General Info

URL

http://www.watchtvnow.co

Full analysis
https://app.any.run/tasks/02e9a24f-629e-4585-a2ed-630edb266fd3
Verdict
Malicious activity
Analysis date
7/11/2019, 17:28:54
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • iexplore.exe (PID: 3872)
Creates files in the user directory
  • iexplore.exe (PID: 3872)
  • iexplore.exe (PID: 3220)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3872)
  • iexplore.exe (PID: 3220)
Changes internet zones settings
  • iexplore.exe (PID: 3220)
Application launched itself
  • iexplore.exe (PID: 3220)
Reads internet explorer settings
  • iexplore.exe (PID: 3872)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3220
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
3872
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3220 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\jscript.dll
c:\windows\system32\credssp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\feclient.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\dxtmsft.dll

Registry activity

Total events
448
Read events
387
Write events
59
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3220
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A0A07B85-A3F0-11E9-95C0-5254004A04AF}
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004000B000F001D000A008B02
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004000B000F001D000A009B02
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307070004000B000F001D000A000803
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
10
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307070004000B000F001D000A003703
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
32
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307070004000B000F001D000A005603
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071120190712
CacheRepair
0
3220
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
6E38CD70FD37D501
3872
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3872
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712
3872
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CachePrefix
:2019071120190712:
3872
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheLimit
8192
3872
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheOptions
11
3872
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071120190712
CacheRepair
0

