General Info

File name

330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236

Full analysis
https://app.any.run/tasks/16145205-c442-45cf-b806-83c3e390d3d2
Verdict
Malicious activity
Analysis date
3/14/2019, 22:53:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v1.0 to extract
MD5

5a28b4648928dd0c931c130648631ea6

SHA1

54913f4451163921b599baa69d9d635eb51fd71a

SHA256

330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236

SSDEEP

768:bCIqdH/k1ZVcT194jp4HBQUYnDLnY29Tob/h9+rXlULi:bNqaLV8a6hinnY2Omwi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry Application was dropped or rewritten from another process Executable content was dropped or overwritten Connects to SMTP port Starts application with an unusual extension
  • WinRAR.exe (PID: 2856)
Connects to unusual port

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
10
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2004:03:13 01:10:17
ZipCRC:
0xbe2c57bb
ZipCompressedSize:
36976
ZipUncompressedSize:
36976
ZipFileName:

Screenshots

Processes

Total processes
30
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start winrar.exe [email protected]
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2856
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\rar$dia2856.45642\[email protected]

PID
2348
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$DIa2856.45642\[email protected]"
Path
C:\Users\admin\AppData\Local\Temp\Rar$DIa2856.45642\[email protected]
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\rar$dia2856.45642\[email protected]
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

