General Info

URL

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsecure.virtru.com%2fstart%2f%3fc%3dbarebones%26t%3dbarebones-1-0-2%26s%3dbrooke.loske%2540mykeymortgage.com%26p%3d0854fd0a-c1d4-4e74-9015-544f58774e99%23v%3d3.0.0%26d%3dhttps%253A%252F%252Fstorage.virtru.com%252Fapi%252Fpolicies%252F0854fd0a-c1d4-4e74-9015-544f58774e99%252Fdata%252Fmetadata%26dk%3dg28jd73B%252FofBoSGhbXFeN7%252BaID1%252Bkr9XvijEdmO6f0c%253D&c=E,1,N_aD1WYmIpn7Vk1qBU_Ec24BJ9zMyMOmXe7Em581QW4VTaPRdV4Qz5jqDSL5-5MNsnarqQwoKEsJium7wQV4HNeKXE0W7PyNyGYRAiMW&typo=1

Full analysis
https://app.any.run/tasks/8ffaa446-bc34-45a2-a076-948206b1a6b9
Verdict
Malicious activity
Analysis date
8/13/2019, 20:27:14
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Executed via COM
  • sdiagnhost.exe (PID: 2296)
Executable content was dropped or overwritten
  • msdt.exe (PID: 2432)
Creates files in the user directory
  • iexplore.exe (PID: 3068)
  • iexplore.exe (PID: 3336)
Changes settings of System certificates
  • iexplore.exe (PID: 3336)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 3068)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3336)
Reads internet explorer settings
  • iexplore.exe (PID: 3068)
Changes internet zones settings
  • iexplore.exe (PID: 3336)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3068)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe msdt.exe sdiagnhost.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3336
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
3068
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3336 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\msxml3.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
2432
CMD
-modal 721252 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF27BB.tmp -ep NetworkDiagnosticsWeb
Path
C:\Windows\system32\msdt.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Diagnostics Troubleshooting Wizard
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msdt.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\atl.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\duser.dll
c:\windows\system32\wer.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dui70.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\sdiageng.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\version.dll
c:\windows\system32\sensapi.dll

PID
2296
CMD
C:\Windows\System32\sdiagnhost.exe -Embedding
Path
C:\Windows\System32\sdiagnhost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Scripted Diagnostics Native Host
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sdiagnhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\1c755e2849bee87c5f0f4758d2d51ae6\microsoft.windows.diagnosis.sdhost.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\8ac2425807a71c8133cfe1d40ba9ba67\microsoft.windows.diagnosis.commands.updatediagrootcause.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\9582f4042bd63965d8282ea15f63c934\microsoft.windows.diagnosis.commands.getdiaginput.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\a3c1bc5bfd402b4232df98aa5e5df103\microsoft.windows.diagnosis.commands.updatediagreport.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.windows.d#\b83e03dd807fb456c0bcceb3704c9702\microsoft.windows.diagnosis.commands.writediagprogress.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\20008c75bb41e2febf84d4d4aea5b4e8\system.serviceprocess.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msxml3.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll

Registry activity

Total events
573
Read events
462
Write events
107
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
3336
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3336
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{020BDFE7-BDF8-11E9-9885-5254004A04AF}
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D0012001B001F007400
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D0012001B001F008400
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D0012001B001F00F100
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D0012001B001F001001
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
72
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D0012001B001F00CC01
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
30
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
AskUser
1
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
043F99F80452D501
3336
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3336
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3336
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://virtru.com/
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
guitar.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
youth.cn
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
twoo.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
salesforce.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
dmv.org
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
hdfcbank.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
sahibinden.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
