c17024de536f127e02021e4dd21b4
SHA256: 5d025d52bdd128a1bfaa5d9c41df14ccd1b2526b7a363e2db11f374c8338e22e
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\analytics[1].js
text
MD5: 415daebee6888069f0c30e43134edf98
SHA256: 7dff09578729615fcd15c840a32c9f82a33fe2331a851e4ac40be03cb111b3f0
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\f[1].txt
text
MD5: a908ee1a7ffc2b8a7e814a4808725937
SHA256: d1014dd86ebf5e5b98a0fdee2ff1a8cb6c30c2a4c2bfd3bc15b0aaa3a8dd93c2
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 01bfe521cbe224d992cfe6e1d15db404
SHA256: b2258a1ff87be891b1c48c57583faae88495bb520a5fa56f8995511e3dba1916
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\f[1].txt
text
MD5: 433d9f3b15500b55647da4214a214f83
SHA256: 7fc28b4adea731420544f28c93c1d5fdd99af134ddcb378daa7214fcb8f2ccd2
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: db83bacd9b21ac6bcc92820c03c2f1fe
SHA256: 2474b4be3362a5c1d3056db483f12acfb78e94aaca63af73d7cd42abba414afb
3832
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-Heavy[1].eot
eot
MD5: 2135bf4c407d42dd0c03c8f724230428
SHA256: 7f56b005699cd716daf24fccc03037f5cec5b8da720753ee36417408482c74ec
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-ExtraBold[1].eot
eot
MD5: 029f1c8275502bd13b833bb660966036
SHA256: 7fc24128b3b2f93db9183243c754523103ab0be01b094b0504f2cda65732ca27
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\BlissPro-ExtraBoldItalic[1].eot
eot
MD5: 92f38a1162e3dedb5901213a3f8cee3a
SHA256: c935dfe4906f4aba9be5ef2a6cebdc08e54efdc12012f4a4603b289d0aa34a40
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\QUICKBRUSH[1].ttf
ttf
MD5: 826a70da868b30b9a5ab2c10c63d33b5
SHA256: 2b3c3189010dff195db53fc27a8ac6d54667363e69e57a4f0eddf1fb731604f7
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-Bold_1[1].eot
eot
MD5: 10dc6ce0e9e2ec22baace461d7cfc86a
SHA256: 1adddb951774c50a927f64ad158264fce9541ba315d0bd1b9d47a810eb8c861a
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\gtm[1].js
text
MD5: 17f0fb6f9ae24fbb0fc3ecc9a0b1f1d9
SHA256: 2318c18789e389f5955291e8a41e14d400d83eef3f24207cbba230bc96308a8d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BlissPro-HeavyItalic[1].eot
eot
MD5: 4590d478002f44e2304df160045ff250
SHA256: baf3c99dded3415297bf5aacb5a18187a5115b096ff8b691bfaeb276f082fbdb
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 799ca9f425318daa54b4ba15a0586d84
SHA256: 33626732b915b03a89099ca9be41cfa8c05bd7b22445ca1f631d143333a3e49d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\BlissPro-Light[1].eot
eot
MD5: b020adc8a5326315a4d94fabf1bcd6e9
SHA256: 31ee0b7f3697db93f97f65c062efd93b561bb781687b7ffbd58fa571b08e0c66
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BlissPro-Italic[1].eot
eot
MD5: e2fe25162aedc15fea40b1815c246b4b
SHA256: 87753df7f9ff8efdce8f19039eec67603a7f77460f6566fb3e588b4e5d4c9ec1
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\screen[1].css
text
MD5: fcb3c6134482ae0fd673bfc7cacbb655
SHA256: ba4a7a25aa3766aab7ea8fb49d54ea1403a9755ab8622e605371db17bbabd82b
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\BlissPro-Medium[1].eot
eot
MD5: 2f9480d7fe5115bc4e135871f53dd125
SHA256: 667615883f42d571353375a55e43b2ce740f98642bfd42f52ea6ca43a25be0ea
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\jquery.validate.min[1].js
text
MD5: 93c1dd8416ac2af1850652d5b620a142
SHA256: 17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\flexslider[1].css
text
MD5: ba1a2e609abee1bec48dcd2fc79d7937
SHA256: 56af96774d9aab9d13064dac2436186bf70202f79667c5a2553e4c7d25901d4d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\gtm4wp-form-move-tracker[1].js
text
MD5: 2e161da287b862f84ed59d9b047fc935
SHA256: 8dd114fb41f33e4df5fe23fc2426ddfa90cdb474e580cb8082f4696199666548
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\plupload.full.min[1].js
text
MD5: 4a431fb4049b24566d27c12e2793d818
SHA256: b5395c833ff802b735ee54aa7ee540bfcd4256a5d1dc83368ba255a590665b93
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\jquery-migrate.min[1].js
text
MD5: 7121994eec5320fbe6586463bf9651c2
SHA256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\jquery[1].js
text
MD5: 8610f03fe77640dee8c4cc924e060f12
SHA256: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\utils.min[1].js
text
MD5: f6e3d57217de41fa3243331155452bb1
SHA256: 495d49f07b057accfc31cf17da1f92f7e0518644461d83befe544e6b6b55e36b
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\imgareaselect[1].css
