URL:

www.google.com

Full analysis: https://app.any.run/tasks/3c5b532c-d251-429f-b45a-9ff0057709c3
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: May 17, 2024, 19:28:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
cybergate
rat
Indicators:
MD5:

0A137B375CC3881A70E186CE2172C8D1

SHA1:

D8B99F68B208B5453B391CB0C6C3D6A9824F3C3A

SHA256:

191347BFE55D0CA9A574DB77BC8648275CE258461450E793528E0CC6D2DCF8F5

SSDEEP:

3:EcK:jK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Renames files like ransomware

      • explorer.exe (PID: 1180)

    • CYBERGATE mutex has been found

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • explorer.exe (PID: 1180)
      • svchost.exe (PID: 3036)

    • Application was injected by another process

      • explorer.exe (PID: 1180)

    • Drops the executable file immediately after the start

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)

    • Runs injected code in another process

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)

    • Changes the autorun value in the registry

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)

    • CYBERGATE has been detected (YARA)

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)

  • SUSPICIOUS

    • Uses RUNDLL32.EXE to load library

      • explorer.exe (PID: 1180)

    • Application launched itself

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2076)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • svchost.exe (PID: 3020)

    • Executable content was dropped or overwritten

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)
      • explorer.exe (PID: 1180)

    • Reads the date of Windows installation

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)

    • Reads the Internet Settings

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)

    • The process creates files with name similar to system file names

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)

    • Reads security settings of Internet Explorer

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)

    • Reads Microsoft Outlook installation path

      • 0.exe (PID: 2788)

    • Reads Internet Explorer settings

      • 0.exe (PID: 2788)

    • Process drops legitimate windows executable

      • explorer.exe (PID: 1180)

    • Starts itself from another location

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)

    • Connects to unusual port

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3976)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2304)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2076)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)
      • svchost.exe (PID: 3020)
      • svchost.exe (PID: 3036)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2304)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)
      • svchost.exe (PID: 3036)

    • Manual execution by a user

      • WinRAR.exe (PID: 1600)
      • wmpnscfg.exe (PID: 2304)
      • rundll32.exe (PID: 2448)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2076)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 1180)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1600)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1600)
      • explorer.exe (PID: 1180)

    • Reads the Internet Settings

      • explorer.exe (PID: 1180)

    • Create files in a temporary directory

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)

    • Creates files or folders in the user directory

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 560)
      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)

    • Reads the machine GUID from the registry

      • 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe (PID: 2404)
      • 0.exe (PID: 2788)

    • Checks proxy server information

      • 0.exe (PID: 2788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
12
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs winrar.exe rundll32.exe no specs 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe no specs 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe #CYBERGATE 0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe 0.exe svchost.exe no specs svchost.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
560 C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
User:
admin
Company:
SFX Cabinet Self-Extractor
Integrity Level:
MEDIUM
Description:
SFX Cabinet Self-Extractor
Exit code:
0
Version:
56.0.5.38
Modules
Images
c:\users\admin\desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1180C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1600"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.7z" C:\Users\admin\Desktop\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2076"C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe" C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exeexplorer.exe
User:
admin
Company:
SFX Cabinet Self-Extractor
Integrity Level:
MEDIUM
Description:
SFX Cabinet Self-Extractor
Exit code:
0
Version:
56.0.5.38
Modules
Images
c:\users\admin\desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2304"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2404"C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe"C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
User:
admin
Company:
SFX Cabinet Self-Extractor
Integrity Level:
MEDIUM
Description:
SFX Cabinet Self-Extractor
Version:
56.0.5.38
Modules
Images
c:\users\admin\desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2448"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000C:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2788"C:\Users\admin\AppData\Local\Temp\0.exe" C:\Users\admin\AppData\Local\Temp\0.exe
0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3
Modules
Images
c:\users\admin\appdata\local\temp\0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3020"C:\Users\admin\AppData\Roaming\WinDir\svchost.exe" C:\Users\admin\AppData\Roaming\WinDir\svchost.exe0c0711e1ddfb60af1a4a6cdef6d181f23603fa956cf0e4cd96036ffa169ae000.exe
User:
admin
Company:
SFX Cabinet Self-Extractor
Integrity Level:
MEDIUM
Description:
SFX Cabinet Self-Extractor
Exit code:
0
Version:
56.0.5.38
Modules
Images
c:\users\admin\appdata\roaming\windir\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3036 C:\Users\admin\AppData\Roaming\WinDir\svchost.exesvchost.exe
User:
admin
Company:
SFX Cabinet Self-Extractor
Integrity Level:
MEDIUM
Description:
SFX Cabinet Self-Extractor
Exit code:
0
Version:
56.0.5.38
Modules
Images
c:\users\admin\appdata\roaming\windir\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
Total events
36 713
Read events
36 399
Write events
275
Delete events
39