kakaku.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
bukalapak.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
steampowered.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
chan.org
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
twitter.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
pikabu.ru
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
globo.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
investing.com
3336
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url17
espn.com
3068
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3068
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814
3068
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
3068
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
3068
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
3068
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
2432
msdt.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2296
sdiagnhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2296
sdiagnhost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
2
Suspicious files
15
Text files
120
Unknown types
9

Dropped files

PID
Process
Filename
Type
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\DiagPackage.dll
executable
MD5: 2433e09c08c21455000f7e36d7653759
SHA256: ea9400e719fb15cd82d5dab4b7d8e3870bb375bbe11bb95b0d957a84fee2891c
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\en-US\DiagPackage.dll.mui
executable
MD5: 5d7936806e6855e2ecc2b095316d45d8
SHA256: 71a4559f9fd122914a95998e8685be638b8f81e581987708497e8f8a7a2f4dcb
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\qsml[1].xml
xml
MD5: 397e1a49dfbb180c8b220abf976e76e4
SHA256: d12635f8873379fda932b45dfb73cd6339e4518f061f2319c298b63e53b537a9
3336
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF3a231e.TMP
binary
MD5: b95f59b398ba77793c6fd40242d05c23
SHA256: 23d1cf7a234de8761ab3ff5ffbbeac937070dae90e3e28dba1682635c3520547
3336
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0IEEFWGAX6Y31XS0IVIX.temp
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: d1691424b930c65d85b4a5c940752436
SHA256: 0b3532e2c398caebb0d113daaea9dcdfca56d78f0ce74a915d9633c50eda8fe7
3336
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC858E4B3D9B93CE5.TMP
––
MD5:  ––
SHA256:  ––
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{020BDFE8-BDF8-11E9-9885-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{64DEEAC3-BDF8-11E9-9885-5254004A04AF}.dat
binary
MD5: 7f8f991a4eea008103097e4bc5d564fd
SHA256: e57fc8d262c427a33a4fcc4b21a31f9d8d8f592559b1dada3f99b57479256d81
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{64DEEAC4-BDF8-11E9-9885-5254004A04AF}.dat
binary
MD5: e29465f3f97cb54ebc7593f53116cc0e
SHA256: 677dcfeea83c1c496f5bcb766eb382c3993762a6d5697d758fe45a6c01f7b78a
3336
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF890E0B3C3AC63B19.TMP
––
MD5:  ––
SHA256:  ––
3336
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF83E4619482D4206C.TMP
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[2].png
image
MD5: 7e765f1c4cb20568118ed55c0b6ffa91
SHA256: 5678ee6a1f605d6ada6230003a8d9c182869e1f40d02d414b368cc820c9a97b8
3336
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: be3868fb5d8ca0d0509baee7546fa2ba
SHA256: 53afe14846427bb6c6486e47e5d3b12d44a5f0d30c9df319fe6326f44bc72743
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\hsts-pixel[1].gif
image
MD5: df3e567d6f16d040326c7a0ea29a4f41
SHA256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\16386877_10212259962194061_8525844850939675363_n[1].jpg
image
MD5: c076788183051793d93366f9d6c541c6
SHA256: 15dd94d22863dd6ce0b12c204a7f9e2a9c181479a83230a3248243881796fe56
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\10177223_10203633160689415_1936441535_n[1].jpg
image
MD5: ad8dd4a8e44c908f29eccfe9f4d89ee6
SHA256: 85775a140f0a076fa37f2ab809837595fd4d0057b27c8d9d85630f38a17bf294
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\10366325_10208449243808483_4278944850879461256_n[1].jpg
image
MD5: 3c0a8b3d5353f345f702fbce40184d73
SHA256: 3061b4f5c1582f5eb9f03030499a3fd9095883f7f3badb0954d78ad1304be097
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\11164225_10206720935001843_610373240009971846_n[1].jpg
image
MD5: 2e103a59674cf22b51dad9be2ebf20b8
SHA256: 8ed23c1bb2b153d08582e9de7801985a6fc5aba6afab2fc1d9e2b5ed35082f58
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\10273416_10205608965043289_9010414273097335591_n[1].jpg
image
MD5: 4d4216022932fefcc5ac1233998f6b3d
SHA256: ed8dbe401f5bcb09e5a351b847b4a1bf35dfc7f8271f22b46ba64774f4b387ca
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\12654695_10208701919925228_2664985905697737169_n[1].jpg
image
MD5: 39e97d3b0c8f0fba7c9b641222cd1870
SHA256: 212744936b247b8c20eaa4304b89db1e28ebbe05ff70c56fef5509c4bacc5b01
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\10492238_10204457476616798_3025187172256876742_n[1].jpg
image
MD5: e79a9492a0c5b5489fbe7f2c29a74b37
SHA256: 9be8be2637ab0cc0bc7e4a2853ae3edc1592f7122da06952e0926e1cdcb15f3d
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\k97pj8-or6s[1].png
image
MD5: 65f2f1eb5798b53c504ed8de3d90c958
