| URL: | https://www.safer-networking.org/products/spybot-free-edition/download-mirror-1/ |
| Full analysis: | https://app.any.run/tasks/87bb12eb-85f5-4aa1-ad50-85d512813177 |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | May 07, 2020, 21:46:57 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | BCF70F11BA63737FE7329E43AE39A214 |
| SHA1: | 4E28E6903ABDFF514BE30C4A8AE76BA2A3A5160B |
| SHA256: | F06F9C0894FC0612E387819931D9283DAA10754C3A1729B0A29A7B6D9941A29D |
| SSDEEP: | 3:N8DSLK24oxRWNVRtABMRjIMn:2OLHjRWNVRtA6R0M |
MALICIOUS
Downloads executable files from the Internet
- spybotsd-2.8.68.0.tmp (PID: 3024)
Changes the autorun value in the registry
- spybotsd-2.8.68.0.tmp (PID: 3024)
Changes settings of System certificates
- SDTray.exe (PID: 2696)
- SDFSSvc.exe (PID: 1848)
Actions looks like stealing of personal data
- SDTray.exe (PID: 2696)
- spybotsd-2.8.68.0.tmp (PID: 3024)
- SDFSSvc.exe (PID: 1848)
- SDUpdSvc.exe (PID: 2412)
- SDUpdate.exe (PID: 2116)
- SDUpdate.exe (PID: 1784)
- SDSpybotLab.exe (PID: 2072)
- SDSpybotLab.exe (PID: 2700)
- SDWelcome.exe (PID: 2640)
- SDImmunize.exe (PID: 3292)
Application was dropped or rewritten from another process
- SDUpdSvc.exe (PID: 2412)
- SDUpdate.exe (PID: 2116)
- SDUpdate.exe (PID: 1784)
- SDSpybotLab.exe (PID: 2072)
- SDFSSvc.exe (PID: 1848)
- SDTray.exe (PID: 2696)
- SDSpybotLab.exe (PID: 2700)
- spybotsd2-install-bdcore-update-2020a.exe (PID: 3896)
- SDWelcome.exe (PID: 2640)
- SDImmunize.exe (PID: 3292)
- SDImmunize.exe (PID: 1356)
Loads the Task Scheduler DLL interface
- spybotsd-2.8.68.0.tmp (PID: 3024)
Loads the Task Scheduler COM API
- spybotsd-2.8.68.0.tmp (PID: 3024)
Loads dropped or rewritten executable
- SDUpdate.exe (PID: 2116)
- SDTray.exe (PID: 2696)
- SDFSSvc.exe (PID: 1848)
- SDUpdSvc.exe (PID: 2412)
- SDUpdate.exe (PID: 1784)
- SDSpybotLab.exe (PID: 2072)
- SDSpybotLab.exe (PID: 2700)
- WerFault.exe (PID: 3156)
- spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
- SDWelcome.exe (PID: 2640)
- SDImmunize.exe (PID: 3292)
SUSPICIOUS
Executable content was dropped or overwritten
- spybotsd-2.8.68.0.exe (PID: 3728)
- spybotsd-2.8.68.0.exe (PID: 3016)
- spybotsd-2.8.68.0.tmp (PID: 3024)
- SDUpdSvc.exe (PID: 2412)
- spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
Reads the Windows organization settings
- spybotsd-2.8.68.0.tmp (PID: 3024)
- spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
Reads Windows owner or organization settings
- spybotsd-2.8.68.0.tmp (PID: 3024)
- spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
Reads Internet Cache Settings
- spybotsd-2.8.68.0.tmp (PID: 3024)
- SDTray.exe (PID: 2696)
- SDUpdate.exe (PID: 1784)
- SDWelcome.exe (PID: 2640)
- SDImmunize.exe (PID: 3292)
Creates or modifies windows services
- spybotsd-2.8.68.0.tmp (PID: 3024)
- SDTray.exe (PID: 2696)
- SDUpdSvc.exe (PID: 2412)
Creates executable files which already exist in Windows
- spybotsd-2.8.68.0.tmp (PID: 3024)
Creates files in the driver directory
- spybotsd-2.8.68.0.tmp (PID: 3024)
Creates files in the Windows directory
- spybotsd-2.8.68.0.tmp (PID: 3024)
- SDFSSvc.exe (PID: 1848)
- SDUpdate.exe (PID: 2116)
- SDUpdSvc.exe (PID: 2412)
- WerFault.exe (PID: 3156)
- spybotsd2-install-bdcore-update-2020a.exe (PID: 3896)
Reads Environment values
- SDTray.exe (PID: 2696)
- spybotsd-2.8.68.0.tmp (PID: 3024)
- SDFSSvc.exe (PID: 1848)
- SDUpdate.exe (PID: 2116)
- SDUpdate.exe (PID: 1784)
- SDUpdSvc.exe (PID: 2412)
- SDWelcome.exe (PID: 2640)
- SDImmunize.exe (PID: 3292)
Modifies the open verb of a shell class
- spybotsd-2.8.68.0.tmp (PID: 3024)
Adds / modifies Windows certificates
- SDTray.exe (PID: 2696)
- SDFSSvc.exe (PID: 1848)
Creates COM task schedule object
