Loading ...

Play interactive tourEdit tour

Analysis Report sc.com

Overview

General Information

Sample Name:sc.com
Analysis ID:321434
MD5:a2f3a68db7863f4da11cf0255a4969e4
SHA1:fe611bbce708b77bab1b9c31eb3dd30c4a7b763a
SHA256:5411a2337cd4c63d1b0740ca513bc5c958b37777f10de80f96217368a3191b89

Most interesting Screenshot:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish_10

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5624 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 1720 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
sc.comJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing:

    barindex
    Yara detected HtmlPhish_10Show sources
    Source: Yara matchFile source: sc.com, type: SAMPLE
    Source: sc.comString found in binary or memory: https://i.ibb.co/7CKgHCt/ep.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/9qFGmjh/miciconlogo.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/F3yr74z/forgotpass.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/gtKmtC9/officebg.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/r5zjhmN/officebg2.png
    Source: sc.comString found in binary or memory: https://passwordreset.microsoftonline.com/
    Source: sc.comString found in binary or memory: https://pikap.kz/wp-admin/wed/server5.php
    Source: classification engineClassification label: mal48.phis.winCOM@4/5@0/0
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFF37C87F1E61570B4.TMPJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
    Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 321434 Sample: sc.com Startdate: 22/11/2020 Architecture: WINDOWS Score: 48 10 Yara detected HtmlPhish_10 2->10 6 iexplore.exe 3 63 2->6         started        process3 process4 8 iexplore.exe 18 6->8         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    01%VirustotalBrowse
    https://pikap.kz/wp-admin/wed/server5.php0%VirustotalBrowse
    https://pikap.kz/wp-admin/wed/server5.php0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    0truelow

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://i.ibb.co/gtKmtC9/officebg.pngsc.comfalse
      high
      https://i.ibb.co/F3yr74z/forgotpass.pngsc.comfalse
        high
        https://i.ibb.co/7CKgHCt/ep.pngsc.comfalse
          high
          https://i.ibb.co/9qFGmjh/miciconlogo.pngsc.comfalse
            high
            https://passwordreset.microsoftonline.com/sc.comfalse
              high
              https://pikap.kz/wp-admin/wed/server5.phpsc.comfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              unknown
              https://i.ibb.co/r5zjhmN/officebg2.pngsc.comfalse
                high

                Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox Version:31.0.0 Red Diamond
                Analysis ID:321434
                Start date:22.11.2020
                Start time:05:03:32
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 4m 6s
                Hypervisor based Inspection enabled:false
                Report type:light
                Sample file name:sc.com
                Cookbook file name:defaultwindowshtmlcookbook.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:25
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal48.phis.winCOM@4/5@0/0
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .com
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                • Excluded IPs from analysis (whitelisted): 104.83.120.32, 52.255.188.83, 204.79.197.200, 13.107.21.200, 52.147.198.201, 51.104.146.109, 152.199.19.161, 2.20.84.85, 20.54.26.129, 205.185.216.42, 205.185.216.10, 51.11.168.160, 92.122.213.247, 92.122.213.194, 51.104.139.180
                • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, cs9.wpc.v0cdn.net

