General Info

URL

http://free.mapsgalaxy.com/index.jhtml?partner=UXxpw967&s2=1485833701805705809&s1=722388

Full analysis
https://app.any.run/tasks/67e72ca8-12ad-4268-a61b-5bf649caa185
Verdict
Malicious activity
Analysis date
6/16/2019, 21:06:27
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3032)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2956)
  • iexplore.exe (PID: 3488)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3032)
  • iexplore.exe (PID: 3488)
Changes internet zones settings
  • iexplore.exe (PID: 2956)
Application launched itself
  • iexplore.exe (PID: 2956)
Reads internet explorer settings
  • iexplore.exe (PID: 3488)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2956
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://free.mapsgalaxy.com/index.jhtml?partner=UXxpw967&s2=1485833701805705809&s1=722388
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll

PID
3488
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\feclient.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll

PID
3032
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
475
Read events
392
Write events
81
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2956
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041120190412
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{E0BDC613-9069-11E9-B3B3-5254004A04AF}
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060000001000130006002C00CF00
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060000001000130006002C00CF00
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060000001000130006002C00AA01
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060000001000130006002C00C901
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
126
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060000001000130006002C003602
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
89
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061620190617
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061620190617
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061620190617
CachePrefix
:2019061620190617:
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061620190617
CacheLimit
8192
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061620190617
CacheOptions
11
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061620190617
CacheRepair
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
D13D75B17624D501
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
8DFC75B17624D501
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Type
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Flags
0
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E307060000001000130007000700B703
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Count
2
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore
Time
E307060000001000130007000700C603
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2956
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307060000001000130007000700E103
3488
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061620190617
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061620190617
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061620190617
CachePrefix
:2019061620190617:
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061620190617
CacheLimit
8192
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061620190617
CacheOptions
11
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019061620190617
CacheRepair
0
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
32
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
32
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
0
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
0
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
224
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
224
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
272
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
272
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
369
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
97
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
503
3488
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
231