Registry activity

Total events
464
Read events
437
Write events
27
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2856
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236.zip
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2856
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Traybar
C:\Users\admin\AppData\Local\Temp\lsass.exe
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASAPI32
EnableFileTracing
0
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASAPI32
EnableConsoleTracing
0
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASAPI32
FileTracingMask
4294901760
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASAPI32
ConsoleTracingMask
4294901760
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASAPI32
MaxFileSize
1048576
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASAPI32
FileDirectory
%windir%\tracing
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASMANCS
EnableFileTracing
0
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASMANCS
EnableConsoleTracing
0
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASMANCS
FileTracingMask
4294901760
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASMANCS
ConsoleTracingMask
4294901760
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASMANCS
MaxFileSize
1048576
2348
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\[email protected]_RASMANCS
FileDirectory
%windir%\tracing
2348
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2348
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
2
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2856
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIa2856.45642\[email protected]
executable
MD5: caa9d896bbd534f6fc9893a24a98767e
SHA256: f86c5f7f46951d9019c4e840f9f4090cc44d63559d5cefea2722e91cc11fcf98
2348
C:\Users\admin\AppData\Local\Temp\lsass.exe
executable
MD5: caa9d896bbd534f6fc9893a24a98767e
SHA256: f86c5f7f46951d9019c4e840f9f4090cc44d63559d5cefea2722e91cc11fcf98
2348
C:\Users\admin\AppData\Local\Temp\tmp5D83.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp5469.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp5458.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp4B5E.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp4B7E.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp4774.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp47A3.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp1621.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp1660.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFBE1.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFBC1.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpF920.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpF8F0.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpDCFB.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpDCEA.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpD363.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpD353.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpC2C6.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpC2F6.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp34D.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp35D.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp30D.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp2CC.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp2FD.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp2DC.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp2AC.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp25C.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp24C.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp21B.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp22C.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp1DB.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFE30.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFE31.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFE1F.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFDD0.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpFDB0.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpD21B.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpD1DB.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpD1CB.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmpD19B.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\1iki.txt
binary
MD5: 4c8fb5a72dfe38ebca0a55ae5ac0f6ce
SHA256: 4229eb155e10b24eae571a852cc470b73795785767eaf70375f4750dd8e684f9
2348
C:\Users\admin\AppData\Local\Temp\tmp6719.tmp
––
MD5:  ––
SHA256:  ––
2348
C:\Users\admin\AppData\Local\Temp\tmp5D53.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
71
DNS requests
96
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2348 [email protected] 24.199.116.33:1042 Time Warner Cable Internet LLC US unknown
2348 [email protected] 10.21.141.83:1042 –– unknown
2348 [email protected] 10.16.37.204:1042 –– unknown
2348 [email protected] 16.115.196.82:1042 Hewlett-Packard Company US unknown
2348 [email protected] 15.228.173.202:1042 Hewlett-Packard Company US unknown
2348 [email protected] 15.255.18.252:1042 Hewlett-Packard Company US unknown
2348 [email protected] 158.183.109.61:1042 US unknown
2348 [email protected] 16.115.194.223:1042 Hewlett-Packard Company US unknown
2348 [email protected] 17.151.62.66:25 Apple Inc. US unknown
2348 [email protected] 216.97.88.9:25 CoreSpace, Inc. US unknown
2348 [email protected] 67.195.229.59:25 Yahoo US unknown
2348 [email protected] 212.227.17.8:25 1&1 Internet SE DE unknown
2348 [email protected] 185.199.217.140:25 SerNet Service Network GmbH DE unknown
2348 [email protected] 37.48.69.230:25 LeaseWeb Netherlands B.V. NL unknown
2348 [email protected] 193.40.113.55:25 Hariduse Infotehnoloogia Sihtasutus EE unknown
2348 [email protected] 80.79.113.194:25 Aktsiaselts WaveCom EE unknown
2348 [email protected] 192.254.190.168:25 Unified Layer US unknown
2348 [email protected] 82.195.75.114:25 Man-da.de GmbH DE unknown
2348 [email protected] 17.151.62.67:25 Apple Inc. US unknown
2348 [email protected] 66.34.201.228:25 CoreSpace, Inc. US unknown
2348 [email protected] 10.0.169.61:1042 –– unknown
2348 [email protected] 212.227.15.17:25 1&1 Internet SE DE unknown
2348 [email protected] 144.76.82.137:25 Hetzner Online GmbH DE unknown
2348 [email protected] 207.244.88.150:25 Leaseweb USA, Inc. US unknown
2348 [email protected] 193.40.113.35:25 Hariduse Infotehnoloogia Sihtasutus EE unknown
2348 [email protected] 209.87.16.33:25 University of British Columbia CA unknown
2348 [email protected] 17.151.62.68:25 Apple Inc. US unknown
2348 [email protected] 67.64.212.104:1042 AT&T Services, Inc. US unknown
2348 [email protected] 82.165.230.17:25 1&1 Internet SE DE unknown
2348 [email protected] 40.79.78.1:25 Microsoft Corporation US whitelisted
2348 [email protected] 193.40.113.37:25 Hariduse Infotehnoloogia Sihtasutus EE unknown
2348 [email protected] 128.31.0.62:25 Massachusetts Institute of Technology US unknown
2348 [email protected] 212.27.42.58:25 Free SAS FR unknown
2348 [email protected] 17.171.2.60:25 Apple Inc. US unknown
2348 [email protected] 64.134.160.80:1042 Wayport, Inc. US unknown
2348 [email protected] 74.125.68.26:25 Google Inc. US whitelisted
2348 [email protected] 98.137.246.8:25 Yahoo US unknown
2348 [email protected] 193.40.113.42:25 Hariduse Infotehnoloogia Sihtasutus EE unknown
2348 [email protected] 95.216.24.32:25 Hetzner Online GmbH DE unknown
2348 [email protected] 194.97.150.230:25 SpaceNet AG DE unknown
2348 [email protected] 213.165.67.124:25 1&1 Internet SE DE malicious
2348 [email protected] 212.27.48.7:25 Free SAS FR unknown
2348 [email protected] 80.67.6.50:25 Portlane AB SE unknown
2348 [email protected] 17.171.2.68:25 Apple Inc. US unknown
2348 [email protected] 16.112.65.10:1042 Hewlett-Packard Company US unknown
2348 [email protected] 64.233.184.27:25 Google Inc. US whitelisted
2348 [email protected] 52.43.4.44:25 Amazon.com, Inc. US unknown
2348 [email protected] 194.97.150.234:25 SpaceNet AG DE unknown
2348 [email protected] 213.165.67.108:25 1&1 Internet SE DE malicious
2348 [email protected] 212.27.48.10:25 Free SAS FR unknown

