General Info

URL

https://download1277.mediafire.com/r1tik9hi83jg/if4bbi7lqm6km7h/INVOICE+FOR+2019+PAID.rar

Full analysis
https://app.any.run/tasks/887c4307-c713-4d68-bbeb-639a02f58087
Verdict
Malicious activity
Analysis date
1/11/2019, 15:27:57
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads internet explorer settings
  • iexplore.exe (PID: 3252)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3252)
  • iexplore.exe (PID: 2972)
Changes internet zones settings
  • iexplore.exe (PID: 2972)
Creates files in the user directory
  • iexplore.exe (PID: 3252)
  • iexplore.exe (PID: 2972)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 4080)
Application launched itself
  • iexplore.exe (PID: 2972)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
33
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2972
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3252
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2972 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
4080
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
506
Read events
436
Write events
67
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2972
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2972
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{206B23F1-15AD-11E9-AA93-5254004A04AF}
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307010005000B000E001C000E00AE00
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307010005000B000E001C000E00AE00
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010005000B000E001C000E001B01
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010005000B000E001C000E003A01
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
30
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010005000B000E001C000E007901
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B000E001C002C000601
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B000E001C002C004803
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307010005000B000E001C002D009800
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
2972
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheRepair
0
3252
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3252
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheRepair
0

