analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

BPS_Questionnaire.html

Full analysis: https://app.any.run/tasks/21cbc9b5-ce38-484e-b0c1-20177f8b7c97
Verdict: Malicious activity
Analysis date: January 24, 2022, 19:10:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5:

09BFEC2FF940DEAC8CDFC0EFE2EFAC9B

SHA1:

02E3DA2A9683F0CD13F404B775C16A6CF87B83DE

SHA256:

3179F925294771977304BCB7936C03EC31C38A9FBAE8CD80A59150702C06B11F

SSDEEP:

1536:WsFv6eBoRbjQHuhw+E3mazA/PWrF7qvEAFiQcpm8tpHzyJRT9UEpdm3BPdBF:UxpQBDbyJ3UEpdmRN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3240)
      • iexplore.exe (PID: 2664)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 1944)
      • iexplore.exe (PID: 3240)
      • iexplore.exe (PID: 2664)
      • iexplore.exe (PID: 2152)
      • chrome.exe (PID: 3448)
      • chrome.exe (PID: 2364)
      • chrome.exe (PID: 3220)
      • chrome.exe (PID: 2036)
      • chrome.exe (PID: 580)
      • chrome.exe (PID: 2544)
      • chrome.exe (PID: 2216)
    • Checks supported languages

      • iexplore.exe (PID: 3240)
      • iexplore.exe (PID: 1944)
      • iexplore.exe (PID: 2664)
      • iexplore.exe (PID: 2152)
      • chrome.exe (PID: 3448)
      • chrome.exe (PID: 2364)
      • chrome.exe (PID: 3896)
      • chrome.exe (PID: 2036)
      • chrome.exe (PID: 2996)
      • chrome.exe (PID: 668)
      • chrome.exe (PID: 3520)
      • chrome.exe (PID: 2544)
      • chrome.exe (PID: 3220)
      • chrome.exe (PID: 2216)
      • chrome.exe (PID: 2576)
      • chrome.exe (PID: 580)
      • chrome.exe (PID: 700)
    • Changes internet zones settings

      • iexplore.exe (PID: 1944)
    • Application launched itself

      • iexplore.exe (PID: 1944)
      • iexplore.exe (PID: 3240)
      • chrome.exe (PID: 3448)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2664)
      • iexplore.exe (PID: 3240)
      • iexplore.exe (PID: 1944)
      • chrome.exe (PID: 2036)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2664)
      • iexplore.exe (PID: 3240)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3240)
      • iexplore.exe (PID: 1944)
      • iexplore.exe (PID: 2664)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 1944)
      • chrome.exe (PID: 2216)
    • Manual execution by user

      • chrome.exe (PID: 3448)
    • Reads the hosts file

      • chrome.exe (PID: 2036)
      • chrome.exe (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

Robots: noindex, nofollow
Pragma: no-cache
viewport: width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes
HTTPEquivXUACompatible: IE=edge
ContentType: text/html; charset=UTF-8
Title: Sign in to Outlook
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
17
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1944"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\Desktop\BPS_Questionnaire.html.htm"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3240"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1944 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
2664"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1944 CREDAT:144392 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2152"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1944 CREDAT:398593 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3448"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
3896"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e76d988,0x6e76d998,0x6e76d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2364"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,12924473439598006625,7862315712220082556,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1052 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2036"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1060,12924473439598006625,7862315712220082556,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1324 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,12924473439598006625,7862315712220082556,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2996"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,12924473439598006625,7862315712220082556,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
71 426
Read events
71 176
Write events
249
Delete events
1

Modification events

(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
266570720
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30937430
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
566726970
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30937430
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1944) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
25
Text files
64
Unknown types
11

