General Info

URL

http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/

Full analysis
https://app.any.run/tasks/8f33ab13-5549-40f3-a0fa-828ccec2ee6d
Verdict
Malicious activity
Analysis date
11/8/2018, 11:39:22
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

phishing

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Disables Form Suggestion in IE
  • iexplore.exe (PID: 1612)
Changes internet zones settings
  • iexplore.exe (PID: 1612)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3112)
Application launched itself
  • iexplore.exe (PID: 1612)
Creates files in the user directory
  • iexplore.exe (PID: 1612)
  • iexplore.exe (PID: 3112)
Reads internet explorer settings
  • iexplore.exe (PID: 3112)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1612
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
3112
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1612 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

Registry activity

Total events
732
Read events
552
Write events
177
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
1612
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
1612
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{9735E621-E342-11E8-9C83-5254004AAD11}
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008000A00270027000102
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008000A00270027000102
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000A00270027009D02
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000A0027002700AD02
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
87
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000A0027002700D603
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
24
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
76ABFF5A4F77D401
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
D00D025B4F77D401
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000A0027002B00DC02
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000A0027002B00DC02
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
65
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000A0027002B00DC02
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
21
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Use FormSuggest
no
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
5
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000A0028001800EF00
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
6
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000A0028001800EF00
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
49
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
5
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000A0028001800FF00
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
18
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
6
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000A00280032005B01
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
6
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000A00280032006A01
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
37
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
6
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000A00280032006A01
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
19
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
7
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000A0028003500C801
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
5
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
7
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000A0028003500C801
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
28
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
7
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000A0028003500C801
1612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
17
3112
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CachePrefix
:2018110820181109:
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheLimit
8192
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheOptions
11
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018110820181109
CacheRepair
0
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
AskUser
1
3112
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
AskUser
0

