analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Notepad _7.6.6_(64-bit).exe.zip

Full analysis: https://app.any.run/tasks/751cd0dd-d0ba-4498-b800-79da6784b04d
Verdict: Malicious activity
Analysis date: April 15, 2019, 12:03:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
installcore
pup
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

9274FE9C98048CE1E5FDDE595371741A

SHA1:

4F467A28C2CE9622A46EC9FE4A64FB2ED2CD43B2

SHA256:

69B391F1F8F2C54D0D070884BE001FA3E3F43CAF57EB346EBFBDECD8D6ECB861

SSDEEP:

49152:D6KWi/TW4vLdB1qlyDnMz+ODh8gyHC/tzUJUyMNI:D6V4v5B1qSnMPh2wU9F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
      • Notepad _7.6.6_(64-bit).exe (PID: 2964)
      • npp.7.6.6.Installer.x64.exe (PID: 3780)
    • INSTALLCORE was detected

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
    • Connects to CnC server

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
    • Changes settings of System certificates

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
    • Loads dropped or rewritten executable

      • npp.7.6.6.Installer.x64.exe (PID: 3780)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2980)
      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
      • npp.7.6.6.Installer.x64.exe (PID: 3780)
    • Reads Environment values

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
    • Application launched itself

      • Notepad _7.6.6_(64-bit).exe (PID: 2964)
    • Reads internet explorer settings

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
    • Starts Internet Explorer

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
    • Adds / modifies Windows certificates

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
  • INFO

    • Changes internet zones settings

      • IEXPLORE.EXE (PID: 2472)
    • Reads settings of System Certificates

      • Notepad _7.6.6_(64-bit).exe (PID: 2556)
      • IEXPLORE.EXE (PID: 2472)
      • chrome.exe (PID: 1380)
    • Application launched itself

      • IEXPLORE.EXE (PID: 2472)
      • chrome.exe (PID: 3044)
    • Reads internet explorer settings

      • IEXPLORE.EXE (PID: 2348)
    • Reads Internet Cache Settings

      • IEXPLORE.EXE (PID: 2472)
      • IEXPLORE.EXE (PID: 2348)
    • Changes settings of System certificates

      • IEXPLORE.EXE (PID: 2348)
    • Creates files in the user directory

      • IEXPLORE.EXE (PID: 2348)
    • Adds / modifies Windows certificates

      • IEXPLORE.EXE (PID: 2348)
    • Modifies the open verb of a shell class

      • chrome.exe (PID: 3044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Notepad _7.6.6_(64-bit).exe
ZipUncompressedSize: 2254888
ZipCompressedSize: 2082564
ZipCRC: 0x7528f28c
ZipModifyDate: 2019:04:15 11:40:27
ZipCompression: Deflated
ZipBitFlag: 0x0009
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
20
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start winrar.exe notepad  _7.6.6_(64-bit).exe no specs #INSTALLCORE notepad  _7.6.6_(64-bit).exe iexplore.exe npp.7.6.6.installer.x64.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2980"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Notepad _7.6.6_(64-bit).exe.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2964"C:\Users\admin\Desktop\Notepad _7.6.6_(64-bit).exe" C:\Users\admin\Desktop\Notepad _7.6.6_(64-bit).exeexplorer.exe
User:
admin
Company:
Wizard
Integrity Level:
MEDIUM
Description:
Fast Web Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\notepad _7.6.6_(64-bit).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2556"C:\Users\admin\Desktop\Notepad _7.6.6_(64-bit).exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnlC:\Users\admin\Desktop\Notepad _7.6.6_(64-bit).exe
Notepad _7.6.6_(64-bit).exe
User:
admin
Company:
Wizard
Integrity Level:
HIGH
Description:
Fast Web Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\notepad _7.6.6_(64-bit).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2472"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.techworld.com/download-thanks/C:\Program Files\Internet Explorer\IEXPLORE.EXE
Notepad _7.6.6_(64-bit).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3780"C:\Users\admin\Downloads\npp.7.6.6.Installer.x64.exe" C:\Users\admin\Downloads\npp.7.6.6.Installer.x64.exe
Notepad _7.6.6_(64-bit).exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Notepad++ : a free (GNU) source code editor
Version:
7.6.6.0
Modules
Images
c:\users\admin\downloads\npp.7.6.6.installer.x64.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2348"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:79873C:\Program Files\Internet Explorer\IEXPLORE.EXE
IEXPLORE.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3044"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
488"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6d670f18,0x6d670f28,0x6d670f34C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3092"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3136 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2288"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,13284661269426340908,17190237718736252086,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16527413910800193098 --mojo-platform-channel-handle=1000 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
2 035
Read events
1 708
Write events
321
Delete events
6