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASN

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39FD2C44-2CC3-11EB-90E4-ECF4BB862DED}.dat
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:Microsoft Word Document
                Category:dropped
                Size (bytes):32344
                Entropy (8bit):1.7956995869487435
                Encrypted:false
                SSDEEP:96:r1/ZGZ92n9W0jt0Bmf0Mf5M09/0ZrCW7p/2:rJZGZ92n9W6tFfjxMiknx2
                MD5:4907CE853EF4E98EC4DC45391D8DE412
                SHA1:F71E80E1977CA41ECD18437DCF74E7B1980B0FE8
                SHA-256:5DFDCD1F151D479B9D9F7AAB499D798495AC2CFAEC68AB99713F8E714A3C79AE
                SHA-512:49AFE853B3046AE1016A1523CAE3B3FD964982259EC4F264693993808B1DB860577B305B59CD3F16659747D6325EF79DBE5F4CFE711703EC859D9FE4E43E54AC
                Malicious:false
                Reputation:low
                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39FD2C46-2CC3-11EB-90E4-ECF4BB862DED}.dat
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:Microsoft Word Document
                Category:dropped
                Size (bytes):19032
                Entropy (8bit):1.5994825180714751
                Encrypted:false
                SSDEEP:48:IwuZGcpr7GwpavZG4pQtGrapbStrGQpBuGHHpc0sTGUpQdeGcpm:ru/ZVQv76NBStFj920k64g
                MD5:B5F7FB94BAD916EAC8AEEC5EAA5E6EF8
                SHA1:FF28D3CC2480CEFF59C5F1F6A7A1BBD74876E066
                SHA-256:457E8276346628D18FD4E8F5B4ABC94819A17F4ACC3F4CBDC91DB9DEAD67C9FF
                SHA-512:FD061127E25232A73C8FEA98500A21580FF2DF86F4DB93121C94A7B2572D49C692AFFF60C75AB296426A37811EB7570A336790F926281616EBF498AB64DE5969
                Malicious:false
                Reputation:low
                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):89
                Entropy (8bit):4.44290456303799
                Encrypted:false
                SSDEEP:3:oVXVP7KVf7W8JOGXnFP7KV6UCn:o9xKliqBKo
                MD5:2BC7190F8B2A23B4141C9A5902E75A2B
                SHA1:2069ECD2D922B238804EAD83EBB509000BA66DFC
                SHA-256:A693ED9EDE98E568A55BC69EC59EBE73C34044854877020ED94AF78FC4855255
                SHA-512:A667464DD5503E59E04ABF87D6D050A333E19A1747A8B4032305587951BDD24E023592C841C2C5F0F85EA3DB01A1BDABD79487C17D503EACFF38E5ADB508D11B
                Malicious:false
                Reputation:low
                Preview: [2020/11/22 05:04:18.682] Latest deploy version: ..[2020/11/22 05:04:18.697] 11.211.2 ..
                C:\Users\user\AppData\Local\Temp\~DF94625A1E314DF9D3.TMP
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):29989
                Entropy (8bit):0.3307972330823734
                Encrypted:false
                SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwz9lwz9l29/9l2F9lak:kBqoxKAuvScS+Mq9+cdy
                MD5:2FF2BF692E4C77EC54170E6D352C36D1
                SHA1:36D490BA77703B911538F1A3DF5B5C8B379506EF
                SHA-256:47DABF286F8AC370AFA2870F60F9D4919DF200CF2EB96B62746EEBF59A4A0538
                SHA-512:E9EBC75CA07B117786E8CF232905C988B0B0C3BAD58CA989B3DC5586170152653A7C94A9190CC9232F72CC78DAE26FD2C5FC07C57EA502B82981F5C0EF3E92D4
                Malicious:false
                Reputation:low
                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Temp\~DFF37C87F1E61570B4.TMP
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):12981
                Entropy (8bit):0.44419176970341645
                Encrypted:false
                SSDEEP:24:c9lLh9lLh9lIn9lIn9lojF9lop9lWUJmE9:kBqoIysUsE9
                MD5:E9D86FBFAFF79C4C0E992EEF7C920487
                SHA1:38D458E11137BA3523D5A510310D89F4A5AE687C
                SHA-256:8FE5D7274A37E71FC871EFE848EB12E879A4518EFCA4D1F35074F85FAED4EC0F
                SHA-512:FB406E2F0AA4656FD031DB8467CDE39CBFCE035E5F2DC36B366AD21069DA4CAF7100B548E7227F1D5AC388FC91CCD6C546B1BB731B39F5656FBE5285E68109BE
                Malicious:false
                Reputation:low
                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:PHP script, ASCII text, with CRLF line terminators
                Entropy (8bit):5.433898732889625
                TrID:
                • HyperText Markup Language (12001/1) 20.69%
                • HyperText Markup Language (12001/1) 20.69%
                • HyperText Markup Language (11501/1) 19.83%
                • HyperText Markup Language (11501/1) 19.83%
                • HyperText Markup Language (11001/1) 18.97%
                File name:sc.com
                File size:4725
                MD5:a2f3a68db7863f4da11cf0255a4969e4
                SHA1:fe611bbce708b77bab1b9c31eb3dd30c4a7b763a
                SHA256:5411a2337cd4c63d1b0740ca513bc5c958b37777f10de80f96217368a3191b89
                SHA512:3f1bb71a5e2f6aa6482125ec887f5b8895516b41a402518179c46437b222e88aed5a24378c2aacf299f8d411cb0b7c4d3e8f36f7ae8add8ec2d2565247f7c9c2
                SSDEEP:96:b80F7Mb5M1eFSm4i0PKgdZpYUGBAxXrgsxo:b80F7Mb5M1zm10PKgtvGBA9Zo
                File Content Preview:<?php..function getloginIDFromlogin($email)..{..$find = '@';..$pos = strpos($email, $find);..$loginID = substr($email, 0, $pos);..return $loginID;..}..function getDomainFromEmail($email)..{..// Get the data after the @ sign..$domain = substr(strrchr($emai

