General Info

URL

https://click.icptrack.com/icp/relay.php?r=16577524&msgid=762623&act=M6X5&c=147550&destination=http%3A%2F%2Fwww.hedgeco.net%2Fnews%2F07%2F2019%2Fwhy-machine-learning-hasnt-made-investors-smarter.html

Full analysis
https://app.any.run/tasks/0663620f-63ef-4c71-befc-4a6b8c7977fb
Verdict
Malicious activity
Analysis date
7/18/2019, 14:27:38
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 184)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 184)
  • iexplore.exe (PID: 4056)
Reads internet explorer settings
  • iexplore.exe (PID: 4056)
Reads Internet Cache Settings
  • iexplore.exe (PID: 4056)
Changes internet zones settings
  • iexplore.exe (PID: 3540)
Application launched itself
  • iexplore.exe (PID: 3540)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3540
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://click.icptrack.com/icp/relay.php?r=16577524&msgid=762623&act=M6X5&c=147550&destination=http%3A%2F%2Fwww.hedgeco.net%2Fnews%2F07%2F2019%2Fwhy-machine-learning-hasnt-made-investors-smarter.html"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
4056
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3540 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
184
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
387
Read events
338
Write events
49
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{76EE0011-A957-11E9-B2FD-5254004A04AF}
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070700040012000C001B0036009002
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070700040012000C001B0036009002
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070700040012000C001B0036004C03
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
30
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070700040012000C001B0036008A03
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
344
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070700040012000C001B003700DB00
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
50
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3540
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070700040012000C001C001300EB00
4056
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe

Files activity

Executable files
0
Suspicious files
0
Text files
51
Unknown types
6

Dropped files

PID
Process
Filename
Type
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\pixel[1].gif
image
MD5: 221d8352905f2c38b3cb2bd191d630b0
SHA256: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\jquery.min[1].js
html
MD5: b8d64d0bc142b3f670cc0611b0aebcae
SHA256: 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\show_widget[1]
html
MD5: 3cea4b40a7f4006f2ae3e552c343ed45
SHA256: 4d4122191866c42d6b0ca6b9fd57b026ad87d754b617a01ef5cef8f7e9445d2a
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\glyphicons-halflings-white[1].png
image
MD5: 9bbc6e9602998a385c2ea13df56470fd
SHA256: f0e0d95a9c8abcdfabf46348e2d4285829bb0491f5f6af0e05af52bffb6324c4
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\vglnk[1].js
text
MD5: beca0b0fd2edb09a2ad2227634c8ce49
SHA256: 9c3496e95a0c394198375135626e6e0401eab395e1107908eba6c2bf870fb957
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\submenu_li_dot[1].gif
image
MD5: 93c3d57fbd67827b15d41be0598e27b0
SHA256: aeb5db51fe26453db0961ab22a1c2ae6222a65e609a32353200e424d3e5f1de7
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\submenu_horiz_dots[1].gif
image
MD5: f373b2ea20ded5ce4e3852c98dcb7112
SHA256: 3f570e1d30d5171ce7d0660991f44779123e385cc1bd0cd7f4ed0e5c24da7041
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\get_custom_js[1]
text
MD5: 95c4f314bc1daeba1f4feeaa7511fb19
SHA256: 0b0ff8e04b8081c5bbaeec08fd3d6c75f24b7126d93c2d03ef38fc55210a976e
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\pixel[1].png
image
MD5: ca1dba98f5e46c0e7a1549b3d8af9b93
SHA256: 88021da4a13d993a2c94e4d8ddc9bd98b34985d806371e71e0531b37b8a0e081
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\header-2012-08-10yrs[1].png
image
MD5: b5f06fb1c8e4b8e8143da2b1d9bb355b
SHA256: 7e6102db4e804374b7ee2671515eb83593eb7c45f681d571ecfc0b31d45a89c3
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\blue_up_arrow[1].png
image
MD5: 2bb3f2089ae3b8ec0feafcb12f9ada71
SHA256: 41791e499eb75a5f97d05fc5904533b674a32ffcfa4b3eba8448743c1ae992e1
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\menu_link_separator[1].png
image
MD5: 6e01ed880f6933df8bb5fbff5d7c65a1
SHA256: 97e8f988b7fe970e6680219c575421f168be87570bd5098abd60f94b3330dbb1
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\header2-2012-08-logo[1].png
image
MD5: be8fcfb70542bdb35f35e76934f18d71
SHA256: 0498d427796dceefaaaf7c288ceae562a7a3eb3b6bd15f3b578e44bf6b9a30ed
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\widget[1].js
text
MD5: c8cf73054b8e48fef94e56221cc6a7cf
SHA256: b14eced64fc525849d89689c9588e098a8ceaefeabda9e93710862a8d8f03f8e
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\header-2012-08-bg[1].png
image
MD5: 24b3b5d1687369bdbc9eb0085b32b88d
SHA256: c2417c3ff6080c7ea1deda2a5cd9b25c55a47ceef4442155d12c4379cc3b0ca5
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\header-2012-08-diamond[1].png
image
MD5: f4a0c09dee77018694ede0401ec8777e
SHA256: 747ec2be5ac35b20eb5e3e11a45eacf7bfc9f2e284e447cf8c63a2bb234827bf
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\imgad[1].jpg
image
MD5: 12493cbd317d52e9aee8b10c0644110c
SHA256: 8510575fdba5240a034638a2e9abb4febbf9cce8d86c2df269e2b616a42c3038
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\gpt[1].js
text
MD5: 0f8e0d454900c2a99dd21cf524f977cc
SHA256: 1b78349edaf045f6abb87827021c340b7abd66df5e2993866924a5947c024e15
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\jquery.tabs-wide[1].css
text
MD5: 689ddae8d1a6aef384a93e4b54d48b56
SHA256: c51ca06452331f452de4aa437099a728bb59336d9278ced923244e4de4015829
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
4056
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 50a051fb4a5059f2d49d85eac2cb3a0f
SHA256: ecc5dafc099019636612930b26c475349022c4e3f492b407c606b06f24b9bcf0
4056
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
184
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 770fe9c9e3d54ce988c8ca7c8a838351
SHA256: 882634d7385f03899dff2559c3961bfee086b219c8e2656bb4e68869d4a1ca43
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\tablepress[1].eot
eot
MD5: e6c448c81ddd89d30e9a043aed7ba819
SHA256: 0a8f3b447a8e29928d00ba80024b282da961a5a50776513a9f93962b742e6aab
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\wp-emoji-release.min[1].js
text
MD5: 1601e8da361dc8f86caa5afe88e37f5c
SHA256: dc6a5d49e8644198de6e81d9a1bfbe7185e1f75ce5c2d2d47bf6ef11660367ca
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\analytics[1].js
text
MD5: 4d88a66690f3506e6a2112b1c4dce0b4
SHA256: a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\shareaholic[1].js
html
MD5: afa97519d290543d4194eab8fa805b1c
SHA256: 934829b7701edefb1cc8d34d4851e0db6066461b96d23f302f1f8c19897a225e
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\style[1].css
text
MD5: 097de24d864037186fb0e8237e777642
SHA256: 004b26516a422cd125f9e9cd75bae27e9cecb4d80ef0cff761a6ee3be020addc
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\pixel[1].gif
image
MD5: 221d8352905f2c38b3cb2bd191d630b0
SHA256: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\bootstrap.min[1].css
text
MD5: d134847be64c4f0999f64e816965703c
SHA256: 3787f24b228b32ed852f6e1e396fa7c1d9f6cf67a2d476e1e9613886fb3dcaa6
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\colorbox[1].css
text
MD5: afc34aa0f3a932b55bd69cd8f18a3958
SHA256: 93dbe3ad8e3786b541f04e28526ced14fc475a3d5f6dbd82763231143349bac1
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\extended_dropdown3[1].js
text
MD5: cb0490453d0ba72ddef703033c863a1d
SHA256: f033b024a5b0ed6d6b92dbfaeb91d3fb12fe98a0ddc623288b7115c37b488fb7
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\extended_dropdown2[1].css
text
MD5: 8bef9fa7e1445b7fdd023f4ed65b941a
SHA256: c12a2b61ddc802774a9b5d19f48c2d1327662e0c2401c9fe436e79cce1326754
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\jquery.tabs-ie[1].css
text
MD5: 5b5f2e7d37f1b904a0dfc800e4d07ae6
SHA256: 9a1258e4f4b06bb9af550231adc801dfe049da9a97d836eaf5b41709aae7620d
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\upgrade-hedgeco[1].css
text
MD5: 13b93e9ca378f142b059b754f0e87ece
SHA256: 8181d3eff3119950e1d01768f64181dbec6c34dd1164387609ea6f4dd670fd48
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\ie[1].css
text
MD5: 08dcb26a9aa806638628ac98342d79f7
SHA256: af0aae48016b518a0c2809abdc3075a31bf98023205341cc1bc307bf32def5a0
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\default.min[1].css
text
MD5: 2061c5480fb91ec56ea3ccb020aa2315
SHA256: 34e2511992fcac4d6bb750e0f9167b864f1d4c24920ec41fff423ebe25a979cb
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\common[1].css
text
MD5: e877cb935a08a6b743bf55c3c84e8fa3
SHA256: 72aec71fb72fcb363e34328bb80a2a431788a32139a54df7bec7064a5de8b424
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\full-hedgeco-201x[1].css