Files activity

Executable files
0
Suspicious files
0
Text files
57
Unknown types
4

Dropped files

PID
Process
Filename
Type
2972
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 62bd8f64aebe9c589f8d134977410d4b
SHA256: fba91da9d576df3fd22e8251797cee07892af11ec2e5b91a8ac322f52f086941
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ico30-v9[1].png
image
MD5: 34cc27c50cb0096c6092d26ac85303ba
SHA256: bdaa84d1fdf85bafe867de76f874a01c46da85fbe940a0dc800d65b06e0ee95e
2972
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112\index.dat
dat
MD5: 2d77338dcd43d04dcd4f0fd41b8d3665
SHA256: c4f64c9c7f653cf318fe23ff5735d6aff6e4b8ade77fe436742cc2de4642fe81
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112\index.dat
dat
MD5: a27f6921baea88bc35c6ec4414b65038
SHA256: 99b7160260a0778257208cfc8ed334a024eccb8e3ffd76b835f308841e3f22fb
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\logotab[1].png
image
MD5: f706a005dc3dd6a23c79ab62b1760a35
SHA256: 2a6e3422dd024d67e532e0ee88fe20a6ee5e5d6f5dda970b9046c9dee915c67d
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\social_icons_sprite[1].svg
image
MD5: a68eb80f9ff04457f27e69fd6faa2190
SHA256: 23d0709d0d95c56da4cc928592f25399e50529d77195ccf90f1d9a52f39b774e
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\f[1].txt
text
MD5: c80750287148a823790100bd0bb0ead3
SHA256: 81e87163c024903290f91fdf5957a50db9759dad81d9805aa834b134a6149a41
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\element_main[1].js
html
MD5: 39709a8e11b5e843d788b41c038cd328
SHA256: eb29179e936d60f5195214a617ca6c096665429ea659d7d7a7375e7bc7ea0960
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\blank[3].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\analytics[1].js
text
MD5: 2288a7f0b8dafb9384355f3cd86c0e83
SHA256: b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\main[1].js
text
MD5: 434b83338fb6bb2b65897b157216abd7
SHA256: f44f2cc194b8ebdd498a0aaa4ec2c53559c2ed4bd3c0d43bcb1aecc28d4cec1d
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\translateelement[1].css
text
MD5: d7c176e8c042d59e5171840efdd47f7e
SHA256: 0a700c72c5db3eaab6ce5246d7b378fa51b92e01a01f321cbb55c963a6c6d02c
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ec[1].js
text
MD5: 7b430c6350a59a7cf22b9adeccba327b
SHA256: 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
3252
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b36b18e8ed1f8bdcf4ad2efc816a7546
SHA256: c343780e197715fd6391806a551570e68a4ec1ee1de56814ab87d5420134dc71
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\f[1].txt
text
MD5: 067d1dca36de6c9810ab609ca39a0a0d
SHA256: 964132e54b2c432c6696ee0c2ff5e3fff10b4ccb170d1f6befbd3d5970b92c2d
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\footerIcons[1].png
image
MD5: e0abc4fea89d2c5153b73cd02ac5ba13
SHA256: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download_new_key[1].svg
image
MD5: 8e3b452432ab9ba323cf3bf04fa2b267
SHA256: c0e9cdaa168178f80c157bb262830f13e9cfd56796125257c963e74c3fd55c39
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\loading_indeterminate[1].svg
image
MD5: c6694e0dd34dff3948576d7082ef99a7
SHA256: 358d933448d630883abd7f83df13a535de82b948ef2821d1e01028a10e03c933
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\blank[2].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\blank[1].html
html
MD5: 65eec6a654114d328fa2db1683f64b57
SHA256: 4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
3252
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 9162b21e9c05f3253ccd585dfbe73921
SHA256: fee6029ccb67400815400668f4f21c5194bc435929c32350d367a482697077aa
3252
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
4080
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\default[1].png
image
MD5: 408d4a08544a165555c54a4198bb3068
SHA256: edf29a5069b0812d87c6724f54eb33953f23f81426e9d63afbeda73e8ab8e151
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\gtm[1].js
text
MD5: 3b694a871a539c8a3e81fe08f5148d19
SHA256: 2fd0d9b13ffe24895474833b5313afc31ce9eb8cf41893202f1975a3829f46e9
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 817b1f91e5773b7bcc41a395f50f4b1b
SHA256: e4c52e5d107c07c407fce5e3c9aadec69f355cf6b54516d47549e3ad62ece414
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\recaptcha__en[1].js
text
MD5: e839f0276bff9aaf7af57c96345ddd2c
SHA256: 016bdefef0468b1b37dcf331dc76db70327a7c31f6f236bf6f68e23da802979b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\analytics[1].js
text
MD5: 2288a7f0b8dafb9384355f3cd86c0e83
SHA256: b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\dropdown-arrow-up-dark[1].png
image
MD5: 680b85078bfb656231c0860a023c468e
SHA256: 5de1b000a3854133d21167d6e0991cd2e12bdf955fa17ac36b068f6cb298ac59
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mysteryman[1].png
image
MD5: 574adb413f3e0c8c01c65c769586d88e
SHA256: ff625a6a84ee08fbbcea53ced4e002152c2b537bb3dd4513069ffc5f7c6fbf8d
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\smArrow[1].png
image
MD5: 1f0619e3ea0f3021fdf9a10aa64ee8fd
SHA256: f9a75024e53f8a3e5ef92e12c87457fbfacc5508a5d7fbdde9126ee267e8b70b
2972
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
image
MD5: a301c91c118c9e041739ad0c85dfe8c5
SHA256: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fbevents[1].js
text
MD5: 7c74991e0728f52a69e22da73398b020
SHA256: 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\dropdown-arrow[1].png
image
MD5: 38e768ce66634f81140d708a50639bbb
SHA256: 688e5d45277b4b3124049e8bc02e126a3ebe92b6ecfa16670e21977e45c0693f
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mf_logo_u1_full_color[1].svg
image
MD5: e09b5af507bd602ad839b261fd897170
SHA256: bfcc5bc8242d357752657942690541bb3e4b907384af1c56586f6466d7116db2
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\dropdown-arrow-left-white[1].png
image
MD5: 95b7bc21081e914b8efb82dd61289914
SHA256: c0e66134c7184a8bbc2c96be1e9813c931634eb4d5bc637a3bca724007505aa4
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mf_logo_u1_full_color_reversed[1].svg
image
MD5: bcd95cfb6b9474dba955aab2cfe0432b
SHA256: 1a0ec73a3ca7f354865d6b95401c50627fdf5a9b0da763a6f75fa818fd775b55
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ie.css_120959[2].php
text
MD5: c62a41328879f16c69a2cb9b0e08fd96
SHA256: 2ab1c7856c7370b9d71c68118559c7c6d769a438d8659592b882278b22c73dee
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ie.css_120959[1].php
text
MD5: c62a41328879f16c69a2cb9b0e08fd96
SHA256: 2ab1c7856c7370b9d71c68118559c7c6d769a438d8659592b882278b22c73dee
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 9dce7f01715340861bdb57318e2f3fdc
SHA256: ee6885417a5772a42be3280cf34581001cafd5548d12b66b5466e53f05dabf96
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\api[1].js
text
MD5: fc094ea0898b63fdd2c7b67ba258b656
SHA256: b0b0f39165b09d765210e96c07da29c9649b05263b65bb5f9e6ac7e41488514c
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\master_120959[1].js
text
MD5: 94788294c92d5131f2c393e0909027b2
SHA256: 1eb403acd80e8a1d394a1a6f4ed2bfdc031aa2c753dac6a5654a98afdac2ec8e
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery.min[1].js
html
MD5: b8d64d0bc142b3f670cc0611b0aebcae
SHA256: 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mfv3_120959[1].php
text
MD5: bc87aad2e944fe1ae5f0f17a83cdc9bb
SHA256: 8d3419cbc3ae60801ca9665a1e4d0a2325d8474d296e68ef26acbbd11c506dbe