SHA256: e0ff2e0f45b6ac64540fe750795196238188e4e3a5ae9138318dd555b23a2eae
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: c5d8b2dca44a81f5d873ec14297bba63
SHA256: be65d7630f50719b6c8b01d2ba9004e428c4c8db923da19d2c5419da848627e8
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\brooke[1].htm
xml
MD5: fbbdfc927259659a0c7ad8814f347eee
SHA256: f192d7e740e843550daed0d2deb82dd5b279bf5534e0a91f95fa20dd44b3744d
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\brooke[1].loske
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\brooke[1].htm
html
MD5: c3226c1b359dc9a248f8de05e14ed211
SHA256: 3af87165231cf246fbb431ffd98ef0f33f3dc5aa30668301e665c136f4c655d9
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\r[1].gif
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\trans[1].gif
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\trans[3].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\trans[2].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\trans[2].gif
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a95264ae8683b1429a746bdbea21ec58
SHA256: 81fc85187000e5cfbf53b5c51512007ffb388d1a13d9ebc0e3839994626ded26
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 513f8912f47655b6dce181f3ee8efb1b
SHA256: 28cf3e5b070f921b1ed10b176549ae0e58feb8f38b3bc91e36b601b27d34d02f
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\search[1].txt
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\search[2].htm
html
MD5: 7c27bcbe53ff8d9209b1216fa1ea0347
SHA256: 3794086459450ed50257fe84c66c1a2c9d2a3fe10b3711a174ed8aba5e2df4b8
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\6a781d27[1].js
text
MD5: 375b00bba1f2ada568f19589ab1ee1ac
SHA256: f750f019f02ce11570c2e3cfc0c0f966e42d2a363d28bdb94e0c2273b1844ced
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\trans[2].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\trans[1].gif
image
MD5: 325472601571f31e1bf00674c368d335
SHA256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\Passport[1].htm
html
MD5: 232461ac46abfbe06a8a64325f27e147
SHA256: 1915cb755b5d98010425c3fedba14e8d0ad08da3ca24f3248ab159bbdfc6ed32
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\Passport[1].aspx
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\hamburger_flyout_desktop-2x[1].png
image
MD5: cc447abbcd81c72afe28ab7cd986d527
SHA256: 45e6acc92c241ca4306683ea4193b5a0d7977e1069f525dba46b04647f4e7e43
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\scfo[1].txt
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\Dropdown[1].txt
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\HamburgerServicesHeaderFlyout_c[1].js
text
MD5: b334bf5c8f96c458aeec3cb935a2314e
SHA256: 457222fbfe7d800a8f57d11c4ce573c09c6f9ecb65a88fd6ad9ef8a7969800e0
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\BlueIdentityDropdownRedirect_c[1].js
text
MD5: 6199eb6d9dc163dbc183f01de76e516f
SHA256: 114224a026b04a9d5fb63ee1bbafe5231ea994b4c3c4dca0739e33ebd4982506
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\th[2].jpg
image
MD5: 9a4fd5f705ddd24ed550336db903a8d9
SHA256: c39b8f55d03a2a120bcd6248cfdbce8790099e748623ebee384e6da8b587ad35
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\th[1].jpg
image
MD5: 17726ed2aa6e033b772fa913540a7b48
SHA256: f86cc6be17b35dc7f4971902db3b19a5160b0dd670a901cc83d4324d4643ef88
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\th[1].jpg
image
MD5: 2566a5b5de21191dadb935e4aa72e80c
SHA256: 2e4ceb341b4ba4a4b0e19f860fa834211706f8aa3e6011c739626240eeca24ff
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\th[2].jpg
image
MD5: 80deeb5421e50f14e90d0316da4fcea8
SHA256: b49bed5649992a1d391d56ec5cbdf7b4f3902bef9f6ba5f78c94018528594871
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\th[1].jpg
image
MD5: 0e1c6a3e6027f449c789781fc9195f35
SHA256: b61aaf0bf66da8db7c9b4fbf1f7795dc0d3f18cb319b617159b34065bfad8147
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\th[1].jpg
image
MD5: dfad81a82381b1187ff54f7b481af152
SHA256: 2fa6a1847f23dd1dae7e0277de324cabca674cece4d015928c783ef91dc3f7aa
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: e93f963a6f01ea6a1ba244e6258b5b6e
SHA256: 55124bd2f7ed8f9f5b8292f5626e7359408b6f5675e949a753c02778a02faffe
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\f2056989[1].js
text
MD5: a6c733aa5f25fedffec17814deabdf94
SHA256: 31603d185bc08890ea41eb0782454b46e63eaf17acd1f414a44411dcaa8b661b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\c8a849a4[1].js
text
MD5: 894f97022bcdacec38ab1094465e8c33
SHA256: 07e0cfae5679f6e5e28c74922e70bf3fc2778fed950ea250a4fdc8974dfce71f
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a8389fedc392df99bc65eb0b34facdf4
SHA256: c53c502f35b797b0cfd1cc4e2631999192080f14c00f1b32734664d81f5b3a91
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\41feb33b[1].js
text
MD5: 4770af635cf0f0f699f9df1c08c8ee80
SHA256: e25d36c1a0e996ff4157000ad9cc256996d06cacb256bcea6fc97d1da6e4113f
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\1f497ebd[1].js
text
MD5: 61de9440d1b6bad9e7a7968eeabbd773
SHA256: 89f44018160b842b4239b10cf6cb58ccde4700968b3b0c2c252ab808f9246b5a
