URL:

https://api.taboola.com/2.0/json/yahoo-home/recommendations.notify-click?app.type=bidder&app.apikey=69629143827c91b118c7e0dc9f2a4eb0059feae9&response.id=__861d2e8ac6d1004b2c16ecf6a4ba1fc7__711eca65b8d35975423ea1c6c94ec8be&response.session=v2_f224589dd69a8693d0f1df3f53e0a60d_3d4e33b6-db1b-403d-8115-e9e1f2625c6e-tuctc41cfb4_1708028622_1708028622_CIi3jgYQm9teGISk9b7m8I-n7QEgASgHMOEBOJGkDkDVpg9IsvDbA1C1BFgAYMYbaI64y9jw2s-7W3AB&item.id=%7E%7EV1%7E%7E-2510514082865159556%7E%7E99KDd2l3sy577oVWejf14Hp_KTxWpHMf6MOPuGIFNFdIt3T9e3bW4YiIkLUbDka42VjV9KpGZNdIYbn11Bk1e1qCG7p0dxcF1xv-YvYoK5Vmu8KCYETIpmuy5qFJi175vM5rYUQH2_WW89pMH1zApQI74AOvQafommLgLXhgcB9QIiFyKAMoup9dqEAtgoLqeLpxiNbKqmrqWzbfOeXZ4ukw3nQcFx-YhX47EDs0jBWeur8Gf8Oz6wbL0jDNqQ56BiFocqVABn6CHb6J0_Vd1Q&item.type=photo&sig=4eb6d48655fa5f034559c5b7b307d70653d25e637b5a&redir=https%3A%2F%2Fmauroffers.com%2Findex.php%3Fkey2%3Dz270q219l8%26click-id%3DGiCr1rHMgdHH8T4-Ly-1EKo5T8iIk4Xy3VlJmwaLLk6z4iDo_loon-WpspSOjIZG%26cpc%3Dss_nfSeWiIWcKs7hoYDxzxNKyDEP4nVtQJcEfk6lQKY%3D%26site%3Dyahoo-home%26campaign%3D%257Bcampaign%257D%26thumbnail%3Dhttp%253A%252F%252Fcdn.taboola.com%252Flibtrc%252Fstatic%252Fthumbnails%252Fccba49d9e0bc6375bb30e05c0895aef4.jpeg%26title%3D%25E2%2580%2598Go%2BWoke%252C%2BGo%2BBroke%25E2%2580%2599%253A%2BNFL%2BTeam%25E2%2580%2599s%2BStadium%2BEmpty%2BDespite%2BOffering%2B%25241%2BTickets%26site_domain%3Dyahoo.com%26campaign_item_id%3D3889970812%26campaign_id%3D32531411%26utm_source%3Dtaboola%26utm_medium%3Dreferral%26tblci%3DGiCr1rHMgdHH8T4-Ly-1EKo5T8iIk4Xy3VlJmwaLLk6z4iDo_loon-WpspSOjIZG%23tblciGiCr1rHMgdHH8T4-Ly-1EKo5T8iIk4Xy3VlJmwaLLk6z4iDo_loon-WpspSOjIZG&ui=3d4e33b6-db1b-403d-8115-e9e1f2625c6e-tuctc41cfb4&cpb=GK7F29MGIPaALioZdXMudGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjMTA2MjA4gAJAkaQOSNWmD1Cy8NsDWLUEYwjQ__________8BEND__________wEYMGRjCN3__________wEQ3f__________ARgjZGMIw00QrmYYFGRjCPn__________wEQ-f__________ARgHZGMIlhQQmxwYGGRjCNIDEOAGGAhkYwiWWBCWdBgLZGMIgFUQsnAYPmRjCKZUEMdvGA9kYwikJxCDNRgvZGMI4f__________ARDh__________8BGB9kajExYzYyODFiYy1jYzQwLTExZWUtYTg5Yy1mMDkyMWMxOWMzOTQtN2YzNGZjNTVhNzAwcgwmA3CAmwAXLhhDU0l4AYAB4iOIAaaes-cBkAEYmAHM6sHz2jGiAQRTQ09OqgEKU0NPTl9ZQUhPT7IBClNDT05fWUFIT0-6AQRob21lwAHB6wPKAQJ1cw&viperAppType=SCON

Full analysis: https://app.any.run/tasks/23a6acb6-b7d7-45a9-965a-0b813885168f
Verdict: Malicious activity
Analysis date: February 15, 2024, 21:11:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