text
MD5: 8cb276ef22d373117b86ca55127e0e59
SHA256: 93cede39679fefbbb1e3330ea04958c34e1a898c9521ea6e94fd3468571acca7
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\jquery-ui[1].js
text
MD5: 149c0982016d2abd4c9f7d88f989c8c7
SHA256: 9737ff0b02ede3d8db56866815c3d939cd0b94c60f141a2b552c0cb13b36cec0
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\jquery-ui[1].css
text
MD5: cc2a66741d258bc1df3d2d61b51e2581
SHA256: 16869435503592c76ba1f3991daffec46cb0b9f713f02bebaca356a8db63019a
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\jquery.validate.min[1].js
text
MD5: c593e70ef041ab387fefad5fe38a724c
SHA256: a931d758e10b5f646f42e4b1100ee31b7ce4cdf5a86d59133424b65c8802788b
4056
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 55d2833f1736813aaa586b5333c2da5c
SHA256: 6bc08f4730557f22201808406b96c966f49ebd870724ecaf745da63ed2e068be
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 39fc9c4e8c79b5d2e6e93e5db06b70b3
SHA256: 595a9c97177835f6aaa6f36d39d2d6ba8b7dc2f4f16de954121bbe9532dc763c
4056
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: a5fed49aa2f27acee237c62e6ca33f21
SHA256: cb3217ad0efb00eb2b2d9da9f42118be4f0ec8bccebc01fbf6ddaa0217a7a3c0
4056
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 9ac586e8b9033463b00fca58ad4f99e6
SHA256: 88354204146bdce24cc84190b02a7626e548d89f0c3d344e8c29c354bfbf6666
3540
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3540
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3540
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 80264bb81821c9cd1c0d27e3ab96e38d
SHA256: 05feac685876c2998d6280066eb7f1507b9d9a82aceb9cc725e334a67dbffce5
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\25WA7HHZ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK3LUWD5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7L20JEF2\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWTAI4OB\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3540
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
4056
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
31
TCP/UDP connections
31
DNS requests
16
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3540 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/news/07/2019/why-machine-learning-hasnt-made-investors-smarter.html US
html
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/css/common.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/style/full-hedgeco-201x.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/news/wp-content/plugins/tablepress/css/default.min.css?ver=1.5.1 US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/style/upgrade-hedgeco.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/version-3/css/ie.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/version-3/css/jquery.tabs-ie.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/colorbox/colorbox.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/version-3/css/extended_dropdown2.css?v=1.0001n US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/jscripts/extended_dropdown3.js US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/news/wp-content/themes/hedgeconews/style.css US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/news/wp-includes/js/wp-emoji-release.min.js?ver=4.4 US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/news/wp-content/plugins/tablepress/css/tablepress.eot? US
eot
unknown
4056 iexplore.exe GET 200 52.85.188.211:80 http://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js US
html
whitelisted
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/images/header/10yrs/header2-2012-08-logo.png US
image
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/images/header/10yrs/header-2012-08-bg.png US
image
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/images/header/10yrs/header-2012-08-10yrs.png US
image
unknown
4056 iexplore.exe GET 200 209.95.50.155:80 http://www.linkwithin.com/widget.js US
text
unknown
4056 iexplore.exe GET 200 172.217.23.130:80 http://www.googletagservices.com/tag/js/gpt.js US
text
whitelisted
4056 iexplore.exe GET 200 172.217.18.161:80 http://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDr6cbdVxD6ARj6ASgBMgiaqUyEDvuqSw US
image
whitelisted
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/custom-bootstrap/img/glyphicons-halflings-white.png US
image
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/version-3/images/blue_up_arrow.png US
image
unknown
4056 iexplore.exe GET 200 209.95.50.155:80 http://www.linkwithin.com/pixel.png US
image
unknown
4056 iexplore.exe GET 200 107.182.230.206:80 http://widget3.linkwithin.com/get_custom_js?site_id=982689&callback=LW.lws2&referrer= US
text
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/version-3/images/submenu_horiz_dots.gif US
image
unknown
4056 iexplore.exe GET 200 72.34.37.76:80 http://www.hedgeco.net/public/version-3/images/submenu_li_dot.gif US
image
unknown
4056 iexplore.exe GET 200 107.182.230.206:80 http://widget3.linkwithin.com/show_widget?site_id=982689&url=http%3A//www.hedgeco.net/news/07/2019/why-machine-learning-hasnt-made-investors-smarter.html&callback=LW.sw&widget_id=0&permalink=http%3A//www.hedgeco.net/news/07/2019/why-machine-learning-hasnt-made-investors-smarter.html&width=730&version=35 US
html
unknown
4056 iexplore.exe GET 200 104.16.161.13:80 http://lwstatic3.linkwithin.com/api/vglnk.js US
text
shared
4056 iexplore.exe GET 200 104.16.160.13:80 http://cdn.viglink.com/images/pixel.gif?ch=2&rn=1.1608269325009681 US
image
whitelisted
4056 iexplore.exe GET 200 104.16.160.13:80 http://cdn.viglink.com/images/pixel.gif?ch=1&rn=1.1608269325009681 US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 104.17.174.4:443 Cloudflare Inc US unknown
3540 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
4056 iexplore.exe 72.34.37.76:80 IHNetworks, LLC US unknown
–– –– 216.58.210.10:443 Google Inc. US whitelisted
4056 iexplore.exe 216.58.210.10:443 Google Inc. US whitelisted
–– –– 152.199.19.160:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
4056 iexplore.exe 172.217.18.106:443 Google Inc. US whitelisted
4056 iexplore.exe 172.217.18.14:443 Google Inc. US whitelisted
–– –– 52.85.188.211:80 Amazon.com, Inc. US suspicious
4056 iexplore.exe 108.177.15.154:443 Google Inc. US whitelisted
–– –– 72.34.37.76:80 IHNetworks, LLC US unknown
–– –– 209.95.50.155:80 Hosting Services, Inc. US unknown
4056 iexplore.exe 72.34.37.76:443 IHNetworks, LLC US unknown
–– –– 172.217.23.130:80 Google Inc. US whitelisted
–– –– 81.4.122.101:443 RouteLabel V.O.F. NL malicious
–– –– 172.217.18.161:80 Google Inc. US whitelisted
4056 iexplore.exe 107.182.230.206:80 Hosting Services, Inc. US unknown
4056 iexplore.exe 104.16.161.13:80 Cloudflare Inc US shared
4056 iexplore.exe 104.16.160.13:80 Cloudflare Inc US shared
4056 iexplore.exe 54.154.175.204:80 Amazon.com, Inc. IE unknown