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\40e1b425[1].js
text
MD5: 8aa44a43984d65ffc6df173e6e7b5aa7
SHA256: 6b7edfbfcd5f21a9db2a481d0fc00059dc4125a57b835f6987953f065b6b7bdb
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\e177b199[1].js
text
MD5: d6aed4b71913ff9b3192776d9bdbf0de
SHA256: ccdcef65bef50eb4f243ceb953aecac98fc6c43e2f9157ee7147d4ad612949b2
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\aea7e831[1].js
text
MD5: eee26aac05916e789b25e56157b2c712
SHA256: 249bcdcaa655bdee9d61edff9d93544fa343e0c2b4dca4ec4264af2cb00216c2
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\b8881a70[1].js
text
MD5: 77e5196d684493a206ff3103828bc2f0
SHA256: 1edf0a1d0b0709d73d015dcdedc9feb0a7ed7bd852fd2ff7374aed74dfcdd6c5
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\f1d86b5a[1].js
text
MD5: a5363c37b617d36dfd6d25bfb89ca56b
SHA256: 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\f8c6dd44[1].js
text
MD5: 0fd0568e7b5068e209ac15210ae56ff2
SHA256: b87a66df064550755c00f605c7463007675490e64346a26dd60246d00e8a09de
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\f2056989[1].js
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 6a014957bbfbe5304f2b7fcb7e18d8d2
SHA256: 9b208fbd16d16006087e4886442bd8ff75c1186ff181be35ea46d4b8fecf4758
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\9a358300[1].js
text
MD5: 26d5c5dd7c280fa90f88a152bb557441
SHA256: 63bf2c3d1a4b69ec7d9681bef931c76713da9c94cc5c1cf9d9f8b142917c9362
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: e98a8448abf8ea5cdc995b9022385c42
SHA256: 91ce691be6ca5b7c46447bea95889fd08a48a8df6ad164d191280b172c311f37
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 5e4f2d03524cab87940337c5eea0a510
SHA256: 4f20c04a31a3f42ca4871f6fdc6b96521167d22a3763da07578e5b94c351e65a
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\SharedSpriteDesktopRewards_022118[1].png
image
MD5: c09d4534235590945d51d409bd94253d
SHA256: 5c3ab16d060ea34170af5ee489f38bf2c4beb7f0b0a8be6bb8183aca68dc74e0
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ea4372cfcad8ca92b717b513c876b814
SHA256: b004a5c97dc33ad86d03785f02ef34e6b9cac69e1894d9e8b276eda0760a4f94
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\search[1].htm
html
MD5: 2afa6245a08469e693f69d65f63a484d
SHA256: 6a530b2a819e3b21e84321b00a114d756820707a0b82d04d53454d763a9ebb9d
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 46c68e90a0aad1b203db4d1fbce597bc
SHA256: d00f678199fdacbff18921082df6bfe0f7b1813a48326bac1269e9a2c15664ee
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\qsml[1].aspx
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\qsml[2].xml
xml
MD5: 333e332d702782d949b7c616a64821f1
SHA256: 4270d17432b0e54b6374eb7f76af7314b682757b8c74b657cef874ba775132ea
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\qsml[1].aspx
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\qsml[1].xml
xml
MD5: 084d498360633564bd26e910fbd9e570
SHA256: f940adca640c39a603f851afd007643b27678b74c171788fd04bf286caf18d38
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\qsml[1].aspx
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\qsml[1].xml
xml
MD5: 2286c4041e714f3e694682bb5f306318
SHA256: c1b92135ba262f6d86c0a7688c7f95e2ad7c23ad68b9d42d71a074d061e5079a
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 476bd34e5336500af8abdf01fac8e02a
SHA256: 236fff0024094295d0a2a3a47857652fbb2f43f57706f82851eabae86b3c74c3
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 0a26d716aaa125e4faa5169343190ea8
SHA256: db07a723a1d207dc7331b81bed25b2f02dea81326471589057ed3991ef56f153
3068
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: a08da7bf31fe7aa494139cf350680f7b
SHA256: e8ac469aab97acc96b65eab258dfd0218cb1be1e444595d33f64ca24f32f79bf
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\latest.cab
compressed
MD5: 2eb36c96c984abe3c7484379dd103f19
SHA256: b83991992f108d06e265da80c0d8be7de1f424daeff66f3d04d39cc822a6d9de
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA7728.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA1C91.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA29EF.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA47A6.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA1C83.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2019081318.000\DebugReport.xml
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_cab_09b82d0a\Report.wer
binary
MD5: 5f40a50e2dbab357f8dbfcf078280ff4
SHA256: ab0e83b43eeed54bb2fb5e0fab6041514a11854091ed8278d0dccbeb366aca22
2432
msdt.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_cab_09b82d0a\Pkg2CAD.cab
compressed
MD5: 8f1bd32cb5263138a6e8749915b078d1
SHA256: a8cdb2b35ad058e4353112f63e3cc35795908a375ae64dc0a0313162e5bd895a
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA31F2.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA7B66.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA39CD.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA562.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\PLA1FB4.tmp
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\msdt\_16E1C357-58E4-4A95-9EE0-1A577252B299_\Pkg2CAD.cab