Files activity

Executable files
0
Suspicious files
5
Text files
27
Unknown types
8

Dropped files

PID
Process
Filename
Type
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THOJPES7\f8a9938a18[1].gif
image
MD5: bc32ed98d624acb4008f986349a20d26
SHA256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIMVM10U\bg3[1].jpg
image
MD5: 79e5a6ab62343c3c0686ae4dddfa548e
SHA256: 2423959c36a79c0deec8b1ec2a8ca9013e4c189c4347339b9298a80a3a155ac2
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\f8a9938a18[1].gif
image
MD5: bc32ed98d624acb4008f986349a20d26
SHA256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\f8a9938a18[1]
text
MD5: 5c9da71976fb9d00f82e61c7e496ba06
SHA256: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
3220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
image
MD5: 504432c83a7a355782213f5aa620b13f
SHA256: df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\watchtvnow_co[1].txt
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e424cf56f5900465a69d84570533c463
SHA256: 8a97fcd58b11151075fbdd701990d809ffb6a33781d10d28cd74e2416e067846
3872
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: b43fba703fa61361a65eb98b7b7e917b
SHA256: e47c998626e79a19912e09a164cc5747d878f3948147358a6ef6898664515c7c
3872
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUF80D1U\nr-1123.min[1].js
text
MD5: 7ffb242072196e9db5f4f1bfbfa2ed7d
SHA256: 94cdf5b7f868883de0e1248cd80b42dd84e3f38685f2b234747550c02190dc82
3220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: e7b8a61f6f487ac8a2c5ad3954600ca0
SHA256: 7ae190565ad60181d6ffa99b1bc6182688dcc263b38ec1ab160b245bf38c4318
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071120190712\index.dat
dat
MD5: 78d2c423ec864f44438b378af3250dae
SHA256: 22828b606836e010177a199097d648d638c969c89ef6ab2b03dbcd1515f18efb
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THOJPES7\prompt[1]
text
MD5: 08bf7ad360f18bc6410f86904755c2c2
SHA256: 1af5065126e4491f3946de36cb6e5ed0c44f2ad507e508dc18a0b7cedfb809dc
3872
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: a17e12a610b96a33d4d6f131111206c6
SHA256: 526c4d50cbd00132e734696fba5d35f6bb41b214b60d6dc71573fb5a106faceb
3872
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: ea8f42f93bee43a6632dbaddc84bf19a
SHA256: 7cea505e8377dfcce4155bfcc08c8bac011bd181c681c5c5545fca619b4b8f3b
3872
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab3230.tmp
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar3231.tmp
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar3183.tmp
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab3182.tmp
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar3143.tmp
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab3142.tmp
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
3872
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: ee1a4a96f47e3bb97486c918c1c5a244
SHA256: cff3685c03b0386fc7014e8b4d330985b74ec08c8ce3338409e739851fa2fd99
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 9af69a612150f8bee287cde24ab9bb88
SHA256: b2f7c81aa782dd8655a8d17bf50a66569047dfedafd81d5f326c597e3a7e4c6e
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUF80D1U\f8a9938a18[1].gif
image
MD5: bc32ed98d624acb4008f986349a20d26
SHA256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\tvCollage[1].jpg
image
MD5: 207ae8a228325ec9c99b366ff522964b
SHA256: f9e26948fc0d06f1e9f849ecdebae66cff1e12f28e5487d1841fdbdae23e15fe
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUF80D1U\tv3stepIE[1].png
image
MD5: 49ef0aed979ac8d6b097e08cbe43c7b7
SHA256: 6f1ebf8752b3f4ee68b947e8ec71df5a4970deeaad026025e4e03fdf4e7931c5
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIMVM10U\Green-arrow-right[1].png
image
MD5: ec11ec61ae3957c9a76c80a3cc41ba18
SHA256: 9370862235e609814989a6c524aaee8307d86a8c51c0180817f68919e46de964
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIMVM10U\tvSet[1].png
image
MD5: 9d0cd6e0da9125b8df4fb55690b5f421
SHA256: 0fa2629dff99ec5158b5385cdb3386166bfd4ad7d9444c169713bd1d8c8cf68c
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIMVM10U\clock[1].png
image
MD5: 3babf5e14a9226047a25b0055dbe3dd8
SHA256: 57333490d89a90d351332e9832e55b49192dc28f0caa27b9d737d44d538e6535
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\television_newTab[1].png
image
MD5: ddbd6fec35777e1ce29dfef0f4fb98bb
SHA256: 6c0dc9cb0db4dec03b08fdd06a7bc88e74706d95d181b459bb9053040313b9b8
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUF80D1U\free[1].png
image
MD5: 792adb010c98237fbba2749dca8f0563
SHA256: c59b68c039dae254a3edd4222bdcf40655d089d4740fe2b23936fe499b98356e
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THOJPES7\loading[1].gif
image
MD5: 59fa0c3e592cc81e41f67cbd1b67c630
SHA256: 49011c42b6cc46e82b8b1f2e1e7f5ce0432d93e93932c671c2201f76285c9331
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THOJPES7\watchtvnowicon[1].png
image
MD5: 1d162a2ac06b25d3124a3f4b1fd6633e
SHA256: 33d5570c903c6055c0fb302155e814b4b2ed25fa3b053cee81f268f34ac2834c
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THOJPES7\js[1]
text
MD5: 75d768f0237cae58bbe8c9573b127e0f
SHA256: 96e87151454f56cae7bf1383c7af7c9804a0aa90bc12c104418018f7c4cac26c
3220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3220
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3220
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\js[1]
text
MD5: 457f6ee75b742d8fe9a9477a6f8d7b7a
SHA256: 8f25e632e0baf5da2c697b42f4e1c2f6cd791be9215fe208cf6f9dde6b91d4e7
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUF80D1U\firebase-messaging[1].js
text
MD5: d3a746f544b2e9c68d668b8d673fc8ae
SHA256: 5bd8b60aec0f5d472510458c76bdb80ed7c3ca40632e905f671237b3ef806375
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIMVM10U\sendImpression[1]
text
MD5: 40bcd077fa383a903a8bf8a425940f32
SHA256: 996c8c5df2bf21be54671b096113d921dfb5c45aa8042e0058abb9fdf964aa62
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIMVM10U\jquery[1]
text
MD5: ce7092c9dcc6af3c74423729abe80447
SHA256: 5aa42812961402a87076bc7a833aac5cd2c6dba847ed399bf836e025b7749b6e
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THOJPES7\splashstyle_v1[1].css
text
MD5: a8b5805ca4efa2d9cedd88ad5015dd15
SHA256: 1dff4ceef104ac225a210426b7b925af6c3ea2a91ee0994c7faa31d93b6cd95b
3872
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: a475e4dc3e7a866b6c964502bf7a1ab9
SHA256: 0e7978d68922a37d2d8f59277193285660408725c067c22957da91d6b2abae7f
3872
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TM5KYC8A\www.watchtvnow[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: f32116bcdaeed505cff46d9d35648e9c
SHA256: 83f3f6fb64802f21c83dafcefcc632a62b7dfc7d3636e2bc77c373b815abbab2
3872
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\watchtvnow_co[1].htm
html
MD5: 221f7aba872b32d40c617e79b9d571e3
SHA256: 4d7c46cbce9726a9318eda5a272b105e53511b90d5473334cd1c9450e69e4185

