File name:

gatherNetworkInfo.vbs

Full analysis: https://app.any.run/tasks/9804576d-7c41-4d27-806f-44f35433ed94
Verdict: Malicious activity
Analysis date: February 09, 2024, 09:27:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with CRLF line terminators
MD5:

DA4D4261A43DE7E851A9378ED0668EB9

SHA1:

E4227677479EFB82B6E7044BCC1B28CB9CB5A4F5

SHA256:

1C9337004CBD0E1E5C09BEE609EE1991BE3AA791C31F1C873E6D8F70C3C876D0

SSDEEP:

1536:sImNGeeGUJIgZf/A+qfwkgKo9kNxyJ3OOjPl68fef0qLbIE5ToGaUKTYL7TBHQ/E:sImNGXGUJtx/A+qfol6yqEs8q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Checks whether a specified folder exists (SCRIPT)

      • wscript.exe (PID: 3668)

    • Creates a new folder (SCRIPT)

      • wscript.exe (PID: 3668)

    • Opens a text file (SCRIPT)

      • wscript.exe (PID: 3668)

    • Accesses environment variables (SCRIPT)

      • wscript.exe (PID: 3668)

    • Gets %windir% folder path (SCRIPT)

      • wscript.exe (PID: 3668)

    • Accesses the network adapter (Win32_NetworkAdapter) via WMI (SCRIPT)

      • wscript.exe (PID: 3668)

    • Accesses name of a computer manufacturer via WMI (SCRIPT)

      • wscript.exe (PID: 3668)

  • SUSPICIOUS

    • Reads the Internet Settings

      • wscript.exe (PID: 3668)
      • dxdiag.exe (PID: 2992)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • wscript.exe (PID: 3668)

    • Uses WMI to retrieve WMI-managed resources (SCRIPT)

      • wscript.exe (PID: 3668)

    • Get information on the list of running processes

      • wscript.exe (PID: 3668)
      • cmd.exe (PID: 3292)

    • Group Policy Discovery via Microsoft GPResult Utility

      • cmd.exe (PID: 3536)

    • Uses WEVTUTIL.EXE to export log

      • cmd.exe (PID: 3780)
      • cmd.exe (PID: 3456)
      • cmd.exe (PID: 3768)
      • cmd.exe (PID: 3684)
      • cmd.exe (PID: 1340)
      • cmd.exe (PID: 1992)
      • cmd.exe (PID: 3544)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 3668)

    • Reads data from a binary Stream object (SCRIPT)

      • wscript.exe (PID: 3668)

    • Uses NETSH.EXE to obtain data on the network

      • cmd.exe (PID: 292)
      • cmd.exe (PID: 3080)
      • cmd.exe (PID: 3924)
      • cmd.exe (PID: 3420)
      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 2472)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 1040)
      • cmd.exe (PID: 3428)
      • cmd.exe (PID: 3180)
      • cmd.exe (PID: 1824)
      • cmd.exe (PID: 3312)
      • cmd.exe (PID: 1736)
      • cmd.exe (PID: 2380)
      • cmd.exe (PID: 3840)
      • cmd.exe (PID: 2476)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3536)
      • cmd.exe (PID: 1972)
      • cmd.exe (PID: 3100)
      • cmd.exe (PID: 3468)
      • cmd.exe (PID: 2984)
      • cmd.exe (PID: 3392)

    • Uses WEVTUTIL.EXE to archive the exported log

      • cmd.exe (PID: 1652)
      • cmd.exe (PID: 2548)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 1352)
      • cmd.exe (PID: 1556)
      • cmd.exe (PID: 1816)
      • cmd.exe (PID: 3508)

    • Executes WMI query (SCRIPT)

      • wscript.exe (PID: 3668)

    • Reads settings of System Certificates

      • certutil.exe (PID: 2348)
      • dxdiag.exe (PID: 2992)

    • Process uses IPCONFIG to discover network configuration

      • cmd.exe (PID: 1992)
      • cmd.exe (PID: 3148)

    • Uses ROUTE.EXE to obtain the routing table information

      • cmd.exe (PID: 2260)

    • Starts CMD.EXE for commands execution

      • wscript.exe (PID: 3668)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3320)
      • cmd.exe (PID: 3588)
      • cmd.exe (PID: 3420)
      • cmd.exe (PID: 3048)
      • cmd.exe (PID: 3056)
      • cmd.exe (PID: 3380)

    • Uses powercfg.exe to modify the power settings

      • cmd.exe (PID: 2748)

    • Writes binary data to a Stream object (SCRIPT)

      • wscript.exe (PID: 3668)

    • Accesses WMI object caption (SCRIPT)

      • wscript.exe (PID: 3668)

    • Accesses Windows installation date via WMI (SCRIPT)

      • wscript.exe (PID: 3668)

    • Accesses computer name via WMI (SCRIPT)

      • wscript.exe (PID: 3668)

  • INFO

    • Create files in a temporary directory

      • reg.exe (PID: 3932)
      • reg.exe (PID: 3708)
      • reg.exe (PID: 2120)
      • dxdiag.exe (PID: 2992)
      • dispdiag.exe (PID: 784)

    • Reads security settings of Internet Explorer

      • dxdiag.exe (PID: 2992)

    • Reads the software policy settings

      • dxdiag.exe (PID: 2992)