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mfv3_120959[1].php
text
MD5: bc87aad2e944fe1ae5f0f17a83cdc9bb
SHA256: 8d3419cbc3ae60801ca9665a1e4d0a2325d8474d296e68ef26acbbd11c506dbe
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\mfv4_120959[1].php
text
MD5: 3f58d8118b5e924ff28d7963f385101f
SHA256: a3e182205d315e7d1dff5ed7059036182165328b635d0edf6d9088ac3dd8a11f
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[1].txt
text
MD5: 4c7dad4090d0a72b34cc1bcd13885c73
SHA256: 4cd4bd4af907718dd6b740f3a4710fa82bd3ea724274eefde8d3ddb54dab894f
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download_repair[1].php
––
MD5:  ––
SHA256:  ––
3252
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 6422dc9d22526d273334e95830aac356
SHA256: be032c2870bb7bdcee24d9e237f8f2f2fa2519534c9b98d0d266e2434dbfd473
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download_repair[1].htm
html
MD5: 75782a080032a57413db927ad9a794ae
SHA256: de3eb937af8f32f927850f2ef823f3b98fa2ca83da88c43fcb8155ed6f2a8363
3252
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2972
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2972
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2972
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
40
TCP/UDP connections
30
DNS requests
18
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2972 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/download_repair.php?flag=3&dkey=r1tik9hi83j&qkey=if4bbi7lqm6km7h&ip=217.147.89.18&ref=3 US
html
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/css/mfv3_120959.php?ver=nonssl US
text
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/css/mfv4_120959.php?ver=nonssl&date=2019-01-11 US
text
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/css/mfv3_120959.php?ver=nonssl US
text
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/css/ie.css_120959.php?ver=nonssl US
text
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/css/ie.css_120959.php?ver=nonssl US
text
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/js/master_120959.js US
text
malicious
3252 iexplore.exe GET 200 216.58.207.42:80 http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js US
html
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color_reversed.svg US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/images/icons/myfiles/default.png US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color.svg US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/dropdown-arrow-left-white.png US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/ico30/ico30-v9.png US
image
malicious
3252 iexplore.exe GET 200 31.13.90.6:80 http://connect.facebook.net/en_US/fbevents.js IE
text
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/blank.html US
html
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/mysteryman.png US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/dropdown-arrow-up-dark.png US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/dropdown-arrow.png US
image
malicious
3252 iexplore.exe GET 200 216.58.206.14:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/newMyfiles/smArrow.png US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/blank.html US
html
malicious
3252 iexplore.exe GET 302 216.58.206.14:80 http://www.google-analytics.com/r/collect?v=1&_v=j72&a=304836219&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D3%26dkey%3Dr1tik9hi83j%26qkey%3Dif4bbi7lqm6km7h%26ip%3D217.147.89.18%26ref%3D3&ul=en-us&de=utf-8&dt=File%20sharing%20and%20storage%20made%20simple&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=YEBAAE~&jid=1537318709&gjid=899306876&cid=1943794410.1547216925&tid=UA-829541-1&_gid=305998720.1547216925&_r=1&cd1=unregistered&cd7=legacy&cd8=%2F100%2F&z=753522122 US
html
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/download/download_status/download_new_key.svg US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/svg_dark/loading_indeterminate.svg US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png US
image
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/blank.html US
html
malicious
3252 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/blank.html US
html
malicious
3252 iexplore.exe GET 200 216.58.210.14:80 http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit US
text
whitelisted
3252 iexplore.exe GET 200 216.58.206.14:80 http://www.google-analytics.com/plugins/ua/ec.js US
text
whitelisted
3252 iexplore.exe GET 200 172.217.18.10:80 http://translate.googleapis.com/translate_static/js/element/main.js US
text
whitelisted
3252 iexplore.exe GET 200 172.217.18.10:80 http://translate.googleapis.com/translate_static/css/translateelement.css US
text
whitelisted
3252 iexplore.exe GET 200 216.58.206.14:80 http://www.google-analytics.com/r/collect?v=1&_v=j72&a=304836219&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D3%26dkey%3Dr1tik9hi83j%26qkey%3Dif4bbi7lqm6km7h%26ip%3D217.147.89.18%26ref%3D3&ul=en-us&de=utf-8&dt=File%20sharing%20and%20storage%20made%20simple&sd=32-bit&sr=1280x720&vp=1260x560&je=0&fl=26.0%20r0&_u=aGDAAEAK~&jid=1602647086&gjid=788959478&cid=1943794410.1547216925&tid=UA-86547571-4&_gid=305998720.1547216925&_r=1&gtm=2wgbc053LP4T&z=828375503 US
image
whitelisted
3252 iexplore.exe GET 200 172.217.18.10:80 http://translate.googleapis.com/element/TE_20181015_01/e/js/element/element_main.js US
html
whitelisted
3252 iexplore.exe GET 200 172.217.18.10:80 http://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=_callbacks____0jqs50c32 US
text
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/logotab.png US
image
malicious
3252 iexplore.exe GET 200 216.58.208.35:80 http://www.gstatic.com/images/branding/product/2x/translate_24dp.png US
image
whitelisted
3252 iexplore.exe GET 200 104.19.195.29:80 http://static.mediafire.com/images/icons/svg_light/social_icons_sprite.svg US
image
malicious
2972 iexplore.exe GET 200 104.19.195.29:80 http://www.mediafire.com/favicon.ico US
image
malicious
3252 iexplore.exe GET 302 104.19.195.29:80 http://www.mediafire.com/file/if4bbi7lqm6km7h/INVOICE+FOR+2019+PAID.rar US
compressed
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2972 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3252 iexplore.exe 205.196.122.218:443 MediaFire, LLC US malicious
3252 iexplore.exe 104.19.195.29:80 Cloudflare Inc US shared
3252 iexplore.exe 172.217.22.42:443 Google Inc. US whitelisted
3252 iexplore.exe 172.217.21.227:443 Google Inc. US whitelisted
3252 iexplore.exe 216.58.207.42:80 Google Inc. US whitelisted
3252 iexplore.exe 172.217.23.164:443 Google Inc. US whitelisted
3252 iexplore.exe 216.58.208.35:443 Google Inc. US whitelisted
3252 iexplore.exe 31.13.90.6:80 Facebook, Inc. IE whitelisted
3252 iexplore.exe 172.217.23.168:443 Google Inc. US whitelisted
3252 iexplore.exe 216.58.206.14:80 Google Inc. US whitelisted
3252 iexplore.exe 216.58.210.14:80 Google Inc. US whitelisted
3252 iexplore.exe 74.125.133.154:443 Google Inc. US whitelisted
3252 iexplore.exe 216.58.206.14:443 Google Inc. US whitelisted
3252 iexplore.exe 172.217.18.10:80 Google Inc. US whitelisted
3252 iexplore.exe 216.58.205.227:443 Google Inc. US whitelisted
3252 iexplore.exe 216.58.208.35:80 Google Inc. US whitelisted
2972 iexplore.exe 104.19.195.29:80 Cloudflare Inc US shared
3252 iexplore.exe 205.196.122.218:80 MediaFire, LLC US malicious