text
MD5: 7d28cad92829b3d633a087b5f3b595af
SHA256: 55a36298517619f755ac3c59b3c37cde07d3c2ce66526bf42df296bda945838c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\media-views.min[1].css
text
MD5: c2dc6122ad5ada23efd6dbb63cf4c3d7
SHA256: e895496083bd68a0f49798b5d34d23c6af963339cc8715c4b920c0870f26aad0
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\dashicons.min[1].css
text
MD5: cf3c0e8f26fe2025a0f22138ffe30d53
SHA256: 5c68cf1f0dca577bf260a647a1e73410fae9b838e3da448412df4b142e4fc123
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\wp-mediaelement.min[1].css
text
MD5: eb76120347829c4ba3576665b2d871f0
SHA256: ca13f426169fe561d958026c661b3b2073abef78f13eedb9bdeae06b1ea7c5c0
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\mediaelementplayer.min[1].css
text
MD5: 0687e33e84a860c33a3a885193a6d937
SHA256: 7156a45560d38af7612077fe4d4a94881028480c6572e5d2b433bc2756e89f11
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\buttons.min[1].css
text
MD5: 789fe5df985c5f6d1944edc86e54f55b
SHA256: 6756d0e5578fc88c33ae0860aa600ae15ac44643507ea23fca203af8d78f73bc
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\html5[1].js
html
MD5: 45a6734a5b5708eb13b82fb9ce4a4c69
SHA256: 883ae0b27d827ffc7b369518eeee704325a2be3c831923e1c6cf7db4e95b595c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\jquery.scrolltabs[1].js
text
MD5: 5fa8f41cc70dbb9257da1a1547138f2c
SHA256: ce3dcc0ab686cbab9444e604110cb332bb86027963840f7f8386e3fa49ae38c1
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\menu-M[1].js
text
MD5: 7787edcc64a17577ad2238eec30d34a0
SHA256: b9af8b1bc2190ea2b0adb42fd4bc0ee42fc32ad13b4e95a0e032d447b083fd12
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\slick.min[1].js
text
MD5: 777da4aaf5b960636dec0fd4e50ba489
SHA256: e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\wow[1].js
text
MD5: a38f77d6798f9193882892094d3c98e7
SHA256: d80a2fbefaf0bbe9d544b0c28225aa8f6ffd34919f42d9fe16d4a48c848c512d
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\jquery.flexslider[1].js
text
MD5: 0d7f53dc1444c70facb02afd473f741f
SHA256: a7eabb74d64c5c51e72fd42e6890cf5d9f3b0b53a3295fa0b9ce5ec98504501c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\jquery.min[1].js
text
MD5: e39d7f174407886a84c437f14182e57a
SHA256: c1bcc5f2066e4476e6dbab0b5a9b9700b86f4d6ebeb2900d73ee97e53753d4f9
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: bf8be087873a6a742e84236e4faf2bf3
SHA256: 14547968316130e59138943a4839fc788c27d9a743ee9cc076f084320276878e
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\ionicons[1].css
text
MD5: 40d22f34a221b6676b7c036f1b217c21
SHA256: e81d8122d9ef1dbbd885542311cf387d352aa20d1eb14c48aad9124102910cd0
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\slick-theme[1].css
text
MD5: bb4dfbdde8f2a8d4018c1f0293a03483
SHA256: 597978bca0f97e5bb3f70452c24f8a0c93db7f7229433c2a54706b85cdd39aa6
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\functions[1].js
text
MD5: 8844e6c4baf9af897d40aef15498ff3b
SHA256: 4351d508cb7e13375d0efd59ec64bfed99127f773d79309181b23c4e3f2dd2a0
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\animate[1].css
text
MD5: 1c7ad0a97d2dc2da70b8d855ae946cae
SHA256: cb09ab0572c6a6549a782e2843218c00285cb737ae50fe29a5061ca96aff0234
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\slick[1].css
text
MD5: b06073c5a23326dcc332b78d42c7290c
SHA256: f0b722c48c52082cd77261574e22a5251fe37ea4b291b1441134145bab9b2063
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\fonts[1].css
text
MD5: 2b28c798b92fec797467498c0ccb6903
SHA256: 14035059d6c0539288e97891d65d8050204b9c19dc8d55b169777b28c0c3c12c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\colmena_cl[1].txt
––
MD5:  ––
SHA256:  ––
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\colmena_cl[1].htm
html
MD5: a5db944512cfeb188d0bf04fb95fb197
SHA256: b509d65466c15dca6f966dbd6b3a84111bea92ae9fac0230c5f2dfdf6797fc6b
3072
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 6efe98d13827b738e2d9ccc3a5f3d6a6
SHA256: 0f4774dd78fc3dd7f8aeac9e6ed8edc5e5eacc03459489dbef205870d5df3013
3072
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3072
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3072
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
324
cscript.exe
C:\ProgramData\colary.txt
text
MD5: b97665f7aceb6552522d37d3d87ffbbd
SHA256: 2a1e1d0609b4da660931ee6998cf292741424af821d6282af466cbbc3bfe4057
