URL:

https://app.testreach.com/system-requirements/

Full analysis: https://app.any.run/tasks/98a3026d-ba5e-40d1-bf4e-8c977fc6e151
Verdict: Malicious activity
Analysis date: June 06, 2024, 03:43:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

58EFD02C8540080D488FA9E266D2068E

SHA1:

7411740402FFD0CEFFE0E1808036E7F89FEEFFCF

SHA256:

1F7E0BFCFC992DC5584DF61D0BC89EF76D79D1C9CFAD45A20E72867C01C50655

SSDEEP:

3:N8aaWxYVWRAIFMI/:2abpAAJ/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 1212)
      • TestReach.exe (PID: 2676)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 2512)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 1212)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 1212)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1212)

    • Reads the Internet Settings

      • TestReach.exe (PID: 2676)
      • WMIC.exe (PID: 3440)
      • WMIC.exe (PID: 3452)
      • WMIC.exe (PID: 3932)
      • WMIC.exe (PID: 3456)
      • WMIC.exe (PID: 3776)
      • WMIC.exe (PID: 1604)
      • WMIC.exe (PID: 1852)
      • WMIC.exe (PID: 2072)
      • WMIC.exe (PID: 3632)
      • WMIC.exe (PID: 3624)
      • WMIC.exe (PID: 2024)
      • WMIC.exe (PID: 676)
      • WMIC.exe (PID: 3812)
      • WMIC.exe (PID: 992)
      • WMIC.exe (PID: 2704)
      • WMIC.exe (PID: 3364)
      • WMIC.exe (PID: 736)
      • WMIC.exe (PID: 2404)
      • WMIC.exe (PID: 3268)
      • WMIC.exe (PID: 3280)
      • WMIC.exe (PID: 3284)
      • WMIC.exe (PID: 2736)
      • WMIC.exe (PID: 3788)
      • WMIC.exe (PID: 3808)
      • WMIC.exe (PID: 1080)
      • WMIC.exe (PID: 616)
      • WMIC.exe (PID: 1764)

    • Application launched itself

      • TestReach.exe (PID: 2676)

    • Executable content was dropped or overwritten

      • TestReach.exe (PID: 2676)

    • Reads settings of System Certificates

      • TestReach.exe (PID: 2668)

    • Starts CMD.EXE for commands execution

      • TestReach.exe (PID: 2776)

    • Uses WMIC.EXE to obtain system information

      • cmd.exe (PID: 3144)
      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 3072)

    • Uses WMIC.EXE to obtain computer system information

      • cmd.exe (PID: 3104)
      • cmd.exe (PID: 3092)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 580)
      • cmd.exe (PID: 2800)
      • cmd.exe (PID: 3016)

    • Uses WMIC.EXE to obtain operating system information

      • cmd.exe (PID: 3104)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 2800)

    • Uses WMIC.EXE to obtain data on the base board management (motherboard or system board)

      • cmd.exe (PID: 3092)
      • cmd.exe (PID: 580)
      • cmd.exe (PID: 3016)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 3092)
      • cmd.exe (PID: 580)
      • cmd.exe (PID: 3016)

    • Uses WMIC.EXE to obtain data on processes

      • cmd.exe (PID: 3104)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 2800)

    • Accesses computer name via WMI (SCRIPT)

      • WMIC.exe (PID: 3456)
      • WMIC.exe (PID: 3624)

    • Uses WMIC.EXE to obtain information about the network interface controller

      • cmd.exe (PID: 3104)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 2800)

    • Uses WMIC.EXE to obtain service application data

      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 2800)
      • cmd.exe (PID: 3104)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3988)

    • Reads the computer name

      • wmpnscfg.exe (PID: 768)
      • msiexec.exe (PID: 1212)
      • TestReach.exe (PID: 2676)
      • TestReach.exe (PID: 2732)
      • TestReach.exe (PID: 2668)
      • TestReach.exe (PID: 3000)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3988)

    • Checks supported languages

      • wmpnscfg.exe (PID: 768)
      • msiexec.exe (PID: 1212)
      • TestReach.exe (PID: 2676)
      • TestReach.exe (PID: 2732)
      • TestReach.exe (PID: 2668)
      • TestReach.exe (PID: 2776)
      • TestReach.exe (PID: 3000)
      • TestReach.exe (PID: 3044)
      • TestReach.exe (PID: 3520)
      • TestReach.exe (PID: 3028)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 768)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 736)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 1212)
      • TestReach.exe (PID: 2668)

    • Reads the software policy settings

      • msiexec.exe (PID: 1212)
      • msiexec.exe (PID: 736)
      • TestReach.exe (PID: 2668)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3988)

    • Create files in a temporary directory

      • msiexec.exe (PID: 1212)
      • TestReach.exe (PID: 2676)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 1212)
      • TestReach.exe (PID: 2676)
      • TestReach.exe (PID: 2668)
      • TestReach.exe (PID: 2776)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1212)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1212)

    • Process checks computer location settings

      • TestReach.exe (PID: 2776)
      • TestReach.exe (PID: 2676)
      • TestReach.exe (PID: 3028)
      • TestReach.exe (PID: 3044)
      • TestReach.exe (PID: 3520)

    • Reads product name

      • TestReach.exe (PID: 2776)

    • Reads Environment values

      • TestReach.exe (PID: 2776)

    • Reads CPU info

      • TestReach.exe (PID: 2776)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
102
Monitored processes
54
Malicious processes
4
Suspicious processes
6