Dropped files

PID
Process
Filename
Type
3448chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61EEF9BD-D78.pma
MD5:
SHA256:
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.datbinary
MD5:C972190E22829960602A7BF70322CBD7
SHA256:53B2AC49212B16D43DA3FAAB330D6F61F8AD353886B8863917A30F8115F4C7E7
1944iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF95AECBEC4A34D77F.TMPgmc
MD5:CC481772E27017FAD37E6F1FAB3C4A87
SHA256:9CDC398EC244890F0C910C60D146463A02C4FE9D9D9E5CF8350FCDF4132CD14D
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4D868E57-7D49-11EC-A45D-12A9866C77DE}.datbinary
MD5:5FF925BB3828F9350856CCE7965822A9
SHA256:BA21E78E1E03EB3F2220887A0D069B0A00B14708AA9921853E6C25C81459CF74
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4D868E56-7D49-11EC-A45D-12A9866C77DE}.datbinary
MD5:8228173120238F3A3295EFD8EEA3FE83
SHA256:5E4B9CD1C31E4AD851C736FD62701DCD6D1CA06C7D53C5BE7CE9D9CC977FD616
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{563962AE-7D49-11EC-A45D-12A9866C77DE}.datbinary
MD5:1E6E248E6C85E7501E1968385DC2337C
SHA256:319E9E89C56D2E9EBC1EB4E908FEF8333434F4A2CB09DD89105AD3C2CCB689EC
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4D868E55-7D49-11EC-A45D-12A9866C77DE}.datbinary
MD5:16962BCF5CC0AF93DD96210452F9DEDA
SHA256:3FABDD6D2BEFCC85253114208D2241BECF96CA1C219DC8AFA64DC244D0F1F857
1944iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF85F87F25623FEB62.TMPgmc
MD5:D96F8B702E3FB442185189C6D11E38D8
SHA256:94D92FE14A7D8CED21E6A83A7466B773BEB775FF4DF8A73F0530077E7D44EA3D
3448chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF117dd8.TMPtext
MD5:936EB7280DA791E6DD28EF3A9B46D39C
SHA256:CBAF2AFD831B32F6D1C12337EE5D2F090D6AE1F4DCB40B08BEF49BF52AD9721F
1944iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF17181E0B982BF3AF.TMPgmc
MD5:FD4AC58EDDEDC6C47192841138C67F0A
SHA256:024F5B0DDB8120ADE4493E42060F32583E6E69CF112E9EB28CD1ED7BBD8B75E8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
74
DNS requests
29
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3240
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3fb1b6ff45f679ac
US
xml
341 b
whitelisted
3240
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cedd2be0a2dc7cd9
US
xml
341 b
whitelisted
3240
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0d1bdb96a60dc4c4
US
xml
341 b
whitelisted
2036
chrome.exe
POST
404
142.250.185.67:80
http://update.googleapis.com/service/update2/json?cup2key=10:1974589049&cup2hreq=c8899f5a29c8efb9f591e6c8e2e3f20ea15076527b099f1cee90132a6facf2fd
US
xml
341 b
whitelisted
3240
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3b0061bea58d49e8
US
xml
341 b
whitelisted
364
svchost.exe
GET
404
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?afc03af339a584de
US
xml
341 b
whitelisted
364
svchost.exe
GET
404
67.26.139.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?336b6fa2db45906e
US
xml
341 b
whitelisted
1944
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?39704e90bc4d9552
US
xml
341 b
whitelisted
2664
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2855f7e4c6c9b14c
US
xml
341 b
whitelisted
3240
iexplore.exe
GET
404
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bb7e75778f46b441
US
xml
341 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2664
iexplore.exe
152.199.23.37:443
aadcdn.msftauth.net
MCI Communications Services, Inc. d/b/a Verizon Business
US
suspicious
2664
iexplore.exe
172.217.16.138:443
ajax.googleapis.com
Google Inc.
US
whitelisted
3240
iexplore.exe
104.16.89.20:443
cdn.jsdelivr.net
Cloudflare Inc
US
shared
3240
iexplore.exe
152.199.23.37:443
aadcdn.msftauth.net
MCI Communications Services, Inc. d/b/a Verizon Business
US
suspicious
2664
iexplore.exe
104.16.89.20:443
cdn.jsdelivr.net
Cloudflare Inc
US
shared
3240
iexplore.exe
104.16.19.94:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
3240
iexplore.exe
172.217.16.138:443
ajax.googleapis.com
Google Inc.
US
whitelisted
2664
iexplore.exe
104.16.19.94:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
1944
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3240
iexplore.exe
67.26.81.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
cdnjs.cloudflare.com
  • 104.16.19.94
  • 104.16.18.94
whitelisted
ajax.googleapis.com
  • 172.217.16.138
whitelisted
cdn.jsdelivr.net
  • 104.16.89.20
  • 104.16.85.20
  • 104.16.86.20
  • 104.16.88.20
  • 104.16.87.20
whitelisted
aadcdn.msftauth.net
  • 152.199.23.37
whitelisted
ctldl.windowsupdate.com
  • 67.26.81.254
  • 8.253.95.249
  • 67.26.137.254
  • 67.27.235.126
  • 8.253.207.120
  • 93.184.221.240
  • 67.26.139.254
  • 67.27.157.254
  • 8.241.78.254
  • 8.253.95.120
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
clientservices.googleapis.com
  • 216.58.212.131
whitelisted
accounts.google.com
  • 142.250.185.109
shared
clients2.google.com
  • 142.250.186.174
whitelisted

Threats

Found threats are available for the paid subscriptions
25 ETPRO signatures available at the full report
No debug info