analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

api

Full analysis: https://app.any.run/tasks/e71ab24f-3799-4fef-a92f-6b18e9f5d5bf
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Analysis date: October 14, 2019, 16:17:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
evasion
trojan
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

35DE95975ECD7EF2BA65800F12ECFE1B

SHA1:

121C4A7685C37F95E1FAEEFC3F415A7F5B723DB9

SHA256:

28774F13BF8E1D683712595333A22C8538964D9994CCB9C798FDBF3E1E5C1F5A

SSDEEP:

786432:zPJyycotaqHTg33kIVkfcRIBnraqbOAVuuW:qq6CcRIB8uuP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads the Task Scheduler COM API

      • api.exe (PID: 436)
    • Loads the Task Scheduler DLL interface

      • api.exe (PID: 436)
      • WRCFree.exe (PID: 896)
    • Application was dropped or rewritten from another process

      • winboxls-0712[1].exe (PID: 1012)
      • WRCFree.exe (PID: 896)
      • Regeasyfixer.exe (PID: 2868)
      • Regeasyfixer.exe (PID: 620)
      • epizyhost.exe (PID: 2260)
      • epizyhost.exe (PID: 3620)
    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3408)
    • Writes to a start menu file

      • msiexec.exe (PID: 2368)
    • Loads dropped or rewritten executable

      • Regeasyfixer.exe (PID: 2868)
      • Regeasyfixer.exe (PID: 620)
    • Scans artifacts that could help determine the target

      • reg.exe (PID: 2204)
  • SUSPICIOUS

    • Starts Internet Explorer

      • api.exe (PID: 436)
    • Low-level read access rights to disk partition

      • api.exe (PID: 436)
    • Creates files in the program directory

      • api.exe (PID: 436)
    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3408)
      • api.exe (PID: 436)
      • WRCFree.exe (PID: 896)
      • chrome.exe (PID: 1708)
      • msiexec.exe (PID: 2368)
      • msiexec.exe (PID: 2912)
    • Creates files in the Windows directory

      • api.exe (PID: 436)
    • Creates files in the driver directory

      • api.exe (PID: 436)
    • Creates or modifies windows services

      • api.exe (PID: 436)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 1708)
    • Creates files in the user directory

      • WRCFree.exe (PID: 896)
      • msiexec.exe (PID: 2368)
      • Regeasyfixer.exe (PID: 620)
      • epizyhost.exe (PID: 2260)
    • Cleans NTFS data-stream (Zone Identifier)

      • chrome.exe (PID: 1708)
    • Executed as Windows Service

      • vssvc.exe (PID: 3240)
    • Application launched itself

      • Regeasyfixer.exe (PID: 2868)
    • Checks for external IP

      • epizyhost.exe (PID: 2260)
      • Regeasyfixer.exe (PID: 2868)
      • Regeasyfixer.exe (PID: 620)
    • Starts CMD.EXE for commands execution

      • Regeasyfixer.exe (PID: 620)
    • Uses REG.EXE to modify Windows registry

      • cmd.exe (PID: 1796)
    • Reads the BIOS version

      • reg.exe (PID: 2204)
    • Removes files from Windows directory

      • api.exe (PID: 436)
    • Check for Java to be installed

      • reg.exe (PID: 2204)
    • Checks for the .NET to be installed

      • reg.exe (PID: 2204)
    • Reads default file associations for system extensions

      • reg.exe (PID: 2204)
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3412)
      • iexplore.exe (PID: 3372)
      • chrome.exe (PID: 1708)
      • msiexec.exe (PID: 2368)
    • Reads the hosts file

      • api.exe (PID: 436)
      • chrome.exe (PID: 1708)
      • chrome.exe (PID: 2788)
    • Changes internet zones settings

      • iexplore.exe (PID: 3412)
      • iexplore.exe (PID: 3372)
    • Creates files in the user directory

      • iexplore.exe (PID: 3408)
      • iexplore.exe (PID: 2416)
      • iexplore.exe (PID: 3372)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2416)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3372)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3372)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3372)
      • api.exe (PID: 436)
    • Manual execution by user

      • iexplore.exe (PID: 3372)
      • chrome.exe (PID: 1708)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2416)
    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 3240)
    • Searches for installed software

      • msiexec.exe (PID: 2368)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 2368)
    • Reads Microsoft Office registry keys