                Network Behavior

                Network Port Distribution

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Nov 22, 2020 05:04:18.505337954 CET6015253192.168.2.38.8.8.8
                Nov 22, 2020 05:04:18.551997900 CET53601528.8.8.8192.168.2.3
                Nov 22, 2020 05:04:19.515686035 CET5754453192.168.2.38.8.8.8
                Nov 22, 2020 05:04:19.551600933 CET53575448.8.8.8192.168.2.3
                Nov 22, 2020 05:04:20.072047949 CET5598453192.168.2.38.8.8.8
                Nov 22, 2020 05:04:20.118105888 CET53559848.8.8.8192.168.2.3
                Nov 22, 2020 05:04:21.648971081 CET6418553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:21.676378965 CET53641858.8.8.8192.168.2.3
                Nov 22, 2020 05:04:22.407416105 CET6511053192.168.2.38.8.8.8
                Nov 22, 2020 05:04:22.434619904 CET53651108.8.8.8192.168.2.3
                Nov 22, 2020 05:04:23.092139006 CET5836153192.168.2.38.8.8.8
                Nov 22, 2020 05:04:23.119343996 CET53583618.8.8.8192.168.2.3
                Nov 22, 2020 05:04:23.729373932 CET6349253192.168.2.38.8.8.8
                Nov 22, 2020 05:04:23.764771938 CET53634928.8.8.8192.168.2.3
                Nov 22, 2020 05:04:24.356817007 CET6083153192.168.2.38.8.8.8
                Nov 22, 2020 05:04:24.384241104 CET53608318.8.8.8192.168.2.3
                Nov 22, 2020 05:04:24.993370056 CET6010053192.168.2.38.8.8.8
                Nov 22, 2020 05:04:25.029124022 CET53601008.8.8.8192.168.2.3
                Nov 22, 2020 05:04:25.870409966 CET5319553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:25.906217098 CET53531958.8.8.8192.168.2.3
                Nov 22, 2020 05:04:26.597121954 CET5014153192.168.2.38.8.8.8
                Nov 22, 2020 05:04:26.624509096 CET53501418.8.8.8192.168.2.3
                Nov 22, 2020 05:04:27.246165037 CET5302353192.168.2.38.8.8.8
                Nov 22, 2020 05:04:27.273411989 CET53530238.8.8.8192.168.2.3
                Nov 22, 2020 05:04:27.958231926 CET4956353192.168.2.38.8.8.8
                Nov 22, 2020 05:04:27.993649006 CET53495638.8.8.8192.168.2.3
                Nov 22, 2020 05:04:28.718867064 CET5135253192.168.2.38.8.8.8
                Nov 22, 2020 05:04:28.754568100 CET53513528.8.8.8192.168.2.3
                Nov 22, 2020 05:04:29.618155003 CET5934953192.168.2.38.8.8.8
                Nov 22, 2020 05:04:29.654743910 CET53593498.8.8.8192.168.2.3
                Nov 22, 2020 05:04:30.313848972 CET5708453192.168.2.38.8.8.8
                Nov 22, 2020 05:04:30.349673033 CET53570848.8.8.8192.168.2.3
                Nov 22, 2020 05:04:31.138428926 CET5882353192.168.2.38.8.8.8
                Nov 22, 2020 05:04:31.165664911 CET53588238.8.8.8192.168.2.3
                Nov 22, 2020 05:04:31.801748991 CET5756853192.168.2.38.8.8.8
                Nov 22, 2020 05:04:31.837255001 CET53575688.8.8.8192.168.2.3
                Nov 22, 2020 05:04:33.224858046 CET5054053192.168.2.38.8.8.8
                Nov 22, 2020 05:04:33.251946926 CET53505408.8.8.8192.168.2.3
                Nov 22, 2020 05:04:35.792715073 CET5436653192.168.2.38.8.8.8
                Nov 22, 2020 05:04:35.819859982 CET53543668.8.8.8192.168.2.3