0EC0C7AED69E11DA7A439CAC92251640

SHA1:

BE496BF2ABFA285BBD951534FAE3DA0EF4256D36

SHA256:

029CC257286846FBDD17A3B8D7DD9A85C16A82E99F0A75203442223512F32BA5

SSDEEP:

48:kpLNGHPUii77MhUMnVUThFyQIAwDptUPX2H3S+/lf:kWciivMhLVwh8QMNS6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by a user

      • chrome.exe (PID: 3392)

    • Application launched itself

      • iexplore.exe (PID: 3668)
      • chrome.exe (PID: 3392)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2928)
      • chrome.exe (PID: 2940)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 2928)
      • chrome.exe (PID: 2940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
62
Monitored processes
25
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1308"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2132 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1404"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3412 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1728"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2216 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1892"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1536 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1900"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2072"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1320 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2152"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2176"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1920 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2292"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6bb98b38,0x6bb98b48,0x6bb98b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2504"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4208 --field-trial-handle=1164,i,1730647849810951741,3119969054192519258,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
17 762
Read events
17 567
Write events
159
Delete events
36

Modification events

(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31088723
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31088723
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
3
Suspicious files
153
Text files
146
Unknown types
113

Dropped files

PID
Process
Filename
Type
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF18407f.TMP
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3668iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\getConfig[1].xmltext
MD5:FE67CF12B9DF18814D8575D522D02C65
SHA256:6A8327BEC2B6BB88B6B58869D66B5FE011B77ABD1065B573AAEEC8AE61824301
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:B913E1AE4569A6AC774FE8E0CD346424
SHA256:BA10EB9F265D751B3FF36DB4189B29D764C2EAA5E2FFF388455B58066D6925D7
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Ader
MD5:663F92B5FBAC26AC8DA7B97A4353AE26
SHA256:6B21A4093342AD5B83D69C7C3182D28CF7E064EC3AC9985D17B5761B9244EE4C
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:AE1B4CABEC390ACB49E507B877E37144
SHA256:1C5E745225727D498C1685467AAA9971DCE6DDF2B679A8B635E7B88A281E667B
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Abinary
MD5:D5925C8BC4E22229447EABA90D07012B
SHA256:09C1466C5C0AA571A8800541E5B2061F2EACF4CBD43CEDFF86BA5D89CCEDC4CC
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53der
MD5:95CF53B46681B33AD7F2C9B52C3E7366
SHA256:B429C085A9AFBDB2F05FDE48B560BFC82A3940984E517E0CA8F6F89E1524658A
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53binary
MD5:CCE96408D0B50FAE882542F1C3FF9424
SHA256:DCC65A5D1A0771AE7CCE06A34AED98E25E70C7DA104CC89E33FF697E92B2AE90
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
93
DNS requests
95
Threats
464

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3668
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?70d85e3b0e586cab
GB
unknown
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
unknown
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
US
binary
312 b
unknown
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
unknown
1080
svchost.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e2ddf83a2417bb20
GB
compressed
65.2 Kb
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
unknown
1080
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?624d1ab720bef5f8
GB
compressed
65.2 Kb
unknown
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
US
binary
471 b
unknown
856
svchost.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
binary
3.07 Kb
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acf5iuk6pnjlc6lnxtqm5ki6eoqq_112.300.200/gkmgaooipdjhmangpemjhigmamcehddo_112.300.200_win_aclnpjhtsv44pze3qmxsxb7fq66q.crx3
US
binary
3.07 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3668
iexplore.exe
2.19.246.123:443
go.microsoft.com
AKAMAI-AS
DE
unknown
3668
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3668
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3668
iexplore.exe
52.165.174.123:443
ie11fre.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3668
iexplore.exe
2.20.142.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted
3392
chrome.exe
239.255.255.250:1900
unknown
2072
chrome.exe
142.250.184.195:443
clientservices.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 2.19.246.123
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ie11fre.microsoft.com
  • 52.165.174.123
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.20.142.155
  • 2.20.142.3
  • 2.20.142.187
  • 92.122.215.57
  • 2.20.142.180
  • 2.20.142.251
  • 92.122.215.53
  • 2.20.142.154
  • 92.122.215.65
whitelisted
clientservices.googleapis.com
  • 142.250.184.195
whitelisted
accounts.google.com
  • 142.250.110.84
shared
www.google.com
  • 142.250.186.164
  • 216.58.212.164
whitelisted
update.googleapis.com
  • 142.250.184.195
whitelisted