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\latest.cab
compressed
MD5: 8f1bd32cb5263138a6e8749915b078d1
SHA256: a8cdb2b35ad058e4353112f63e3cc35795908a375ae64dc0a0313162e5bd895a
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2019081318.000\results.xml
text
MD5: 840b413cbf5e57a93deecff7e76cf260
SHA256: de5825ee63dd98ca86f86652ff81ac75380b3ac4d880ab44d8984b8bf531ffae
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2019081318.000\NetworkDiagnostics.0.debugreport.xml
xml
MD5: 502670d4fc0c30666e72de9c5b6d1b05
SHA256: b6a70afdfeaec368b13696fd728a56e256807bf182cb14ff83dbb07913de499d
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2019081318.000\ResultReport.xml
xml
MD5: 568fb1ccad9b6f7bb3f9419de70d4ead
SHA256: 18a91c898f8016ad78f48c8a1b98234e365ef85af88931edd585b0fd7a904378
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2019081318.000\results.xsl
xml
MD5: 310e1da2344ba6ca96666fb639840ea9
SHA256: 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
2432
msdt.exe
C:\Users\admin\AppData\Local\Diagnostics\460911090\2019081318.000\resultreport.xml
xml
MD5: 568fb1ccad9b6f7bb3f9419de70d4ead
SHA256: 18a91c898f8016ad78f48c8a1b98234e365ef85af88931edd585b0fd7a904378
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\result\DebugReport.xml
xml
MD5: 502670d4fc0c30666e72de9c5b6d1b05
SHA256: b6a70afdfeaec368b13696fd728a56e256807bf182cb14ff83dbb07913de499d
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\result\ResultReport.xml
xml
MD5: 5e3c07c9abc210748496bf3129c89f1d
SHA256: 4885029b02bc6d2f8ae370755fd98886827caecbc6fcdfdde371e140216688f7
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\result\results.xsl
xml
MD5: 310e1da2344ba6ca96666fb639840ea9
SHA256: 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\UtilitySetConstants.ps1
text
MD5: 0c75ae5e75c3e181d13768909c8240ba
SHA256: de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{020BDFE7-BDF8-11E9-9885-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\en-US\LocalizationData.psd1
text
MD5: dfc212122eade84d83607ba672a06114
SHA256: cec7595c6607862fb8b633468272c2118253ec77b47901aace7cd94f4f6c1f0b
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\NetworkDiagnosticsVerify.ps1
text
MD5: c0bb6343bd0f6f9b46b33e4b66106953
SHA256: eb9bc61668a93759d0127a11cdfc03e924100d69c7e6457feaa89330474c90c3
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\NetworkDiagnosticsTroubleshoot.ps1
text
MD5: 1d192ce36953dbb7dc7ee0d04c57ad8d
SHA256: 935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\NetworkDiagnosticsResolve.ps1
text
MD5: a7b957f221c643580184665be57e6ac8
SHA256: 8582ef50174cb74233f196f193e04c0ccbbee2aed5ce50964cbb95822c218e7f
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\DiagPackage.diagpkg
xml
MD5: c9fb87fa3460fae6d5d599236cfd77e2
SHA256: cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\HTInteractiveRes.ps1
text
MD5: c25ed2111c6ee9299e6d9bf51012f2f5
SHA256: 8e326ee0475208d4c943d885035058fad7146bba02b66305f7c9f31f6a57e81b
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\UtilityFirewall.ps1
text
MD5: b004afc224e9216115ec3b0bf5d43ba2
SHA256: 31b97632ca31d1bb21917a07757b2ff415dbb6a4e7dd7b533ecc52431acf65b5
3336
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: b95f59b398ba77793c6fd40242d05c23
SHA256: 23d1cf7a234de8761ab3ff5ffbbeac937070dae90e3e28dba1682635c3520547
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\UtilityFunctions.ps1
text
MD5: 2f7c3db0c268cf1cf506fe6e8aecb8a0
SHA256: 886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\InteractiveRes.ps1
text
MD5: 25b8543dbf571f040118423bc3c7a75e
SHA256: d78e6291d6f27ac6febdcf0a4d5a34521e7f033af8875e026df21ba7513ab64a
2432
msdt.exe
C:\Users\admin\AppData\Local\Temp\SDIAG_761d28ca-4193-4346-bd00-c484b6ffae72\StartDPSService.ps1
text
MD5: a660422059d953c6d681b53a6977100e
SHA256: d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813
3336
iexplore.exe
C:\Users\admin\AppData\Local\Temp\NDF27BB.tmp
binary
MD5: 925f64783c73020b5d964f1511751d2f
SHA256: a0cd8968627c2c8f218373f0570cad60fb129548aae5bd7eb6150f3acab0486e
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\up[1]
image
MD5: ad170429858fc4ba12b8a2b1efd438d6
SHA256: 4d405baff1a0cec7c97c789012923383a3df0e86fe86592e3cd45dd82b92a53c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\favcenter[1]
image
MD5: 25d76ee5fb5b890f2cc022d94a42fe19
SHA256: 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 5b62c13d97d3e9a8a72d46ca5136dcab
SHA256: 4f053c5055e702bb748e9931d4931cc3474c241f98c488fd3d9f49d2b0ddb238
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\tools[1]
image
MD5: 6f20ba58551e13cfd87ec059327effd0
SHA256: 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\noConnect[1]
image
MD5: 3cb8faccd5de434d415ab75c17e8fd86
SHA256: 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3FAOCGA\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\dnserror[1]
html
MD5: 68e03ed57ec741a4afbbcd11fab1bdbe
SHA256: 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 5d3b138eb90258f5923d3c417b9354aa
SHA256: 5108560216b926216fc4488011b0438adc2def9f88e29b9a8475f47204257e04
3068