    • Manual execution by a user

      • chrome.exe (PID: 1824)

    • Application launched itself

      • chrome.exe (PID: 1824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
308
Monitored processes
175
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wscript.exe cmd.exe no specs cmd.exe no specs reg.exe no specs gpresult.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs systeminfo.exe no specs cmd.exe no specs cmd.exe no specs powercfg.exe no specs cmd.exe no specs tasklist.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs route.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs cmd.exe no specs dxdiag.exe cmd.exe no specs dispdiag.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs netsh.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116netsh mbn show profile name=* interface=* C:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
128systeminfo C:\Windows\System32\systeminfo.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Displays system information
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\systeminfo.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
292"C:\Windows\System32\cmd.exe" /c netsh lan show settings >> config\envinfo.txtC:\Windows\System32\cmd.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
568reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy" Reg\L2GP.reg.txt /yC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
680"C:\Windows\System32\cmd.exe" /c reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy" Reg\L2GP.reg.txt /yC:\Windows\System32\cmd.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2088 --field-trial-handle=1160,i,13761528046028328706,3163119837289183091,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
752netsh wlan show interfaces C:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
784dispdiag -out dispdiag_stop.datC:\Windows\System32\dispdiag.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Display Diagnostics
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dispdiag.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1160,i,13761528046028328706,3163119837289183091,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
880wevtutil al config\WindowsFirewallLogVerbose.evtxC:\Windows\System32\wevtutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Eventing Command Line Utility
Exit code:
267
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
Total events
34 210
Read events
32 929
Write events
1 265
Delete events
16

Modification events

(PID) Process:(3668) wscript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3668) wscript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3668) wscript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3668) wscript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(128) systeminfo.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(128) systeminfo.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@%SystemRoot%\system32\mlang.dll,-4386
Value:
English (United States)
(PID) Process:(2536) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2536) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@%SystemRoot%\system32\dhcpqec.dll,-100
Value:
DHCP Quarantine Enforcement Client
(PID) Process:(2536) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@%SystemRoot%\system32\dhcpqec.dll,-101
Value:
Provides DHCP based enforcement for NAP
(PID) Process:(2536) netsh.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@%SystemRoot%\system32\dhcpqec.dll,-103
Value:
1.0
Executable files
0
Suspicious files
17
Text files
34
Unknown types
0

Dropped files

PID
Process
Filename
Type
3924cmd.exeC:\Users\admin\AppData\Local\Temp\config\envinfo.txttext
MD5:1F6843026FC85D0FBD611AAB8076F368
SHA256:D20EC09C1DA6D9A57D470BE3F90588BB9A1350539F638113F36D345462F9BB77
3292cmd.exeC:\Users\admin\AppData\Local\Temp\processes.txttext
MD5:1410916D973BBED9377A106EFDEF11A7
SHA256:C0FD34821620ED7B77E694003C78EFD55BD62C564385C942DFA5F436D3A75901
3668wscript.exeC:\Users\admin\AppData\Local\Temp\config\adapterinfo.txttext
MD5:9D802859FD9B5EA73A3E091B1C0BD756
SHA256:FE76734F917305044829017FC0DCCCEC32E33A1E74A038067ABD8297F338F715
2992dxdiag.exeC:\Users\admin\AppData\Local\Temp\Cab3A45.tmpcompressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
3952cmd.exeC:\Users\admin\AppData\Local\Temp\config\WindowsFirewallEffectiveRules.txttext
MD5:4E01CF6C5FBB5CFED6A3684F69054365
SHA256:A31A85891221410DBAF4D3D1BF5F842405140BF583945088D585BC5E8A9FBED3
3536cmd.exeC:\Users\admin\AppData\Local\Temp\config\WinsockCatalog.txttext
MD5:F3D10F11CB7BF29E8FCE8709976593A9
SHA256:9A57205ED2C2ED381A5F5790F307F90EA0F88B73500B11E1E08E5B3100B80EA3
1824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF18ca6f.TMP
MD5:
SHA256:
1824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2992dxdiag.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
3668wscript.exeC:\Users\admin\AppData\Local\Temp\config\wlaninfo.txttext
MD5:3803004BBE62440259C78E26CAA816BD
SHA256:D0D3E0AACA17C51D781ED4CA6D3D8023EF1B7D374368CB81AD3B9575EA9A8D88
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
12
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2992
dxdiag.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9f448a398ff9196a
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2992
dxdiag.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1824
chrome.exe
239.255.255.250:1900
unknown
2100
chrome.exe
142.250.186.131:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
2100
chrome.exe
142.250.110.84:443
accounts.google.com
GOOGLE
US
unknown
2100
chrome.exe
172.217.18.4:443
www.google.com
GOOGLE
US
whitelisted
2100
chrome.exe
142.250.181.227:443
www.gstatic.com
GOOGLE
US
whitelisted
2100
chrome.exe
142.250.185.78:443
apis.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
clientservices.googleapis.com
  • 142.250.186.131
whitelisted
accounts.google.com
  • 142.250.110.84
shared
www.google.com
  • 172.217.18.4
whitelisted
www.gstatic.com
  • 142.250.181.227
whitelisted
apis.google.com
  • 142.250.185.78
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
gatherNetworkInfo.vbs