analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://mega.nz/file/boFTELgS#PXSQ2O5Pf101n0onBEUcksDo5w_w2vpDDMUdFvgRR8Y

Full analysis: https://app.any.run/tasks/a7a25e06-ac08-4e16-bcbc-26274ad743d7
Verdict: Malicious activity
Analysis date: May 21, 2022, 10:10:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

8B9FEA4B7C8386BBEDCFE5F6C5C67256

SHA1:

EFA58A0EFFD0E99B41F6A0039F5AD23DF5DDDC88

SHA256:

20063879FF7F1D01360132C1FE854A09E43C99B34ACF9EE18323BB1263AE3412

SSDEEP:

3:N8X/ihmyt6QaVSgR0JS2wVT0t8:2hyt7IP2aTy8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • chrome.exe (PID: 2864)
    • Application was dropped or rewritten from another process

      • RegEdit.exe (PID: 2076)
      • RegEdit.exe (PID: 120)
      • RegEdit.exe (PID: 3136)
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 4072)
      • chrome.exe (PID: 2980)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2864)
    • Drops a file with a compile date too recent

      • chrome.exe (PID: 2864)
    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2864)
    • Reads the computer name

      • RegEdit.exe (PID: 2076)
      • RegEdit.exe (PID: 120)
      • RegEdit.exe (PID: 3136)
    • Checks supported languages

      • RegEdit.exe (PID: 2076)
      • RegEdit.exe (PID: 120)
      • RegEdit.exe (PID: 3136)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1364)
      • iexplore.exe (PID: 4072)
      • chrome.exe (PID: 1164)
    • Reads the computer name

      • iexplore.exe (PID: 1364)
      • iexplore.exe (PID: 4072)
      • chrome.exe (PID: 1688)
      • chrome.exe (PID: 2864)
      • chrome.exe (PID: 1164)
      • chrome.exe (PID: 4044)
      • chrome.exe (PID: 3524)
      • chrome.exe (PID: 2368)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 1964)
      • chrome.exe (PID: 3912)
      • chrome.exe (PID: 1320)
      • chrome.exe (PID: 3916)
    • Checks supported languages

      • iexplore.exe (PID: 1364)
      • iexplore.exe (PID: 4072)
      • chrome.exe (PID: 2864)
      • chrome.exe (PID: 2524)
      • chrome.exe (PID: 1688)
      • chrome.exe (PID: 3664)
      • chrome.exe (PID: 2800)
      • chrome.exe (PID: 2012)
      • chrome.exe (PID: 2264)
      • chrome.exe (PID: 1164)
      • chrome.exe (PID: 3648)
      • chrome.exe (PID: 1512)
      • chrome.exe (PID: 3004)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 2368)
      • chrome.exe (PID: 3524)
      • chrome.exe (PID: 3872)
      • chrome.exe (PID: 4044)
      • chrome.exe (PID: 3800)
      • chrome.exe (PID: 2156)
      • chrome.exe (PID: 1676)
      • chrome.exe (PID: 3164)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 1964)
      • chrome.exe (PID: 304)
      • chrome.exe (PID: 1320)
      • chrome.exe (PID: 3912)
      • chrome.exe (PID: 3916)
      • chrome.exe (PID: 4008)
      • chrome.exe (PID: 2076)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 1832)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1364)
    • Changes internet zones settings

      • iexplore.exe (PID: 1364)
    • Manual execution by user

      • chrome.exe (PID: 2864)
      • RegEdit.exe (PID: 120)
      • RegEdit.exe (PID: 3136)
    • Application launched itself

      • iexplore.exe (PID: 1364)
      • chrome.exe (PID: 2864)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 4072)
      • iexplore.exe (PID: 1364)
      • chrome.exe (PID: 2864)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1364)
    • Reads internet explorer settings

      • iexplore.exe (PID: 4072)
    • Reads the hosts file

      • chrome.exe (PID: 2864)
      • chrome.exe (PID: 1164)
    • Reads the date of Windows installation

      • chrome.exe (PID: 1320)
    • Creates files in the user directory

      • iexplore.exe (PID: 1364)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
78
Monitored processes
35
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs regedit.exe no specs chrome.exe no specs chrome.exe no specs regedit.exe no specs chrome.exe no specs chrome.exe no specs regedit.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1364"C:\Program Files\Internet Explorer\iexplore.exe" "https://mega.nz/file/boFTELgS#PXSQ2O5Pf101n0onBEUcksDo5w_w2vpDDMUdFvgRR8Y"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
4072"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1364 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2864"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
2524"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6db0d988,0x6db0d998,0x6db0d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1688"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,14218924068067844885,16228842343901337153,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1048 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
1164"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1036,14218924068067844885,16228842343901337153,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1332 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
3648"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14218924068067844885,16228842343901337153,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
2012"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14218924068067844885,16228842343901337153,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2264"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14218924068067844885,16228842343901337153,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1036,14218924068067844885,16228842343901337153,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
26 598
Read events
26 286
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
184
Text files
154
Unknown types
16