      • reg.exe (PID: 2204)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

ProductVersion: 1.4.1.0
ProductName: Adlice Diag
OriginalFileName: Adlice Diag
LegalTrademarks2: Adlice Software
LegalTrademarks1: Adlice Software
LegalCopyright: Copyright Adlice Software(C) 2018
InternalName: Adlice Diag
FileVersion: 1.4.1.0
FileDescription: Anti-malware Diagnostic
CompanyName: Adlice Software
CharacterSet: Windows, Latin1
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: Debug
FileFlagsMask: 0x003f
ProductVersionNumber: 1.4.1.0
FileVersionNumber: 1.4.1.0
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0xd69b24
UninitializedDataSize: -
InitializedDataSize: 11326464
CodeSize: 16945664
LinkerVersion: 14
PEType: PE32
TimeStamp: 2019:10:14 15:22:08+02:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 14-Oct-2019 13:22:08
Detected languages:
  • English - United States
Debug artifacts:
  • C:\Adlice\Diag\RelWithDebInfo\Diag.pdb
CompanyName: Adlice Software
FileDescription: Anti-malware Diagnostic
FileVersion: 1.4.1.0
InternalName: Adlice Diag
LegalCopyright: Copyright Adlice Software(C) 2018
LegalTrademarks1: Adlice Software
LegalTrademarks2: Adlice Software
OriginalFilename: Adlice Diag
ProductName: Adlice Diag
ProductVersion: 1.4.1.0

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000158

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 9
Time date stamp: 14-Oct-2019 13:22:08
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x010291E0
0x01029200
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.59851
.rdata
0x0102B000
0x004957CC
0x00495800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.27016
.data
0x014C1000
0x000529C0
0x00031600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.88463
.tls
0x01514000
0x0000000D
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0.0203931
.qtmetadL\x02
0x01515000
0x0000024C
0x00000400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
3.15593
.gfids
0x01516000
0x00000770
0x00000800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
3.97687
_RDATA
0x01517000
0x00000124
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
3.51793
.rsrc
0x01518000
0x00535468
0x00535600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.88957
.reloc
0x01A4E000
0x000AEA58
0x000AEC00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.64746

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.21878
667
UNKNOWN
English - United States
RT_MANIFEST
2
3.46968
296
UNKNOWN
English - United States
RT_ICON
3
6.0173
3752
UNKNOWN
English - United States
RT_ICON
4
6.36951
2216
UNKNOWN
English - United States
RT_ICON
5
5.70689
1384
UNKNOWN
English - United States
RT_ICON
6
7.94435
27916
UNKNOWN
English - United States
RT_ICON
7
6.31361
16936
UNKNOWN
English - United States
RT_ICON
8
6.3939
9640
UNKNOWN
English - United States
RT_ICON
9
6.36196
6760
UNKNOWN
English - United States
RT_ICON
10
6.49135
4264
UNKNOWN
English - United States
RT_ICON

Imports

ADVAPI32.dll
CRYPT32.dll
GDI32.dll
IMM32.dll
IPHLPAPI.DLL
KERNEL32.dll
MPR.dll
OLEAUT32.dll
OPENGL32.dll
PSAPI.DLL
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
97
Monitored processes
47
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start api.exe no specs api.exe iexplore.exe iexplore.exe winboxls-0712[1].exe no specs iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wrcfree.exe msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs msiexec.exe no specs regeasyfixer.exe epizyhost.exe regeasyfixer.exe epizyhost.exe cmd.exe no specs reg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1648"C:\Users\admin\Desktop\api.exe" C:\Users\admin\Desktop\api.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
436"C:\Users\admin\Desktop\api.exe" C:\Users\admin\Desktop\api.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
3412"C:\Program Files\Internet Explorer\iexplore.exe" "https://adlice.com/thanks-downloading-diag/?utm_campaign=diag&utm_source=soft&utm_medium=btn"C:\Program Files\Internet Explorer\iexplore.exe
api.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3408"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3412 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1012"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\winboxls-0712[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\winboxls-0712[1].exeiexplore.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
3372"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2416"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3372 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1708"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
3848"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fe4a9d0,0x6fe4a9e0,0x6fe4a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2436"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2980 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
56 923
Read events
56 355
Write events
0
Delete events
0