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 9a21776e0a2e14ca17a7e47ed13fe06a
SHA256: d28d62f04d5975ef4a4c62c59a5a6d4cc2692c904fb500656dc392efe39ee11b
324
cscript.exe
\Device\HarddiskVolume2\ProgramData\TiZ_107\etuynyZ_814347
––
MD5:  ––
SHA256:  ––
324
cscript.exe
C:\ProgramData\TiZ_107\K4E1BPWXN0L7YKVKAP3VY3SXGBNOGWG4AQL
––
MD5:  ––
SHA256:  ––
324
cscript.exe
C:\ProgramData\TiZ_107\IMG8PC6O4JQ3Y8Q67T0QMOMKKKRPRMALMDGCLH3
––
MD5:  ––
SHA256:  ––
324
cscript.exe
C:\ProgramData\TiZ_107\G6N94R1UFO703FK9VXJ2UHY0479WJO
––
MD5:  ––
SHA256:  ––
324
cscript.exe
C:\ProgramData\aashkf45kfm.zip
compressed
MD5: b297072e30902ad613a670951c43d04c
SHA256: ecb31535f144bbfff7bef6c9cdff2f9813c6a7b2196ef2756bae2899a7d01695
324
cscript.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\KLAUTOIT[1].zip
compressed
MD5: b297072e30902ad613a670951c43d04c
SHA256: ecb31535f144bbfff7bef6c9cdff2f9813c6a7b2196ef2756bae2899a7d01695
4012
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: de59c23c8d25008a9bd21ee6fc56a5b2
SHA256: 7e3c9421d4987400042e2fcb6568bfbeeb1615efc0577963817e252e74f6b6a4
324
cscript.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\iqXXCFVvD9a5J7H76KKFB8EDD00M86L989603G[1].txt
––
MD5:  ––
SHA256:  ––
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516\index.dat
dat
MD5: 44d24881e8208c138462733d78d0f29f
SHA256: 1e5efd139c9fc9946febe59ba954200dacabc0b69e3acca6473dceaae5aac82e
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 1b13a311118b60faa5461f42f3af748b
SHA256: 55103a0e0728a7a24678bc2352ce861df8cbe8275abc1bf571ab2660dc59d9ac
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\index[1].htm
––
MD5:  ––
SHA256:  ––
4012
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
4012
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
4012
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
4012
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 4e076972f4c7fef3f846ceb4325a77f1
SHA256: 488c110cfed56eacd3bf11564a8eab17ab53177fcbb4abf2b5c2f9ab133e0bb4
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A90G3EGW\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39GX99W7\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUM9LVT2\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2392
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGX7P3PS\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
115
TCP/UDP connections
35
DNS requests
17
Threats
5

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4012 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2392 iexplore.exe GET 200 134.0.10.149:80 http://c0n730.com/ALFALOAD-090319/index.php ES
––
––
unknown
324 cscript.exe POST 200 144.217.83.59:80 http://144.217.83.59/abrilex/iqXXCFVvD9a5J7H76KKFB8EDD00M86L989603G.txt CA
text
text
malicious
324 cscript.exe GET 200 144.217.83.59:80 http://144.217.83.59/abrilex/KLAUTOIT.zip CA
text
compressed
malicious
4012 iexplore.exe GET 404 134.0.10.149:80 http://c0n730.com/favicon.ico ES
html
unknown
3072 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/ CL
html
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/fonts.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/flexslider.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/ionicons.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/screen.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/animate.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/slick.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/slick-theme.css CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/jquery.min.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/functions.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/jquery.flexslider.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/wow.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/slick.min.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/jquery.scrolltabs.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/menu-M.js CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/js/html5.js CL
html