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
21
TCP/UDP connections
23
DNS requests
13
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3220 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/ US
html
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/content/Landing/getAssets/watchTvNow/splashstyle_v1.css US
text
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1 US
text
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/get/js/sendImpression?vname=watchTvNowSplash_v1&userid=070cc795-d4ce-4d23-b4e9-3aebe182e9db&source=-lp0&adprovider= US
text
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/loading.gif US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/watchtvnowicon.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/Green-arrow-right.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/clock.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/free.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/_global/images/newTab/television_newTab.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/tvSet.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/Content/Landing/getAssets/watchTvNow/images/bg3.jpg US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/content/Landing/getAssets/watchTvNow/images/tv3stepIE.png US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/content/Landing/getAssets/watchTvNow/images/tvCollage.jpg US
image
whitelisted
3872 iexplore.exe GET 200 13.224.197.167:80 http://x.ss2.us/x.cer US
der
whitelisted
3872 iexplore.exe GET 200 205.185.216.42:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3872 iexplore.exe GET 200 54.175.158.54:80 http://imp.hwatchtvnow.co/impression.do?event=ex_windowsize&user_id=070cc795-d4ce-4d23-b4e9-3aebe182e9db&source=-lp0&traffic_source=&subid=&subid2=1276x560&implementation_id=tv_&page=watchTvNowSplash_v1&referrer=http%3a%2f%2fwww.watchtvnow.co%2f US
image
malicious
3872 iexplore.exe GET 200 54.175.158.54:80 http://imp.hwatchtvnow.co/impression.do?event=ex_screen_resolution&user_id=070cc795-d4ce-4d23-b4e9-3aebe182e9db&source=-lp0&traffic_source=&subid=&subid2=1280x720&implementation_id=tv_&page=watchTvNowSplash_v1&referrer=http%3a%2f%2fwww.watchtvnow.co%2f US
image
malicious
3220 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/favicon.ico US
image
whitelisted
3872 iexplore.exe GET 200 54.156.183.234:80 http://www.watchtvnow.co/?adprovider=AppFocus1&source=-lp0&subid=&subid2=102242ba776e0c9f6d66c9afdb7469&AppID=965&email= US
html
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3220 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3872 iexplore.exe 54.156.183.234:80 Amazon.com, Inc. US unknown
3872 iexplore.exe 216.58.205.232:443 Google Inc. US whitelisted
3872 iexplore.exe 172.217.18.3:443 Google Inc. US whitelisted
3872 iexplore.exe 35.169.201.114:80 Amazon.com, Inc. US unknown
3872 iexplore.exe 54.234.93.112:443 Amazon.com, Inc. US unknown
3872 iexplore.exe 172.217.22.78:443 Google Inc. US whitelisted
3872 iexplore.exe 3.95.126.40:443 US unknown
3872 iexplore.exe 13.224.197.167:80 US unknown
3872 iexplore.exe 205.185.216.42:80 Highwinds Network Group, Inc. US whitelisted
3872 iexplore.exe 54.175.158.54:80 Amazon.com, Inc. US unknown
3220 iexplore.exe 54.156.183.234:80 Amazon.com, Inc. US unknown
3872 iexplore.exe 151.101.2.110:443 Fastly US suspicious
3872 iexplore.exe 52.50.109.222:443 Amazon.com, Inc. IE suspicious
3872 iexplore.exe 162.247.242.21:443 New Relic US whitelisted

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.watchtvnow.co 54.156.183.234
34.237.56.119
unknown
config.hwatchtvnow.co 35.169.201.114
35.169.198.180
unknown
www.googletagmanager.com 216.58.205.232
whitelisted
www.gstatic.com 172.217.18.3
whitelisted
pushible.com 54.234.93.112
3.95.126.40
unknown
www.google-analytics.com 172.217.22.78
whitelisted
x.ss2.us 13.224.197.167
13.224.197.19
13.224.197.157
13.224.197.208
whitelisted
www.download.windowsupdate.com 205.185.216.42
205.185.216.10
whitelisted
imp.hwatchtvnow.co 54.175.158.54
54.87.172.192
unknown
appfocus.go2cloud.org 52.50.109.222
54.72.199.154
52.30.52.254
malicious
js-agent.newrelic.com 151.101.2.110
151.101.66.110
151.101.130.110
151.101.194.110
whitelisted
bam.nr-data.net 162.247.242.21
162.247.242.20
162.247.242.19
162.247.242.18
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.