- spybotsd-2.8.68.0.tmp (PID: 3024)
Creates files in the program directory
- SDTray.exe (PID: 2696)
- SDUpdSvc.exe (PID: 2412)
- WerFault.exe (PID: 3156)
- spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
- SDImmunize.exe (PID: 3292)
Executed as Windows Service
- SDFSSvc.exe (PID: 1848)
- SDUpdSvc.exe (PID: 2412)
Removes files from Windows directory
- SDUpdate.exe (PID: 2116)
- SDFSSvc.exe (PID: 1848)
- SDUpdSvc.exe (PID: 2412)
- WerFault.exe (PID: 3156)
- spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
- spybotsd2-install-bdcore-update-2020a.exe (PID: 3896)
Executed via Task Scheduler
- SDUpdate.exe (PID: 2116)
Creates files in the user directory
- SDUpdate.exe (PID: 1784)
- SDWelcome.exe (PID: 2640)
- SDImmunize.exe (PID: 3292)
Reads the cookies of Mozilla Firefox
- SDImmunize.exe (PID: 3292)
INFO
Changes internet zones settings
- iexplore.exe (PID: 3448)
Reads Internet Cache Settings
- iexplore.exe (PID: 3448)
- iexplore.exe (PID: 3336)
Application launched itself
- iexplore.exe (PID: 3448)
Creates files in the user directory
- iexplore.exe (PID: 3336)
- iexplore.exe (PID: 3448)
Reads internet explorer settings
- iexplore.exe (PID: 3336)
Reads settings of System Certificates
- iexplore.exe (PID: 3448)
- iexplore.exe (PID: 3336)
Modifies the phishing filter of IE
- iexplore.exe (PID: 3448)
Application was dropped or rewritten from another process
- spybotsd-2.8.68.0.tmp (PID: 3024)
- spybotsd-2.8.68.0.tmp (PID: 2068)
- setup-signatures.exe (PID: 2728)
Loads dropped or rewritten executable
- spybotsd-2.8.68.0.tmp (PID: 3024)
Creates a software uninstall entry
- spybotsd-2.8.68.0.tmp (PID: 3024)
Creates files in the program directory
- spybotsd-2.8.68.0.tmp (PID: 3024)
- setup-signatures.exe (PID: 2728)
Reads the hosts file
- SDImmunize.exe (PID: 3292)
Changes settings of System certificates
- iexplore.exe (PID: 3448)
Adds / modifies Windows certificates
- iexplore.exe (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
73
Monitored processes
20
Malicious processes
18
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 440 | "C:\Windows\TEMP\is-T4E5G.tmp\spybotsd2-install-bdcore-update-2020a.tmp" /SL5="$40046,2390279,721408,C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update-2020a.exe" /silent /verysilent /norestart | C:\Windows\TEMP\is-T4E5G.tmp\spybotsd2-install-bdcore-update-2020a.tmp | spybotsd2-install-bdcore-update-2020a.exe | ||||||||||||
User: SYSTEM Integrity Level: SYSTEM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
| 1356 | "C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe" /check | C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe | — | SDWelcome.exe | |||||||||||
User: admin Company: Safer-Networking Ltd. Integrity Level: MEDIUM Description: Pro-active browser protection Exit code: 3221226540 Version: 2.8.67.133 Modules
| |||||||||||||||
| 1784 | "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate | C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe | spybotsd-2.8.68.0.tmp | ||||||||||||
User: admin Company: Safer-Networking Ltd. Integrity Level: MEDIUM Description: Update Exit code: 0 Version: 2.8.68.100 Modules
| |||||||||||||||
| 1848 | "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" | C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe | services.exe | ||||||||||||
User: SYSTEM Company: Safer-Networking Ltd. Integrity Level: SYSTEM Description: Spybot 2 Scanner Service Exit code: 0 Version: 2.8.68.220 Modules
| |||||||||||||||
| 2068 | "C:\Users\admin\AppData\Local\Temp\is-PQC3G.tmp\spybotsd-2.8.68.0.tmp" /SL5="$C024C,68440474,806912,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe" | C:\Users\admin\AppData\Local\Temp\is-PQC3G.tmp\spybotsd-2.8.68.0.tmp | — | spybotsd-2.8.68.0.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