DNS requests

Domain IP Reputation
click.icptrack.com 104.17.174.4
104.17.175.4
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.hedgeco.net 72.34.37.76
unknown
ajax.googleapis.com 216.58.210.10
172.217.18.106
172.217.21.202
216.58.205.234
172.217.21.234
172.217.22.10
172.217.18.10
216.58.206.10
216.58.207.74
172.217.16.138
172.217.22.74
172.217.22.106
whitelisted
ajax.aspnetcdn.com 152.199.19.160
whitelisted
dsms0mj1bbhn4.cloudfront.net 52.85.188.211
52.85.188.111
52.85.188.168
52.85.188.182
whitelisted
www.google-analytics.com 172.217.18.14
whitelisted
stats.g.doubleclick.net 108.177.15.154
108.177.15.155
108.177.15.156
108.177.15.157
whitelisted
www.googletagservices.com 172.217.23.130
whitelisted
www.linkwithin.com 209.95.50.155
unknown
tpc.googlesyndication.com 172.217.18.161
whitelisted
click.clickanalytics208.com 81.4.122.101
malicious
widget3.linkwithin.com 107.182.230.206
unknown
lwstatic3.linkwithin.com 104.16.161.13
104.16.164.13
104.16.163.13
104.16.162.13
104.16.160.13
unknown
cdn.viglink.com 104.16.160.13
104.16.162.13
104.16.163.13
104.16.164.13
104.16.161.13
whitelisted
lwlink3.linkwithin.com 54.154.175.204
99.80.15.126
unknown

Threats

No threats detected.

Debug output strings

No debug info.