Files activity

Executable files
0
Suspicious files
13
Text files
29
Unknown types
3

Dropped files

PID
Process
Filename
Type
1612
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 49718ee3c6cb29d31549c936eff7d86c
SHA256: b377bd95ec825a254d02d4340183c12b7906dbffa64f379fcba73bb4574a6533
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\OF1[1].jpg
image
MD5: 910913f953ac7ec23a1746cf90d4e5ad
SHA256: 91a4e6fdd982d27b01c2b370c2d280cee1344abf7920c8dfc0aa9f1d5fdc0f18
1612
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TFOQKVUPH3Y977QL13C0.temp
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C1C4234B-E342-11E8-9C83-5254004AAD11}.dat
binary
MD5: b1f04b2c72b395e616a607edcbd443bc
SHA256: 1ef6ddb93c87b9d613928fb7581fe7711022c6f4c81c531642d48eb7e84c37e2
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF49DBAF50E6B0DADC.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{CCFC7C55-E342-11E8-9C83-5254004AAD11}.dat
binary
MD5: 79b509b98a9825a38fc020933c4cd5a4
SHA256: 85c89687bcbec87555240ff410725d537f06440661711872c9ece945d2043fe1
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: 41b3cc7d7c29c350f1c92ee8fce3b2ca
SHA256: 32dd9bb4c351674693b7a841e645ba1fe6ac4984e347aff60d6c29d24a512c25
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF05BCDF675EA904F9.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF06C4712AC9FF4395.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1612
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B1034920-E342-11E8-9C83-5254004AAD11}.dat
binary
MD5: c07112146b75a7820f55a8f626c259bb
SHA256: 96b8fa879cb3caf4c7fe0bc3aa532dff90bd083bf0faf7ac99931c474e6f931b
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF1EFF7560D374BDEC.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: 2f4ae2c2fc7deba231c9167576d4dac7
SHA256: 2edca47cccd37a7a7d03ef0912b40e9a35c6a403b5a1efeafa9b4a7a6e96e2bb
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{BB24FB54-E342-11E8-9C83-5254004AAD11}.dat
binary
MD5: b42f3ba65ab0275465e72e45fe122a50
SHA256: f084714a78dca7c4ff75104adf7759d8ce996b6f66681d6f3863158b8fd155b6
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC7BE8B6D58BFE518.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFDAF3066361C99708.TMP
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\http_404[1]
html
MD5: 4cd84a1b063bf6dea53e06755ef9e24d
SHA256: 988cc4b451673f847d823c9d9ba14ad50d3ca1141bc1e17c6415b8f64b6e1c22
3112
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b7eec437f1cb6689cf6c197a4f523b12
SHA256: 53c9aec29fc0289180e55b6e497c79371ef4114a0b13ce73388b74d507747660
3112
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 87207d666992ea0e19bc45627d12d977
SHA256: 6d971221e0b3c7c754dc4ccdb801904d23eb62464114a280eca08ab2dcd08826
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\url[1].txt
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\url[1].htm
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF198a54.TMP
binary
MD5: 49718ee3c6cb29d31549c936eff7d86c
SHA256: b377bd95ec825a254d02d4340183c12b7906dbffa64f379fcba73bb4574a6533
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\OF[1].htm
html
MD5: ba1688109aa4dd58cf4158244ecba38a
SHA256: 2dcdc1229f02cfcf73696c92e04493a067fe40be73010c306d11b3217b57d6aa
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 0c9c2d222bda67d2eeaf18ff7e291dae
SHA256: e16326b06aa58ca1fc71539d9ddad2460bfafa59f125bba642246c3a897708e0
1612
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF18d3b6.TMP
binary
MD5: 0c9c2d222bda67d2eeaf18ff7e291dae
SHA256: e16326b06aa58ca1fc71539d9ddad2460bfafa59f125bba642246c3a897708e0
1612
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YQ0MMWJEMZIK3FSLIOIH.temp
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9735E623-E342-11E8-9C83-5254004AAD11}.dat
binary
MD5: b1ea004edb59212344e176132ec528ab
SHA256: dfb42e33d4d2881ee4979bb1af0a482869dd73b87e7cb09f4d8090a13df3fde2
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF445377C2DE3553A5.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: 6111c69f3a2b175c50af9710ad282182
SHA256: b665ac1b3298ef2019b211028dba11e36387b47976b356b3348aa306d4d17cca
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{B103491F-E342-11E8-9C83-5254004AAD11}.dat
binary
MD5: 8ef358dfe8502da67ad56ebe67c5a9cb
SHA256: 0daef8106d5dd4e1183b74fd6f69b93c96ad3ef46363ed1a50f896b0db573628
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFAE843B1179ED1058.TMP
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFF49147E153E60EC0.TMP
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\LL1[1].htm
html
MD5: 5e1e928db1a917240496e67305b6ac09
SHA256: 22a6eafe0603d6ab22e365a07aeaf2ae0eb4fe9db5a952cc304f4279b533ed9b
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\LL1[1].htm
html
MD5: 5e1e928db1a917240496e67305b6ac09
SHA256: 22a6eafe0603d6ab22e365a07aeaf2ae0eb4fe9db5a952cc304f4279b533ed9b
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].htm
––
MD5:  ––
SHA256:  ––
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\LL1[1].png
image
MD5: 6b97ed8cb0dcd102216220231f6b82ba
SHA256: 80005e519c9f37c4e4ea12b2e19d53376f268f318e99bcf8731f76899885a809
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\MaskedPassword[1].js
text
MD5: 093b948a3133ccde7091158531d5d63e
SHA256: 2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\LL1[1].htm
html
MD5: 5e1e928db1a917240496e67305b6ac09
SHA256: 22a6eafe0603d6ab22e365a07aeaf2ae0eb4fe9db5a952cc304f4279b533ed9b
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].htm
––
MD5:  ––
SHA256:  ––
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: 164f7c5970b6400313a57443baf6ed4d
SHA256: 78275fab29499777ffa2e37db0eda6aa3b71fd7ae19936848c963896f5f7bc23
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109\index.dat
dat
MD5: 2e89c8f6fbcd6972749604c557731849
SHA256: 54abcd667e0f123892ddc21fb8f30b710b4deed5f32ddf796392cd738a6b8fbe
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\landing-devices-bg[1].jpg
image
MD5: fbeaf13996d872780bda8ca2ad200469
SHA256: e8f80990badd44fd6d05b66b116d0ae7cba88ccaeae01805035263ce272937b7
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\outlook[1].png
image
MD5: 6ec5d7c8db94bfba6272598af602593a
SHA256: f5abe79538714148a390de1c7d7d568746510a32e14b37feacc4812155825558
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\oneDrive[1].png
image
MD5: 0687a1330a816d19c12cb00682bfe01d
SHA256: c010eda9ab4ad066a43d0b7fd4fe7f2be2e849af38db2e0b4af109ea7bcd5593
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\office[1].png
image
MD5: 4dfcf323758894583269dcd89e8e562b
SHA256: 685f77342ca77f562bb319cf666966ebd283ba9ad568148bf4d6f66d5fa08eb5
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\mem5YaGs126MiZpBA-UNirkOUuht[1].eot
eot
MD5: 7728dd9fbbce1c14cfbf8579d7a867a1
SHA256: 19dd2f3de8419b4e245c149599b96bcdb4ac37c2600aa7e91e46439f07fe16aa
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt
text
MD5: b6aef20f9c6ce491be80d4a874376f14
SHA256: 9f2be3f853c034c1aff66b695e50bba1b84174ee3024f46da9250961de9b5988
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\style[1].css
text
MD5: 2b99a0514111df728c87f751d8417b6e
SHA256: 697c5c68eff0ac91a4bff701f334f82c45ce9712b9db549e7e04242dc7ff39fa
3112
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\pdf[1].htm
html
MD5: deb4060e925e6054ec15fd9f85657736
SHA256: 58c2cf0c6651c9f4ef67aa433f960adbc188cf28a653c862fd050a254190c513
1612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
26
TCP/UDP connections
12
DNS requests
7
Threats
8