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 6e78578939935dddf318b8c497f0312d
SHA256: ba853a8577b5e909d13ef8a3ff5ce9b1a614c78ae726c2cfa5977d5bd1890b38
3068
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 58a3badc25e15583224e2b922f370a4f
SHA256: 7e0630e9c468031329cad1a21bfb37c12153bda0f4d6298ee1b8682dd0c35f8a
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarAC66.tmp
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabAC65.tmp
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarA03F.tmp
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabA03E.tmp
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 8b360face263830b66cebee069507c25
SHA256: 8d3eee1ccdb1bb1a60086b37c99386a83bd0ecd43aebdbf6b875544d70bb09ae
3068
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarA02D.tmp
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabA02C.tmp
––
MD5:  ––
SHA256:  ––
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3336
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3336
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 1493eefb4c36ada834203eb0dcfddd9e
SHA256: 275ebc140a8909ee0cf54c38eab3b75485052c695a27885fcb56cd8c5a3aeb28
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MZI89SXS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1RN9GQPY\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3068
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JKSVFBA0\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3336
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF79DAC861B363567F.TMP
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
66
TCP/UDP connections
57
DNS requests
27
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3336 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3068 iexplore.exe GET 200 13.35.254.82:80 http://x.ss2.us/x.cer US
der
whitelisted
3068 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=b&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted
3068 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=br&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted
3068 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=broo&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted
3068 iexplore.exe GET –– 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=brook&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
––
––
whitelisted
3068 iexplore.exe GET –– 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=brooke&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
––
––
whitelisted
3068 iexplore.exe GET 200 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=brooke+lo&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
xml
whitelisted
3068 iexplore.exe GET –– 13.107.5.80:80 http://api.bing.com/qsml.aspx?query=brooke+los&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us US
––
––
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/search?q=brooke+loske&src=IE-SearchBox&FORM=IE8SRC US
html
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/sa/simg/SharedSpriteDesktopRewards_022118.png US
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=F657DCF43C6E4F1B82EDB26D290ECF63&CID=31B3DBF569F9641F0B17D64268086531&Type=Event.CPT&DATA={"pp":{"S":"L","FC":16,"BC":328,"SE":-1,"TC":-1,"H":375,"BP":453,"CT":469,"IL":9},"ad":[164,86,1260,560,1260,498,0]}&P=SERP&DA=DUB02 US
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/5k/cj,nj/c44ec255/9a358300.js?bu=Eq4fzB_vHv0e1gSGH4gf4x-KH58flB-3H78fxR-qHrYduR2lHg US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/14/cj,nj/83a49848/f2056989.js?bu=DikuX293e2tjZ7MBtwEupwEu US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/30/1b/cj,nj/3f1e2270/f8c6dd44.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/30/2n/cj,nj/bf587ad6/f1d86b5a.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/6j/cj,nj/f28dadef/aea7e831.js?bu=Af4F US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/5b/2e/cj,nj/08abbb2f/e177b199.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/30/26/cj,nj/4c7364c5/40e1b425.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/6n/4T/cj,nj/dd882357/b8881a70.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/6G/hl/cj,nj/45504a74/c8a849a4.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/6G/h9/cj,nj/8ae9cc2f/41feb33b.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rs/3P/10D/cj,nj/ef2d523b/1f497ebd.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/14/cj,nj/83a49848/f2056989.js?bu=DikuX293e2tjZ7MBtwEupwEu US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=F657DCF43C6E4F1B82EDB26D290ECF63&CID=31B3DBF569F9641F0B17D64268086531&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27SVGElement%27%20is%20undefined","Meta":"http%3A//www.bing.com/search%3Fq%3Dbrooke+loske%26src%3DIE-SearchBox%26FORM%3DIE8SRC","Line":9175743,"Char":%20undefined}] US
compressed
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://tse1.mm.bing.net/th?id=OIP.1-vUBVizzW9HY--EdTYZAgHaHa&w=100&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 US
image
malicious
3068 iexplore.exe GET 200 204.79.197.200:80 http://tse1.mm.bing.net/th?id=OIP.WmKsbIXAqc1BHGO1juZreQAAAA&w=139&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 US