| 2072 | "C:\Program Files\Spybot - Search & Destroy 2\SDSpybotLab.exe" /updatedue | C:\Program Files\Spybot - Search & Destroy 2\SDSpybotLab.exe | SDUpdate.exe | ||||||||||||
User: admin Company: Safer-Networking Ltd. Integrity Level: MEDIUM Exit code: 0 Version: 2.8.68.0 Modules
| |||||||||||||||
| 2116 | "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background | C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe | taskeng.exe | ||||||||||||
User: SYSTEM Company: Safer-Networking Ltd. Integrity Level: SYSTEM Description: Update Exit code: 255 Version: 2.8.68.100 Modules
| |||||||||||||||
| 2412 | "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" | C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe | services.exe | ||||||||||||
User: SYSTEM Company: Safer-Networking Ltd. Integrity Level: SYSTEM Description: Spybot 2 Background Update Service Exit code: 0 Version: 2.8.68.83 Modules
| |||||||||||||||
| 2640 | "C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe" | C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe | spybotsd-2.8.68.0.tmp | ||||||||||||
User: admin Company: Safer-Networking Ltd. Integrity Level: MEDIUM Description: Start Center Exit code: 0 Version: 2.8.67.138 Modules
| |||||||||||||||
| 2696 | "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" | C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe | spybotsd-2.8.68.0.tmp | ||||||||||||
User: admin Company: Safer-Networking Ltd. Integrity Level: HIGH Description: Spybot - Search & Destroy tray access Exit code: 0 Version: 2.8.67.129 Modules
| |||||||||||||||
Total events
9 569
Read events
3 648
Write events
4 192
Delete events
1 729
Modification events
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
| Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 543499484 | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
| Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30811321 | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| Operation: | write | Name: | SavedLegacySettings |
Value: 46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (3448) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
Executable files
116
Suspicious files
126
Text files
164
Unknown types
197
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3336 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab7240.tmp | — | |
MD5:— | SHA256:— | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7241.tmp | — | |
MD5:— | SHA256:— | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCONS4CO.txt | — | |
MD5:— | SHA256:— | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | binary | |
MD5:6FBA8471AEC42435C353B68912174BFF | SHA256:287718F40E09600A354807B4C5DD4C3912F9C3222D126C5EEE30A588A2D059F8 | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:4FD63C454B64534FD35208E2098F34B7 | SHA256:2F53AEF6118DD563A8B3D22269DCE6DA81E4E80E34C455DA65DF89D0E5895DB8 | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\A4EHKMRF.txt | text | |
MD5:917BA80E03C92A40443328B5C6130F48 | SHA256:64345B7269450C91058D2AB4A6F32992814B020DC3E3831661903132F5A1D9B8 | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\download-mirror-1[1].htm | html | |
MD5:9B4B369BA995BFD656239151AD1291AD | SHA256:DE329DD4035CADA34905509563F50C4E7437673E19ECB604673BF9CA0046A41E | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\style.1553000490[1].css | text | |
MD5:513064AB57FC81ED2C9AE3AC8B51C412 | SHA256:9186DAF4ED10EDB01AA2CEE10E9C1EF8BEDC62FBCC6F7C0FA9183351BAAED171 | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\spybot3-shopboxes.1533722477[1].css | text | |