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1612 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/ RU
html
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/css/style.css RU
text
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/images/landing-devices-bg.jpg RU
image
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/images/oneDrive.png RU
image
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/images/office.png RU
image
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/images/outlook.png RU
image
malicious
1612 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/favicon.ico RU
html
malicious
1612 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.htm RU
html
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/live_files/LL1.png RU
image
malicious
1612 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/favicon.ico RU
html
malicious
3112 iexplore.exe POST 302 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.php RU
text
image
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.htm RU
html
malicious
3112 iexplore.exe POST 302 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.php RU
text
image
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.htm RU
text
html
malicious
1612 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/OF.htm RU
html
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/ojomu/OF1.jpg RU
text
image
malicious
3112 iexplore.exe POST 302 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/OF.php RU
text
compressed
malicious
1612 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3112 iexplore.exe GET 304 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/OF.htm RU
compressed
malicious
1612 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3112 iexplore.exe GET 304 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.htm RU
text
image
malicious
3112 iexplore.exe POST 302 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.php RU
text
compressed
malicious
3112 iexplore.exe GET 200 5.101.152.56:80 http://alb-grup.ru/tyoinvur/web/chulz/Voicemail/secure/ssl/one.drive/pdf/LL1.htm RU
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1612 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3112 iexplore.exe 5.101.152.56:80 Beget Ltd RU suspicious
3112 iexplore.exe 172.217.168.74:443 Google Inc. US whitelisted
3112 iexplore.exe 172.217.168.67:443 Google Inc. US whitelisted
1612 iexplore.exe 5.101.152.56:80 Beget Ltd RU suspicious
3112 iexplore.exe 54.148.84.95:443 Amazon.com, Inc. US unknown
3112 iexplore.exe 172.217.168.36:443 Google Inc. US whitelisted
3112 iexplore.exe 104.45.0.24:443 Microsoft Corporation NL whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
alb-grup.ru 5.101.152.56
malicious
fonts.googleapis.com 172.217.168.74
whitelisted
fonts.gstatic.com 172.217.168.67
whitelisted
www.sitepoint.com 54.148.84.95
whitelisted
www.google.com 172.217.168.36
whitelisted
login.microsoftonline.com 104.45.0.24
104.45.0.26
104.45.0.17
whitelisted

Threats

PID Process Class Message
3112 iexplore.exe Potentially Bad Traffic ET CURRENT_EVENTS Generic Multi-Email Popupwnd Phishing Landing 2018-01-25
3112 iexplore.exe Potentially Bad Traffic ET CURRENT_EVENTS OneDrive Phishing Landing 2018-02-12
3112 iexplore.exe Potentially Bad Traffic ET CURRENT_EVENTS OneDrive Phishing Landing 2018-03-08
3112 iexplore.exe Potentially Bad Traffic ET CURRENT_EVENTS OneDrive Phishing Landing 2018-05-01

4 ETPRO signatures available at the full report

Debug output strings

No debug info.