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs iexplore.exe msiexec.exe no specs msiexec.exe vssvc.exe no specs testreach.exe testreach.exe no specs testreach.exe testreach.exe no specs testreach.exe no specs testreach.exe no specs testreach.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs testreach.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs wmic.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
580C:\Windows\system32\cmd.exe /d /s /c "wmic baseboard get Manufacturer,product,version,serialnumber & wmic computersystem get Manufacturer,OEMStringArray,Model & wmic csproduct get Name,Vendor"C:\Windows\System32\cmd.exeTestReach.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
616wmic csproduct get Name,VendorC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
676wmic computersystem get /format:"C:\Windows\System32\wbem\en-us\csv" C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
736"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\TestReach-6.2.0.msi" C:\Windows\System32\msiexec.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
736wmic nicconfig get /format:"C:\Windows\System32\wbem\en-us\csv" C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
768"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
992wmic computersystem get Manufacturer,OEMStringArray,Model C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1080wmic nicconfig get /format:"C:\Windows\System32\wbem\en-us\csv" C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1212C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1596C:\Windows\system32\cmd.exe /d /s /c "wmic sysdriver get Description,name"C:\Windows\System32\cmd.exeTestReach.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
53 864
Read events
53 370
Write events
446
Delete events
48

Modification events

(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31111107
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31111107
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3988) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
10
Suspicious files
177
Text files
44
Unknown types
2

Dropped files

PID
Process
Filename
Type
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:A2F0F14049C896AC78BC01195966B87C
SHA256:BDC578858CC44239CCB689D977FC721BA1C299E866F2430B92BEDA4B6E206E05
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:40B8194CCBFA1CD11B1D65584E0935BE
SHA256:5207CA8B1CF0DC56B93AF597B64DB41B1610F998A78F2701B9F966E8D6D57A72
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517der
MD5:7582CA2C0E85A42D45975D00971CB390
SHA256:280AC29CAF1CBF7770CF6A2794223A45C54E0B4169DD8883705777AC0DE7F2DF
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:5C146814452981224E30A1A099AFBF72
SHA256:7C9E91F0F0A60107666794211526C50C78DA17E8B9915F0FF682A6F3ACCDF984
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:547D30481C92725C51EEB4DC991E6611
SHA256:8D21D42BAF9099FC6656919A695C13C4CB5319EAEBD7DF60A2FF74EA5E82FC8E
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8binary
MD5:7C24FAEFA834F8965C35CD1F408E50B7
SHA256:F6297516219EDD831ADCED07D28F9FEBC6594AD63CA193984221A6F5D39259A7
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:8D1040B12A663CA4EC7277CFC1CE44F0
SHA256:3086094D4198A5BBD12938B0D2D5F696C4DFC77E1EAE820ADDED346A59AA8727
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\system-requirements[1].htmhtml
MD5:78EBB8BF8B895FACEA17A2B84013BBB6
SHA256:64665421E7B7F4777B6AE93BE027F136D9A4B09D7BC0EBB28D0C71C0EAEC43C1
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:5DC910F0A599AC42BED1FCC1CB8D1889
SHA256:7FA87AB18AC0637C349E0DA0FA2D02D50184172B157385A5F2F4942207FDE456
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:69EF96D8A86D93527332D8B721A6923D
SHA256:0BC3F7CBE079CA59D131EBE677901F6C4AEA62D7FA299A65218C112EFB3D05C5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
68
DNS requests
35
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4052
iexplore.exe
GET
304
217.20.57.34:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?50242446d4326aec
unknown
unknown
4052
iexplore.exe
GET
304
217.20.57.34:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6f8f941c1bb5cb08
unknown
unknown
4052
iexplore.exe
GET
200
108.138.2.173:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
4052
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
4052
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
unknown
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
4052
iexplore.exe
GET
200
172.217.16.131:80
http://c.pki.goog/r/r1.crl
unknown
unknown
4052
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
unknown
4052
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
unknown
4052
iexplore.exe
GET
200
172.217.16.131:80
http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECQyBTPXUvQOCpXwaId8vI4%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4052
iexplore.exe
18.245.86.126:443
app.testreach.com
US
unknown
4052
iexplore.exe
217.20.57.34:80
ctldl.windowsupdate.com
US
unknown
4052
iexplore.exe
108.138.2.173:80
o.ss2.us
AMAZON-02
US
unknown
4052
iexplore.exe
18.66.142.79:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
unknown
4052
iexplore.exe
142.250.185.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted
4052
iexplore.exe
13.225.84.112:443
d1rnvcroqs1811.cloudfront.net
AMAZON-02
US
unknown
4052
iexplore.exe
13.33.218.24:443
www.datadoghq-browser-agent.com
US
unknown

DNS requests

Domain
IP
Reputation
app.testreach.com
  • 18.245.86.126
  • 18.245.86.43
  • 18.245.86.33
  • 18.245.86.40
unknown
ctldl.windowsupdate.com
  • 217.20.57.34
  • 217.20.57.18
whitelisted
o.ss2.us
  • 108.138.2.173
  • 108.138.2.10
  • 108.138.2.107
  • 108.138.2.195
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.66.142.79
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.66.142.79
shared
www.datadoghq-browser-agent.com
  • 13.33.218.24
whitelisted
fonts.googleapis.com
  • 142.250.185.138
whitelisted
d1rnvcroqs1811.cloudfront.net
  • 13.225.84.112
  • 13.225.84.71
  • 13.225.84.31
  • 13.225.84.175
whitelisted
ocsp.pki.goog
  • 172.217.16.131
whitelisted
c.pki.goog
  • 172.217.16.131
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://app.testreach.com/system-requirements/