Modification events

(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31107216
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31107216
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
16
Suspicious files
22
Text files
112
Unknown types
5

Dropped files

PID
Process
Filename
Type
3976iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:1415DF51F57310502598BC3D9D424D39
SHA256:041E8119D297F3AE4FB7700A9D6A6E273A61A7FF241675BF336944DB6510A270
3976iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:F646488E081A5C175CE1FB03BA482264
SHA256:E6312E65983DF0745340CF492DE216BE2CF14F34CEBA56A53B26A5F196C31F8F
3976iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3976iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3976iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3976iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.datbinary
MD5:C60F599C79CA9E260E7F0DA3DCCB1E74
SHA256:713E26003C2B3E4AAE757B8AC31F3355921E8702116B3B7589FDDBD71130975C
4032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKCMR3AR.txttext
MD5:DCF7D3F23B4254A76FE64EF40505D586
SHA256:EC616DFDCF2BB480CD044CC230F4A71E0D54A23B429016367F28E67F8A98D82F
3976iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:F3418A443E7D841097C714D69EC4BCB8
SHA256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
3976iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\urlblockindex[1].binbinary
MD5:FA518E3DFAE8CA3A0E495460FD60C791
SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
3976iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:EA1DD749AB0C7EA0E002F788CFF5A77E
SHA256:2F5BCF7533FEFEF33C1ED6F79391218FFAC7C6462793D7757252BEE701326D90
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
28
DNS requests
23
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4032
iexplore.exe
GET
302
142.250.186.164:80
http://www.google.com/
unknown
unknown
3976
iexplore.exe
GET
304
80.239.138.74:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a0d881e768a03905
unknown
unknown
3976
iexplore.exe
GET
304
80.239.138.33:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?260f79dbb405aab9
unknown
unknown
3976
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
4032
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
4032
iexplore.exe
GET
429
142.250.186.164:80
http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRX-YQsGPHfnrIGIjCR9x7VOLQNAnf2A-qDGmHJ_SlpJX5UYWPHHZeB1YXL11A2OWq9wlGl_trSHbgol7oyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
unknown
unknown
4032
iexplore.exe
GET
200
142.250.181.227:80
http://c.pki.goog/r/r1.crl
unknown
unknown
4032
iexplore.exe
GET
200
142.250.181.227:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCJpTHr%2BknHZxDj7EG2XHs5
unknown
unknown
3976
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
1088
svchost.exe
GET
304
80.239.138.33:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19228a5562a18610
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4032
iexplore.exe
142.250.186.164:80
www.google.com
GOOGLE
US
whitelisted
3976
iexplore.exe
92.123.236.65:443
www.bing.com
Akamai International B.V.
FR
unknown
3976
iexplore.exe
80.239.138.74:80
ctldl.windowsupdate.com
Telia Company AB
DE
unknown
3976
iexplore.exe
80.239.138.33:80
ctldl.windowsupdate.com
Telia Company AB
DE
unknown
3976
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4032
iexplore.exe
142.250.186.164:443
www.google.com
GOOGLE
US
whitelisted
4032
iexplore.exe
142.250.181.227:80
ocsp.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 142.250.186.164
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 92.123.236.50
  • 92.123.236.34
  • 92.123.236.41
  • 92.123.236.35
  • 92.123.236.65
  • 92.123.236.72
  • 92.123.236.51
  • 92.123.236.57
  • 92.123.236.75
whitelisted
ctldl.windowsupdate.com
  • 80.239.138.33
  • 80.239.138.35
  • 80.239.138.74
  • 80.239.138.83
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ocsp.pki.goog
  • 142.250.181.227
whitelisted
c.pki.goog
  • 142.250.181.227
unknown
o.pki.goog
  • 142.250.181.227
unknown
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.doesntexist .com Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
www.google.com