Files activity

Executable files
0
Suspicious files
0
Text files
49
Unknown types
9

Dropped files

PID
Process
Filename
Type
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\mg_chiclet_mapsearch[1].png
image
MD5: 5400217af594dc6cdeadba628c0be3e3
SHA256: 5e148e6e6dd49a2c9ba7b4ec1ebbdaf54f518979e7b85d371de738b6cbe54983
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\223755648[1].png
image
MD5: 069162010df9fabc62642bd35a332fbc
SHA256: f9eafb0c37191354da325e387fc0dea86435d7fe4a9597ab65a0cee998a463c6
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\223755667[1].png
image
MD5: 9515f502fac54ff43f1011be400ba18e
SHA256: 78c787b63131d8e6a957e42a81732d7e6ef06d2f38c4ae9889ecb276a43c8977
3488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: cd2e5342a9a07c8ff6b5c2b0dfe075e8
SHA256: a42fc2a4a2a16008b2d81b70e90797103169e6b537bc3c5719ad214a073620ea
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\mg_chiclet_traffic[1].png
image
MD5: ff6988ae625a185be30f90d7a084b62e
SHA256: 4d0fdcbcf1b3523150dd4afc4c540c9be369cd75ca320174d4ab83550e9fde62
3488
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q1NTL83H\ak.staticimgfarm[1].xml
text
MD5: 7d98b5b37d64cde0d733303003eebc55
SHA256: d672a13c73e73a45e77b77af37afbb03ce8ab52fc5fcb8f837447d82b1e3843c
3488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 52c205a6aa1bae0b3f05ad944143a5bc
SHA256: eb503749fc0e5b7592c1d3472ddf9fbdd7b55805af6735491a7b347c695f5d71
3488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\chiclet_amazon_black[1].png
image
MD5: f044e5f2eaef0fa7bd42f55b664e0841
SHA256: 6f5787d01d032420485f87f145c1a209c31268e2464b1a4fc220ceaff5f7145c
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\gmail[1].png
image
MD5: 433b8502243bd7a0c64167ceb3b90ea6
SHA256: 119e1ab1fea8ca3dd8cea688c8514127087a7682cc582db66ab31b5c8cd65ebc
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 844444a53d1854508bcdf1657dfc22e1
SHA256: 91f68a8d1898cf32740b417a800582e352404ffc6836587de8b5ed2d5ec86603
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\youtube[1].png
image
MD5: 9eb31c0bcbe7c0951f3f6f1d4d0a34f5
SHA256: 5a96ba8927e0b85f922dffb6404f7385052479b237aedc961ebf528a8ee30fe1
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\facebook[1].png
image
MD5: 1e997e6f9059f1c4e8f12a7808d59479
SHA256: f73e587c85322597e49465d9feb5c52d1f12a6b9eb694922271a999d16274ab3
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\macys[1].png
image
MD5: ecb347441433ef9cadcfa86ae321a98c
SHA256: ac8ff6c8b351fe492ab1b6892b311542be1169cc4a3614127d25b0f8689ae3d6
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\chiclet_priceline[1].png
image
MD5: 42c2533944f8102b1c2beba419fcacd6
SHA256: d96450373455dfe3a37d4968abafa9b821e4af2d58ac64f21b053b53a3169ae8
3488
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q1NTL83H\ak.staticimgfarm[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\chiclet_booking[1].png
image
MD5: 76262e6be07becebdc237e213eb39801
SHA256: d477de4e2d999862f5723575e1d2764467f60b215ee7205ddef98a1826444b26
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\mg_chiclet_tools[1].png
image
MD5: 707b6191e14a41c8bdf412b34df984ee
SHA256: 76f5a07beaf71e813b2c4a19a7487e0aaea238d532ccba73b4652dad5aa15a7e
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\ttdetect[1].html
html
MD5: 43ca599a05501246c367c16ed6e20393
SHA256: b61fd5ff6325e72f1a8eb9613405ada5a58fbcd984fec1411508e4934389d8f2
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\chiclet_trivago[1].png
image
MD5: 4e891f6d5a5c6c12eb1bb8810210f9c6
SHA256: 7e431d4562c8601781d8314c7762dac4d9fb93b320058ae062d58c98eac38baa
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\mg_chiclet_peoplesearch[1].png
image
MD5: adf57d8bd5f642730bd4f46d4d001614
SHA256: b37503197fe140a695e836f7b647e03daebdc4d9339a8c7721f80f8d2bb3c38b
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\mg_chiclet_maplinks[1].png
image
MD5: 402dad011431c41f352734ae2265d0f5
SHA256: 86377ba8468a93c74e6a6b2d08dc931738ffe85a2149f347ae26be39adf67ba1
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\MainIcon[1].png
image
MD5: ce46f6b3a74b8df7be86ea77a5f6d87d
SHA256: e05a14884955edcfaa6df1ed91e0ecc32ed98dca5ca0eb152140e835a997e9ac
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\224099359[1].png
image
MD5: e7c1a5f21053c1d653eb80e1ae1d06e0
SHA256: 3139a2deeebacdfc1007efd8bed049e39a337c8db9de96438cdba97bfeed6905
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\262a0fe5.PlayMusic[1].png
image
MD5: 8d85c6a616574dea0707cffd403097ae
SHA256: cf8163c3f3faa9c7e00f9bdd8ef26f4b4ec64aa1961c0e7940b041a3f0f48123
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\223755676[1].png
image
MD5: 96c98320fe5669b8d177cf5975f95567
SHA256: ab2f93b734b498ea4ebdb5c9e56b2130b7d8880bb85a96422f1f274fe2fe3787
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\223756500[1].png
image
MD5: c7f5244bc88d4c5069f32b01a6e1f97e
SHA256: 2e8ce650769f10b906f60054cd40a762a0efd94742d3c348293ccfcb61aa9f01
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\down-arrow[1].png
image
MD5: 3724b871993686b0c1e8098d714afbbc