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
download1277.mediafire.com 205.196.122.218
malicious
dns.msftncsi.com 131.107.255.255
whitelisted
www.mediafire.com 104.19.195.29
104.19.194.29
malicious
static.mediafire.com 104.19.195.29
104.19.194.29
malicious
fonts.googleapis.com 172.217.22.42
whitelisted
fonts.gstatic.com 172.217.21.227
whitelisted
www.google.com 172.217.23.164
whitelisted
ajax.googleapis.com 216.58.207.42
216.58.207.74
216.58.208.42
172.217.16.138
172.217.22.74
172.217.22.106
216.58.210.10
172.217.16.202
172.217.18.106
172.217.23.170
172.217.21.202
172.217.21.234
216.58.205.234
172.217.18.10
172.217.23.138
216.58.206.10
whitelisted
www.gstatic.com 216.58.208.35
whitelisted
www.googletagmanager.com 172.217.23.168
whitelisted
connect.facebook.net 31.13.90.6
whitelisted
www.google-analytics.com 216.58.206.14
whitelisted
translate.google.com 216.58.210.14
whitelisted
stats.g.doubleclick.net 74.125.133.154
74.125.133.157
74.125.133.155
74.125.133.156
whitelisted
translate.googleapis.com 172.217.18.10
whitelisted
www.google.co.uk 216.58.205.227
whitelisted

Threats

PID Process Class Message
3252 iexplore.exe A Network Trojan was detected SC TROJAN_DOWNLOADER Suspicious request with 'invoice' in http uri

Debug output strings

No debug info.