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/css/buttons.min.css?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/css/dashicons.min.css?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/mediaelement/mediaelementplayer.min.css?ver=2.22.0 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/css/media-views.min.css?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/imgareaselect/imgareaselect.css?ver=0.9.8 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/utils.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/jquery/jquery.js?ver=1.12.4 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/plupload/plupload.full.min.js?ver=2.1.8 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.7.2 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/js/jquery.validate.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/QUICKBRUSH.ttf CL
ttf
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Medium.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Italic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-HeavyItalic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Bold_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Light.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraBoldItalic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraBold.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Heavy.eot? CL
eot
unknown
3832 iexplore.exe GET 200 216.58.206.8:80 http://www.googletagmanager.com/gtm.js?id=GTM-WXP8B8C US
text
whitelisted
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-BoldItalic_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-MediumItalic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraLightItalic_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Regular.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraLight_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Bold.eot? CL
eot
unknown
3832 iexplore.exe GET 200 216.58.210.14:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3832 iexplore.exe GET 200 172.217.16.162:80 http://www.googleadservices.com/pagead/conversion_async.js US
text
whitelisted
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-BoldItalic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraLight.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraLightItalic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraBoldItalic_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-ExtraBold_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Italic_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Heavy_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-HeavyItalic_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-Medium_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-LightItalic.eot? CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/BlissPro-MediumItalic_1.eot? CL
eot
unknown
3832 iexplore.exe GET 200 216.58.210.14:80 http://www.google-analytics.com/collect?v=1&_v=j75&a=167186252&t=pageview&_s=1&dl=http%3A%2F%2Fwww.colmena.cl%2F&ul=en-us&de=utf-8&dt=Isapre%20Colmena%20%7C%20Inicio&sd=32-bit&sr=1280x720&vp=772x460&je=0&fl=26.0%20r0&_u=YGBAg~&jid=1904743129&gjid=1124147851&cid=410416545.1557913292&tid=UA-11451295-4&_gid=562339931.1557913292&gtm=2wg521WXP8B8C&z=249473829 US
image
whitelisted
3832 iexplore.exe GET 404 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/fonts/ionicons.eot?v=2.0.0 CL
html
unknown
3832 iexplore.exe GET 404 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/fonts/slick.eot? CL
html
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/fonts/dashicons.eot CL
eot
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/img/logo-C.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2018/09/banner_alco-05.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/12/Salcobrand.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/10/Salcobrand-alianza.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Alianza_LATAM.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/10/icon-Latam.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2018/10/img-landing-mobike.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2018/10/logo-mobike-lt.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Logos-Clinicas-02.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/10/clinica-uc-christus.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Logos-Clinicas-07.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Logos-Clinicas-01.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/10/clinica-lascondes.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/340x240_Ni%C3%B1a_Mama_computador.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/1366x600-1.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Revista.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/SIS.