Modification events

(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2980) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Notepad _7.6.6_(64-bit).exe.zip
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(2964) Notepad _7.6.6_(64-bit).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
4
Suspicious files
41
Text files
246
Unknown types
10

Dropped files

PID
Process
Filename
Type
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\00134048.log
MD5:
SHA256:
2980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2980.36676\Notepad _7.6.6_(64-bit).exeexecutable
MD5:DADB449EB661A03FADAD4E901DE57245
SHA256:B653066C4F9061C7DD3E512ED47E6E51DDAAFE7A5FB32B40841989AB9C3D49DF
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\images\BG.pngimage
MD5:6183E1DFBFA264301675BC7A579B4206
SHA256:322FDB3E3937F1BDEBDC82227FBFB609F897F0F0E683E1444E1815412C5B0B71
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\images\Color_Button_Hover.pngimage
MD5:D045526C003C2F1740D0CC0180E2EAF3
SHA256:EFEC36BE1A732FA8BF9479DF4CAD8431B8A95FE4ED4B6A7006A120C6EC4777C0
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\form.bmp.Maskbinary
MD5:D2FC989F9C2043CD32332EC0FAD69C70
SHA256:27DD029405CBFB0C3BF8BAC517BE5DB9AA83E981B1DC2BD5C5D6C549FA514101
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\images\Close_Hover.pngimage
MD5:985E8A9BFAC40B071654CDA7D893E753
SHA256:B6449D5CC158C437560C685A3336FB912ADAD3E4D9EDDEC4F2FDCBFA9BB82162
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\css\main.csstext
MD5:7D1B0C00FC1BED62A94500BF078DAF81
SHA256:C4D22284DA9922616E5C5D9EA59644C69622A265BC92539407DF844CB292FC63
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\images\Grey_Button_Hover.pngimage
MD5:D045526C003C2F1740D0CC0180E2EAF3
SHA256:EFEC36BE1A732FA8BF9479DF4CAD8431B8A95FE4ED4B6A7006A120C6EC4777C0
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\css\ie6_main.csstext
MD5:0E5FFC18BEB4B3E48D4B07DF384C0B40
SHA256:3AD46EA4A11CFDFBAB0886F4056217F5C081E477451AD01DD666AD9C73E97B34
2556Notepad _7.6.6_(64-bit).exeC:\Users\admin\AppData\Local\Temp\inH126164017163\images\Color_Button.pngimage
MD5:9AD23004D781456DEE38E29B5C86E6BF
SHA256:3B0A8978730803C675F36CEE2B5E9992C8F4DF40D59F131A3C24E6CC7BC5AF74
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
87
DNS requests
51
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2348
IEXPLORE.EXE
GET
301
104.16.77.65:80
http://www.techworld.com/download-thanks/
US
shared
2348
IEXPLORE.EXE
GET
301
104.16.77.65:80
http://www.techworld.com/assets/fonts/clearsans_light_macroman/clearsans-light-webfont.eot?
US
shared
2348
IEXPLORE.EXE
GET
301
104.16.77.65:80
http://www.techworld.com/assets/fonts/clearsans_medium_macroman/clearsans-medium-webfont.eot?
US
shared
2348
IEXPLORE.EXE
GET
301
104.16.77.65:80
http://www.techworld.com/assets/fonts/clearsans_medium_macroman/clearsans-medium-webfont.eot?
US
shared
2348
IEXPLORE.EXE
GET
301
104.16.77.65:80