Dropped files

PID
Process
Filename
Type
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:C04F441D0220712231531A90823834DB
SHA256:055641D3987AE98E2DD627D3214EA8084AE773A3DF9592191B86977C752A29E7
4072iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\update[1].htmhtml
MD5:839966221047F210A1702B3830921B96
SHA256:B0FDE576742CD4D97D500F5C69EE027BBE6668077D6ED2A21A537E68C7EFE3C8
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F03691C4EEE81D87D6B79331B27C8D6Fder
MD5:E239F591C9511B4ACC16ECACDE509574
SHA256:1CBC77B660E860DF4D9233D43B8EB8E40CBCDF0EA750CF09C0FF92948AA010FD
4072iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\boFTELgS[1].htmhtml
MD5:6721CA16A9714AEF9EEAEBA28B203AA7
SHA256:F4EF0A7CF626E65B1E4A48D92387323CFCAD0B5E23B6CA5707A9BDBD1477BB8A
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:54E9306F95F32E50CCD58AF19753D929
SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\423AEB3FCF02D11CAFD06ADC03F77EE6der
MD5:68204BB187B48C68CB11B7654B84F93F
SHA256:260891DB6294F089101347C6BBD98F4E228B93378EA8B589AF0D6F803BA1557E
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:93995AD095112907CFC088998C161574
SHA256:FD16D238BCAC3441688E7CA940C27BB02DF8F0BF43B26D8E551414A18748C1CC
4072iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\update[1].csstext
MD5:0B9135D358D676A864FBA00DDB96E0F8
SHA256:2FC958FC950C53B2651CAC1F69E52213C6B914867794AE44E37CE7E4DAA48A28
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\423AEB3FCF02D11CAFD06ADC03F77EE6binary
MD5:D447B67C8B6BCDC7E73B9A3B21571382
SHA256:A16DB70285121C97E76FA88EB6F467ED9DD3500E0B48C3AAB9300BE44E382C38
4072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:705FCCDE75B6DB5A6308AAB083F023DE
SHA256:5BEE6883FE9D1B286F13D3CA652FEAED8A2417A376E3CA3417A262CA0463C584
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
58
DNS requests
39
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
whitelisted
4072
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
4072
iexplore.exe
GET
200
96.16.145.230:80
http://x1.c.lencr.org/
US
der
717 b
whitelisted
1364
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1364
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
4072
iexplore.exe
GET
200
2.16.186.11:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNoxZjorG5z4e2ptr%2BoNV3HHQ%3D%3D
unknown
der
503 b
shared
1364
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
US
der
471 b
whitelisted
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6uhcfbxlex6uvq35lxbiuo4pua_9.35.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.35.0_all_ou4l2poiq7vz5pxjtnyxcnyqx4.crx3
US
binary
7.37 Kb
whitelisted
4072
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
4072
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDqXkroZv5KiI1sJCfGNIam
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1364
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
4072
iexplore.exe
2.16.186.11:80
r3.o.lencr.org
Akamai International B.V.
whitelisted
1164
chrome.exe
142.250.186.110:443
clients2.google.com
Google Inc.
US
whitelisted
4072
iexplore.exe
172.64.155.188:80
ocsp.comodoca.com
US
suspicious
1364
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1164
chrome.exe
142.250.186.77:443
accounts.google.com
Google Inc.
US
suspicious
4072
iexplore.exe
66.203.124.37:443
eu.static.mega.co.nz
RealNetworks, Inc.
US
suspicious
4072
iexplore.exe
31.216.144.5:443
mega.nz
Datacenter Luxembourg S.A.
LU
malicious
4072
iexplore.exe
96.16.145.230:80
x1.c.lencr.org
Akamai Technologies, Inc.
US
suspicious
4072
iexplore.exe
104.18.32.68:80
ocsp.comodoca.com
Cloudflare Inc
US
suspicious

DNS requests

Domain
IP
Reputation
mega.nz
  • 31.216.144.5
  • 31.216.145.5
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
x1.c.lencr.org
  • 96.16.145.230
whitelisted
r3.o.lencr.org
  • 2.16.186.11
  • 2.16.186.10
shared
eu.static.mega.co.nz
  • 66.203.124.37
  • 66.203.127.13
  • 89.44.169.132
  • 89.44.169.134
  • 66.203.127.11
shared
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.usertrust.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted
ocsp.sectigo.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted

Threats

No threats detected
No debug info