MD5:AFAF1F290846D2614D3F89D53B7D908B | SHA256:3A720498A50813C5996859C44E525C0C9C0BEAECCE404BFB294EE77FA4F84243 | |||
| 3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\spybot3-redirect.1536061817[1].css | text | |
MD5:B46603F26A134BC9805D4309DBC83158 | SHA256:E19F04494882BE3610DC54F001FF15CC2F72C0963193E6DF7D645E60435C0BD1 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
70
TCP/UDP connections
98
DNS requests
31
Threats
4
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3336 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
3448 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3336 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | unknown | der | 1.37 Kb | whitelisted |
3448 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3024 | spybotsd-2.8.68.0.tmp | GET | 302 | 167.114.117.64:80 | http://www.safer-networking.org/updallocator.php | CA | — | — | whitelisted |
3448 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 55.9 Kb | whitelisted |
3448 | iexplore.exe | GET | 304 | 2.16.106.171:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 55.9 Kb | whitelisted |
1848 | SDFSSvc.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D | US | der | 471 b | whitelisted |
3024 | spybotsd-2.8.68.0.tmp | GET | — | 95.217.7.90:80 | http://updates3.safer-networking.org/spybot1/spybotsd_includes.exe | DE | — | — | suspicious |
2696 | SDTray.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D | US | der | 471 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 95.216.205.152:443 | offers.safer-networking.org | Hetzner Online GmbH | DE | suspicious |
3336 | iexplore.exe | 167.114.117.64:443 | www.safer-networking.org | OVH SAS | CA | unknown |
3336 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3336 | iexplore.exe | 151.101.2.133:443 | www.paypalobjects.com | Fastly | US | malicious |
3448 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3336 | iexplore.exe | 104.111.228.123:443 | www.paypal.com | Akamai International B.V. | NL | unknown |
3336 | iexplore.exe | 23.45.98.207:443 | t.paypal.com | Akamai International B.V. | NL | whitelisted |
3448 | iexplore.exe | 167.114.117.64:443 | www.safer-networking.org | OVH SAS | CA | unknown |
3336 | iexplore.exe | 163.172.168.58:443 | updates2.safer-networking.org | Online S.a.s. | FR | suspicious |
3336 | iexplore.exe | 2.16.186.11:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | — | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.safer-networking.org |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.paypalobjects.com |
| whitelisted |
www.paypal.com |
| whitelisted |
t.paypal.com |
| whitelisted |
updates2.safer-networking.org |
| suspicious |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
3024 | spybotsd-2.8.68.0.tmp | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3024 | spybotsd-2.8.68.0.tmp | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3024 | spybotsd-2.8.68.0.tmp | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3024 | spybotsd-2.8.68.0.tmp | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
Process | Message |
|---|---|
SDTray.exe | C:\Program Files\Spybot - Search & Destroy 2\SDLicense.dll: GetCodeSignatureIssuerPE: -1 |
SDTray.exe | TMemoryMappedFileBase: Handle created, |
SDTray.exe | TMemoryMappedFileBase: Handle created, |
SDTray.exe | TMemoryMappedFileBase: Handle created, |
SDTray.exe | TMemoryMappedFileBase: Handle created, |
SDUpdSvc.exe | TMemoryMappedFileBase: Handle created, |
SDUpdSvc.exe | TMemoryMappedFileBase: Handle created, |
SDUpdSvc.exe | TMemoryMappedFileBase: Handle created, |
SDUpdSvc.exe | TMemoryMappedFileBase: Handle created, |
SDUpdSvc.exe | TMemoryMappedFileBase: Handle created, |