http://www.techworld.com/assets/fonts/clearsans_light_macroman/clearsans-light-webfont.eot?
US
shared
1380
chrome.exe
GET
200
194.9.24.113:80
http://r6---sn-5uh5o-f5fd.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=212.7.217.54&mm=28&mn=sn-5uh5o-f5fd&ms=nvh&mt=1555329769&mv=m&pl=21&shardbypass=yes
PL
crx
842 Kb
whitelisted
2556
Notepad _7.6.6_(64-bit).exe
POST
200
54.194.149.175:80
http://portal.dilicenehettll.com/
IE
malicious
2556
Notepad _7.6.6_(64-bit).exe
POST
200
54.194.149.175:80
http://portal.dilicenehettll.com/
IE
malicious
2556
Notepad _7.6.6_(64-bit).exe
POST
200
54.194.149.175:80
http://portal.dilicenehettll.com/
IE
malicious
2556
Notepad _7.6.6_(64-bit).exe
POST
200
52.51.129.59:80
http://vpn.dilicenehettll.com/
IE
binary
185 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2556
Notepad _7.6.6_(64-bit).exe
54.194.149.175:80
portal.dilicenehettll.com
Amazon.com, Inc.
IE
malicious
2556
Notepad _7.6.6_(64-bit).exe
52.51.129.59:80
vpn.dilicenehettll.com
Amazon.com, Inc.
IE
malicious
2348
IEXPLORE.EXE
104.16.77.65:80
www.techworld.com
Cloudflare Inc
US
shared
2348
IEXPLORE.EXE
104.16.77.65:443
www.techworld.com
Cloudflare Inc
US
shared
2556
Notepad _7.6.6_(64-bit).exe
37.59.28.236:443
notepad-plus-plus.org
OVH SAS
FR
whitelisted
2556
Notepad _7.6.6_(64-bit).exe
52.212.157.66:80
dev.dilicenehettll.com
Amazon.com, Inc.
IE
malicious
2348
IEXPLORE.EXE
104.16.78.65:443
www.techworld.com
Cloudflare Inc
US
shared
2348
IEXPLORE.EXE
35.201.98.64:443
spiffymachine.com
Google Inc.
US
whitelisted
2348
IEXPLORE.EXE
35.190.75.210:443
cdn.permutive.com
Google Inc.
US
whitelisted
2348
IEXPLORE.EXE
216.58.205.228:443
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
portal.dilicenehettll.com
  • 54.194.149.175
  • 52.214.73.247
malicious
dev.dilicenehettll.com
  • 52.212.157.66
  • 52.209.116.64
  • 18.203.190.76
malicious
vpn.dilicenehettll.com
  • 52.51.129.59
  • 52.31.245.195
  • 52.50.98.206
malicious
notepad-plus-plus.org
  • 37.59.28.236
whitelisted
www.techworld.com
  • 104.16.77.65
  • 104.16.78.65
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
js-sec.indexww.com
  • 2.21.37.92
whitelisted
cdn.techworld.com
  • 104.16.78.65
  • 104.16.77.65
unknown
cdn2.techworld.com
  • 104.16.77.65
  • 104.16.78.65
unknown
cdn1.techworld.com
  • 104.16.78.65
  • 104.16.77.65
unknown

Threats

PID
Process
Class
Message
2556
Notepad _7.6.6_(64-bit).exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
2556
Notepad _7.6.6_(64-bit).exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1
2556
Notepad _7.6.6_(64-bit).exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
2556
Notepad _7.6.6_(64-bit).exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4
2556
Notepad _7.6.6_(64-bit).exe
Generic Protocol Command Decode
SURICATA STREAM excessive retransmissions
2556
Notepad _7.6.6_(64-bit).exe
Generic Protocol Command Decode
SURICATA STREAM excessive retransmissions
1 ETPRO signatures available at the full report
No debug info