image
malicious
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=F657DCF43C6E4F1B82EDB26D290ECF63&CID=31B3DBF569F9641F0B17D64268086531&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Member%20not%20found.%0D%0A","Meta":"http%3A//www.bing.com/rb/14/cj%2Cnj/83a49848/f2056989.js%3Fbu%3DDikuX293e2tjZ7MBtwEupwEu","Line":2,"Char":%20undefined}] US
compressed
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://tse1.mm.bing.net/th?id=OIP.CPWFtfOkzR4xpD29lSyJ4AAAAA&w=67&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 US
image
malicious
3068 iexplore.exe GET 200 204.79.197.200:80 http://tse1.mm.bing.net/th?id=OIP.ZF3DWq5I0W9hapAiV78FBAHaJG&w=81&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 US
image
malicious
3068 iexplore.exe GET 200 204.79.197.200:80 http://tse1.mm.bing.net/th?id=OIP.2EwA04irTyKOr6kLhMHyCgHaLH&w=66&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 US
image
malicious
3068 iexplore.exe GET 200 204.79.197.200:80 http://tse1.mm.bing.net/th?id=OIP.68ZDs_4ZfNkyRiWiZPRpagHaE7&w=150&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 US
image
malicious
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/sa/8_1_2_6228507/Blue/HamburgerServicesHeaderFlyout_c.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/sa/8_1_2_6228507/Blue/BlueIdentityDropdownRedirect_c.js US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/hamburger/scfo?ver=8_1_2_6228507&q=brooke+loske&src=IE-SearchBox&FORM=IE8SRC&IID=SERP.5031&IG=F657DCF43C6E4F1B82EDB26D290ECF63&fbnb=1&ru=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dbrooke%2Bloske%26src%3DIE-SearchBox%26FORM%3DIE8SRC US
html
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/Identity/Dropdown?n=1&IID=SERP.5032&IG=F657DCF43C6E4F1B82EDB26D290ECF63&ru=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dbrooke%2Bloske%26src%3DIE-SearchBox%26FORM%3DIE8SRC US
html
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/sa/simg/hamburger_flyout_desktop-2x.png US
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/Passport.aspx?popup=1 US
html
whitelisted
3068 iexplore.exe GET 200 20.188.40.49:80 http://edd7400d9259dc0b7eb422aa42f57bb0.clo.footprintdns.com/apc/trans.gif FR
image
whitelisted
3068 iexplore.exe GET 200 104.211.160.15:80 http://228ea03ed0f2a9792862f9ec2eccdffb.clo.footprintdns.com/apc/trans.gif IN
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.222:80 http://85211945a4e6f54baf151455f44b75aa.clo.footprintdns.com/apc/trans.gif US
image
whitelisted
3068 iexplore.exe GET 200 20.188.40.49:80 http://edd7400d9259dc0b7eb422aa42f57bb0.clo.footprintdns.com/apc/trans.gif?edd7400d9259dc0b7eb422aa42f57bb0 FR
image
whitelisted
3068 iexplore.exe GET 200 104.211.160.15:80 http://228ea03ed0f2a9792862f9ec2eccdffb.clo.footprintdns.com/apc/trans.gif?228ea03ed0f2a9792862f9ec2eccdffb IN
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.222:80 http://85211945a4e6f54baf151455f44b75aa.clo.footprintdns.com/apc/trans.gif?85211945a4e6f54baf151455f44b75aa US
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.222:80 http://fp.msedge.net/r.gif?&MonitorID=AZR&rid=F657DCF43C6E4F1B82EDB26D290ECF63&w3c=false&prot=http:&v=4&DATA=[{"MonitorID":"CLO","RequestID":"edd7400d9259dc0b7eb422aa42f57bb0","Result":31},{"MonitorID":"CLO","RequestID":"228ea03ed0f2a9792862f9ec2eccdffb","Result":125},{"MonitorID":"CLO","RequestID":"85211945a4e6f54baf151455f44b75aa","Result":15}] US
image
whitelisted
3068 iexplore.exe POST 204 204.79.197.200:80 http://www.bing.com/fd/ls/lsp.aspx US
text
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/rb/G/cj,nj/86211a49/6a781d27.js?bu=HB_FAcIByAEkJCQk1AGoASQkJCQkJIwBmAGbAY0DlQEkJCQkJN4BoAE US
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=F657DCF43C6E4F1B82EDB26D290ECF63&CID=31B3DBF569F9641F0B17D64268086531&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Object%20doesn%27t%20support%20this%20property%20or%20method","Meta":"http%3A//www.bing.com/rb/G/cj%2Cnj/86211a49/6a781d27.js%3Fbu%3DHB_FAcIByAEkJCQk1AGoASQkJCQkJIwBmAGbAY0DlQEkJCQkJN4BoAE","Line":1,"Char":%20undefined}] US
compressed
whitelisted
3068 iexplore.exe POST 204 204.79.197.200:80 http://www.bing.com/fd/ls/lsp.aspx US
text
image
whitelisted
3068 iexplore.exe POST 204 204.79.197.200:80 http://www.bing.com/fd/ls/lsp.aspx US
text
compressed
whitelisted
3068 iexplore.exe POST 204 204.79.197.200:80 http://www.bing.com/fd/ls/lsp.aspx US
text
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/search?q=brooke+loske+mykeymortgage.com&qs=n&form=QBRE&sp=-1&pq=&sc=0-0&sk=&cvid=F657DCF43C6E4F1B82EDB26D290ECF63 US
html
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=E936594F027F410FA870486261231A10&Type=Event.CPT&DATA={"pp":{"S":"L","FC":9,"BC":197,"SE":-1,"TC":-1,"H":212,"BP":243,"CT":259,"IL":4},"ad":[164,126,1260,560,1260,498,0]}&P=SERP&DA=DUB02 US
compressed
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=E936594F027F410FA870486261231A10&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27SVGElement%27%20is%20undefined","Meta":"http%3A//www.bing.com/search%3Fq%3Dbrooke+loske+mykeymortgage.com%26qs%3Dn%26form%3DQBRE%26sp%3D-1%26pq%3D%26sc%3D0-0%26sk%3D%26cvid%3DF657DCF43C6E4F1B82EDB26D290ECF63","Line":9285135,"Char":%20undefined}] US