                Nov 22, 2020 05:04:36.537048101 CET5303453192.168.2.38.8.8.8
                Nov 22, 2020 05:04:36.564412117 CET53530348.8.8.8192.168.2.3
                Nov 22, 2020 05:04:40.754169941 CET5776253192.168.2.38.8.8.8
                Nov 22, 2020 05:04:40.781481981 CET53577628.8.8.8192.168.2.3
                Nov 22, 2020 05:04:48.513592005 CET5543553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:48.531310081 CET5071353192.168.2.38.8.8.8
                Nov 22, 2020 05:04:48.552469015 CET53554358.8.8.8192.168.2.3
                Nov 22, 2020 05:04:48.571352959 CET53507138.8.8.8192.168.2.3
                Nov 22, 2020 05:04:49.505681992 CET5543553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:49.545350075 CET53554358.8.8.8192.168.2.3
                Nov 22, 2020 05:04:50.518254042 CET5543553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:50.556442976 CET53554358.8.8.8192.168.2.3
                Nov 22, 2020 05:04:52.533986092 CET5543553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:52.571835041 CET53554358.8.8.8192.168.2.3
                Nov 22, 2020 05:04:53.138783932 CET5613253192.168.2.38.8.8.8
                Nov 22, 2020 05:04:53.189985037 CET53561328.8.8.8192.168.2.3
                Nov 22, 2020 05:04:56.534576893 CET5543553192.168.2.38.8.8.8
                Nov 22, 2020 05:04:56.570269108 CET53554358.8.8.8192.168.2.3
                Nov 22, 2020 05:05:04.232932091 CET5898753192.168.2.38.8.8.8
                Nov 22, 2020 05:05:04.260068893 CET53589878.8.8.8192.168.2.3
                Nov 22, 2020 05:05:15.767765999 CET5657953192.168.2.38.8.8.8
                Nov 22, 2020 05:05:15.803425074 CET53565798.8.8.8192.168.2.3
                Nov 22, 2020 05:05:18.788387060 CET6063353192.168.2.38.8.8.8
                Nov 22, 2020 05:05:18.825659037 CET53606338.8.8.8192.168.2.3
                Nov 22, 2020 05:05:50.209261894 CET6129253192.168.2.38.8.8.8
                Nov 22, 2020 05:05:50.236398935 CET53612928.8.8.8192.168.2.3
                Nov 22, 2020 05:05:51.595794916 CET6361953192.168.2.38.8.8.8
                Nov 22, 2020 05:05:51.631422043 CET53636198.8.8.8192.168.2.3

                Code Manipulations

                Statistics

                Behavior

                Click to jump to process

                System Behavior

                General

                Start time:05:04:17
                Start date:22/11/2020
                Path:C:\Program Files\internet explorer\iexplore.exe
                Wow64 process (32bit):false
                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                Imagebase:0x7ff7175e0000
                File size:823560 bytes
                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Start time:05:04:18
                Start date:22/11/2020
                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                Wow64 process (32bit):true
                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2
                Imagebase:0xaa0000
                File size:822536 bytes
                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Disassembly

                Reset < >