Modification events

No data
Executable files
16
Suspicious files
131
Text files
340
Unknown types
30

Dropped files

PID
Process
Filename
Type
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
3412iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3412iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF733FD148DB72DA4F.TMP
MD5:
SHA256:
3412iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFB862DBD2606AC87C.TMP
MD5:
SHA256:
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{372F664F-EE9E-11E9-AB41-5254004A04AF}.dat
MD5:
SHA256:
3372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
436api.exeC:\ProgramData\ADiag\config.inibinary
MD5:683DCC6EA2788B0204126908856C530A
SHA256:C33F463F83809BCE9393B0E254CC8AA35C7CEC6D2247F6192FD434E611299434
3412iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:AC317EC6C1179338AD7548D32DC0CD94
SHA256:92AB89A7F9FC1C81194C63B7E8D820DE9D9B72306932E0746FA70BC5E0819216
436api.exeC:\ProgramData\ADiag\Debug\Adlice Diag_debug.logtext
MD5:6092168BF16C6FBB23F428FE5F4BC068
SHA256:2DAC9845D558A9D8D914333378DE513806BDF50810F55F88861A5D83E9D9C311
436api.exeC:\ProgramData\ADiag\schedulertext
MD5:7E3F02F6DA81E6CC375482C7E1FA5B40
SHA256:CAE1951B42E56202609E317CC5DB4705133089E219A516745FC3425B85022842
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
87
DNS requests
44
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2788
chrome.exe
GET
302
172.217.22.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
512 b
whitelisted
2788
chrome.exe
GET
302
172.217.22.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
517 b
whitelisted
3408
iexplore.exe
GET
200
104.24.124.57:80
http://tfortytimes.com/622ca3b48152ab2a5fd716ef837f876d/app/winboxls-0712.exe
US
executable
2.04 Mb
suspicious
3412
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2788
chrome.exe
GET
200
84.15.64.13:80
http://r2---sn-cpux-8ovs.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=85.206.175.219&mm=28&mn=sn-cpux-8ovs&ms=nvh&mt=1571069299&mv=u&mvi=1&pl=21&shardbypass=yes
LT
crx
862 Kb
whitelisted
2260
epizyhost.exe
GET
200
108.170.11.43:80
http://regeasyfixer.xyz/admin/ctions.php?action=getFileDownloaded&macid=5254004A04AF
US
binary
1 b
suspicious
2260
epizyhost.exe
GET
200
131.186.113.70:80
http://checkip.dyndns.org/
US
html
106 b
shared
2260
epizyhost.exe
GET
200
108.170.11.43:80
http://regeasyfixer.xyz/admin/ctions.php?action=SetOnline&macid=5254004A04AF
US
binary
1 b
suspicious
2868
Regeasyfixer.exe
GET
200
131.186.113.70:80
http://checkip.dyndns.org/
US
html
106 b
shared
620
Regeasyfixer.exe
GET
200
131.186.113.70:80
http://checkip.dyndns.org/
US
html
106 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2788
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3412
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
436
api.exe
178.33.106.117:443
download.adlice.com
OVH SAS
FR
suspicious
3372
iexplore.exe
31.216.148.10:443
mega.nz
Datacenter Luxembourg S.A.
LU
unknown
3408
iexplore.exe
104.24.124.57:80
tfortytimes.com
Cloudflare Inc
US
shared
2416
iexplore.exe
31.216.148.10:443
mega.nz
Datacenter Luxembourg S.A.
LU
unknown
3408
iexplore.exe
104.27.165.26:443
adlice.com
Cloudflare Inc
US
shared
436
api.exe
74.125.34.46:443
www.virustotal.com
Google Inc.
US
whitelisted
2788
chrome.exe
172.217.16.131:443
www.google.com.ua
Google Inc.
US
whitelisted
2788
chrome.exe
172.217.16.195:443
www.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
download.adlice.com
  • 178.33.106.117
whitelisted
adflux.adlice.com
  • 178.33.106.117
whitelisted
adlice.com
  • 104.27.165.26
  • 104.27.164.26
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
tfortytimes.com
  • 104.24.124.57
  • 104.24.125.57
suspicious
sigs.adlice.com
  • 178.33.106.117
whitelisted
www.virustotal.com
  • 74.125.34.46
whitelisted
stats.adlice.com
  • 178.33.106.117
whitelisted
mega.nz
  • 31.216.148.10
  • 89.44.169.135
whitelisted
clientservices.googleapis.com
  • 172.217.21.195
whitelisted

Threats

PID
Process
Class
Message
3408
iexplore.exe
Misc activity
ET INFO Packed Executable Download
3408
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
Misc activity
AV INFO Query to checkip.dyndns. Domain
2868
Regeasyfixer.exe
Potential Corporate Privacy Violation
ET POLICY External IP Lookup - checkip.dyndns.org
2868
Regeasyfixer.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] External IP Check checkip.dyndns.org
2868
Regeasyfixer.exe
Potentially Bad Traffic
ET POLICY DynDNS CheckIp External IP Address Server Response
2260
epizyhost.exe
Potential Corporate Privacy Violation
ET POLICY External IP Lookup - checkip.dyndns.org
2260
epizyhost.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] External IP Check checkip.dyndns.org
2260
epizyhost.exe
Potentially Bad Traffic
ET POLICY DynDNS CheckIp External IP Address Server Response
4 ETPRO signatures available at the full report
Process
Message
api.exe
libpng warning: iCCP: known incorrect sRGB profile
api.exe
libpng warning: iCCP: known incorrect sRGB profile
api.exe
libpng warning: iCCP: known incorrect sRGB profile
api.exe
libpng warning: iCCP: known incorrect sRGB profile
api.exe
libpng warning: iCCP: known incorrect sRGB profile
api.exe
libpng warning: iCCP: known incorrect sRGB profile
api.exe
QLayout: Attempting to add QLayout "" to DetectionItem "FormDetectionItem", which already has a layout
api.exe
QLayout: Attempting to add QLayout "" to DetectionItem "FormDetectionItem", which already has a layout
api.exe
QLayout: Attempting to add QLayout "" to DetectionItem "FormDetectionItem", which already has a layout