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/jose6.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Logo-CS.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2017/11/Logo-Medicien.png CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/img/search.svg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2018/05/BANNER-1920x360.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2018/12/adriatico-1920x360.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/uploads/2019/04/beneficio-adicional-dental.jpg CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/underscore.min.js?ver=1.8.3 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/shortcode.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/wp-util.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/backbone.min.js?ver=1.2.3 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/wp-backbone.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/media-models.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/plupload/wp-plupload.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4 CL
html
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.22.0 CL
html
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/media-editor.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/media-views.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/media-audiovideo.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/wp-embed.min.js?ver=4.8.5 CL
text
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-includes/js/wp-emoji-release.min.js?ver=4.8.5 CL
text
unknown
3072 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/favicon.ico CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/css/ajax-loader.gif CL
image
unknown
3832 iexplore.exe GET 200 190.96.77.22:80 http://www.colmena.cl/source/wp-content/themes/colmena/assets/img/ico-triangle.svg CL
image
unknown
3832 iexplore.exe GET 301 200.9.111.205:80 http://www.bbva.cl/ CL
––
––
unknown
–– –– GET –– 200.9.111.250:80 http://www.bbvanet.cl/ CL
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4012 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2392 iexplore.exe 134.0.10.149:80 10dencehispahard, S.L. ES unknown
324 cscript.exe 144.217.83.59:80 OVH SAS CA malicious
4012 iexplore.exe 134.0.10.149:80 10dencehispahard, S.L. ES unknown
3072 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3832 iexplore.exe 190.96.77.22:80 Gtd Internet S.A. CL unknown
3832 iexplore.exe 52.222.157.151:443 Amazon.com, Inc. US unknown
3832 iexplore.exe 216.58.206.8:80 Google Inc. US whitelisted
3832 iexplore.exe 172.217.22.46:443 Google Inc. US whitelisted
3832 iexplore.exe 216.58.207.36:443 Google Inc. US whitelisted
3832 iexplore.exe 216.58.210.14:80 Google Inc. US whitelisted
3832 iexplore.exe 172.217.16.162:80 Google Inc. US whitelisted
3832 iexplore.exe 74.125.71.155:443 Google Inc. US whitelisted
3832 iexplore.exe 172.217.21.194:443 Google Inc. US whitelisted
3832 iexplore.exe 172.217.21.227:443 Google Inc. US whitelisted
3072 iexplore.exe 190.96.77.22:80 Gtd Internet S.A. CL unknown
3832 iexplore.exe 200.9.111.205:80 Banco Hipotecario de Fomento CL unknown
3832 iexplore.exe 184.30.222.183:443 Akamai International B.V. NL unknown
–– –– 200.9.111.250:80 Banco Hipotecario de Fomento CL unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
c0n730.com 134.0.10.149
unknown
www.colmena.cl 190.96.77.22
190.98.208.157
unknown
service.allegra.ai 52.222.157.151
52.222.157.19
52.222.157.59
52.222.157.57
unknown
www.googletagmanager.com 216.58.206.8
whitelisted
cse.google.com 172.217.22.46
whitelisted
www.google.com 216.58.207.36
whitelisted
www.googleadservices.com 172.217.16.162
whitelisted
www.google-analytics.com 216.58.210.14
whitelisted
stats.g.doubleclick.net 74.125.71.155
74.125.71.156
74.125.71.154
74.125.71.157
whitelisted
googleads.g.doubleclick.net 172.217.21.194
whitelisted
www.google.fr 172.217.21.227
whitelisted
www.bbva.cl 200.9.111.205
unknown
www.scotiabankchile.cl 184.30.222.183
unknown
www.bbvanet.cl 200.9.111.250
unknown

Threats

PID Process Class Message
324 cscript.exe A Network Trojan was detected MALWARE [PTsecurity] Virus.vbs.qexvmc (N40/KLBanker)
324 cscript.exe Potentially Bad Traffic ET INFO Dotted Quad Host ZIP Request
324 cscript.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Loader (Trojan.Agent.DDSA) Requesting Zip Archive

2 ETPRO signatures available at the full report

Debug output strings

No debug info.