Threats

PID
Process
Class
Message
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2072
chrome.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://api.taboola.com/2.0/json/yahoo-home/recommendations.notify-click?app.type=bidder&app.apikey=69629143827c91b118c7e0dc9f2a4eb0059feae9&response.id=__861d2e8ac6d1004b2c16ecf6a4ba1fc7__711eca65b8d35975423ea1c6c94ec8be&response.session=v2_f224589dd69a8693d0f1df3f53e0a60d_3d4e33b6-db1b-403d-8115-e9e1f2625c6e-tuctc41cfb4_1708028622_1708028622_CIi3jgYQm9teGISk9b7m8I-n7QEgASgHMOEBOJGkDkDVpg9IsvDbA1C1BFgAYMYbaI64y9jw2s-7W3AB&item.id=%7E%7EV1%7E%7E-2510514082865159556%7E%7E99KDd2l3sy577oVWejf14Hp_KTxWpHMf6MOPuGIFNFdIt3T9e3bW4YiIkLUbDka42VjV9KpGZNdIYbn11Bk1e1qCG7p0dxcF1xv-YvYoK5Vmu8KCYETIpmuy5qFJi175vM5rYUQH2_WW89pMH1zApQI74AOvQafommLgLXhgcB9QIiFyKAMoup9dqEAtgoLqeLpxiNbKqmrqWzbfOeXZ4ukw3nQcFx-YhX47EDs0jBWeur8Gf8Oz6wbL0jDNqQ56BiFocqVABn6CHb6J0_Vd1Q&item.type=photo&sig=4eb6d48655fa5f034559c5b7b307d70653d25e637b5a&redir=https%3A%2F%2Fmauroffers.com%2Findex.php%3Fkey2%3Dz270q219l8%26click-id%3DGiCr1rHMgdHH8T4-Ly-1EKo5T8iIk4Xy3VlJmwaLLk6z4iDo_loon-WpspSOjIZG%26cpc%3Dss_nfSeWiIWcKs7hoYDxzxNKyDEP4nVtQJcEfk6lQKY%3D%26site%3Dyahoo-home%26campaign%3D%257Bcampaign%257D%26thumbnail%3Dhttp%253A%252F%252Fcdn.taboola.com%252Flibtrc%252Fstatic%252Fthumbnails%252Fccba49d9e0bc6375bb30e05c0895aef4.jpeg%26title%3D%25E2%2580%2598Go%2BWoke%252C%2BGo%2BBroke%25E2%2580%2599%253A%2BNFL%2BTeam%25E2%2580%2599s%2BStadium%2BEmpty%2BDespite%2BOffering%2B%25241%2BTickets%26site_domain%3Dyahoo.com%26campaign_item_id%3D3889970812%26campaign_id%3D32531411%26utm_source%3Dtaboola%26utm_medium%3Dreferral%26tblci%3DGiCr1rHMgdHH8T4-Ly-1EKo5T8iIk4Xy3VlJmwaLLk6z4iDo_loon-WpspSOjIZG%23tblciGiCr1rHMgdHH8T4-Ly-1EKo5T8iIk4Xy3VlJmwaLLk6z4iDo_loon-WpspSOjIZG&ui=3d4e33b6-db1b-403d-8115-e9e1f2625c6e-tuctc41cfb4&cpb=GK7F29MGIPaALioZdXMudGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjMTA2MjA4gAJAkaQOSNWmD1Cy8NsDWLUEYwjQ__________8BEND__________wEYMGRjCN3__________wEQ3f__________ARgjZGMIw00QrmYYFGRjCPn__________wEQ-f__________ARgHZGMIlhQQmxwYGGRjCNIDEOAGGAhkYwiWWBCWdBgLZGMIgFUQsnAYPmRjCKZUEMdvGA9kYwikJxCDNRgvZGMI4f__________ARDh__________8BGB9kajExYzYyODFiYy1jYzQwLTExZWUtYTg5Yy1mMDkyMWMxOWMzOTQtN2YzNGZjNTVhNzAwcgwmA3CAmwAXLhhDU0l4AYAB4iOIAaaes-cBkAEYmAHM6sHz2jGiAQRTQ09OqgEKU0NPTl9ZQUhPT7IBClNDT05fWUFIT0-6AQRob21lwAHB6wPKAQJ1cw&viperAppType=SCON