text
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/l?IG=E936594F027F410FA870486261231A10&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"Member%20not%20found.%0D%0A","Meta":"http%3A//www.bing.com/rb/14/cj%2Cnj/83a49848/f2056989.js%3Fbu%3DDikuX293e2tjZ7MBtwEupwEu","Line":2,"Char":%20undefined}] US
text
compressed
whitelisted
3068 iexplore.exe GET 200 13.107.42.10:80 http://7c7aee112757e0506b96c94d9afc453b.clo.footprintdns.com/apc/trans.gif US
image
whitelisted
3068 iexplore.exe GET 200 40.123.219.249:80 http://ac9e7a314fc2e9620e0a85bfb85c212c.clo.footprintdns.com/apc/trans.gif US
image
unknown
3068 iexplore.exe GET 200 204.79.197.222:80 http://3b9a60369889092a060e2241035d5248.clo.footprintdns.com/apc/trans.gif US
image
whitelisted
3068 iexplore.exe GET 200 13.107.42.10:80 http://7c7aee112757e0506b96c94d9afc453b.clo.footprintdns.com/apc/trans.gif?7c7aee112757e0506b96c94d9afc453b US
image
whitelisted
3068 iexplore.exe GET 200 40.123.219.249:80 http://ac9e7a314fc2e9620e0a85bfb85c212c.clo.footprintdns.com/apc/trans.gif?ac9e7a314fc2e9620e0a85bfb85c212c US
image
unknown
3068 iexplore.exe GET 200 204.79.197.222:80 http://fp.msedge.net/r.gif?&MonitorID=AZR&rid=E936594F027F410FA870486261231A10&w3c=false&prot=http:&v=4&DATA=[{"MonitorID":"CLO","RequestID":"7c7aee112757e0506b96c94d9afc453b","Result":16},{"MonitorID":"CLO","RequestID":"ac9e7a314fc2e9620e0a85bfb85c212c","Result":125},{"MonitorID":"CLO","RequestID":"3b9a60369889092a060e2241035d5248","Result":15}] US
image
whitelisted
3068 iexplore.exe GET 200 204.79.197.222:80 http://3b9a60369889092a060e2241035d5248.clo.footprintdns.com/apc/trans.gif?3b9a60369889092a060e2241035d5248 US
image
whitelisted
3068 iexplore.exe POST 204 204.79.197.200:80 http://www.bing.com/fd/ls/lsp.aspx US
text
text
whitelisted
3068 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/fd/ls/GLinkPing.aspx?IG=E936594F027F410FA870486261231A10&&ID=SERP,5116.1&url=https%3A%2F%2Fwww.facebook.com%2Fbrooke.loske US
compressed
whitelisted
3068 iexplore.exe GET 301 104.196.26.179:80 http://virtru.com/ US
html
whitelisted
3068 iexplore.exe GET 301 104.196.26.179:80 http://www.virtru.com/ US
html
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3336 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3068 iexplore.exe 18.194.14.44:443 Amazon.com, Inc. DE unknown
3068 iexplore.exe 13.35.254.82:80 US unknown
3068 iexplore.exe 205.185.216.10:80 Highwinds Network Group, Inc. US whitelisted
3068 iexplore.exe 3.13.89.219:443 US unknown
3068 iexplore.exe 13.107.5.80:80 Microsoft Corporation US whitelisted
3068 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3068 iexplore.exe 65.54.187.128:443 Microsoft Corporation US whitelisted
3068 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3068 iexplore.exe 20.188.40.49:80 Microsoft Corporation FR whitelisted
3068 iexplore.exe 104.211.160.15:80 Microsoft Corporation IN whitelisted
3068 iexplore.exe 204.79.197.222:80 Microsoft Corporation US whitelisted
3068 iexplore.exe 13.107.42.10:80 Microsoft Corporation US whitelisted
3068 iexplore.exe 40.123.219.249:80 Microsoft Corporation US unknown
3068 iexplore.exe 31.13.92.36:443 Facebook, Inc. IE whitelisted
3068 iexplore.exe 31.13.92.14:443 Facebook, Inc. IE whitelisted
3068 iexplore.exe 157.240.30.27:443 Facebook, Inc. US unknown
3336 iexplore.exe 31.13.92.36:443 Facebook, Inc. IE whitelisted
3068 iexplore.exe 104.196.26.179:80 Google Inc. US whitelisted
3068 iexplore.exe 104.196.26.179:443 Google Inc. US whitelisted
3068 iexplore.exe 172.217.22.46:80 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
linkprotect.cudasvc.com 18.194.14.44
52.59.7.133
unknown
x.ss2.us 13.35.254.82
13.35.254.176
13.35.254.34
13.35.254.54
whitelisted
www.download.windowsupdate.com 205.185.216.10
205.185.216.42
whitelisted
secure.virtru.com 3.13.89.219
3.16.236.162
3.14.21.240
unknown
api.bing.com 13.107.5.80
whitelisted
tse1.mm.bing.net 204.79.197.200
13.107.21.200
malicious
login.live.com 65.54.187.128
65.54.187.130
207.46.26.12
whitelisted
edd7400d9259dc0b7eb422aa42f57bb0.clo.footprintdns.com 20.188.40.49
unknown
228ea03ed0f2a9792862f9ec2eccdffb.clo.footprintdns.com 104.211.160.15
unknown
85211945a4e6f54baf151455f44b75aa.clo.footprintdns.com 204.79.197.222
unknown
fp.msedge.net 204.79.197.222
whitelisted
7c7aee112757e0506b96c94d9afc453b.clo.footprintdns.com 13.107.42.10
unknown
ac9e7a314fc2e9620e0a85bfb85c212c.clo.footprintdns.com 40.123.219.249
unknown
3b9a60369889092a060e2241035d5248.clo.footprintdns.com 204.79.197.222
unknown
www.facebook.com 31.13.92.36
whitelisted
m.facebook.com 31.13.92.36
whitelisted
scontent-prg1-1.xx.fbcdn.net 157.240.30.27
unknown
static.xx.fbcdn.net 31.13.92.14
whitelisted
facebook.com 31.13.92.36
whitelisted
fbcdn.net 31.13.92.36
whitelisted
fbsbx.com 31.13.92.36
whitelisted
virtru.com 104.196.26.179
unknown
www.virtru.com 104.196.26.179
unknown
google.com 172.217.22.46
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.