SHA256: d8715d730c57514730ba40d9ed08db6e8946d9709905070203a858c343fd490e
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\223755663[1].png
image
MD5: 1b37fcfa30d79f92b7669a0c9208777f
SHA256: 603ed054d4d5cb3687584551cbcc1b84de1a4fe412a276c2e523cdc2f2a68e8d
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\en[1].png
image
MD5: 96e02ad54706267ad7b18ba797dddfbd
SHA256: 857579b5466da4b80cf6cdb6490d7c756f3d78ac72f25342c455afc8599565bf
3488
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2LTOV4TO\hp.myway[1].xml
text
MD5: 38cd85fd6725950045e1af11f7372865
SHA256: e14f6b78de59155e7f4087aad0cc343bb425e4098a9bcfe3fbe70baedaad4b6f
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\229034201[1].png
image
MD5: 94fb0cfe958d4273b0caa130d4f6fcb5
SHA256: d847cabc835ef0bb51e5eb44009f838ff55227681612e707dfb8b0aaedde3b8a
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\223754551[1].png
image
MD5: e8d7c88590d60cf3ad4ad0ae6a1c84b5
SHA256: 9b18caf884a0e0c3fc18d4291060f2e5c5f5f72b6a13354eb7ce28a65d4fbf3f
3488
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 8bb541af3adb1d0bba1878f3e900a553
SHA256: 4102cd5ebec4053b96d11dab542852095e298e2c0c2b9c0fb3d7bbbd19f225bd
3488
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2LTOV4TO\hp.myway[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3032
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\app[1].js
text
MD5: 3946b9079231d861c37e7d3c6180263c
SHA256: 8bfd307275b3b1cc0c4e3eb06c10e03fddab09d884ffc16e085f0fbc788bb59b
2956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\UX[1].ico
image
MD5: c5e6155cfdef69357a26d3bd446ee028
SHA256: 44f8120db18bb84332ffd927c5603be9aef67f7e09871af17ecb6a65e0a20dab
2956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061620190617\index.dat
dat
MD5: 9ae208e774e61d3361eb2f653b6a646d
SHA256: 531c500e84c1fe58a9608cec59ba9bc747a3a1eb835d2da7068ce56ccaa37d09
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019061620190617\index.dat
dat
MD5: c5f5e64d1a595ce216ed2387bb069634
SHA256: e1960500748b8745846b2a7d120c521b609777cf76abcfc4dbb69e5a11944eab
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\ie8[1].js
––
MD5:  ––
SHA256:  ––
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\google_enhancedby_v2[1].png
image
MD5: 0a5e4c4bd6297a7ae1c173759bb38bc0
SHA256: a5903b0dbb0706d1c36535224818b759772a6cc111670c803e8a65434d7f0a84
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\UX[1].png
image
MD5: 5f5926b29effd945c00f724b47f5062f
SHA256: 39d2e748b3dad1b3b7d51767f464513c4ef634bf7909f119b99a5a1d5c68ecf2
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\index[1].html
html
MD5: 08c987fbd499d21e65cd5602b2e86b0a
SHA256: fe61559d287c11ca4da322c15506a426062fc12fb416f826cc0ffd40f6113e99
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\index[1].jhtml
––
MD5:  ––
SHA256:  ––
3488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: da371c15c59b3abf839b121d0315887a
SHA256: e2be7aa7d685a2ba09351328e7173019f7c1962fadd61a44460e8999c2c675d1
3488
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: fddc4407a5e7a31ae0aaf72b5b1416be
SHA256: de4a3776d4a07f6519e9aa7957413684e3b79873cadefe5a8ea5626f7ba2a8e1
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\index[1].htm
––
MD5:  ––
SHA256:  ––
2956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2956
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: cb72bc80fd530d4a781446447ac93d30
SHA256: ab56a2829bd99ca7d3e73a98c8b4e1ce07381851a3510788161ba16a0d2650f1
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 6df8f4744b244281a649044553e2ded6
SHA256: 0992f8f07ac48a4d2239963deed7f4420f879f7ff114da82337d919b4bc01b22
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S95MNDXZ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTB0JW25\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAMG2XJY\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9XPUBJ\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2956
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3488
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
38
TCP/UDP connections
17
DNS requests
5
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3488 iexplore.exe GET 302 35.244.218.203:80 http://free.mapsgalaxy.com/index.jhtml?partner=UXxpw967&s2=1485833701805705809&s1=722388 US
––
––
malicious
2956 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://hp.myway.com/mapsgalaxy/ttab02/index.html?n=78586F73&rd=unsupported&p2=%5EUX%5Expw969%5ETTAB02%5Ede&si=722388&ptb=49725171-999E-4C8F-9C77-F43694167D7E FR
html
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://hp.myway.com/mapsgalaxy/ttab02/assets/1560454164590/ie8.js FR
html
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/search/google_enhancedby_v2.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/logos/UX.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://hp.myway.com/mapsgalaxy/ttab02/assets/1560454164590/app.js FR
text
whitelisted
2956 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/vicinio/chrome/spent/images/favicon/UX.ico FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html FR
html