DNS requests

Domain IP Reputation
dns.msftncsi.com 131.107.255.255
whitelisted
apple.com No response whitelisted
unicode.org No response whitelisted
nwk-aaemail-lapp01.apple.com 17.151.62.66
whitelisted
yahoo.com No response whitelisted
mta7.am0.yahoodns.net 67.195.229.59
98.137.159.25
74.6.137.63
98.137.159.24
67.195.228.141
66.218.85.52
74.6.137.64
74.6.137.65
unknown
j3e.de No response unknown
web.de No response shared
mail.j3e.de 185.199.217.140
shared
mx-ha02.web.de 212.227.17.8
unknown
openoffice.org No response whitelisted
mx1-lw-eu.apache.org 37.48.69.230
whitelisted
ingrid.eki.ee 193.40.113.55
unknown
eki.ee No response shared
meso.ee No response unknown
smtp.webhost.ee 80.79.113.194
shared
onlineconnections.com.au No response unknown
mailly.debian.org 82.195.75.114
unknown
debian.org No response whitelisted
nwk-aaemail-lapp02.apple.com 17.151.62.67
whitelisted
corp.unicode.org 66.34.201.228
unknown
mta6.am0.yahoodns.net 67.195.229.59
67.195.229.58
98.137.159.28
98.136.101.117
98.137.159.26
74.6.137.64
66.218.85.139
74.6.137.65
unknown
mx-ha03.web.de 212.227.15.17
unknown
ns1.samba.org 144.76.82.137
unknown
mx1-lw-us.apache.org 207.244.88.150
whitelisted
kiisu.eki.ee 193.40.113.35
unknown
muffat.debian.org 209.87.16.33
unknown
nwk-aaemail-lapp03.apple.com 17.151.62.68
whitelisted
mta5.am0.yahoodns.net 67.195.229.59
74.6.137.63
74.6.137.65
74.6.137.64
66.218.85.52
98.136.102.54
98.137.159.25
98.137.159.26
unknown
mx2-lw-eu.apache.org No response unknown
mx2-lw-us.apache.org No response unknown
julia.eki.ee 193.40.113.37
unknown
mx.meso.ee No response unknown
mx.onlineconnections.com.au No response unknown
mail.onlineconnections.com.au 192.254.190.168
shared
mail.meso.ee No response unknown
smtp.meso.ee No response unknown
free.fr No response unknown
mx2.free.fr 212.27.42.58
212.27.42.59
unknown
ma1-aaemail-dr-lapp01.apple.com 17.171.2.60
whitelisted
mx.unicode.org No response unknown
mail.unicode.org No response unknown
smtp.unicode.org No response unknown
mozilla.org.xpi No response unknown
mx.mozilla.org.xpi No response unknown
mail.mozilla.org.xpi No response unknown
smtp.mozilla.org.xpi No response unknown
cryptsoft.com No response unknown
alt2.aspmx.l.google.com 74.125.68.26
whitelisted
mx.web.de No response unknown
mx.openoffice.org 95.216.24.32
40.79.78.1
whitelisted
mx.debian.org No response unknown
smtp.onlineconnections.com.au No response unknown
openssl.org No response whitelisted
mta.openssl.org 194.97.150.230
unknown
mail.web.de 213.165.67.124
213.165.67.108
shared
mail.debian.org No response unknown
smtp.debian.org No response unknown
mx1.free.fr 212.27.48.7
212.27.48.6
unknown
haxx.se No response whitelisted
giant.haxx.se 80.67.6.50
unknown
ma1-aaemail-dr-lapp02.apple.com 17.171.2.68
whitelisted
aspmx.l.google.com 64.233.184.27
whitelisted
filelist.txt No response unknown
mx1.win-razyr.com 52.43.4.44
52.43.178.239
unknown
win-razyr.com No response unknown
mx.j3e.de No response unknown
mx.eki.ee No response unknown
getpocket.com.xpi No response unknown
mail.openoffice.org 95.216.24.32
40.79.78.1
shared
smtp.web.de 213.165.67.108
213.165.67.124
shared
mail.eki.ee 193.40.113.55
shared

Threats

No threats detected.

Debug output strings

No debug info.