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223754551.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/down-arrow.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/localization/searchbuttons/en.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/229034201.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223755648.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223755663.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223755667.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223756500.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/223755676.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/assets/searchbar/224099359.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/radio/com.mindspark.radio.noBranding-en/images/262a0fe5.PlayMusic.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/widgets/weatherblink/com.mindspark.weatherblink.unbranded-en/images/weather/MainIcon.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/MapsGalaxy/mg_chiclet_mapsearch.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/MapsGalaxy/mg_chiclet_maplinks.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/MapsGalaxy/mg_chiclet_traffic.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/MapsGalaxy/mg_chiclet_peoplesearch.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/MapsGalaxy/mg_chiclet_tools.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_trivago.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_booking.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/facebook.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_priceline.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/youtube.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/gmail.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/macys.png FR
image
whitelisted
3488 iexplore.exe GET 200 2.21.36.155:80 http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_amazon_black.png FR
image
whitelisted
3488 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=3E2F8137-7A20-451E-93DA-5F7455B5257E&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fmapsgalaxy%2Fttab02%2Findex.html&anxl=en&anxlv=0&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxt=49725171-999E-4C8F-9C77-F43694167D7E&anxp=%5EUX%5Expw969%5ETTAB02%5Ede&anxsi=722388&buid=fec8ff7c-f67f-4cad-aee9-117128b1d089&pageType=tab&productData=%7B%22pageLoad%22%3A1%7D&anxe=Heartbeat&anxr=846880743 IE
––
––
unknown
3488 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=3E2F8137-7A20-451E-93DA-5F7455B5257E&anxa=CAPOne&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fmapsgalaxy%2Fttab02%2Findex.html&anxl=en&anxlv=1560712029163&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&anxt=49725171-999E-4C8F-9C77-F43694167D7E&anxp=%5EUX%5Expw969%5ETTAB02%5Ede&anxsi=722388&buid=fec8ff7c-f67f-4cad-aee9-117128b1d089&pageType=tab&anxtv=webtooltab-2.1.1&fParameter=00000050&coid=&productData=%7B%22pageLoad%22%3A1%7D&anxe=ToolbarConfig&anxr=2024529515 IE
––
––
unknown
3488 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=3E2F8137-7A20-451E-93DA-5F7455B5257E&anxa=CAPSearch&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fmapsgalaxy%2Fttab02%2Findex.html&anxl=en&anxlv=1560712029178&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=5&anxt=49725171-999E-4C8F-9C77-F43694167D7E&anxp=%5EUX%5Expw969%5ETTAB02%5Ede&anxsi=722388&buid=fec8ff7c-f67f-4cad-aee9-117128b1d089&pageType=tab&productData=%7B%22pageLoad%22%3A1%7D&anxe=TabPageView&anxr=1872514131 IE
––
––
unknown
3488 iexplore.exe GET 204 74.113.235.189:80 http://anx.tb.ask.com/anx.gif?anxuu=3E2F8137-7A20-451E-93DA-5F7455B5257E&anxa=WebTooltab&anxv=webtooltab-2.1.1&anxd=-&anxsn=&anxu=http%3A%2F%2Fhp.myway.com%2Fmapsgalaxy%2Fttab02%2Findex.html&anxl=en&anxlv=1560712029163&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=4&anxt=49725171-999E-4C8F-9C77-F43694167D7E&anxp=%5EUX%5Expw969%5ETTAB02%5Ede&anxsi=722388&buid=fec8ff7c-f67f-4cad-aee9-117128b1d089&pageType=tab&productData=%7B%22queryString%22%3A%7B%22n%22%3A%2278586F73%22%2C%22coid%22%3A%22%22%2C%22dpr%22%3A%22%22%2C%22pixelUrl%22%3A%22%22%2C%22rd%22%3A%22unsupported%22%7D%2C%22innerWidth%22%3A1276%2C%22innerHeight%22%3A560%2C%22userFontSize%22%3A16%2C%22pageLoad%22%3A1%7D&anxe=PageView&anxr=583639396 IE
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 35.244.218.203:80 US malicious
3488 iexplore.exe 35.244.218.203:443 US malicious
2956 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2956 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
3488 iexplore.exe 2.21.36.155:80 GTT Communications Inc. FR suspicious
2956 iexplore.exe 2.21.36.155:80 GTT Communications Inc. FR suspicious
3488 iexplore.exe 74.113.235.189:80 Mindspark Interactive Network, Inc. IE unknown

DNS requests

Domain IP Reputation
free.mapsgalaxy.com 35.244.218.203
malicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
hp.myway.com 2.21.36.155
whitelisted
ak.staticimgfarm.com 2.21.36.155
whitelisted
anx.tb.ask.com 74.113.235.189
unknown

Threats

No threats detected.

Debug output strings

No debug info.